Step By Step
主要操作步驟
1、創建RAM角色
2、為子賬戶授予:AliyunSTSAssumeRoleAccess權限,允許其扮演角色;
3、為子賬戶創建AK,SK
4、使用子賬戶AK,SK以及角色獲取STS認證信息
- 4.1 pom.xml
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-sts</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>4.4.6</version>
</dependency>- 4.2 Code Sample
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.IAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.exceptions.ServerException;
import com.aliyuncs.profile.DefaultProfile;
import com.google.gson.Gson;
import com.aliyuncs.sts.model.v20150401.*;
public class AssumeRole {
public static void main(String[] args) {
//構建一個阿里雲客戶端,用於發起請求。
//構建阿里雲客戶端時需要設置AccessKey ID和AccessKey Secret。
DefaultProfile profile = DefaultProfile.getProfile("cn-hangzhou", "LTAI4Fyx******", "aOZ7l4JQni5jXQ******");
IAcsClient client = new DefaultAcsClient(profile);
//構造請求,設置參數。
AssumeRoleRequest request = new AssumeRoleRequest();
request.setRoleArn("acs:ram::16034373********:role/datahubrole");
request.setRoleSessionName("datahubrole");
request.setDurationSeconds(3600L); //過期時間,單位為秒,過期時間最小值為900秒,最大值為MaxSessionDuration設置的時間。默認值為3600秒。
//發起請求,並得到響應。
try {
AssumeRoleResponse response = client.getAcsResponse(request);
System.out.println(new Gson().toJson(response));
} catch (ServerException e) {
e.printStackTrace();
} catch (ClientException e) {
System.out.println("ErrCode:" + e.getErrCode());
System.out.println("ErrMsg:" + e.getErrMsg());
System.out.println("RequestId:" + e.getRequestId());
}
}
}
- 4.3 The Result
{"requestId":"5013A1FF-7D50-46FC-8D4F-FAB644462896","credentials":{"securityToken":"CAIS9QF1q6Ft5B2yfSjIr5WBJteMmIUS8pimMXPlr0ViOuh4nrLj1Dz2IHBNfHRtBuses/wwn2hT6PwYlqJ/QoNMRVHOd8x048zoWcN80cyT1fau5Jko1beHewHKeTOZsebWZ+LmNqC/Ht6md1HDkAJq3LL+bk/Mdle5MJqP+/UFB5ZtKWveVzddA8pMLQZPsdITMWCrVcygKRn3mGHdfiEK00he8Tohsf/jmZLHtEWG3QWklrcvyt6vcsT+Xa5FJ4xiVtq55utye5fa3TRYgxowr/cv1PEZpmyf44nCWAEKvU/cKYnY+8FmLBJzfK8+Fr78fy1BaF/80BqAATa5HBtPaTjc8qe3oQyaLlTzJ/5FZgcfc534fO+cuE5a1111111111sPh2eect/Tj+P/tEM7Zm929Sc6R1deZKqbUwscixkUhghYSu6H6HlmtvvT9vbr+fYgXnzm8MO8fFEXp3fFm37rOaMo45YaBqM6lUSYDm386jCa+vf2A","accessKeySecret":"9LkRtLFLJMMRouC17B111111FR9aZ2EAAfFvcn2QBd","accessKeyId":"STS.N11118uZ3EZM3UTKE76gTqwH6","expiration":"2020-11-08T07:02:48Z"},"assumedRoleUser":{"arn":"acs:ram::1603437367******:role/datahubrole/datahubrole","assumedRoleId":"381055730507303622:datahubrole"}}5、使用獲取的認證信息進行認證
- 5.1 pom.xml
<dependency>
<groupId>com.aliyun.datahub</groupId>
