Skip to content

Commit

Permalink
Merge pull request #71 from AlibabaCloudLandingZone/solution-ecs-sts-…
Browse files Browse the repository at this point in the history 
…token/0.0.5

solution-ecs-sts-token/0.0.5
  • Loading branch information
@wibud
wibud authored Jul 12, 2024
2 parents f5d6d88 + f99441a commit cd0fdca
Show file tree
Hide file tree
Showing 36 changed files with 492 additions and 32 deletions.
7 changes: 4 additions & 3 deletions ...n-ecs-sts-token/code-example/java/pom.xml → ...ts-token/code-example/java/common/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
<dependency>
<groupId>com.aliyun.oss</groupId>
<artifactId>aliyun-sdk-oss</artifactId>
<version>3.17.2</version>
<version>3.17.4</version>
</dependency>
<!--sls-sdk-->
<dependency>
Expand All @@ -54,12 +54,13 @@
<version>0.6.107</version>
</dependency>

<!-- Requires: version >= 0.3.2 -->
<!-- Requires: version >= 0.3.4 -->
<!-- 推荐使用最新版本 -->
<!--获取所有已发布的版本列表,请参见https://github.com/aliyun/credentials-java/blob/master/ChangeLog.txt-->
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>credentials-java</artifactId>
<version>0.3.2</version>
<version>0.3.4</version>
</dependency>
</dependencies>
</project>
45 changes: 23 additions & 22 deletions ...ple/oss_sdk/CredentialsDefaultSample.java → ...ple/oss_sdk/CredentialsDefaultSample.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,7 @@
import com.alibaba.fastjson2.JSON;
import com.aliyun.credentials.Client;
import com.aliyun.credentials.models.CredentialModel;
import com.aliyun.oss.ClientBuilderConfiguration;
import com.aliyun.oss.ClientConfiguration;
import com.aliyun.oss.OSSClient;
import com.aliyun.oss.*;
import com.aliyun.oss.common.auth.Credentials;
import com.aliyun.oss.common.auth.CredentialsProvider;
import com.aliyun.oss.common.auth.DefaultCredentials;
Expand All @@ -24,13 +22,34 @@ public static void main(String[] args) {

// Bucket所在地域对应的Endpoint。以华东1(杭州)为例。
String endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
// Endpoint对应的Region信息,例如cn-hangzhou。
String region = "cn-hangzhou";
// 建议使用更安全的V4签名算法,则初始化时需要加入endpoint对应的region信息,同时声明SignVersion.V4
// OSS Java SDK 3.17.4及以上版本支持V4签名。
ClientBuilderConfiguration configuration = new ClientBuilderConfiguration();
configuration.setSignatureVersion(SignVersion.V4);

// 用凭据客户端初始化OSS客户端
OSSClient ossClient = createOssClientByCredentials(endpoint, configuration, credentialClient);
OSS ossClient = OSSClientBuilder.create()
.endpoint(endpoint)
.credentialsProvider(new CredentialsProvider() {
@Override
public void setCredentials(Credentials credentials) {
}

@Override
public Credentials getCredentials() {
// 保证线程安全,从 CredentialModel 中获取 ak/sk/security token
CredentialModel credentialModel = credentialClient.getCredential();
String ak = credentialModel.getAccessKeyId();
String sk = credentialModel.getAccessKeySecret();
String token = credentialModel.getSecurityToken();
return new DefaultCredentials(ak, sk, token);
}
})
.clientConfiguration(configuration)
.region(region)
.build();

// 调用OSS API
List<Bucket> buckets = ossClient.listBuckets();
Expand All @@ -39,22 +58,4 @@ public static void main(String[] args) {
// 关闭OSSClient。
ossClient.shutdown();
}

public static OSSClient createOssClientByCredentials(String endpoint, ClientConfiguration configuration, Client credentialClient) {
return new OSSClient(endpoint, new CredentialsProvider() {
@Override
public void setCredentials(Credentials credentials) {
}

