This topic describes how to install Java SDK and provides an operation example.


STS SDKs consist of Alibaba Cloud Java SDKs and STS SDKs.

  • To install an Alibaba Cloud Java SDK, you must firstly install aliyun-java-sdk-core. For information about how to generate code examples and perform debug operations, see OpenAPI Explorer.
  • To install an STS SDK, you must firstly install aliyun-java-sdk-sts. For information about STS API actions, see What is STS?.


Yo can use Maven to manage project dependencies or download the STS SDK JAR package and add the package to the target project.

  • Recommended. Use Maven to manage project dependencies.
    1. Use Maven to create a project.
      mvn archetype:generate -DgroupId=com.aliyun.sts.sample \
      -DartifactId=sts-sdk-sample \
      -Dpackage=com.aliyun.sts.sample \
    2. Add dependencies to the pom.xml file of the project.

      Add aliyun-java-sdk dependencies. The following is an example of STS SDK 3.0.0:

      Note The aliyun-java-sdk artifact is added to the Maven repository. Therefore, you do not need to configure the settings.xml file.
  • Download the target JAR package and add the package to the project.


Create the source code in the com/aliyun/sts/sample/ directory.

Note The following is an example of core 4.4.2.
package com.aliyun.sts.sample;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
public class StsServiceSample {
    public static void main(String[] args) {
        String endpoint = "";
        String accessKeyId = "<access-key-id>";
        String accessKeySecret = "<access-key-secret>";
        String roleArn = "<role-arn>";
        String roleSessionName = "session-name";
        String policy = "{\n" +
                "    \"Version\": \"1\", \n" +
                "    \"Statement\": [\n" +
                "        {\n" +
                "            \"Action\": [\n" +
                "                \"oss:*\"\n" +
                "            ], \n" +
                "            \"Resource\": [\n" +
                "                \"acs:oss:*:*:*\" \n" +
                "            ], \n" +
                "            \"Effect\": \"Allow\"\n" +
                "        }\n" +
                "    ]\n" +
        try {
            // Construct the default profile. (You do not need to add the region ID.)
            IClientProfile profile = DefaultProfile.getProfile("", accessKeyId, accessKeySecret);
            // Use the profile to construct a client.
            DefaultAcsClient client = new DefaultAcsClient(profile);
            final AssumeRoleRequest request = new AssumeRoleRequest();
            request.setPolicy(policy); // Optional
            final AssumeRoleResponse response = client.getAcsResponse(request);
            System.out.println("Expiration: " + response.getCredentials().getExpiration());
            System.out.println("Access Key Id: " + response.getCredentials().getAccessKeyId());
            System.out.println("Access Key Secret: " + response.getCredentials().getAccessKeySecret());
            System.out.println("Security Token: " + response.getCredentials().getSecurityToken());
            System.out.println("RequestId: " + response.getRequestId());
        } catch (ClientException e) {
            System.out.println("Error code: " + e.getErrCode());
            System.out.println("Error message: " + e.getErrMsg());
            System.out.println("RequestId: " + e.getRequestId());
  • Make sure that the access key ID and access key secret are valid.
  • For information about STS endpoints, see Endpoints.
  • For information about the AssumeRole API action, see AssumeRole.