<artifactId>aliyun-sdk-datahub</artifactId>
<version>2.17.1-public</version>
</dependency>- 5.2 Code Sample
import com.aliyun.datahub.client.DatahubClient;
import com.aliyun.datahub.client.DatahubClientBuilder;
import com.aliyun.datahub.client.auth.AliyunAccount;
import com.aliyun.datahub.client.common.DatahubConfig;
import com.aliyun.datahub.client.http.HttpConfig;
import com.aliyun.datahub.client.model.ListProjectResult;
public class ListDatahubProject {
public static void main(String[] args) {
// Endpoint以Region: 華東1為例,其他Region請按實際情況填寫
// 注意:此處的ak,sk以及accessToken均為AssumeRole臨時獲取
String endpoint = "http://dh-cn-shanghai.aliyuncs.com";
String accessId = "STS.NV4mm8uZ3EZ*******";
String accessKey = "9LkRtLFLJMMRouC17BJ*******";
// String accessToken = "CAIS9QF1q6Ft5B2***********vRxPShjQGS716i6eShjz2IH5IeHNsBOAXtvU2nm1R6fkdlqJ/QoNMRVHOd8x048ylPeV90cyT1fau5Jko1beHewHKeTOZsebWZ+LmNqC/Ht6md1HDkAJq3LL+bk/Mdle5MJqP+/UFB5ZtKWveVzddA8pMLQZPsdITMWCrVcygKRn3mGHdfiEK00he8Togs/3jnpXGtEuO1QWqk7Ivyt6vcsT+Xa5FJ4xiVtq55utye5fa3TRYgxowr/kq0PYYpGeW5oDEWQQIvErZKYnY+8FmLBJzfK8+Fr78fy1BaF/80BqAAQDkMzJi7+1iTBjm0T+x2CwrCOBdR/+XfMb3zazJcOEQnIbpbr3RYOGVg8++/ruxXsFityNEQW2X/fwRs0kDT6MJg3TdYlPG6D5xqxiv3nqAx/vaHPVAP8Pu61SiCwqRrs41XhHdUejim/RR/R6D3CwRusk7OwtSGL5kCIFHdaY9";
String accessToken = "CAIS9QF1q6Ft5B2yfSjIr5WBJteMmIUS8pimMXPlr0ViOuh4nrLj1Dz2IHBNfHRtBuses/wwn2hT6PwYlqJ/QoNMRVHOd8x048zoWcN80cyT1fau5Jko1beHewHKeTOZsebWZ+LmNqC/Ht6md1HDkAJq3LL+bk/Mdle5MJqP+/UFB5ZtKWveVzddA8pMLQZPsdITMWCrVcygKRn3mGHdfiEK00he8Tohsf/jmZLHtEWG3QWklrcvyt6vcsT+Xa5FJ4xiVtq55utye5fa3TRYgxowr/cv1PEZpmyf44nCWAEKvU/cKYnY+8FmLBJzfK8+Fr78fy1BaF/80BqAATa5HBtPaTjc8qe3oQyaLlTzJ/5FZgcfc534fO+cuE5aUeHybms5JhbOqsPh2eect/Tj+P/tEM7Zm929Sc6R1deZKqbUwscixkUhghYSu6H6HlmtvvT9vbr+fYgXnzm8MO8fFEXp3fFm37rOaMo45YaBqM6lUSYDm386jCa+vf2A";
// 創建DataHubClient實例
DatahubClient datahubClient = DatahubClientBuilder.newBuilder()
.setDatahubConfig(
new DatahubConfig(endpoint,
// 是否開啟二進制傳輸,服務端2.12版本開始支持
new AliyunAccount(accessId, accessKey,accessToken), true))
//專有云使用出錯嘗試將參數設置為 false
// HttpConfig可不設置,不設置時採用默認值
.setHttpConfig(new HttpConfig()
.setCompressType(HttpConfig.CompressType.LZ4) // 讀寫數據推薦打開網絡傳輸 LZ4壓縮
.setConnTimeout(10000))
.build();
// 獲取對應區域project 名稱列表
ListProjectResult listProjectResult = datahubClient.listProject();
for (String listName:listProjectResult.getProjectNames()
) {
System.out.println("Project Name:" + listName);
}
}
}- 5.3 The Result
