Explorar el Código

生成阿里sts验证token

yaobo hace 7 años
padre
commit
4da796af4d

+ 17 - 1
pom.xml

@@ -96,7 +96,23 @@
 			<artifactId>fastjson</artifactId>
 			<version>1.2.6</version>
 		</dependency>
-
+		<!--阿里云oss鉴权  -->
+		<dependency>
+			<groupId>com.aliyun.oss</groupId>
+			<artifactId>aliyun-sdk-oss</artifactId>
+			<version>2.8.1</version>
+		</dependency>
+		<!--阿里云STS  -->
+		<dependency>
+			<groupId>com.aliyun</groupId>
+			<artifactId>aliyun-java-sdk-sts</artifactId>
+			<version>2.1.6</version>
+		</dependency>
+		<dependency>
+			<groupId>com.aliyun</groupId>
+			<artifactId>aliyun-java-sdk-core</artifactId>
+			<version>2.1.7</version>
+		</dependency>
 	</dependencies>
 
 	<dependencyManagement>

+ 2 - 0
src/main/java/cn/efunbox/audio/controller/AudioController.java

@@ -45,12 +45,14 @@ public class AudioController {
             return;
         }
         List<Audio> list = null;
+        System.out.println("album:"+album+",name:"+name);
         if(name!=null && name.length()>0  && album!=null && album.length()>0)
             list = audioService.SearchByNameAlbum(name, album);
         else if(name!=null && name.length()>0)
             list = audioService.SearchByName(name);
         else
             list = audioService.SearchByAlbum(album);
+        list = audioService.SearchByAlbum(album);
 
         if(list==null || list.size()<1){
             HttpUtil.responseApiCode(request, response, ApiCode.NOT_FOUND);

+ 82 - 0
src/main/java/cn/efunbox/audio/plugin/AliStsService.java

@@ -0,0 +1,82 @@
+package cn.efunbox.audio.plugin;
+
+import com.aliyuncs.DefaultAcsClient;
+import com.aliyuncs.exceptions.ClientException;
+import com.aliyuncs.http.MethodType;
+import com.aliyuncs.http.ProtocolType;
+import com.aliyuncs.profile.DefaultProfile;
+import com.aliyuncs.profile.IClientProfile;
+import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
+import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
+
+/**
+ * Created by yao on 17-10-10.
+ */
+public class AliStsService {
+    // 目前只有"cn-hangzhou"这个region可用, 不要使用填写其他region的值
+    public static final String REGION_CN_HANGZHOU = "cn-hangzhou";
+    // 当前 STS API 版本
+    public static final String STS_API_VERSION = "2015-04-01";
+    public static AssumeRoleResponse assumeRole(String accessKeyId, String accessKeySecret,
+                                         String roleArn, String roleSessionName, String policy,
+                                         ProtocolType protocolType) throws ClientException {
+        try {
+            // 创建一个 Aliyun Acs Client, 用于发起 OpenAPI 请求
+            IClientProfile profile = DefaultProfile.getProfile(REGION_CN_HANGZHOU, accessKeyId, accessKeySecret);
+            DefaultAcsClient client = new DefaultAcsClient(profile);
+            // 创建一个 AssumeRoleRequest 并设置请求参数
+            final AssumeRoleRequest request = new AssumeRoleRequest();
+            request.setVersion(STS_API_VERSION);
+            request.setMethod(MethodType.POST);
+            request.setProtocol(protocolType);
+            request.setRoleArn(roleArn);
+            request.setRoleSessionName(roleSessionName);
+            request.setPolicy(policy);
+            // 发起请求,并得到response
+            final AssumeRoleResponse response = client.getAcsResponse(request);
+            return response;
+        } catch (ClientException e) {
+            throw e;
+        }
+    }
+
+    public static void Auth(){
+        // 只有 RAM用户(子账号)才能调用 AssumeRole 接口
+        // 阿里云主账号的AccessKeys不能用于发起AssumeRole请求
+        // 请首先在RAM控制台创建一个RAM用户,并为这个用户创建AccessKeys
+        String accessKeyId = "LTAIwHeZreDzNDtR";
+        String accessKeySecret = "gCTp82PM7B8liUrNlHqfLTQQTKLSAe";
+        // AssumeRole API 请求参数: RoleArn, RoleSessionName, Policy, and DurationSeconds
+        // RoleArn 需要在 RAM 控制台上获取
+        String roleArn = "acs:ram::30370391:role/audioauth";
+        // RoleSessionName 是临时Token的会话名称,自己指定用于标识你的用户,主要用于审计,或者用于区分Token颁发给谁
+        // 但是注意RoleSessionName的长度和规则,不要有空格,只能有'-' '_' 字母和数字等字符
+        // 具体规则请参考API文档中的格式要求
+        String roleSessionName = "alice-001";
+        // 如何定制你的policy?
+        String policy = "{\n" +
+                "  \"Statement\": [\n" +
+                "    {\n" +
+                "      \"Action\": \"sts:AssumeRole\",\n" +
+                "      \"Effect\": \"Allow\",\n" +
+                "      \"Resource\": \"*\"\n" +
+                "    }\n" +
+                "  ],\n" +
+                "  \"Version\": \"1\"\n" +
+                "}";
+        // 此处必须为 HTTPS
+        ProtocolType protocolType = ProtocolType.HTTPS;
+        try {
+            final AssumeRoleResponse response = assumeRole(accessKeyId, accessKeySecret,
+                    roleArn, roleSessionName, policy, protocolType);
+            System.out.println("Expiration: " + response.getCredentials().getExpiration());
+            System.out.println("Access Key Id: " + response.getCredentials().getAccessKeyId());
+            System.out.println("Access Key Secret: " + response.getCredentials().getAccessKeySecret());
+            System.out.println("Security Token: " + response.getCredentials().getSecurityToken());
+        } catch (ClientException e) {
+            System.out.println("Failed to get a token.");
+            System.out.println("Error code: " + e.getErrCode());
+            System.out.println("Error message: " + e.getErrMsg());
+        }
+    }
+}

