Getting started

Last Updated: Jul 03, 2017

Create and manage roles

To use STS’s AssumeRole interface, you need to create and manage roles in RAM. For details, refer to [RAM Role Management] (#)

Use Maven to create a project

  1. mvn archetype:generate -DgroupId=com.aliyun.sts.sample \
  2. -DartifactId=sts-sdk-sample \
  3. -Dpackage=com.aliyun.sts.sample \
  4. -Dversion=1.0-SNAPSHOT

Modify the generated pom.xml, and add relevant aliyun-java-sdk dependency. Take version 2.1.6 as an example. Type the following content in the “dependencies” tab:

  1. <dependency>
  2. <groupId>com.aliyun</groupId>
  3. <artifactId>aliyun-java-sdk-sts</artifactId>
  4. <version>2.1.6</version>
  5. </dependency>
  6. <dependency>
  7. <groupId>com.aliyun</groupId>
  8. <artifactId>aliyun-java-sdk-core</artifactId>
  9. <version>2.1.7</version>
  10. </dependency>

aliyun-java-sdk is added to https://maven-repository.com/artifact/com.aliyun

You need not to set settings.xml of the Maven.

Sample code used in aliyun-java-sdk-sts

  • NOTE: Modify the value of accessKeyID and accessKeySecret to a valid value.
  • In the com/aliyun/sts/sample/ directory, create the Java’s source code StsServiceSample.java and type the following content:
  1. package com.aliyun.sts.sample;
  2. import com.aliyuncs.DefaultAcsClient;
  3. import com.aliyuncs.exceptions.ClientException;
  4. import com.aliyuncs.http.MethodType;
  5. import com.aliyuncs.http.ProtocolType;
  6. import com.aliyuncs.profile.DefaultProfile;
  7. import com.aliyuncs.profile.IClientProfile;
  8. import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
  9. import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
  10. public class StsServiceSample {
  11. // Currently, only the "cn-hangzhou" region is available. Do not fill in another region's value
  12. public static final String REGION_CN_HANGZHOU = "cn-hangzhou";
  13. // Current STS API version
  14. public static final String STS_API_VERSION = "2015-04-01";
  15. static AssumeRoleResponse assumeRole(String accessKeyId, String accessKeySecret,
  16. String roleArn, String roleSessionName, String policy,
  17. ProtocolType protocolType) throws ClientException {
  18. try {
  19. // Construct an Aliyun Client for initiating an OpenAPI request
  20. IClientProfile profile = DefaultProfile.getProfile(REGION_CN_HANGZHOU, accessKeyId, accessKeySecret);
  21. DefaultAcsClient client = new DefaultAcsClient(profile);
  22. // Create an AssumeRoleRequest and set the request parameters
  23. final AssumeRoleRequest request = new AssumeRoleRequest();
  24. request.setVersion(STS_API_VERSION);
  25. request.setMethod(MethodType.POST);
  26. request.setProtocol(protocolType);
  27. request.setRoleArn(roleArn);
  28. request.setRoleSessionName(roleSessionName);
  29. request.setPolicy(policy);
  30. // Initiate a request and obtain the response
  31. final AssumeRoleResponse response = client.getAcsResponse(request);
  32. return response;
  33. } catch (ClientException e) {
  34. throw e;
  35. }
  36. }
  37. public static void main(String[] args) {
  38. // Only an RAM account (sub-account) can call the AssumeRole interface
  39. // The AccessKeys of an Alibaba Cloud primary account cannot be used to initiate an AssumeRole request
  40. // You need to create an RAM account on RAM console, and create an AccessKeys for the account
  41. String accessKeyId = "o************F";
  42. String accessKeySecret = "y*******************U";
  43. // AssumeRole API request parameters include RoleArn, RoleSessionName, Policy, and DurationSeconds
  44. // You need to obtain the RoleArn on RAM console
  45. String roleArn = "acs:ram::145883****900618:role/ossadminrole";
  46. // RoleSessionName is the session name of a temporary Token. You need to specify the parameter to identify your account. The parameter is mainly used for auditing purpose or distinguishing to which account the Token is issued
  47. // However, attention should be paid to the length and rule of RoleSessionName. You cannot use space, but only '-', '_', letters, and numbers
  48. // For details rules, refer to the format requirements in API Documentation
  49. String roleSessionName = "alice-001";
  50. // How to customize your policy
  51. String policy = "{\n" +
  52. " \"Version\": \"1\", \n" +
  53. " \"Statement\": [\n" +
  54. " {\n" +
  55. " \"Action\": [\n" +
  56. " \"oss:GetBucket\", \n" +
  57. " \"oss:GetObject\" \n" +
  58. " ], \n" +
  59. " \"Resource\": [\n" +
  60. " \"acs:oss:*:*:*\"\n" +
  61. " ], \n" +
  62. " \"Effect\": \"Allow\"\n" +
  63. " }\n" +
  64. " ]\n" +
  65. "}";
  66. // You must enter HTTPS here
  67. ProtocolType protocolType = ProtocolType.HTTPS;
  68. try {
  69. final AssumeRoleResponse response = assumeRole(accessKeyId, accessKeySecret,
  70. roleArn, roleSessionName, policy, protocolType);
  71. System.out.println("Expiration: " + response.getCredentials().getExpiration());
  72. System.out.println("Access Key Id: " + response.getCredentials().getAccessKeyId());
  73. System.out.println("Access Key Secret: " + response.getCredentials().getAccessKeySecret());
  74. System.out.println("Security Token: " + response.getCredentials().getSecurityToken());
  75. } catch (ClientException e) {
  76. System.out.println("Failed to get a token.");
  77. System.out.println("Error code: " + e.getErrCode());
  78. System.out.println("Error message: " + e.getErrMsg());
  79. }
  80. }
  81. }

Compile and run sample code

Compile

  1. mvn install

Run

  1. mvn -q exec:java -Dexec.mainClass=com.aliyun.sts.sample.StsServiceSample
Thank you! We've received your feedback.