[
](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html)
minio信息定义
private final String endpoint = "http://192.168.3.15:9000";
private final String accessKey = "minioadmin";
private final String accessSecret = "minioadmin";
private final String bucket = "test";
private final String policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::*\"]}]}";
sts token访问策略(policy)定义:
Action字段指的是策略生效的动作
Resource字指的是当前生效的资源
STS token获取
https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
AssumeRoleProvider assumeRoleProvider = new AssumeRoleProvider(endpoint, accessKey, accessSecret, 1000, policy, "", "", null, null, null);
// 访问凭证获取
io.minio.credentials.Credentials fetch = assumeRoleProvider.fetch();
// 使用临时凭证上传文件
File file = new File("/home/blue/屏幕截图 2021-10-28 110843.png");
MinioClient minioClient = MinioClient.builder().endpoint(endpoint)
.credentialsProvider(assumeRoleProvider)
.build();
InputStream fileInputStream = new FileInputStream(file);
PutObjectArgs putObjectArgs = PutObjectArgs.builder()
.bucket(bucket)
.object("test_demo/aaa.png")
.region("us-east-1") // 必须加region参数,不加是会返回access deny错误
.stream(fileInputStream, fileInputStream.available(), -1)
.build();
ObjectWriteResponse objectWriteResponse = minioClient.putObject(putObjectArgs);
System.out.println(objectWriteResponse);
临时访问地址获取
Method method = Method.GET;
Map<String,String> headers = new HashMap<>();
headers.put("contentType", ContentType.APPLICATION_OCTET_STREAM.getMimeType());
MinioClient minioClient = MinioClient.builder().endpoint(endpoint).credentials(accessKey, accessSecret).build();
GetPresignedObjectUrlArgs args = GetPresignedObjectUrlArgs.builder()
.method(method)
.expiry(10 * 60 * 1000, TimeUnit.MILLISECONDS)
.bucket(bucket)
.object(path) // bucket下资源的全路径地址
.extraHeaders(headers)
.build();
// 临时访问地址
String url = minioClient.getPresignedObjectUrl(args);