@Override
public Credentials getCredentials() {
// 保证线程安全,从 CredentialModel 中获取 ak/sk/security token
CredentialModel credentialModel = credentialClient.getCredential();
String ak = credentialModel.getAccessKeyId();
String sk = credentialModel.getAccessKeySecret();
String token = credentialModel.getSecurityToken();
return new DefaultCredentials(ak, sk, token);
}
}, configuration);
}
}
0 ...c/main/java/org/example/oss_sdk/README.md → ...c/main/java/org/example/oss_sdk/README.md
View file
File renamed without changes.
0 ...org/example/oss_sdk/RoleConfigSample.java → ...org/example/oss_sdk/RoleConfigSample.java
View file
File renamed without changes.
0 ...org/example/sdk1_0/CredentialsSample.java → ...org/example/sdk1_0/CredentialsSample.java
View file
File renamed without changes.
0 ...a/org/example/sdk1_0/EnvConfigSample.java → ...a/org/example/sdk1_0/EnvConfigSample.java
View file
File renamed without changes.
0 .../org/example/sdk1_0/LongTermAkSample.java → .../org/example/sdk1_0/LongTermAkSample.java
View file
File renamed without changes.
0 ...rc/main/java/org/example/sdk1_0/README.md → ...rc/main/java/org/example/sdk1_0/README.md
View file
File renamed without changes.
0 .../org/example/sdk1_0/RoleConfigSample.java → .../org/example/sdk1_0/RoleConfigSample.java
View file
File renamed without changes.
0 ...ain/java/org/example/sdk1_0/code-diff.png → ...ain/java/org/example/sdk1_0/code-diff.png
View file
File renamed without changes
4 changes: 2 additions & 2 deletions ...mple/sdk2_0/CredentialsDefaultSample.java → ...mple/sdk2_0/CredentialsDefaultSample.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ public static void main(String[] args) throws Exception {
// 5. 使用ECS实例RAM角色(需要通过环境变量 ALIBABA_CLOUD_ECS_METADATA 指定 ECS 实例角色名称;通过环境变量 ALIBABA_CLOUD_ECS_IMDSV2_ENABLE=true 开启在加固模式下获取STS Token)
// https://help.aliyun.com/zh/sdk/developer-reference/v2-manage-access-credentials#3ca299f04bw3c
// 要使用默认凭据链,初始化 Client 时,必须使用空的构造函数,不能配置 Config 入参
Client credentialsClient = new Client();
Client credentialClient = new Client();

// 调用API,以GetCallerIdentity获取当前调用者身份信息为例
com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
.setCredential(credentialsClient)
.setCredential(credentialClient)
.setEndpoint("sts.cn-hangzhou.aliyuncs.com");
com.aliyun.sts20150401.Client stsClient = new com.aliyun.sts20150401.Client(config);

Expand Down
4 changes: 2 additions & 2 deletions ...e/sdk2_0/CredentialsRoleConfigSample.java → ...e/sdk2_0/CredentialsRoleConfigSample.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ public static void main(String[] args) throws Exception {
credentialConfig.setRoleName("my-ecs-role");
// 在加固模式下获取STS Token,强烈建议开启
credentialConfig.setEnableIMDSv2(true);
Client credentialsClient = new Client(credentialConfig);
Client credentialClient = new Client(credentialConfig);

// 调用API,以GetCallerIdentity获取当前调用者身份信息为例
com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
.setCredential(credentialsClient)
.setCredential(credentialClient)
.setEndpoint("sts.cn-hangzhou.aliyuncs.com");
com.aliyun.sts20150401.Client stsClient = new com.aliyun.sts20150401.Client(config);

Expand Down
0 .../org/example/sdk2_0/LongTermAkSample.java → .../org/example/sdk2_0/LongTermAkSample.java
View file
File renamed without changes.
0 ...rc/main/java/org/example/sdk2_0/README.md → ...rc/main/java/org/example/sdk2_0/README.md
View file
File renamed without changes.
0 ...ain/java/org/example/sdk2_0/code-diff.png → ...ain/java/org/example/sdk2_0/code-diff.png
View file
File renamed without changes
0 ...ple/sls_sdk/CredentialsDefaultSample.java → ...ple/sls_sdk/CredentialsDefaultSample.java
View file
File renamed without changes.
0 ...c/main/java/org/example/sls_sdk/README.md → ...c/main/java/org/example/sls_sdk/README.md
View file
File renamed without changes.
0 ...org/example/sls_sdk/RoleConfigSample.java → ...org/example/sls_sdk/RoleConfigSample.java
View file
File renamed without changes.
78 changes: 78 additions & 0 deletions solution/solution-ecs-sts-token/code-example/java/spring-boot/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.4.RELEASE</version>
</parent>
<groupId>org.example</groupId>
<artifactId>spring-boot</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion>
<exec.cleanupDaemonThreads>false</exec.cleanupDaemonThreads>
</properties>

