Creates a pair of static username and password. If you access an ApsaraMQ for RabbitMQ broker from an open source RabbitMQ client, you must use a pair of username and password for authentication. You can access the ApsaraMQ for RabbitMQ broker only after the authentication is passed. ApsaraMQ for RabbitMQ allows you to generate usernames and passwords by using AccessKey pairs provided by Alibaba Cloud Resource Access Management (RAM).
Background information
If you access an ApsaraMQ for RabbitMQ broker from an open source RabbitMQ client, you must use a pair of username and password for authentication. You can access the ApsaraMQ for RabbitMQ broker only after the authentication is passed.
ApsaraMQ for RabbitMQ allows you to generate usernames and passwords by using AccessKey pairs provided by Alibaba Cloud RAM.
Usage notes
The ApsaraMQ for RabbitMQ instance for which you want to create a pair of static username and password must be in the Running state.
You can use an AccessKey pair to create only one pair of static username and password for an ApsaraMQ for RabbitMQ instance.
If you want to update an existing pair of static username and password, you must delete the existing pair and create another pair.
Sample code on how to generate a username
The value of the userName parameter in the request is a Base64-encoded string that is generated by using the instance ID and AccessKey ID. The following sample code provides an example on how to generate a username:
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
public class Base64Utils {
public static final Charset UTF8 = StandardCharsets.UTF_8;
/**
* Decode the Base64 string.
* @param str
* @return
*/
public static String decode(String str) {
return new String(Base64.getDecoder().decode(str.getBytes(UTF8)), UTF8);
}
public static String encode(String bytes) {
return new String(Base64.getEncoder().encode(bytes.getBytes(UTF8)), UTF8);
}
public static void main(String[] args) {
// Use the ID of your ApsaraMQ for RabbitMQ instance and the AccessKey pair of the Alibaba Cloud account that you use to purchase the instance to form a string.
String str = "2:${instanceId}:${ak}";
// Generate the value of the userName parameter in the API operation.
String userName = encode(str);
System.out.println("userName=" + userName);
String decodeStr = decode(userName);
System.out.println("originStr=" + decodeStr);
}
}
Sample code on how to generate a signature
The system uses the encryption algorithm to generate the values of the signature and secretSign parameters in the request based on the timestamp that indicates when the specified static username is created and the AccessKey secret. The following sample code provides an example on how to generate the values of the signature and secretSign parameters:
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
public class SignatureUtils {
public static String hamcsha1(byte[] data, byte[] key) throws NoSuchAlgorithmException, InvalidKeyException {
SecretKeySpec signingKey = new SecretKeySpec(key, "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(signingKey);
return byte2hex(mac.doFinal(data));
}
public static String byte2hex(byte[] b) {
StringBuilder hs = new StringBuilder();
String stmp;
for (int n = 0; b != null && n < b.length; n++) {
stmp = Integer.toHexString(b[n] & 0XFF);
if (stmp.length() == 1) {
hs.append('0');
}
hs.append(stmp);
}
return hs.toString().toUpperCase();
}
public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException {
// The value of the createTimestamp parameter in the sample code is the value of the createTimestamp parameter in the API operation.
String createTimestamp= String.valueOf(System.currentTimeMillis());
System.out.println("createTimestamp:" + createTimestamp);
// The AccessKey secret of your Alibaba Cloud account.
String sk = "${sk}";
// Generate the value of the SecretSign parameter in the API operation.
String SecretSign = hamcsha1(sk.getBytes(), createTimestamp.getBytes());
System.out.println("SecretSign:" + SecretSign);
// Generate the value of the signature parameter in the operation.
