原文:
https://www.cnblogs.com/ou11/p/10133217.html
1.在阿里雲控制台-訪問控制中創建讀寫權限策略
https://help.aliyun.com/document_detail/31935.html?spm=5176.doc32069.2.4.AxKPsA%EF%BC%89
新建自定義策略
權限策略格式
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:DeleteObject",
"oss:ListParts",
"oss:AbortMultipartUpload",
"oss:PutObject",
"oss:GetObject"
],
"Resource": [
"acs:oss:*:*:YourBucketName",
"acs:oss:*:*:YourBucketName/*"
]
}
]
}
2.創建角色
新建RAM角色
3.為新增的角色添加自定義權限策略
獲取到ARN
4.創建子賬號
獲取到AccessKeyID和AccessKeySecret
為該用戶添加調用STS服務AssumeRole接口的權限
5.服務端調用
添加依賴
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-sts</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>3.5.0</version>
</dependency>
賦予角色方法
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
/**
* 賦予角色
*
* @param accessKeyId
* @param accessKeySecret
* @param roleArn
* @param roleSessionName
* @param policy
* @param seconds
* @param protocolType
* @return
* @author 歐解決
* @date 2018-12-17 17:32:18
**/
public
AssumeRoleResponse assumeRole(
String regionId,
String accessKeyId,
String accessKeySecret,
String roleArn,
String roleSessionName,
String policy,
Long seconds) {
try
{
// 創建一個 Aliyun Acs Client, 用於發起 OpenAPI 請求
IClientProfile profile = DefaultProfile.getProfile(regionId, accessKeyId, accessKeySecret);
DefaultAcsClient client =
new
DefaultAcsClient(profile);
// 創建一個 AssumeRoleRequest 並設置請求參數
final
AssumeRoleRequest request =
new
AssumeRoleRequest();
//POST請求
request.setMethod(MethodType.POST);
//https協議
request.setProtocol(ProtocolType.HTTPS);
//持續時間
request.setDurationSeconds(seconds);
//角色id
request.setRoleArn(roleArn);
//應用程序標識(自己定義)
request.setRoleSessionName(roleSessionName);
//在賦予角色的同時,還賦予其他的權限策略
request.setPolicy(policy);
// 發起請求,並得到response
final
AssumeRoleResponse response = client.getAcsResponse(request);
return
response;
}
catch
(Exception e) {
e.printStackTrace();
}
return
null
;
}
|
Controller調用
@Autowired
private OSSProperties ossProperties;
@Autowired
private StsService stsService;
/**
* 簽名授權
*
* @return
* @author 歐解決
* @date 2018-12-17 15:08:55
**/
@GetMapping("/getOssToken")
public Object getOssToken() {
AssumeRoleResponse response = stsService.assumeRole(
ossProperties.getRegionId(),
ossProperties.getAccessKey(),
ossProperties.getAccessSecret(),
ossProperties.getRoleArn(),
"my-session-name",
null,
3600L
);
if (response != null) {
return new BaseTRo<>(response.getCredentials());
}
return new BaseRo(SystemError.ProcessMsg, "OssToken獲取失敗");
}
接口返回數據
|
1
2
3
4
5
6
7
8
9
10
|
{
"code"
:
"0"
,
"msg"
:
""
,
"data"
: {
"securityToken"
:
"CAIS7gF1q6Ft5B2yfSjIr4vaMc+F2Ilz+7ahTH+IgXgFfuQY3LzdtTz2IHxJfHBhBusev/4+mGlT5/8ZlqNzVplUWEqBZNNxtn6HNrUyJ9ivgde8yJBZor/HcDHhJnyW9cvWZPqDP7G5U/yxalfCuzZuyL/hD1uLVECkNpv74vwOLK5gPG+CYCFBGc1dKyZ7tcYeLgGxD/u2NQPwiWeiZygB+CgE0DMvs/rknJPAs0KE1QalltV4/dqhfsKWCOB3J4p6XtuP2+h7S7HMyiY46WIRqPou1f0bom+W5IDBWgIAuk6cXurJ48BpPNnK5EGq9GovGoABfy0gMkLTYW4gEzdc5wxcZNWl/orL/DmvymDIWe1M/u/JUDpA3NfQTTnxG9xSxTz4lwPeEG9LgoYZzXuDTtmRcl/wQetvjDU7PBC1urYMNtVlyaST3jGfa+WU0zAW57zOBqeBejxui9AE1JCOcg2CDA/u5Mz2Hu79Ci7UTJ0eusw="
,
"accessKeySecret"
:
"FAA1KeGnmMEWjYHaKuL5WP5NSeVVFor7hMHd4VBQ7Uaa"
,
"accessKeyId"
:
"STS.NHozu15VRLuJNY9exPrk13yvW"
,
"expiration"
:
"2018-12-17T11:52:38Z"
}
}
|