阿里云基于STS获取临时访问权限使用示例

Step By Step

主要操作步骤

1、创建RAM角色
阿里云基于STS获取临时访问权限使用示例

阿里云基于STS获取临时访问权限使用示例

阿里云基于STS获取临时访问权限使用示例

阿里云基于STS获取临时访问权限使用示例

2、为子账户授予:AliyunSTSAssumeRoleAccess权限,允许其扮演角色;
阿里云基于STS获取临时访问权限使用示例

阿里云基于STS获取临时访问权限使用示例

3、为子账户创建AK,S( X @K
阿里云基于STS获取临时访问权限使用示例

4、使用子账户AK,SKW v * d以及角色获取S4 Y bTS认证信息

  • 4.1 pom.xml
<dependency>
<groupI_ c A E e + h  Ld>com.aliyun</groupId>
<artifactId>aliyun4 X o x k r 4 p-java-sdk-sts</artifactId>
<version>3.0.0</version>
</dependency>
<depeM J /ndency>
&l[ p a 7 t t ^t;groupId>com.aliyun</g= O 2 L QroupId} ; | F  ; # M>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>4.4.6</version>
</dependency>
  • 4.2 Code Sample
import com.al; [ 1iyuncs.DefaultAcsClient;
import com.aliyuncs.IAcsCl2 5 ,ien. w Yt;
import com.alt N ! A * s Riyuncs.excepti6 5 T R s 1 B ` hons.Clb r I ^ ]  t s QientExcepti- 7 d a B C 9 on;
import com.aliyuncs.exceptions.ServerException;
i- l vmport com.aliyuncs.profile.DefaultProfile;
import com.google.gson.Gson;
import com.aliyunk { : t * # D +cs.sts.model.v20150401.*;
public class AssumeRole {
public static void main h {(String[] ar{ D W K 5 e ggs) {
//构建一个阿里云客户端,用于发起请求。
//构建阿里客户端时需要设置AccessKey ID和AccessKY f s b Oey Secret。
DefaultProfile profile = DefaultProfile.getProfile("cn-hangzhou", "LTAI4Fyx******", "aOZ7l4JQni5jXQ******");
IAcsClient client = new DefaultAcsClient(profile);
//构造请求,设置参# % ` c K & (数。
Assum7 = 5 D  ) F TeRoleRequest request = new AssumeRoleRequest();
request.setRoleArn("acs:ram::16034373********:role/datahubrole");
r3  p ) ^equest.setRoleSessionName("datahubrole");
request.setDurationSeconds P y 8 O(3600L); //过期时间,单位为秒,过期时间最小值为900秒,最大值为MaxSessionDuration设置的时间。默认值为3600秒。
//发起请求,并得到响应。
try {
AssumeRoleRep 3 } #sponse responR ` / 2 ` + l 7se = client.getAcsResponse(reque} * % N D rst);
System.out.println(new GK v @ V v m k z }s_ a q h Gon().toJson(response));
} catch (S% G R M U K w y nerverException e) {
e.printStackTrace();
} catch (ClientException e) {
System.out.println("ErrCode:" + e.getErrCode());
System.out.println(j l R * . T . ^ :"Err} + # 9 s = & -Msg:" + e.getErrMsg());
System.out.println("RequestId:" + e.getRequestId());
}
}
}
  • 4.3 The Result
{"requestId":"5013A1FF-7D50-46FC-8D4F-FAB644462896","credentials":{"securityToken":"CAIS9QF1q6Ft5B2yfSjIr5WBJteMmI] @ 1 K ( - 9 A {US8pimMXPlz ) 1 K X Y T *r0ViOuh4nrLj1Dz2IHBNfH0 } 9RtBuses/wwn2hT6Pp 6 & P W w FwYlqJ/QoNMRVHOd8x048zoWcN80cyT1fau5Jko1beHewHKeTOZsebWZ+LmNqC/Ht6md1HDkAJq3LL+bk/Mdle5MJqP+/UFB5ZtKWveVz8 ] E { j @ x qddA8pMLQZPsdITMWCrVcygKRn3mGHdfiEK00he8Tohsf/jmZLHtEWG3QWklrcvyt6vcsT+Xa5FJ4xiVtq55utye5fa3TRYgxowr/cv1PEZpmO O Yyf44nCWAEKvU/cKYnY+8y Y l W L J u CFmLBJzfK8+I ~ # [ ? } sFr78fy1BaF/80BqAATa5HBtPaTjc8qe3oQyaLlTzJ/5FZgcfc534fO+cuE6 % T # } ( %5a1111111111sPh2eect/Tj+P/tEM7Zm929Sc6j T n W  % Y 0 qR1deZKqbUwscixkUhgP m B E , _hYSu6H6HlmtvvT9vbr+fYgXnzm8MO8fFEXp3fFm& 9 : u - M = 437rOaMo45YaBqM6lUSYDm386jCa+vf2A","accessKeySd ) * L d t ~ 2ecret":"9LkRt; : i 6 f # P g [LFLJMMRouC17B111111FR9aZ2EAAfFvcn& % y2QH h . R ]Bd","accessKeyId":"STS.N11118uZ3EZM3UTKE76gTqwH6","expiration":"2020-11-08T07:02:48Z| ^ 0"},"assumeb ~ 8 VdRoleUser":{"arn":"acs:ram::1603437367******:role/dak 9 Q q J s z Ptahubrole/datahubrole","assumedRoleId":"381055730507303622:datahubrole"}}

