Embed the DAS console

更新时间:
复制 MD 格式

Embed the Database Autonomy Service (DAS) console into your O&M platform so your users can access database monitoring without a separate logon. The integration uses Security Token Service (STS) temporary credentials and Alibaba Cloud's federation endpoint to generate a logon-free URL that loads the DAS console inside an iframe.

The process has three steps:

  1. Call AssumeRole to get temporary credentials for a RAM role.

  2. Exchange the credentials for a logon token at the federation endpoint.

  3. Construct a logon-free URL and load it in an iframe.

Prerequisites

Before you begin, ensure that you have:

Step 1: Get temporary credentials

Call the AssumeRole API operation to assume a RAM role and receive temporary credentials (access key ID, access key secret, and security token).

For background on RAM roles, see RAM role overview.

Step 2: Exchange credentials for a logon token

Use the security token to obtain a logon token.

The DAS domain used in subsequent steps depends on the TicketType value you specify:

TicketType value DAS domain
normal (default) https://hdm.console.alibabacloud.com
mini (partner BID) https://hdm4servims.console.alibabacloud.com

Step 3: Construct the logon-free URL

URL format

Build the logon-free URL using the following format:

https://signin.aliyun.com/federation?Action=Login
  &LoginUrl=<URL on your platform that returns HTTP 302>
  &Destination=<DAS page to load>
  &SigninToken=<logon token from step 2>

The DAS domain in the Destination parameter must match the TicketType you used in step 2:

  • TicketType=normalhttps://hdm.console.alibabacloud.com

  • TicketType=minihttps://hdm4servims.console.alibabacloud.com

Configure the Destination URL

Set Destination to the DAS page you want to embed. To embed the DAS dashboard, use:

https://hdm.console.alibabacloud.com/?hideTopbar=true&isShare=true&hideMenu=true#/dashboard/convoy
Note

isShare=true and hideTopbar=true are required parameters and must appear before # in the URL.

Use the following query parameters to customize the DAS console UI:

Parameter Description
isShare=true Enables embedding the DAS console in an external console
hideTopbar=true Hides the top navigation bar
hideMenu=true Hides the external menu
hideInstanceMenu=true Hides the sidebars on the instance details page and the external bars of the DAS console
hideAutonomousButton=true Hides the autonomy service switch

Code example

The following Java example shows how to build the logon-free URL. Comments reference the step numbers in this guide.

private static String getHdmLoginUrl(String pageUrl, String signInToken) throws URISyntaxException {
    // Step 3: Build the federation URL with all required parameters
    URIBuilder builder = new URIBuilder(SIGN_IN_DOMAIN);
    builder.setParameter("Action", "Login");
    // LoginUrl: the URL on your platform that returns HTTP 302 to redirect the user
    builder.setParameter("LoginUrl", "https://signin.aliyun.com/login.htm");
    // Destination: the DAS page to load (e.g., global dashboard, instance details)
    builder.setParameter("Destination", pageUrl);
    // SigninToken: the logon token obtained in step 2
    builder.setParameter("SigninToken", signInToken);
    HttpGet request = new HttpGet(builder.build());
    return request.getURI().toString();
}

