概述
針對使用者在使用官方文檔 控制台分享内嵌 易出現問題的情況,這裡使用RAM使用者介紹相關參數的擷取及配置,友善初次使用者快速使用該功能。
原理圖
實驗步驟
1、為RAM使用者授權:AliyunSTSAssumeRoleAccess
2、建立RAM角色
3、為角色授權
4、roleArn參數擷取
5、pom.xml
<dependencies>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-sts</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>3.5.0</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.5</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.47</version>
</dependency>
</dependencies> 6、Code Sample
import com.alibaba.fastjson.JSON;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import static java.lang.System.exit;
/**
* Hello world!
*
*/
public class slsconsole
{
public static void main( String[] args ) {
// RAM子賬戶的ak,sk
String akId = "******";
String ak = "**********";
String roleArn = "acs:ram::******:role/slsdemotest"; //角色
String roleSession = "console-role-session"; // 可以取任何值
String signInHost = "http://signin.aliyun.com";
try {
// 通路令牌擷取臨時AK & Token
IClientProfile profile = DefaultProfile.getProfile("cn-beijing", akId, ak);
DefaultAcsClient client = new DefaultAcsClient(profile);
AssumeRoleRequest assumeRoleReq = new AssumeRoleRequest();
assumeRoleReq.setRoleArn(roleArn);
assumeRoleReq.setRoleSessionName(roleSession);
assumeRoleReq.setMethod(MethodType.POST);
assumeRoleReq.setDurationSeconds(3600L);
// // 預設可以不需要setPolicy,即申請獲得角色的所有權限
// assumeRoleReq.setPolicy(本次生成token實際需要的權限字元串,申請權限必須是角色對應權限的子集); // 權限示例參考連結:https://help.aliyun.com/document_detail/89676.html
AssumeRoleResponse assumeRoleRes = client.getAcsResponse(assumeRoleReq);
System.out.println(assumeRoleRes.getCredentials().getAccessKeyId());
System.out.println(assumeRoleRes.getCredentials().getAccessKeySecret());
System.out.println(assumeRoleRes.getCredentials().getExpiration());
System.out.println(assumeRoleRes.getCredentials().getSecurityToken());
// construct singin url
String signInTokenUrl = signInHost + String.format(
"/federation?Action=GetSigninToken"
+ "&AccessKeyId=%s"
+ "&AccessKeySecret=%s"
+ "&SecurityToken=%s&TicketType=mini",
URLEncoder.encode(assumeRoleRes.getCredentials().getAccessKeyId(), "utf-8"),
URLEncoder.encode(assumeRoleRes.getCredentials().getAccessKeySecret(), "utf-8"),
URLEncoder.encode(assumeRoleRes.getCredentials().getSecurityToken(), "utf-8")
);
System.out.println("signInTokenUrl: " + signInTokenUrl);
// 通過臨時AK & Token 擷取登入 Token
HttpGet signInGet = new HttpGet(signInTokenUrl);
CloseableHttpClient httpClient = HttpClients.createDefault();
HttpResponse httpResponse = httpClient.execute(signInGet);
String signInToken = "";
if (httpResponse.getStatusLine().getStatusCode() == 200) {
String signInRes = EntityUtils.toString(httpResponse.getEntity());
System.out.println(signInRes);
signInToken = JSON.parseObject(signInRes).getString("SigninToken");
if (signInToken == null) {
System.out.println("Invalid response message, contains no SigninToken: " + signInRes);
exit(-1);
}
} else {
System.out.println("Failed to retrieve signInToken");
exit(-1);
}
// construct final url 通過登入Token生成日志服務Web通路連結進行跳轉登入
// 注意:生成的通路連結隻能被使用一次
String signInUrl = signInHost + String.format(
"/federation?Action=Login"
+ "&LoginUrl=%s"
+ "&Destination=%s"
+ "&SigninToken=%s",
URLEncoder.encode("https://www.aliyun.com", "utf-8"),
URLEncoder.encode("https://sls4service.console.aliyun.com/next/project/yutarotest/logsearch/log5?isShare=true&hideTopbar=true&hideSidebar=true", "utf-8"),
URLEncoder.encode(signInToken, "utf-8")); //注意參數替換:project/<日志服務項目project>/logsearch/<日志庫名稱>
System.out.println(signInUrl); // 直接使用該URL即可
} catch (ClientException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
} 注意: 參考備注修改為自己的參數值後再進行測試。