一、web端设置桶策略
桶的创建者拥有管理桶的权限,其他未授权用户不可管理桶
桶默认可以有三种Access Policy策略:
public、custom、private
1.1、public
设置桶权限为public
不经过任何认证可以直接访问资源
1.2、custom
这种Access Policy策略是通过如下自定义Access Rules出现的
1.1.1、readonly
可以设置资源不经过授权,只能读取
1.1.2、writeonly
资源不经过授权,只能写入
1.1.3、readwrite
资源不经过授权,可读可写
1.3、private
桶设置为private后,未经授权不能进行任何操作,所有Access Rules失效
二、java程序设置桶策略
2.1、API设置桶策略
setBucketPolicy
策略json可在web端查看与编写
/**
* 设置桶策略
* @param builder 策略json
* @param bucketName 桶名称
*/
@SneakyThrows(Exception.class)
public static void createBucketPolicy(StringBuilder builder, String bucketName) {
if(builder.length()==0) builder=defaultBucketPolicy(bucketName);
minioClient.setBucketPolicy(SetBucketPolicyArgs.builder()。bucket(bucketName)。config(builder.toString())。build());
}
/**
* 获取默认桶策略
* @param bucketName
* @return
*/
private static StringBuilder defaultBucketPolicy(String bucketName){
StringBuilder builder=new StringBuilder();
builder.append("{\n" +
" \"Version\": \"2012-10-17\",\n" +
" \"Statement\": [\n" +
" {\n" +
" \"Effect\": \"Allow\",\n" +
" \"Action\": [\n" +
" \"s3:ListAllMyBuckets\",\n" +
" \"s3:ListBucket\",\n" +
" \"s3:GetBucketLocation\",\n" +
" \"s3:GetObject\",\n" +
" \"s3:PutObject\",\n" +
" \"s3:DeleteObject\"\n" +
" ],\n" +
" \"Principal\":\"*\",\n" +
" \"Resource\": [\n" +
" \"arn:aws:s3:::"+bucketName+"/*\"\n" +
" ]\n" +
" }\n" +
" ]\n" +
"}");
return builder;
}
2.2、API查看桶策略
/**
* 查看桶策略
* @param bucketName
* @return
*/
@SneakyThrows(Exception.class)
public static String queryBucketPolicy(String bucketName) {
String bucketPolicy = minioClient.getBucketPolicy(GetBucketPolicyArgs.builder()。bucket(bucketName)。build());
logger.info(bucketPolicy);
return bucketPolicy;
}
|
