上传示例 (AWS Signature Version 2)
注意
本节中讨论的请求身份验证基于 AWS Signature Version 2,这是一种对 AWS 服务的入站 API 请求进行身份验证的协议。
Amazon S3 现在在所有 AWS 区域 支持 Signature Version 4,后者是一种用于对 AWS 服务入站 API 请求进行身份验证的协议。目前,于 2014 年 1 月 30 日前创建的 AWS 区域 将继续支持之前的协议:Signature Version 2。于 2014 年 1 月 30 日后创建的所有新区域将只支持 Signature Version 4,因此,发往这些区域的所有请求都必须采用 Signature Version 4。有关更多信息,请参阅《Amazon Simple Storage Service API 参考》中的示例:使用 HTTP POST 的基于浏览器的上传(使用 AWS Signature Version 4)。
文件上传
此示例演示构造用于上传文件附件的策略和表单的完整过程。
策略和表单构建
以下策略支持针对 awsexamplebucket1 存储桶上传到 Amazon S3。
{ "expiration": "2007-12-01T12:00:00.000Z", "conditions": [ {"bucket": "awsexamplebucket1"}, ["starts-with", "$key", "user/eric/"], {"acl": "public-read"}, {"success_action_redirect": "https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html"}, ["starts-with", "$Content-Type", "image/"], {"x-amz-meta-uuid": "14365123651274"}, ["starts-with", "$x-amz-meta-tag", ""] ] }
此策略要求以下内容:
-
上传必须在 2007 年 12 月 1 日 12:00 UTC 之前进行。
-
内容必须上传到 awsexamplebucket1 存储桶。
-
键必须以“user/eric/”开头。
-
ACL 必须设置为公共读取。
-
success_action_redirect 设置为 https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html。
-
对象是一个图像文件。
-
x-amz-meta-uuid 标签必须设置为 14365123651274。
-
x-amz-meta-tag 可以包含任意值。
下面是此策略的 Base64 编码版本。
eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci9lcmljLyJdLAogICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwKICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL2pvaG5zbWl0aC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwKICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwKICAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXQogIF0KfQo=
使用您的凭证创建签名,例如 0RavWzkygo6QX9caELEqKi9kDbU=
是先前的策略文档的签名。
以下表单支持针对使用此策略的 DOC-EXAMPLE-BUCKET 桶提出的 POST 请求。
<html> <head> ... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> ... </head> <body> ... <form action="https://DOC-EXAMPLE-BUCKET.s3.us-west-1.amazonaws.com/" method="post" enctype="multipart/form-data"> Key to upload: <input type="input" name="key" value="user/eric/" /><br /> <input type="hidden" name="acl" value="public-read" /> <input type="hidden" name="success_action_redirect" value="https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html" /> Content-Type: <input type="input" name="Content-Type" value="image/jpeg" /><br /> <input type="hidden" name="x-amz-meta-uuid" value="14365123651274" /> Tags for File: <input type="input" name="x-amz-meta-tag" value="" /><br /> <input type="hidden" name="AWSAccessKeyId" value="AKIAIOSFODNN7EXAMPLE" /> <input type="hidden" name="Policy" value="POLICY" /> <input type="hidden" name="Signature" value="SIGNATURE" /> File: <input type="file" name="file" /> <br /> <!-- The elements after this will be ignored --> <input type="submit" name="submit" value="Upload to Amazon S3" /> </form> ... </html>
示例请求
此请求假设上传的图像为 117,108 字节;不包括图像数据。
POST / HTTP/1.1 Host: awsexamplebucket1.s3.us-west-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Content-Type: multipart/form-data; boundary=9431149156168 Content-Length: 118698 --9431149156168 Content-Disposition: form-data; name="key" user/eric/MyPicture.jpg --9431149156168 Content-Disposition: form-data; name="acl" public-read --9431149156168 Content-Disposition: form-data; name="success_action_redirect" https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html --9431149156168 Content-Disposition: form-data; name="Content-Type" image/jpeg --9431149156168 Content-Disposition: form-data; name="x-amz-meta-uuid" 14365123651274 --9431149156168 Content-Disposition: form-data; name="x-amz-meta-tag" Some,Tag,For,Picture --9431149156168 Content-Disposition: form-data; name="AWSAccessKeyId" AKIAIOSFODNN7EXAMPLE --9431149156168 Content-Disposition: form-data; name="Policy" eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci9lcmljLyJdLAogICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwKICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL2pvaG5zbWl0aC5zMy5hbWF6b25hd3MuY29tL3N1Y2Nlc3NmdWxfdXBsb2FkLmh0bWwifSwKICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwKICAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXQogIF0KfQo= --9431149156168 Content-Disposition: form-data; name="Signature" 0RavWzkygo6QX9caELEqKi9kDbU= --9431149156168 Content-Disposition: form-data; name="file"; filename="MyFilename.jpg" Content-Type: image/jpeg ...file content... --9431149156168 Content-Disposition: form-data; name="submit" Upload to Amazon S3 --9431149156168--
示例响应
HTTP/1.1 303 Redirect x-amz-request-id: 1AEE782442F35865 x-amz-id-2: cxzFLJRatFHy+NGtaDFRR8YvI9BHmgLxjvJzNiGGICARZ/mVXHj7T+qQKhdpzHFh Content-Type: application/xml Date: Wed, 14 Nov 2007 21:21:33 GMT Connection: close Location: https://awsexamplebucket1.s3.us-west-1.amazonaws.com/successful_upload.html?bucket=awsexamplebucket1&key=user/eric/MyPicture.jpg&etag="39d459dfbc0faabbb5e179358dfb94c3" Server: AmazonS3
