com.aliyuncs.sts.model.v20150401.AssumeRoleResponse.Credentials Java Examples

The following examples show how to use com.aliyuncs.sts.model.v20150401.AssumeRoleResponse.Credentials. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: FunctionComputeClientTest.java    From fc-java-sdk with MIT License 6 votes vote down vote up 
public FunctionComputeClient overrideFCClient(boolean useSts, boolean useHttps)
    throws com.aliyuncs.exceptions.ClientException {
    if (useSts) {
        Credentials creds = getAssumeRoleCredentials(null);
        FunctionComputeClient fcClient = new FunctionComputeClient(
            new Config(REGION, ACCOUNT_ID,
                creds.getAccessKeyId(), creds.getAccessKeySecret(), creds.getSecurityToken(),
                useHttps));

        if (!Strings.isNullOrEmpty(ENDPOINT)) {
            fcClient.setEndpoint(ENDPOINT);
        }

        return fcClient;
    }
    return new FunctionComputeClient(new Config(REGION, ACCOUNT_ID,
        ACCESS_KEY, SECRET_KEY, null, useHttps));
}
Example #2
Source File: FunctionComputeClientTest.java    From fc-java-sdk with MIT License 6 votes vote down vote up 
@Test
public void testCreateServiceStsTokenNoPassRole()
    throws com.aliyuncs.exceptions.ClientException {
    // Use a policy that does not have ram:PassRole, this policy will intersect with the role policy
    // Access denied is expected if using STS without PassRole allowed
    // Policy intersection doc: https://help.aliyun.com/document_detail/31935.html
    String policy = "{\"Version\": \"1\",\"Statement\": [{\"Effect\": \"Allow\",\"Action\": [\"fc:*\"],\"Resource\": [\"*\"]}]}";
    Credentials creds = getAssumeRoleCredentials(policy);
    client = new FunctionComputeClient(new Config(REGION, ACCOUNT_ID,
        creds.getAccessKeyId(), creds.getAccessKeySecret(), creds.getSecurityToken(),
        false));

    try {
        createService(SERVICE_NAME);
        fail("ClientException is expected");
    } catch (ClientException e) {
        assertTrue(e.getErrorMessage(), e.getErrorMessage()
            .contains("the caller is not authorized to perform 'ram:PassRole'"));
    }
}
Example #3
Source File: FunctionComputeClientTest.java    From fc-java-sdk with MIT License 5 votes vote down vote up 
private Credentials getAssumeRoleCredentials(String policy)
    throws com.aliyuncs.exceptions.ClientException {
    IClientProfile profile = DefaultProfile
        .getProfile(REGION, ACCESS_KEY, SECRET_KEY);
    //DefaultProfile.addEndpoint("sts.us-west-1.aliyuncs.com", "us-west-1", "Sts", "sts.us-west-1.aliyuncs.com");
    DefaultAcsClient client = new DefaultAcsClient(profile);

    AssumeRoleRequest request = new AssumeRoleRequest();
    request.setVersion(STS_API_VERSION);
    request.setMethod(MethodType.POST);
    request.setProtocol(ProtocolType.HTTPS);
    request.setRoleArn(STS_ROLE);
    request.setRoleSessionName("test-session");
    if (policy != null) {
        request.setPolicy(policy);
    }

    AssumeRoleResponse stsResponse;
    try {
        stsResponse = client.getAcsResponse(request);
    } catch (com.aliyuncs.exceptions.ClientException e) {
        throw new RuntimeException(e);
    }

    String accessKey = stsResponse.getCredentials().getAccessKeyId();
    String secretKey = stsResponse.getCredentials().getAccessKeySecret();
    String stsToken = stsResponse.getCredentials().getSecurityToken();

    assertNotNull(accessKey);
    assertNotNull(secretKey);
    assertNotNull(stsToken);

    return stsResponse.getCredentials();
}
Example #4
Source File: OSS.java    From wangmarket with Apache License 2.0 5 votes vote down vote up 
/**
 * 创建 授权于OSS GetObject、PutObject 权限的临时账户(此只是针对 {@link OSSUtil#createSTS(String, String)}的简化 )
 * @return {@link Credentials}
 */
public static CredentialsVO createGetAndPutObjectSTS() {
	String policy = "{\n" +
			"    \"Version\": \"1\", \n" +
			"    \"Statement\": [\n" +
			"        {\n" +
			"            \"Action\": [\n" +
			"                \"oss:PutObject\", \n" +
			"                \"oss:GetObject\" \n" +
			"            ], \n" +
			"            \"Resource\": [\n" +
			"                \"acs:oss:*:*:*\"\n" +
			"            ], \n" +
			"            \"Effect\": \"Allow\"\n" +
			"        }\n" +
			"    ]\n" +
			"}";
	String id = "";
	if(ShiroFunc.getUser() == null){
		id = Lang.uuid();
	}else{
		id = "user"+ShiroFunc.getUser().getId();
	}
	
