AWS S3(官网): Amazon S3 - 亚马逊云科技对象存储_云存储服务-亚马逊云科技中国区域
AWS SDK for Java(官网):Setting up the AWS SDK for Java 2.x - AWS SDK for Java
com.amazonaws
aws-java-sdk-s3
1.11.803
com.amazonaws
aws-java-sdk-sts
1.11.803
com.amazonaws
aws-java-sdk-core
1.11.803
public abstract class BaseObjectStorage {
/**
* 上传文件
*
* @param pathAndName
* @param file
*/
public abstract void upload(String pathAndName, File file);
/**
* 授权
*
* @param pathAndName
* @param time
* @return
*/
public abstract String authorize(String pathAndName, long time);
/**
* 授权(路径全)
*
* @param pathAndName
* @param time
* @return
*/
public abstract String authorizeAllName(String pathAndName, long time);
/**
* 临时上传文件授权
*
* @param dir
* @return
*/
public abstract Map tokens(String dir);
/**
* 删除文件
*
* @param pathAndName
*/
public abstract void deleteFile(String pathAndName);
}
package cn.xhh.core.objectstorage;
import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.CannedAccessControlList;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceAsyncClientBuilder;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;
import com.amazonaws.services.securitytoken.model.GetFederationTokenResult;
import com.google.common.collect.Maps;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
import java.io.File;
import java.net.URL;
import java.util.Date;
import java.util.Map;
/**
* s3cloud上传文件
*/
@Component
@Slf4j
public class S3ObjectStorage extends BaseObjectStorage {
@Data
@Component
@ConfigurationProperties(prefix = "s3")
public static class OssInfo {
private String host;
private String endpoint;
private String accessKeyId;
private String accessKeySecret;
private String bucketName;
private String rootDirectory;
private String stsEndpoint;
private String region;
}
@Autowired
private OssInfo ossInfo;
@Override
public void upload(String pathAndName, File file) {
AWSStaticCredentialsProvider credential = new AWSStaticCredentialsProvider(new BasicAWSCredentials(ossInfo.accessKeyId, ossInfo.accessKeySecret));
EndpointConfiguration endpointConfiguration = new EndpointConfiguration(ossInfo.endpoint, null);
AmazonS3 s3 = AmazonS3ClientBuilder.standard().withCredentials(credential).withEndpointConfiguration(endpointConfiguration).build();
try {
String bucketPath = ossInfo.bucketName + "/" + ossInfo.rootDirectory;
s3.putObject(new PutObjectRequest(bucketPath, pathAndName, file)
.withCannedAcl(CannedAccessControlList.PublicRead));
log.info("===s3===上传文件记录:成功");
} catch (AmazonServiceException ase) {
log.error("===s3===文件上传服务端异常:", ase);
} catch (AmazonClientException ace) {
log.error("===s3===文件上传客户端异常:", ace);
} finally {
s3.shutdown();
}
}
@Override
public String authorize(String pathAndName, long time) {
AWSStaticCredentialsProvider credential = new AWSStaticCredentialsProvider(new BasicAWSCredentials(ossInfo.accessKeyId, ossInfo.accessKeySecret));
EndpointConfiguration endpointConfiguration = new EndpointConfiguration(ossInfo.endpoint, null);
AmazonS3 s3 = AmazonS3ClientBuilder.standard().withCredentials(credential).withEndpointConfiguration(endpointConfiguration).build();
try {
Date expiration = new Date(System.currentTimeMillis() + time);
URL url = s3.generatePresignedUrl(ossInfo.bucketName, ossInfo.rootDirectory + "/" + pathAndName, expiration);
String resultUrl = url.toString();
log.info("===s3===文件上传客户端返回url:{}", resultUrl);
resultUrl = resultUrl.substring(0, resultUrl.indexOf("?"));
resultUrl = resultUrl.replaceAll(ossInfo.host, ossInfo.endpoint);
log.info("===s3===文件上传客户端返回url:{}", resultUrl);
return resultUrl;
} finally {
s3.shutdown();
}
}
@Override