String signature = hamcsha1(createTimestamp.getBytes(), sk.getBytes());
System.out.println("signature:" + signature);
}
}
Request parameters
Parameter | Type | Required | Example | Description |
Action | String | Yes | CreateAccount | The operation that you want to perform. Set the value to CreateAccount. |
instanceId | String | Yes | amqp-cn-********* | The ID of the instance for which you want to create a pair of static username and password. |
accountAccessKey | String | Yes | LTAI5t8be*******tEJ6vfo | The AccessKey ID of your Alibaba Cloud account or RAM user. For information about how to obtain an AccessKey ID, see Create an AccessKey pair. Note If you use a pair of static username and password that is created by using the AccessKey pair of a RAM user to access ApsaraMQ for RabbitMQ to send and receive messages, make sure that the required permissions are granted to the RAM user. For more information, see RAM policies. |
userName | String | Yes | LTAI5***********eRZtEJ6vfo | The static username that you want to create. The value of this parameter is a Base64-encoded string that is generated based on the instance ID and AccessKey ID. For more information, see the "Sample code on how to generate a username" section of this topic. |
signature | String | Yes | 22c2d7d1769cb53c5a6d9213248e2de524****** | The signature. The system generates a static password based on the signature in the request, the AccessKey secret signature, and the username. The system uses the HMAC-SHA1 algorithm to generate the signature based on the timestamp that indicates when the username is created and the AccessKey ID. For more information, see the "Sample code on how to generate a signature" section of this topic. |
createTimestamp | Long | Yes | 1671175303522 | The timestamp that indicates when the password is created. Unit: milliseconds. Note This timestamp is specified by you and is used to generate a static password. This is not the timestamp that indicates when the system generates the password. |
secretSign | String | Yes | 4c1a6367ce4c4255e9617326f9133ac635****** | The AccessKey secret signature. The system generates a static password based on the signature in the request, the AccessKey secret signature, and the username. The system uses the HMAC-SHA1 algorithm to generate the AccessKey secret signature based on the timestamp that indicates when the username is created and the AccessKey ID. For more information, see the "Sample code on how to generate a signature" section of this topic. |
Response parameters
Parameter | Type | Example | Description |
RequestId | String | FEBA5E0C-50D0-4FA6-A794-4901E5465*** | The request ID. |
Code | Integer | 200 | The HTTP status code returned. The value 200 indicates that the request was successful. |
Message | String | operation success | The returned message. |
Success | Boolean | true | Indicates whether the request was successful. |
Data | Object | The returned data. | |
AccessKey | String | LTAI5***********eRZtEJ6vfo | The AccessKey ID that is used to create the password. |
Password | String | OUYwQzM2QjZBRkUxNDRFM***************MzZCNzdDQzoxNjcxNDMwMzkyODI1 | The created static password. |
CreateTimeStamp | Long | 1671175303522 | The timestamp that indicates when the password was created. Unit: milliseconds. |
InstanceId | String | amqp-cn-********* | The ID of the ApsaraMQ for RabbitMQ instance. |
MasterUId | Long | 1565*******973901 | The Alibaba Cloud account ID or RAM user to which the AccessKey pair that is used to create the pair of static username and password belongs. |
UserName | String | MjphbXFwLWNuLXVxbTJ6cjc2djAwMzpMVEFJNX*******ZNMWVSWnRFSjZ2Zm8= | The created static username. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=CreateAccount
&instanceId=amqp-cn-*********
&accountAccessKey=LTAI5t8be*******tEJ6vfo
&userName=LTAI5***********eRZtEJ6vfo
&signature=22c2d7d1769cb53c5a6d9213248e2de524******
&createTimestamp=1671175303522
&secretSign=4c1a6367ce4c4255e9617326f9133ac635******
&<Common request parameters>Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<CreateAccountResponse>
<RequestId>FEBA5E0C-50D0-4FA6-A794-4901E5465***</RequestId>
<Code>200</Code>
<Message>operation success</Message>
<Success>true</Success>
<Data>
<AccessKey>LTAI5***********eRZtEJ6vfo</AccessKey>
<Password>OUYwQzM2QjZBRkUxNDRFM***************MzZCNzdDQzoxNjcxNDMwMzkyODI1</Password>
<CreateTimeStamp>1671175303522</CreateTimeStamp>
<InstanceId>amqp-cn-*********</InstanceId>
<UserName>MjphbXFwLWNuLXVxbTJ6cjc2djAwMzpMVEFJNX*******ZNMWVSWnRFSjZ2Zm8=</UserName>
</Data>
</CreateAccountResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "FEBA5E0C-50D0-4FA6-A794-4901E5465***",
"Code" : 200,
"Message" : "operation success",
"Success" : true,
"Data" : {
"AccessKey" : "LTAI5***********eRZtEJ6vfo",
"Password" : "OUYwQzM2QjZBRkUxNDRFM***************MzZCNzdDQzoxNjcxNDMwMzkyODI1",
"CreateTimeStamp" : 1671175303522,
"InstanceId" : "amqp-cn-*********",
"UserName" : "MjphbXFwLWNuLXVxbTJ6cjc2djAwMzpMVEFJNX*******ZNMWVSWnRFSjZ2Zm8="
}
}Error codes
For a list of error codes, see Service error codes.
Create a pair of static username and password in the console
You can also create a pair of static username and password in the ApsaraMQ for RabbitMQ console. For more information, see Manage static usernames and passwords.