In media workflows, each input media file is uniquely specified by a media ID. You can associate multiple output formats and resolutions with a media ID. If you want to play a media file in different formats and automatically switch between resolutions, you can play the media file based on its media ID. To ensure the security of encrypted videos, you must play encrypted videos based on their media IDs. To ensure secure access and manage permissions, you must use Security Token Service (STS) that is provided by Resource Access Management (RAM) to generate a security token and use the security token to play videos based on their media IDs. This topic describes how to request a security token.
Prerequisites
STS SDK that RAM provides for your programming language is installed. In this example, STS SDK for Java is used. For more information about how to install STS SDK for Java and the sample code, see STS SDK for Java. For more information about the sample code in other programming languages, see STS SDK overview.
Preparations
Before you request a security token, you must obtain the Alibaba Cloud Resource Name (ARN) of the RAM role that is required by STS.
Log on to the RAM console. In the left-side navigation pane, choose .
On the Roles page, find the RAM role whose ARN you want to obtain and click the name of the RAM role. The details page of the RAM role appears.
In the Basic Information section, copy the value of the ARN parameter. Keep the ARN confidential for later use.
Procedure
Reference STS SDK for Java in the pom.xml file.
<repositories> <repository> <id>sonatype-nexus-staging</id> <name>Sonatype Nexus Staging</name> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url> <releases> <enabled>true</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository> </repositories> <dependencies> <dependency> <groupId>com.aliyun</groupId> <artifactId>aliyun-java-sdk-sts</artifactId> <version>2.1.6</version> </dependency> <dependency> <groupId>com.aliyun</groupId> <artifactId>aliyun-java-sdk-core</artifactId> <version>2.2.0</version> </dependency> </dependencies>NoteYou can obtain the latest version of the
aliyun-java-sdk-corepackage from the Maven repository.Generate a security token.
import com.aliyuncs.DefaultAcsClient; import com.aliyuncs.exceptions.ClientException; import com.aliyuncs.http.MethodType; import com.aliyuncs.http.ProtocolType; import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest; import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse; /** * You can call this operation only as a RAM user. */ public class STSTokenDemo { public static void main(String[] args) throws Exception { // Initialize the client. DefaultAcsClient client = InitClient.initMpsClient(); // You must obtain the ARN of the RAM role in the RAM console. String roleArn = "acs:ram::174*********11242:role/sts-role"; try { AssumeRoleResponse response = assumeRole(client, roleArn); System.out.println("Expiration: " + response.getCredentials().getExpiration()); System.out.println("Access Key Id: " + response.getCredentials().getAccessKeyId()); System.out.println("Access Key Secret: " + response.getCredentials().getAccessKeySecret()); System.out.println("Security Token: " + response.getCredentials().getSecurityToken()); System.out.println("RequestId: " + response.getRequestId()); } catch (ClientException e) { System.out.println("Failed to get a token."); System.out.println("Error code: " + e.getErrCode()); System.out.println("Error message: " + e.getErrMsg()); } } /** The method that is used to generate a temporary AccessKey pair and a security token. */ private static AssumeRoleResponse assumeRole( DefaultAcsClient client, String roleArn) throws ClientException { final AssumeRoleRequest request = new AssumeRoleRequest(); request.setVersion("2015-04-01"); request.setMethod(MethodType.POST); request.setProtocol(ProtocolType.HTTPS); request.setDurationSeconds(900L); request.setRoleArn(roleArn); request.setRoleSessionName("test-token"); return client.getAcsResponse(request); } }Adjust the validity period of the security token.
The validity period of the security token generated in the sample code is 900 seconds. You can adjust the validity period based on your business requirements. Valid values: 900 to 3600. Unit: seconds.
During the validity period of a security token, you can use the security token without the need to generate a new one. You can run the following code to check whether a new security token needs to be generated:
private static boolean isTimeExpire(String expiration) { Date nowDate = new Date(); Date expireDate = javax.xml.bind.DatatypeConverter.parseDateTime(expiration).getTime(); if (expireDate.getTime() <= nowDate.getTime()) { return true; } else { return false; } }