oss 获取临时凭证 工具类
package com.chuanyi.ecard.utils; import com.aliyuncs.DefaultAcsClient; import com.aliyuncs.exceptions.ClientException; import com.aliyuncs.http.MethodType; import com.aliyuncs.profile.DefaultProfile; import com.aliyuncs.profile.IClientProfile; import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest; import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse; import com.chuanyi.ecard.exception.RequestFailException; /** * oss 授权工具 * @author Admin * */ public class OssStsUtils { private static String endpoint = "sts.aliyuncs.com"; private static String accessKeyId = "***"; private static String accessKeySecret = "***"; private static String roleArn = "***"; /** * 获取 admin oss的 临时凭证 * @param roleSessionName 表示当前零时凭证给谁用,一般是用户名 * @return */ public static AssumeRoleResponse.Credentials getAdminOssCredentials(String roleSessionName) { String policy = "{\r\n" + " \"Statement\": [{\r\n" + " \"Action\": \"oss:*\",\r\n" + " \"Effect\": \"Allow\",\r\n" + " \"Resource\": [\"acs:oss:*:*:test-tfmm\", \"acs:oss:*:*:test-tfmm/*\"]\r\n" + " }],\r\n" + " \"Version\": \"1\"\r\n" + "}"; long expired = 1800L; return getOssRoleResponse(endpoint, accessKeyId, accessKeySecret, roleArn, roleSessionName, policy, expired).getCredentials(); } private static AssumeRoleResponse getOssRoleResponse(String endpoint,String accessKeyId,String accessKeySecret,String roleArn,String roleSessionName ,String policy,long expired ) { try { // 添加endpoint(直接使用STS endpoint,前两个参数留空,无需添加region ID) DefaultProfile.addEndpoint("", "", "Sts", endpoint); // 构造default profile(参数留空,无需添加region ID) IClientProfile profile = DefaultProfile.getProfile("", accessKeyId, accessKeySecret); // 用profile构造client DefaultAcsClient client = new DefaultAcsClient(profile); final AssumeRoleRequest request = new AssumeRoleRequest(); request.setMethod(MethodType.POST); request.setRoleArn(roleArn); request.setRoleSessionName(roleSessionName); request.setPolicy(policy); // 若policy为空,则用户将获得该角色下所有权限 request.setDurationSeconds( expired ); // 设置凭证有效时间 final AssumeRoleResponse response = client.getAcsResponse(request); return response; } catch (ClientException e) { throw new RequestFailException( e.getLocalizedMessage() ); } } }
需要注意的 是 endpoint 不是 oss 的 endpoint 而是 sts 的 endpoint 。 如果是 用好了 oss 的 endpoint 或一直报错 buket not exits ;
能耍的时候就一定要耍,不能耍的时候一定要学。
--天道酬勤,贵在坚持posted on 2020-08-04 12:27 zhangyukun 阅读(859) 评论(0) 编辑 收藏 举报