zoukankan      html  css  js  c++  java
  • oss 获取临时凭证 工具类

    package com.chuanyi.ecard.utils;
    
    import com.aliyuncs.DefaultAcsClient;
    import com.aliyuncs.exceptions.ClientException;
    import com.aliyuncs.http.MethodType;
    import com.aliyuncs.profile.DefaultProfile;
    import com.aliyuncs.profile.IClientProfile;
    import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
    import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
    import com.chuanyi.ecard.exception.RequestFailException;
    /**
     * oss 授权工具
     * @author Admin
     *
     */
    public class OssStsUtils {
    	
    	private static String endpoint = "sts.aliyuncs.com";
    	private static String accessKeyId = "***";
    	private static String accessKeySecret =  "***";
    	private static String roleArn = "***";
    	
    	 /**
    	  * 获取 admin oss的 临时凭证
    	  * @param roleSessionName 表示当前零时凭证给谁用,一般是用户名
    	  * @return
    	  */
        public static AssumeRoleResponse.Credentials getAdminOssCredentials(String roleSessionName) {
        	String policy = "{
    " + 
        			"	"Statement": [{
    " + 
        			"		"Action": "oss:*",
    " + 
        			"		"Effect": "Allow",
    " + 
        			"		"Resource": ["acs:oss:*:*:test-tfmm", "acs:oss:*:*:test-tfmm/*"]
    " + 
        			"	}],
    " + 
        			"	"Version": "1"
    " + 
        			"}";
        	
        	long expired = 1800L;
        	
        	
        	return getOssRoleResponse(endpoint, accessKeyId, accessKeySecret, roleArn, roleSessionName, policy, expired).getCredentials();
        }
        
        
        private  static AssumeRoleResponse getOssRoleResponse(String endpoint,String accessKeyId,String accessKeySecret,String roleArn,String roleSessionName ,String policy,long expired ) {        
        	
            try {
            	 // 添加endpoint(直接使用STS endpoint,前两个参数留空,无需添加region ID)
                DefaultProfile.addEndpoint("", "", "Sts", endpoint);
                // 构造default profile(参数留空,无需添加region ID)
                IClientProfile profile = DefaultProfile.getProfile("", accessKeyId, accessKeySecret);
                // 用profile构造client
                DefaultAcsClient client = new DefaultAcsClient(profile);
                final AssumeRoleRequest request = new AssumeRoleRequest();
                request.setMethod(MethodType.POST);
                request.setRoleArn(roleArn);
                request.setRoleSessionName(roleSessionName);
                request.setPolicy(policy); // 若policy为空,则用户将获得该角色下所有权限
                request.setDurationSeconds( expired ); // 设置凭证有效时间
                final AssumeRoleResponse response = client.getAcsResponse(request);
                
                return response;
            } catch (ClientException e) {
            	throw new RequestFailException( e.getLocalizedMessage() );
            }
            
        }
        
        
    
    }
    

     需要注意的 是  endpoint  不是 oss 的  endpoint  而是 sts 的  endpoint 。 如果是  用好了 oss 的 endpoint  或一直报错  buket not exits ;

      

  • 相关阅读:
    ORM版,学生信息管理单表查询..
    回顾
    连接不上数据库
    CI缓存文件的处理和显示 研究
    php的两个符号@和&---php总会要知道的系列
    form 表单
    CI 目录下放置index.html,防止直接访问
    程序员必须知道的10大基础实用算法及其讲解
    memached 服务器lru算法
    centos 5.5 安装 lnmp
  • 原文地址:https://www.cnblogs.com/cxygg/p/13432508.html
Copyright © 2011-2022 走看看