This topic describes how to install and use the STS SDK for Java.

Background information

Before you use an STS SDK, install a core Alibaba Cloud SDK and an STS SDK.

  • The package name of the core Alibaba Cloud SDK for Java is aliyun-java-sdk-core. You can use OpenAPI Explorer to generate sample code and perform debug operations.
  • The package name of the STS SDK for Java is aliyun-java-sdk-ram. For information about STS API operations, see What is STS?

Install the STS SDK for Java

Add dependencies on the SDK packages by using Maven, or download the SDK packages and then add them to your project.

  • Recommended. Add package dependencies by using Maven.
    1. Use Maven to create a project.
      mvn archetype:generate -DgroupId=com.aliyun.sts.sample \
      -DartifactId=sts-sdk-sample \
      -Dpackage=com.aliyun.sts.sample \
      -Dversion=1.0-SNAPSHOT
    2. Add the dependencies inside the dependencies element of the pom.xml file in the project.

      The following code is an example of the dependencies on the aliyun-java-sdk packages. In this example, the SDK version is 3.0.0.

      <dependency>
          <groupId>com.aliyun</groupId>
          <artifactId>aliyun-java-sdk-sts</artifactId>
          <version>3.0.0</version>
      </dependency>
      <dependency>
          <groupId>com.aliyun</groupId>
          <artifactId>aliyun-java-sdk-core</artifactId>
          <version>4.4.6</version>
      </dependency>
      Note
      Note the following information of the packages:
      • aliyun-java-sdk packages have been added to the Maven repository. You do not need to edit the settings.xml file.
      • You can visit the Maven repository to obtain the latest version of the aliyun-java-sdk-core package.
  • Download the JAR files of the core Alibaba Cloud SDK and the STS SDK, and then add the files to your project.

    You can download the files from the following links:

Use the STS SDK for Java

Create a file named StsServiceSample.java in the com/aliyun/sts/sample/ directory.

Note In this section, the core Alibaba Cloud SDK of version 4.4.2 is used as an example.
package com.aliyun.sts.sample;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
public class StsServiceSample {
    public static void main(String[] args) {
        String endpoint = "sts.aliyuncs.com";
        String accessKeyId = "<access-key-id>";
        String accessKeySecret = "<access-key-secret>";
        String roleArn = "<role-arn>";
        String roleSessionName = "session-name";
        String policy = "{\n" +
                "    \"Version\": \"1\", \n" +
                "    \"Statement\": [\n" +
                "        {\n" +
                "            \"Action\": [\n" +
                "                \"oss:*\"\n" +
                "            ], \n" +
                "            \"Resource\": [\n" +
                "                \"acs:oss:*:*:*\" \n" +
                "            ], \n" +
                "            \"Effect\": \"Allow\"\n" +
                "        }\n" +
                "    ]\n" +
                "}";
        try {
            // Construct the default profile. The parameter is not specified.
            IClientProfile profile = DefaultProfile.getProfile("", accessKeyId, accessKeySecret);
            // Use the constructed profile to construct a client.
            DefaultAcsClient client = new DefaultAcsClient(profile);
            final AssumeRoleRequest request = new AssumeRoleRequest();
            request.setSysEndpoint(endpoint);
            request.setSysMethod(MethodType.POST);
            request.setRoleArn(roleArn);
            request.setRoleSessionName(roleSessionName);
            request.setPolicy(policy); // Optional
            final AssumeRoleResponse response = client.getAcsResponse(request);
            System.out.println("Expiration: " + response.getCredentials().getExpiration());
            System.out.println("Access Key Id: " + response.getCredentials().getAccessKeyId());
            System.out.println("Access Key Secret: " + response.getCredentials().getAccessKeySecret());
            System.out.println("Security Token: " + response.getCredentials().getSecurityToken());
            System.out.println("RequestId: " + response.getRequestId());
        } catch (ClientException e) {
            System.out.println("Failed: ");
            System.out.println("Error code: " + e.getErrCode());
            System.out.println("Error message: " + e.getErrMsg());
            System.out.println("RequestId: " + e.getRequestId());
        }
    }
}
Note
  • In the sample code, accessKeyId and accessKeySecret must be replaced with your AccessKey ID and AccessKey secret.
  • For the list of STS endpoints in different regions, see Endpoints.
  • For more information about the AssumeRole API operation, see AssumeRole.