diff --git a/solon-cloud-file/file-s3-solon-cloud-plugin/src/main/java/org/noear/solon/cloud/extend/file/s3/service/CloudFileServiceOfS3SdkImpl.java b/solon-cloud-file/file-s3-solon-cloud-plugin/src/main/java/org/noear/solon/cloud/extend/file/s3/service/CloudFileServiceOfS3SdkImpl.java
index 27d1698da8752e54b7aca294e7d2dbea058aec43..12f1efb01e2e3e15723ef8fcac965f7ea9b49655 100644
--- a/solon-cloud-file/file-s3-solon-cloud-plugin/src/main/java/org/noear/solon/cloud/extend/file/s3/service/CloudFileServiceOfS3SdkImpl.java
+++ b/solon-cloud-file/file-s3-solon-cloud-plugin/src/main/java/org/noear/solon/cloud/extend/file/s3/service/CloudFileServiceOfS3SdkImpl.java
@@ -7,16 +7,25 @@ import org.noear.solon.cloud.model.Media;
 import org.noear.solon.cloud.service.CloudFileService;
 import org.noear.solon.core.Props;
 import org.noear.solon.core.handle.Result;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.core.ResponseInputStream;
 import software.amazon.awssdk.core.sync.RequestBody;
+import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.s3.S3Client;
 import software.amazon.awssdk.services.s3.model.*;
+import software.amazon.awssdk.services.s3.presigner.S3Presigner;
+import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest;
+
+import java.net.URI;
 import java.net.URL;
+import java.time.Duration;
 import java.util.Date;
 
 public class CloudFileServiceOfS3SdkImpl implements CloudFileService {
     private final String bucketDef;
     private final S3Client client;
+    private final S3Presigner s3Presigner;
 
     public S3Client getClient() {
         return client;
@@ -25,11 +34,7 @@ public class CloudFileServiceOfS3SdkImpl implements CloudFileService {
     public CloudFileServiceOfS3SdkImpl(String bucketDef, Props props) {
         this.bucketDef = bucketDef;
         this.client = BucketUtils.createClient(props);
-    }
-
-    public CloudFileServiceOfS3SdkImpl(String bucketDef, S3Client client) {
-        this.bucketDef = bucketDef;
-        this.client = client;
+        this.s3Presigner = BucketUtils.createClientPresigner(props);
     }
 
     @Override
@@ -60,12 +65,17 @@ public class CloudFileServiceOfS3SdkImpl implements CloudFileService {
         }
 
         try {
-            GetUrlRequest getObjectRequest = GetUrlRequest.builder()
+            GetObjectRequest getObjectRequest = GetObjectRequest.builder()
                     .bucket(bucket)
                     .key(key)
                     .build();
 
-            URL url = client.utilities().getUrl(getObjectRequest);
+            GetObjectPresignRequest presignRequest = GetObjectPresignRequest.builder()
+                    .getObjectRequest(getObjectRequest)
+                    .signatureDuration(Duration.between(new Date().toInstant(), expiration.toInstant()))
+                    .build();
+
+            URL url = s3Presigner.presignGetObject(presignRequest).url();
             return url != null ? url.toString() : null;
         } catch (Exception e) {
             throw new CloudFileException(e);
diff --git a/solon-cloud-file/file-s3-solon-cloud-plugin/src/main/java/org/noear/solon/cloud/extend/file/s3/utils/BucketUtils.java b/solon-cloud-file/file-s3-solon-cloud-plugin/src/main/java/org/noear/solon/cloud/extend/file/s3/utils/BucketUtils.java
index 1d77237a755e559a6e2b31e78d37d5dbdb62c2d9..443b79439794eeffb023deba6fadb0884b6ddcf5 100644
--- a/solon-cloud-file/file-s3-solon-cloud-plugin/src/main/java/org/noear/solon/cloud/extend/file/s3/utils/BucketUtils.java
+++ b/solon-cloud-file/file-s3-solon-cloud-plugin/src/main/java/org/noear/solon/cloud/extend/file/s3/utils/BucketUtils.java
@@ -1,6 +1,7 @@
 package org.noear.solon.cloud.extend.file.s3.utils;
 
