本文简要介绍了Java SDK的安装并提供一个简单的操作示例。

背景信息

STS SDK包含阿里云Java SDK公共部分和STS部分:

  • 阿里云Java SDK公共部分依赖aliyun-java-sdk-core。关于SDK示例代码的自动生成和在线API调试,请参见OpenAPI Explorer
  • STS部分依赖aliyun-java-sdk-sts。关于STS API接口相关信息,请参见什么是STS

STS Java SDK的安装

您可以通过Maven管理项目依赖或手动下载STS SDK的jar包后添加到项目中。

  • 通过Maven管理项目依赖(推荐)。
    1. 使用Maven创建项目。
      mvn archetype:generate -DgroupId=com.aliyun.sts.sample \
      -DartifactId=sts-sdk-sample \
      -Dpackage=com.aliyun.sts.sample \
      -Dversion=1.0-SNAPSHOT
    2. 在项目的pom.xml文件中加入相应依赖项。

      添加aliyun-java-sdk的相关依赖,以3.0.0版本为例,在标签内添加如下内容:

      <dependency>
          <groupId>com.aliyun</groupId>
          <artifactId>aliyun-java-sdk-sts</artifactId>
          <version>3.0.0</version>
      </dependency>
      <dependency>
          <groupId>com.aliyun</groupId>
          <artifactId>aliyun-java-sdk-core</artifactId>
          <version>[4.4.2,5.0.0)</version>
      </dependency>
      说明 aliyun-java-sdk已经加入到Maven仓库中,无需设置settings.xml
  • 手动下载STS SDK的jar包后手动添加到项目中。

    下载地址:

Java SDK示例

com/aliyun/sts/sample/目录下创建Java源代码StsServiceSample.java

说明 以下示例core以4.4.2版本为例,仅供参考。
package com.aliyun.sts.sample;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
public class StsServiceSample {
    public static void main(String[] args) {
        String endpoint = "sts.aliyuncs.com";
        String accessKeyId = "<access-key-id>";
        String accessKeySecret = "<access-key-secret>";
        String roleArn = "<role-arn>";
        String roleSessionName = "session-name";
        String policy = "{\n" +
                "    \"Version\": \"1\", \n" +
                "    \"Statement\": [\n" +
                "        {\n" +
                "            \"Action\": [\n" +
                "                \"oss:*\"\n" +
                "            ], \n" +
                "            \"Resource\": [\n" +
                "                \"acs:oss:*:*:*\" \n" +
                "            ], \n" +
                "            \"Effect\": \"Allow\"\n" +
                "        }\n" +
                "    ]\n" +
                "}";
        try {
            // 构造default profile(参数留空,无需添加region ID)
            IClientProfile profile = DefaultProfile.getProfile("", accessKeyId, accessKeySecret);
            // 用profile构造client
            DefaultAcsClient client = new DefaultAcsClient(profile);
            final AssumeRoleRequest request = new AssumeRoleRequest();
            request.setSysEndpoint(endpoint);
            request.setSysMethod(MethodType.POST);
            request.setRoleArn(roleArn);
            request.setRoleSessionName(roleSessionName);
            request.setPolicy(policy); // Optional
            final AssumeRoleResponse response = client.getAcsResponse(request);
            System.out.println("Expiration: " + response.getCredentials().getExpiration());
            System.out.println("Access Key Id: " + response.getCredentials().getAccessKeyId());
            System.out.println("Access Key Secret: " + response.getCredentials().getAccessKeySecret());
            System.out.println("Security Token: " + response.getCredentials().getSecurityToken());
            System.out.println("RequestId: " + response.getRequestId());
        } catch (ClientException e) {
            System.out.println("Failed:");
            System.out.println("Error code: " + e.getErrCode());
            System.out.println("Error message: " + e.getErrMsg());
            System.out.println("RequestId: " + e.getRequestId());
        }
    }
}
说明
  • 请修改AccessKey IDAccessKey Secret为有效值。
  • STS各区域的endpoint,请参见接入地址
  • AssumeRole接口相关信息,请参见AssumeRole