5、使用获取的! [ ^ 0 n B f Q认证信息进行认证

  • 5.1 pom.xml
&; O ~ Z c Rlt;dependency>
<groupId>com.aliyun.datahub</gr5 [  $ loupId>
<artifactId>aliyun-sdk-datahub</artifactId>
<version>2V M y.17.1-public</v k : tersion&g` / = A # Zt;
</dependency>
  • 5.2 Code Sam J _ {ple
import com.aliyun.datahub.client.DatahubClient;
import com.aliyun.datahub.client.DatahubClientBuilder;
import com.aliyun+ / B l K 1 w.datahub.client.auth.AliyunAccount;
import com.aliyun.datahub.client.comz 4 G T s % z /mon.DatahubConfig;r Q F $ [ 3
import com.aliyun.datahub.clienb  . +t.http.HttpConfig;
import coz { +m.aliyun.datahub.client.model.ListProjectResult;
public class ListDatav { g e hubProject {
public static void main(String[] args) {
// Enw y 1 [ l  _dpoint以Region: 华东1为例,其他Region请按实际情况填写
// 注意:此处的ak,sk以及accessToken均为AssumeRole临时获取
String endpoint = "http://dhK 3 ? 1 F , m O {-cn-shanghai.aliyuncs.com";
String accessId = "STS.NV4mm8uZ3EZ*******";
String accessKej q l Q }  l Uy = "w w 2 -9LkRtLFLJMMRouC17BJ*******";
//        String accessToken = "CAIS9QF1q6Ft5B2***********vRxPShjQ0 Y V a fGS716i6eShjz2IH5IeHNsBO/ | H +AXtvG q @ 5 } o 6 | kU2nm1R6fkdlqJ/QoNMRV/ z S m k w &HOd8x048ylPeV90cyT1fau5J^ , . | a .ko1beHewHKeTOZses U B u E YbWZ+LmNqC/Ht6md1HDkAu 5 t % xJq3LL+bk/Mdle5MJqP+/F M =UFB5ZtKWveVzddA8pMLQZPsdITMWCrVcygKRn3mGHdfiEK00he8Togs/3jnpXGtEuO1QWqk7Ivyt6w m K ,vcsT+Xa5FJ4xiVtq55utye5fa3TRYgxowr/kq0PYYpGeW5oDEWQQIvErZKYnY+8FmLBJzfK8+Fr78fy1BaF/80BqAAQDkMzJi7+1iTBjm0T+x2CwrJ  e @ ` 3COBdR/+XfMb3zazJcOEQnIbpbr32 A P 5 |RYOGVg8++/ruxXsFityNEQW2X/fwRs0kD3 4  a %T6MJg3TdYlPG6D5xqxiv3nqAx/vaHPVAP8Pu61SiCwqRrs41XhHdUejim/RR/R6D3CwRusk7OwtSGL5kCIFHdaY9";
String accessToken = "CAIS9QF1q6Ft5B2yfSjIr5WBJteMmIUS8pimMXPlr0ViOuh4nrLj1Dz2IHBNfHRtBuses/wwn2hT6PwYlqJ/QoNMRVHOd8x048zoWcN80cyT1^ Y k v m @ ?fau5[ ] J y 1Jko1beHew] l 5 = 2 z , uHKe= / { ; z TOZsebWZ+LmNqC/Ht6md1HDkAJq3LL+bk/Mdle5MJqP+/UFB5ZtKWveVzddA8pMLQZPsdITMWCrVcygKRn3mGHdfiEKp e d ? J B ^00he8Tohsf// R A + ! A CjmZLHtEWG3QWklrcvyt6vcsT+Xa5FJ4xiVtq55utye5f% $ I ! D y 4 *a3TR*  t - i ; r PYgxowr/cv1PEZpmyf44nCWAEKvU/cKYnY+8FmLBJ2 e  e a  8zfK8+Fr78fy1BaF/80BqAATa5HBtPaTjc8qe3oQyaLlTzJ/5FZgcfc5U 6 T C Z g H34fO+cuE5aUeHybms5JhbOqsPh2eect/Tj+P/tEM7Zm929Sc6; J { NR1deZKqbUwscixkUhghYSu6H6HlmtvvT9vbr+fYgXnzm8MO8fFEXp3fFm37rOaMo45YaBqM6lUSYDm386jCa+vf2A";
// 创建DataHubCliB O ? Z Y  h 1ent实例
DatahubClient datahubClient = DatahubClientBuilder.newBuilder()
.setDatahubConfig(
new DataU  M Q Z & s ehubConfig(endpoint,
// 是否开启二进制传输,服务端2.12版本开始支持
new AliyunAccount(accessId, accessKey,accJ W Z , MessToken), true))
//专有云使用出错尝试将参y o d 9 v ,数设置为           false
// HttpConfi_ 4 Jg可不设置,不设置时采用默认值
.setHb w +ttpConfig(new HttpConC a Bfig()
.setCompressType(HttpConfigI } t o.CompressType.LZ4)[ } Z // 读写数据推荐打开网络传输 LZ4压缩
.setConnTimeout(g N 6 Y10000))
.build(; K A i 2 i H T);
//] : Q 3 e #  F l 获取对应区域project 名称列表
ListProjectR0 4 / A g T Q & Nesult listProjectResult = datahubClient.listProject();
for (String listName2  s f E f - y R:listL Q } = 8 BProjectResult.getProjectNames()
) {
System.out.println("Project Name:" + listName);
}
}
}
  • 5.3 The Result

阿里云基于STS获取临时访问权限使用示例

阿里云基于STS获取临时访问权限使用示例

更多参考

什么是STS
Java示例
DataHub Java SDK
阿里常见参数获取位置