 import org.noear.solon.Utils;
+import org.noear.solon.core.Props;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.regions.Region;
@@ -8,6 +9,8 @@ import software.amazon.awssdk.services.s3.S3Client;
 import software.amazon.awssdk.services.s3.S3ClientBuilder;
 import software.amazon.awssdk.services.s3.S3Configuration;
 import software.amazon.awssdk.services.s3.model.*;
+import software.amazon.awssdk.services.s3.presigner.S3Presigner;
+
 import java.net.URI;
 import java.util.Properties;
 
@@ -38,27 +41,58 @@ public class BucketUtils {
         }
 
         if (Utils.isNotBlank(accessKey) && Utils.isNotBlank(secretKey)) {
-            return createClient(endpoint, regionId, accessKey, secretKey);
+            AwsBasicCredentials credentials = AwsBasicCredentials.create(accessKey, secretKey);
+            StaticCredentialsProvider credentialsProvider = StaticCredentialsProvider.create(credentials);
+            S3ClientBuilder builder = S3Client.builder()
+                    .credentialsProvider(credentialsProvider)
+                    .serviceConfiguration(S3Configuration.builder()
+                            .pathStyleAccessEnabled(true)
+                            .build())
+                    .region(Region.of(regionId));
+            if (Utils.isNotEmpty(endpoint)) {
+                URI endpointUri = URI.create(endpoint);
+                builder.endpointOverride(endpointUri);
+            }
+            return builder.build();
         }
 
         // Use the default provider chain if no credentials are explicitly provided
         return S3Client.builder().build();
     }
 
-    public static S3Client createClient(String endpoint, String regionId, String accessKey, String secretKey) {
-        AwsBasicCredentials credentials = AwsBasicCredentials.create(accessKey, secretKey);
-        StaticCredentialsProvider credentialsProvider = StaticCredentialsProvider.create(credentials);
-        S3ClientBuilder builder = S3Client.builder()
-                .credentialsProvider(credentialsProvider)
-                .serviceConfiguration(S3Configuration.builder()
-                        .pathStyleAccessEnabled(true)
-                        .build())
-                .region(Region.of(regionId));
-        if (Utils.isNotEmpty(endpoint)) {
-            URI endpointUri = URI.create(endpoint);
-            builder.endpointOverride(endpointUri);
+
+    public static S3Presigner createClientPresigner(Props props) {
+        String endpoint = props.getProperty("endpoint", "");
+        String regionId = props.getProperty("regionId", "");
+
+        String accessKey = props.getProperty("accessKey");
+        String secretKey = props.getProperty("secretKey");
+
+        if (accessKey == null) {
+            accessKey = props.getProperty("username");
         }
-        return builder.build();
+
+        if (secretKey == null) {
+            secretKey = props.getProperty("password");
+        }
+
+        if (Utils.isNotBlank(accessKey) && Utils.isNotBlank(secretKey)) {
+            AwsBasicCredentials credentials = AwsBasicCredentials.create(accessKey, secretKey);
+            StaticCredentialsProvider credentialsProvider = StaticCredentialsProvider.create(credentials);
+            S3Presigner.Builder builder = S3Presigner.builder()
+                    .credentialsProvider(credentialsProvider)
+                    .serviceConfiguration(S3Configuration.builder()
+                            .pathStyleAccessEnabled(true)
+                            .build())
+                    .region(Region.of(regionId));
+            if (Utils.isNotEmpty(endpoint)) {
+                URI endpointUri = URI.create(endpoint);
+                builder.endpointOverride(endpointUri);
+            }
+            return builder.build();
+
+        }
+        return S3Presigner.builder().build();
     }
 
     /**
@@ -143,4 +177,5 @@ public class BucketUtils {
         builder.append("/*\"\n}\n],\n\"Version\": \"2012-10-17\"\n}\n");
         return builder.toString();
     }
+
 }