+ 8 - 8
src/main/resources/application.properties

@@ -1,15 +1,15 @@
 #local
-#spring.datasource.url=jdbc:mysql://localhost:3306/efunbox_audio?useUnicode=true&characterEncoding=utf-8&characterSetResults=UTF-8&autoReconnect=true&allowMultiQueries=true
-#spring.datasource.username=root
-#spring.datasource.password=223732
-#spring.datasource.driver-class-name=com.mysql.jdbc.Driver
-
-#dev
-spring.datasource.url=jdbc:mysql://192.168.1.96:3306/efunbox_audio?useUnicode=true&characterEncoding=utf-8&characterSetResults=UTF-8&autoReconnect=true&allowMultiQueries=true
+spring.datasource.url=jdbc:mysql://localhost:3306/efunbox_audio?useUnicode=true&characterEncoding=utf-8&characterSetResults=UTF-8&autoReconnect=true&allowMultiQueries=true
 spring.datasource.username=root
-spring.datasource.password=Efunbox^^2015$
+spring.datasource.password=223732
 spring.datasource.driver-class-name=com.mysql.jdbc.Driver
 
+##dev
+#spring.datasource.url=jdbc:mysql://192.168.1.96:3306/efunbox_audio?useUnicode=true&characterEncoding=utf-8&characterSetResults=UTF-8&autoReconnect=true&allowMultiQueries=true
+#spring.datasource.username=root
+#spring.datasource.password=Efunbox^^2015$
+#spring.datasource.driver-class-name=com.mysql.jdbc.Driver
+
 spring.jpa.properties.hibernate.hbm2ddl.auto=update
 
 #spring.jpa.show-sql=true

+ 6 - 0
src/test/java/cn/efunbox/audio/AudioApplicationTests.java

@@ -1,6 +1,7 @@
 package cn.efunbox.audio;
 
 import cn.efunbox.audio.entity.Device;
+import cn.efunbox.audio.plugin.AliStsService;
 import cn.efunbox.audio.service.DeviceService;
 import cn.efunbox.audio.util.ApiCode;
 import org.junit.Test;
@@ -39,4 +40,9 @@ public class AudioApplicationTests {
 
 	}
 
+	@Test
+	public void aliAuth(){
+		AliStsService.Auth();
+	}
+
 }