	Credentials credentials = OSSUtil.createSTS(id, policy);
	CredentialsVO cVO = new CredentialsVO();
	if(credentials == null){
		cVO.setBaseVO(com.xnx3.BaseVO.FAILURE, "创建失败");
	}else{
		cVO.setAccessKeyId(credentials.getAccessKeyId());
		cVO.setAccessKeySecret(credentials.getAccessKeySecret());
		cVO.setExpiration(credentials.getExpiration());
		cVO.setSecurityToken(credentials.getSecurityToken());
	}
	
	return cVO;
}
Example #5
Source File: OSSUtil.java    From xnx3 with Apache License 2.0 4 votes vote down vote up 
/**
	 * STS 授权给第三方上传,获得临时访问凭证
	 * @param roleSessionName 临时Token的会话名称,自己指定用于标识你的用户,主要用于审计,或者用于区分Token颁发给谁
	 * 							<br/>注意RoleSessionName的长度和规则,不要有空格,只能有'-' '_' 字母和数字等字符
	 * 							<br/>具体规则请参考API文档中的格式要求
	 * 							<br/>如:alice-001
	 * @param policy RAM和STS授权策略,详细参考 <a href="https://help.aliyun.com/document_detail/31867.html">https://help.aliyun.com/document_detail/31867.html</a>
	 * 			<pre>
	 * 				{
	 * 					"Version": "1",
	 * 					"Statement": [
	 * 						{
	 * 							"Action": [
	 * 								"oss:PutObject", 
	 * 								"oss:GetObject"
	 * 							], 
	 * 							"Resource": [
	 * 								"acs:oss:*:*:*"
	 * 							], 
	 * 							"Effect": "Allow",
	 * 							"Condition": {
	 * 								"IpAddress": {
	 * 									"acs:SourceIp": "192.168.0.*"	//指定ip网段,支持*通配
	 * 								}
	 * 							}
	 * 						}
	 * 					]
	 * 				}
	 * 			</pre>
	 * @return 成功,返回 {@link Credentials} ,失败返回null
	 */
	public static Credentials createSTS(String roleSessionName,String policy){
		String accessKeyId = OSSUtil.accessKeyId;
	    String accessKeySecret = OSSUtil.accessKeySecret;
	    // AssumeRole API 请求参数: RoleArn, RoleSessionName, Policy, and DurationSeconds
	    // RoleArn 需要在 RAM 控制台上获取
//	    String roleArn = "acs:ram::1080155601964967:role/aliyunosstokengeneratorrole";
	    // RoleSessionName 是临时Token的会话名称,自己指定用于标识你的用户,主要用于审计,或者用于区分Token颁发给谁
	    // 但是注意RoleSessionName的长度和规则,不要有空格,只能有'-' '_' 字母和数字等字符
	    // 具体规则请参考API文档中的格式要求
//		String roleSessionName = "alice-001";
	    // 如何定制你的policy?
//		    String policy = "{\n" +
//		            "    \"Version\": \"1\", \n" +
//		            "    \"Statement\": [\n" +
//		            "        {\n" +
//		            "            \"Action\": [\n" +
//		            "                \"oss:GetBucket\", \n" +
//		            "                \"oss:GetObject\" \n" +
//		            "            ], \n" +
//		            "            \"Resource\": [\n" +
//		            "                \"acs:oss:*:*:*\"\n" +
//		            "            ], \n" +
//		            "            \"Effect\": \"Allow\"\n" +
//		            "        }\n" +
//		            "    ]\n" +
//		            "}";
	    // 此处必须为 HTTPS
	    ProtocolType protocolType = ProtocolType.HTTPS;
	    try {
	    	AssumeRoleResponse response = assumeRole(accessKeyId, accessKeySecret,roleArn, roleSessionName, policy, protocolType);
	    	Credentials credentials = response.getCredentials();
	    	return credentials;
	    } catch (ClientException e) {
	    	e.printStackTrace();
	    	System.out.println("Failed to get a token.");
	    	System.out.println("Error code: " + e.getErrCode());
	    	System.out.println("Error message: " + e.getErrMsg());
	    }
	    return null;
	}