What's next

Appendix

  • Full sample code:
    import java.io.IOException;
    import java.net.URISyntaxException;
    import com.alibaba.fastjson.JSON;
    import com.alibaba.fastjson.JSONObject;
    import com.aliyuncs.DefaultAcsClient;
    import com.aliyuncs.exceptions.ClientException;
    import com.aliyuncs.profile.DefaultProfile;
    import com.aliyuncs.profile.IClientProfile;
    import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
    import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
    import org.apache.http.HttpStatus;
    import org.apache.http.client.methods.CloseableHttpResponse;
    import org.apache.http.client.methods.HttpGet;
    import org.apache.http.client.utils.URIBuilder;
    import org.apache.http.impl.client.CloseableHttpClient;
    import org.apache.http.impl.client.HttpClients;
    import org.apache.http.util.EntityUtils;
    /**
     * Created by tinker on 2019-07-09.
     *
     * @author tinker
     * @date 2019-07-09
     */
    public class StsService {
        private static String getRoleArn(String accountId, String roleName) {
            return String.format("acs:ram::%s:role/%s", accountId, roleName);
        }
        private static final String SIGN_IN_DOMAIN = "https://signin.aliyun.com/federation";
        /**
         * Use the security token to get a logon token.
         * https://help.aliyun.com/document_detail/91913.html
         *
         * @param accesskeyId
         * @param accessKeySecret
         * @param securityToken
         * @return
         * @throws IOException
         * @throws URISyntaxException
         */
        private static String getSignInToken(String accesskeyId, String accessKeySecret, String securityToken)
            throws IOException, URISyntaxException {
            URIBuilder builder = new URIBuilder(SIGN_IN_DOMAIN);
            builder.setParameter("Action", "GetSigninToken")
                .setParameter("AccessKeyId", accesskeyId)
                .setParameter("AccessKeySecret", accessKeySecret)
                .setParameter("SecurityToken", securityToken)
                .setParameter("TicketType", "normal");
            HttpGet request = new HttpGet(builder.build());
            CloseableHttpClient httpclient = HttpClients.createDefault();
            try (CloseableHttpResponse response = httpclient.execute(request)) {
                if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
                    String context = EntityUtils.toString(response.getEntity());
                    JSONObject jsonObject = JSON.parseObject(context);
                    return jsonObject.getString("SigninToken");
                } else {
                    System.out.println(response.getStatusLine());
                }
            }
            return null;
        }
        private static String getHdmLoginUrl(String pageUrl, String signInToken) throws URISyntaxException {
            URIBuilder builder = new URIBuilder(SIGN_IN_DOMAIN);
            builder.setParameter("Action", "Login");
            // The URL to which the user is redirected if the logon expires. This is typically the URL for a 302 redirect configured on your custom web server.
            builder.setParameter("LoginUrl", "https://signin.aliyun.com/login.htm");
            // The actual DAS page to access, such as the global dashboard, real-time dashboard, or instance details page.
            builder.setParameter("Destination", pageUrl);
            builder.setParameter("SigninToken", signInToken);
            HttpGet request = new HttpGet(builder.build());
            return request.getURI().toString();
        }
        /**
         * Call the AssumeRole API operation to get temporary user credentials.
         * For more information, see https://help.aliyun.com/document_detail/28763.html
         *
         * @param accountId
         * @param accessKeyId
         * @param accessKeySecret
         * @param ramRole
         * @return
         * @throws ClientException
         */
        private static AssumeRoleResponse.Credentials assumeRole(String accountId, String accessKeyId,
                                                                 String accessKeySecret, String ramRole)
            throws ClientException {
            String defaultRegion = "cn-hangzhou";
            IClientProfile profile = DefaultProfile.getProfile(defaultRegion, accessKeyId, accessKeySecret);
            DefaultAcsClient client = new DefaultAcsClient(profile);
            AssumeRoleRequest request = new AssumeRoleRequest();
            // Set RoleArn. accountId is the UID of the resource owner, which is the Alibaba Cloud account.
            request.setRoleArn(getRoleArn(accountId, ramRole));
            // A custom parameter. This parameter is used to distinguish different tokens and can be used for user-level access auditing. Format: ^[a-zA-Z0-9\.@\-_]+$
            request.setRoleSessionName("session-name");
            // The validity period of the token in seconds. The value must be between 900 and 3600. The default value is 3600.
            request.setDurationSeconds(3600L);
            AssumeRoleResponse response = client.getAcsResponse(request);
            return response.getCredentials();
        }
        public static void main(String[] args) throws IOException, URISyntaxException {
            try {
                /*
                Step 0: Prepare the RAM user and grant permissions.
                 */
                String accountId = "";
                // The role used to access the DAS product. You can add the AliyunHDMReadOnlyAccess (read-only) or AliyunHDMFullAccess permission as needed.
                String ramRole = "";
                // The AccessKey ID and AccessKey secret of a RAM user that has the AliyunSTSAssumeRoleAccess permission.
                String accessKeyId = "";
                String accessKeySecret = "";
                /*
                 Step 1: Call the AssumeRole API operation to get a temporary AccessKey ID, AccessKey secret, and security token.
                 */
                AssumeRoleResponse.Credentials credentials = assumeRole(accountId, accessKeyId, accessKeySecret, ramRole);
                System.out.println("Expiration: " + credentials.getExpiration());
                System.out.println("Access Key Id: " + credentials.getAccessKeyId());
                System.out.println("Access Key Secret: " + credentials.getAccessKeySecret());
                System.out.println("Security Token: " + credentials.getSecurityToken());
                /*
                Step 2: Get the SigninToken.
                 */
                String signInToken = getSignInToken(credentials.getAccessKeyId(),
                    credentials.getAccessKeySecret(),
                    credentials.getSecurityToken());
                System.out.println("Your SigninToken is: " + signInToken);
                /*
                Step 3: Construct a logon-free URL, for example, for the DAS monitoring dashboard.
                 */
                String pageUrl = getHdmLoginUrl("https://hdm.console.aliyun.com/?hideTopbar=true#/customDashboard?", signInToken);
                System.out.println("Your PageUrl is : " + pageUrl);
            } catch (ClientException e) {
                System.out.println("Failed:");
                System.out.println("Error code: " + e.getErrCode());
                System.out.println("Error message: " + e.getErrMsg());
                System.out.println("RequestId: " + e.getRequestId());
            }
        }
    }
  • POM file:
    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <groupId>com.aliyun</groupId>
        <artifactId>hdm-login-demo</artifactId>
        <version>1.0-SNAPSHOT</version>
    <dependencies>
        <dependency>
            <groupId>com.aliyun</groupId>
            <artifactId>aliyun-java-sdk-core</artifactId>
            <version>3.5.0</version>
        </dependency>
        <dependency>
            <groupId>com.aliyun</groupId>
            <artifactId>aliyun-java-sdk-sts</artifactId>
            <version>3.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.5.9</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.83</version>
        </dependency>
    </dependencies>
        <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
        </plugins>
        </build>
    </project>