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.fastjson2</groupId>
<artifactId>fastjson2</artifactId>
<version>2.0.51</version>
</dependency>

<!--2.0 sdk-->
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>sts20150401</artifactId>
<version>1.1.4</version>
</dependency>
<!--1.0 sdk-->
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-sts</artifactId>
<version>3.1.2</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>[4.0.0,5.0.0)</version>
</dependency>
<!--oss-sdk-->
<dependency>
<groupId>com.aliyun.oss</groupId>
<artifactId>aliyun-sdk-oss</artifactId>
<version>3.17.4</version>
</dependency>
<!--sls-sdk-->
<dependency>
<groupId>com.aliyun.openservices</groupId>
<artifactId>aliyun-log</artifactId>
<version>0.6.107</version>
</dependency>

<!-- Requires: version >= 0.3.4 -->
<!-- 推荐使用最新版本 -->
<!--获取所有已发布的版本列表,请参见https://github.com/aliyun/credentials-java/blob/master/ChangeLog.txt-->
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>credentials-java</artifactId>
<version>0.3.4</version>
</dependency>
</dependencies>
</project>
11 changes: 11 additions & 0 deletions ...on-ecs-sts-token/code-example/java/spring-boot/src/main/java/org/example/Application.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package org.example;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
37 changes: 37 additions & 0 deletions ...oken/code-example/java/spring-boot/src/main/java/org/example/config/CredentialConfig.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package org.example.config;

import com.aliyun.credentials.Client;
import com.aliyun.credentials.models.Config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class CredentialConfig {

// 初始化凭据客户端
// 借助Credentials工具的默认凭据链,您可以用同一套代码,通过程序之外的配置来控制不同环境下的凭据获取方式
// 当您在初始化凭据客户端不传入任何参数时,Credentials工具将会尝试按照如下顺序查找相关凭据信息(优先级由高到低):
// 1. 使用系统属性
// 2. 使用环境变量
// 3. 使用OIDC RAM角色
// 4. 使用配置文件
// 5. 使用ECS实例RAM角色(需要通过环境变量 ALIBABA_CLOUD_ECS_METADATA 指定 ECS 实例角色名称;通过环境变量 ALIBABA_CLOUD_ECS_IMDSV2_ENABLE=true 开启在加固模式下获取STS Token)
// https://help.aliyun.com/zh/sdk/developer-reference/v2-manage-access-credentials#3ca299f04bw3c
// 要使用默认凭据链,初始化 Client 时,必须使用空的构造函数,不能配置 Config 入参
@Bean(name = "credentialClient")
Client getCredentialClient() {
return new Client();
}

// 除了使用上面的默认凭据链,您也可以在代码中显式配置,来初始化凭据客户端
//@Bean(name = "credentialClient")
//Client getCredentialClient() {
// Config config = new Config()
// .setType("ecs_ram_role")
// // 选填,该ECS实例角色的角色名称,不填会自动获取,建议加上以减少请求次数
// .setRoleName("<请填写ECS实例角色的角色名称>")
// // 在加固模式下获取STS Token,强烈建议开启
// .setEnableIMDSv2(true);
// return new Client(config);
//}
}
53 changes: 53 additions & 0 deletions ...token/code-example/java/spring-boot/src/main/java/org/example/config/OssClientConfig.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
package org.example.config;

import com.aliyun.credentials.models.CredentialModel;
import com.aliyun.oss.ClientBuilderConfiguration;
import com.aliyun.oss.OSS;
import com.aliyun.oss.OSSClientBuilder;
import com.aliyun.oss.common.auth.Credentials;
import com.aliyun.oss.common.auth.CredentialsProvider;
import com.aliyun.oss.common.auth.DefaultCredentials;
import com.aliyun.oss.common.comm.SignVersion;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class OssClientConfig {