public String authorizeAllName(String pathAndName, long time) {
AWSStaticCredentialsProvider credential = new AWSStaticCredentialsProvider(new BasicAWSCredentials(ossInfo.accessKeyId, ossInfo.accessKeySecret));
EndpointConfiguration endpointConfiguration = new EndpointConfiguration(ossInfo.endpoint, null);
AmazonS3 s3 = AmazonS3ClientBuilder.standard().withCredentials(credential).withEndpointConfiguration(endpointConfiguration).build();
try {
Date expiration = new Date(System.currentTimeMillis() + time);
URL url = s3.generatePresignedUrl(ossInfo.bucketName, pathAndName, expiration);
String resultUrl = url.toString();
resultUrl = resultUrl.replaceAll(ossInfo.host, ossInfo.endpoint);
log.info("===s3==========authorizeAllName,S3文件上传客户端返回url:{}", resultUrl);
return resultUrl;
} finally {
s3.shutdown();
}
}
@Override
public Map tokens(String dir) {
Map result = null;
AWSSecurityTokenService stsClient = null;
try {
result = Maps.newHashMap();
AWSStaticCredentialsProvider credential = new AWSStaticCredentialsProvider(new BasicAWSCredentials(ossInfo.accessKeyId, ossInfo.accessKeySecret));
EndpointConfiguration endpointConfiguration = new EndpointConfiguration(ossInfo.stsEndpoint, null);
stsClient = AWSSecurityTokenServiceAsyncClientBuilder.standard().withCredentials(credential)
.withEndpointConfiguration(endpointConfiguration).build();
GetFederationTokenRequest request = new GetFederationTokenRequest().withName("Bob")
.withPolicy("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Sid1\",\"Effect\":\"Allow\",\"Action\":[\"s3:*\"],\"Resource\":[\"*\"]}]}")
.withDurationSeconds(3600);
GetFederationTokenResult response = stsClient.getFederationToken(request);
Credentials tempCredentials = response.getCredentials();
/*
// TODO 备份获取Token
stsClient = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(ossInfo.accessKeyId, ossInfo.accessKeySecret))).withRegion(ossInfo.region).build();
//获取sessionToken实体
GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest().withDurationSeconds(3000);
//创建请求
Credentials tempCredentials = stsClient.getSessionToken(getSessionTokenRequest).getCredentials();
*/
result.put("storeType", "s3");
result.put("accessKeyId", tempCredentials.getAccessKeyId());
result.put("sessionToken", tempCredentials.getSessionToken());
result.put("secretKey", tempCredentials.getSecretAccessKey());
result.put("expire", tempCredentials.getExpiration());
result.put("dir", dir);
result.put("bucketName", ossInfo.bucketName);
result.put("region", ossInfo.region);
result.put("host", "https://" + ossInfo.endpoint + "/" + ossInfo.bucketName);
log.info("===s3===上传文件记录:accessKeyId:{},sessionToken:{}", tempCredentials.getAccessKeyId(), tempCredentials.getSessionToken());
} catch (Exception e) {
e.printStackTrace();
} finally {
if (null != stsClient) {
stsClient.shutdown();
}
}
return result;
}
@Override
public void deleteFile(String pathAndName) {
AWSStaticCredentialsProvider credential = new AWSStaticCredentialsProvider(new BasicAWSCredentials(ossInfo.accessKeyId, ossInfo.accessKeySecret));
EndpointConfiguration endpointConfiguration = new EndpointConfiguration(ossInfo.endpoint, null);
AmazonS3 s3 = AmazonS3ClientBuilder.standard().withCredentials(credential).withEndpointConfiguration(endpointConfiguration).build();
try {
s3.deleteObject(ossInfo.bucketName, ossInfo.bucketName + pathAndName);
} finally {
s3.shutdown();
}
}
}
objectstorage.type: s3
s3:
endpoint: s3.us-east-1.amazonaws.com
access-key-id: 您的公钥AKIAXZXXXX2GMAJVNUS
access-key-secret: 您的秘钥CGNF3NQl4d0zvDuGEGuBsW9OS
bucket-name: xhh-test-bucket
root-directory: xhh/export
region: us-east-1