文本区域上传
以下示例演示构造策略和表单以上传文本区域的完整过程。上传文本区域对于提交用户创建的内容 (如博客文章) 十分有用。
策略和表单构建
以下策略支持针对 awsexamplebucket1 存储桶将文本区域上传到 Amazon S3。
{ "expiration": "2007-12-01T12:00:00.000Z", "conditions": [ {"bucket": "awsexamplebucket1"}, ["starts-with", "$key", "user/eric/"], {"acl": "public-read"}, {"success_action_redirect": "https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html"}, ["eq", "$Content-Type", "text/html"], {"x-amz-meta-uuid": "14365123651274"}, ["starts-with", "$x-amz-meta-tag", ""] ] }
此策略要求以下内容:
-
上传必须在 2007 年 12 月 1 日 12:00 GMT 之前进行。
-
内容必须上传到 awsexamplebucket1 存储桶。
-
键必须以“user/eric/”开头。
-
ACL 必须设置为公共读取。
-
success_action_redirect 设置为 https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html。
-
对象是 HTML 文本。
-
x-amz-meta-uuid 标签必须设置为 14365123651274。
-
x-amz-meta-tag 可以包含任意值。
下面是此策略的 Base64 编码版本。
eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXR pb25zIjogWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci9lcmljLyJd LAogICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwKICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL2pvaG5zbWl0a C5zMy5hbWF6b25hd3MuY29tL25ld19wb3N0Lmh0bWwifSwKICAgIFsiZXEiLCAiJENvbnRlbnQtVHlwZSIsICJ0ZXh0L2h0bWwiXSwKI CAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZy IsICIiXQogIF0KfQo=
使用您的凭证创建签名。例如,qA7FWXKq6VvU68lI9KdveT1cWgF=
是先前的策略文档的签名。
以下表单支持针对使用此策略的 DOC-EXAMPLE-BUCKET 桶提出的 POST 请求。
<html> <head> ... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> ... </head> <body> ... <form action="https://DOC-EXAMPLE-BUCKET.s3.us-west-1.amazonaws.com/" method="post" enctype="multipart/form-data"> Key to upload: <input type="input" name="key" value="user/eric/" /><br /> <input type="hidden" name="acl" value="public-read" /> <input type="hidden" name="success_action_redirect" value="https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html" /> <input type="hidden" name="Content-Type" value="text/html" /> <input type="hidden" name="x-amz-meta-uuid" value="14365123651274" /> Tags for File: <input type="input" name="x-amz-meta-tag" value="" /><br /> <input type="hidden" name="AWSAccessKeyId" value="AKIAIOSFODNN7EXAMPLE" /> <input type="hidden" name="Policy" value="POLICY" /> <input type="hidden" name="Signature" value="SIGNATURE" /> Entry: <textarea name="file" cols="60" rows="10"> Your blog post goes here. </textarea><br /> <!-- The elements after this will be ignored --> <input type="submit" name="submit" value="Upload to Amazon S3" /> </form> ... </html>
示例请求
此请求假设上传的图像为 117,108 字节;不包括图像数据。
POST / HTTP/1.1 Host: awsexamplebucket1.s3.us-west-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Content-Type: multipart/form-data; boundary=178521717625888 Content-Length: 118635 -178521717625888 Content-Disposition: form-data; name="key" ser/eric/NewEntry.html --178521717625888 Content-Disposition: form-data; name="acl" public-read --178521717625888 Content-Disposition: form-data; name="success_action_redirect" https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html --178521717625888 Content-Disposition: form-data; name="Content-Type" text/html --178521717625888 Content-Disposition: form-data; name="x-amz-meta-uuid" 14365123651274 --178521717625888 Content-Disposition: form-data; name="x-amz-meta-tag" Interesting Post --178521717625888 Content-Disposition: form-data; name="AWSAccessKeyId" AKIAIOSFODNN7EXAMPLE --178521717625888 Content-Disposition: form-data; name="Policy" eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRrZXkiLCAidXNlci9lcmljLyJdLAogICAgeyJhY2wiOiAicHVibGljLXJlYWQifSwKICAgIHsic3VjY2Vzc19hY3Rpb25fcmVkaXJlY3QiOiAiaHR0cDovL2pvaG5zbWl0aC5zMy5hbWF6b25hd3MuY29tL25ld19wb3N0Lmh0bWwifSwKICAgIFsiZXEiLCAiJENvbnRlbnQtVHlwZSIsICJ0ZXh0L2h0bWwiXSwKICAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXQogIF0KfQo= --178521717625888 Content-Disposition: form-data; name="Signature" qA7FWXKq6VvU68lI9KdveT1cWgF= --178521717625888 Content-Disposition: form-data; name="file" ...content goes here... --178521717625888 Content-Disposition: form-data; name="submit" Upload to Amazon S3 --178521717625888--
示例响应
HTTP/1.1 303 Redirect x-amz-request-id: 1AEE782442F35865 x-amz-id-2: cxzFLJRatFHy+NGtaDFRR8YvI9BHmgLxjvJzNiGGICARZ/mVXHj7T+qQKhdpzHFh Content-Type: application/xml Date: Wed, 14 Nov 2007 21:21:33 GMT Connection: close Location: https://awsexamplebucket1.s3.us-west-1.amazonaws.com/new_post.html?bucket=awsexamplebucket1&key=user/eric/NewEntry.html&etag=40c3271af26b7f1672e41b8a274d28d4 Server: AmazonS3