@Autowired
com.aliyun.credentials.Client credentialClient;

@Bean(name = "ossClient")
OSS getOssClient() {
// Bucket所在地域对应的Endpoint,以华东1(杭州)为例
String endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
// Endpoint对应的Region信息,例如cn-hangzhou。
String region = "cn-hangzhou";
// 建议使用更安全的V4签名算法,则初始化时需要加入endpoint对应的region信息,同时声明SignVersion.V4
// OSS Java SDK 3.17.4及以上版本支持V4签名。
ClientBuilderConfiguration configuration = new ClientBuilderConfiguration();
configuration.setSignatureVersion(SignVersion.V4);

return OSSClientBuilder.create()
.endpoint(endpoint)
.credentialsProvider(new CredentialsProvider() {
@Override
public void setCredentials(Credentials credentials) {
}

@Override
public Credentials getCredentials() {
// 保证线程安全,从 CredentialModel 中获取 ak/sk/security token
CredentialModel credentialModel = credentialClient.getCredential();
String ak = credentialModel.getAccessKeyId();
String sk = credentialModel.getAccessKeySecret();
String token = credentialModel.getSecurityToken();
return new DefaultCredentials(ak, sk, token);
}
})
.clientConfiguration(configuration)
.region(region)
.build();
}
}
30 changes: 30 additions & 0 deletions ...ken/code-example/java/spring-boot/src/main/java/org/example/config/SdkV1ClientConfig.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package org.example.config;

import com.aliyun.credentials.models.CredentialModel;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.auth.BasicSessionCredentials;
import com.aliyuncs.profile.DefaultProfile;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class SdkV1ClientConfig {

@Autowired
com.aliyun.credentials.Client credentialClient;

@Bean(name = "sdkV1Client")
com.aliyuncs.IAcsClient getSdkV1Client() {
// 以华东1(杭州)为例
DefaultProfile profile = DefaultProfile.getProfile("cn-hangzhou");
return new DefaultAcsClient(profile, () -> {
// 保证线程安全,从 CredentialModel 中获取 ak/sk/security token
CredentialModel credentialModel = credentialClient.getCredential();
String ak = credentialModel.getAccessKeyId();
String sk = credentialModel.getAccessKeySecret();
String token = credentialModel.getSecurityToken();
return new BasicSessionCredentials(ak, sk, token);
});
}
}
21 changes: 21 additions & 0 deletions ...ken/code-example/java/spring-boot/src/main/java/org/example/config/SdkV2ClientConfig.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package org.example.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class SdkV2ClientConfig {

@Autowired
com.aliyun.credentials.Client credentialClient;

@Bean(name = "sdkV2StsClient")
com.aliyun.sts20150401.Client getSdkV2StsClient() throws Exception {
com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
.setCredential(credentialClient)
// 以华东1(杭州)为例
.setEndpoint("sts.cn-hangzhou.aliyuncs.com");
return new com.aliyun.sts20150401.Client(config);
}
}
29 changes: 29 additions & 0 deletions ...token/code-example/java/spring-boot/src/main/java/org/example/config/SlsClientConfig.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
package org.example.config;

import com.aliyun.credentials.models.CredentialModel;
import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.auth.DefaultCredentials;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class SlsClientConfig {

@Autowired
com.aliyun.credentials.Client credentialClient;

@Bean(name = "slsClient")
com.aliyun.openservices.log.Client getSlsClient() {
// 日志服务的服务接入点,以华东1(杭州)为例
String endpoint = "cn-hangzhou.log.aliyuncs.com";
return new Client(endpoint, () -> {
// 保证线程安全,从 CredentialModel 中获取 ak/sk/security token
CredentialModel credentialModel = credentialClient.getCredential();
String ak = credentialModel.getAccessKeyId();
String sk = credentialModel.getAccessKeySecret();
String token = credentialModel.getSecurityToken();
return new DefaultCredentials(ak, sk, token);
});
}
}
Loading

0 comments on commit cd0fdca

Please sign in to comment.