Customer SupportGet Expert Help
Skip to main content

Access Private Objects Using Presigned URLs

For private objects stored in OSS, use a presigned URL to grant temporary access without modifying bucket or object permissions. The following steps demonstrate how to generate and use a presigned URL with the AWS SDK for Java (v2).

Steps:

  1. Initialise S3Presigner

    Create an S3Presigner instance with the required credentials, region, and OSS endpoint:

    public S3Presigner createS3Presigner() {
        AwsBasicCredentials awsCredentials = AwsBasicCredentials.create("accessKeyId", "secretAccessKey");

        return S3Presigner.builder()
                .serviceConfiguration(S3Configuration.builder().pathStyleAccessEnabled(true).build())
                .region(Region.of("default"))
                .endpointOverride(URI.create("Access Endpoint"))
                .credentialsProvider(StaticCredentialsProvider.create(awsCredentials))
                .build();
    }

  2. Generate a Presigned URL

    Generate a presigned URL valid for a specific duration (e.g., 10 minutes):

    public String createPresignedGetUrl(String bucketName, String keyName) {
        try (S3Presigner presigner = S3Presigner.create()) {

            GetObjectRequest objectRequest = GetObjectRequest.builder()
                    .bucket(bucketName)
                    .key(keyName)
                    .build();

            GetObjectPresignRequest presignRequest = GetObjectPresignRequest.builder()
                    .signatureDuration(Duration.ofMinutes(10))
                    .getObjectRequest(objectRequest)
                    .build();

            PresignedGetObjectRequest presignedRequest = presigner.presignGetObject(presignRequest);
            return presignedRequest.url().toExternalForm();
        }
    }

  3. Access the Object

    Use a standard HTTP client to access the object with the presigned URL:

    public byte[] useHttpUrlConnectionToGet(String presignedUrlString) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();

        try {
            URL presignedUrl = new URL(presignedUrlString);
            HttpURLConnection connection = (HttpURLConnection) presignedUrl.openConnection();
            connection.setRequestMethod("GET");

            try (InputStream content = connection.getInputStream()) {
                IoUtils.copy(content, byteArrayOutputStream);
            }

        } catch (S3Exception | IOException e) {
            logger.error(e.getMessage(), e);
        }

        return byteArrayOutputStream.toByteArray();
    }