edit-icon download-icon

Request security token - Java sample code

Last Updated: Apr 19, 2018

Back to Overview

Procedure

  1. Reference the STS SDK in pom.xml.

    1. <repositories>
    2. <repository>
    3. <id>sonatype-nexus-staging</id>
    4. <name>Sonatype Nexus Staging</name>
    5. <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    6. <releases>
    7. <enabled>true</enabled>
    8. </releases>
    9. <snapshots>
    10. <enabled>true</enabled>
    11. </snapshots>
    12. </repository>
    13. </repositories>
    14. <dependencies>
    15. <dependency>
    16. <groupId>com.aliyun</groupId>
    17. <artifactId>aliyun-java-sdk-sts</artifactId>
    18. <version>2.1.6</version>
    19. </dependency>
    20. <dependency>
    21. <groupId>com.aliyun</groupId>
    22. <artifactId>aliyun-java-sdk-core</artifactId>
    23. <version>2.2.0</version>
    24. </dependency>
    25. </dependencies>
  2. Code.

    STS requires the role parameter roleArn. Log on to the RAM console, click Roles, and then click a specific Role Name. The Arn parameter is displayed in the basic information, for example, 1351140512345678:role/teststs.

    • Main function.

      1. public static void main(String[] args) throws Exception {
      2. IClientProfile profile = DefaultProfile.getProfile(
      3. "cn-hangzhou",
      4. <accessKeyId>,
      5. <accessKeySecret>);
      6. DefaultAcsClient client = new DefaultAcsClient(profile);
      7. AssumeRoleResponse response = assumeRole(client, <roleArn>);
      8. AssumeRoleResponse.Credentials credentials = response.getCredentials();
      9. System.out.println(credentials.getAccessKeyId() + "\n" +
      10. credentials.getAccessKeySecret() + "\n" +
      11. credentials.getSecurityToken() + "\n" +
      12. credentials.getExpiration());
      13. }
    • Function that generates the temporary AccessKey and token.

      1. private static AssumeRoleResponse assumeRole(
      2. DefaultAcsClient client,
      3. String roleArn)
      4. throws ClientException {
      5. final AssumeRoleRequest request = new AssumeRoleRequest();
      6. request.setVersion("2015-04-01");
      7. request.setMethod(MethodType.POST);
      8. request.setProtocol(ProtocolType.HTTPS);
      9. request.setDurationSeconds(900L);
      10. request.setRoleArn(roleArn);
      11. request.setRoleSessionName("test-token");
      12. return client.getAcsResponse(request);
      13. }
  3. Token validity period.

    The token generated in the sample code is valid for 900s, which can be adjusted as required (ranging from 900s to 3,600s).

    You can use a generated token in the validity period, instead of repeatedly generating new tokens. The following example shows how to check whether a token needs to be generated again.

    1. private static boolean isTimeExpire(String expiration) {
    2. Date nowDate = new Date();
    3. Date expireDate = javax.xml.bind.DatatypeConverter.parseDateTime(expiration).getTime();
    4. if (expireDate.getTime() <= nowDate.getTime()) {
    5. return true;
    6. } else {
    7. return false;
    8. }
    9. }
Thank you! We've received your feedback.