阿里云的临时密钥

10f39c06 · 张永 · c187e1b4 · 10f39c06
Commit 10f39c06 authored Sep 23, 2019 by 张永
Show whitespace changes
Inline Side-by-side

Showing with 80 additions and 9 deletions

YunController.java src/main/java/com/egolm/shop/controller/YunController.java +80 -9

No files found.
--- a/src/main/java/com/egolm/shop/controller/YunController.java
+++ b/src/main/java/com/egolm/shop/controller/YunController.java
@@ -13,6 +13,13 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;

+import com.aliyun.oss.ClientException;
+import com.aliyuncs.DefaultAcsClient;
+import com.aliyuncs.auth.sts.AssumeRoleRequest;
+import com.aliyuncs.auth.sts.AssumeRoleResponse;
+import com.aliyuncs.http.MethodType;
+import com.aliyuncs.profile.DefaultProfile;
+import com.aliyuncs.profile.IClientProfile;
 import com.egolm.common.StringUtil;
 import com.egolm.common.bean.Rjx;
 import com.egolm.shop.service.SystemCtrlService;
@@ -46,16 +53,80 @@ public class YunController {
 			String value1 = choiceMap.get("sValue1") + "";
 			System.out.println(value1);

+			//https://help.aliyun.com/document_detail/100624.html?spm=a2c4g.11186623.2.10.74ba41f0DhTvNE
 			if (value1.equalsIgnoreCase(ShopContstrant.Aliyun_OSS_KEY)) {
+				
+				try {
+					
+					Map<String,Object> map = systemCtrlService.queryTSystemCtrlByCode(ShopContstrant.Aliyun_OSS_KEY, "936"); 
+					if (map != null) {
+						String endPonit = map.get("sValue1") + "";
+						String bucketName = map.get("sValue2") + "";
+						String appID = map.get("sValue3") + "";
+						String secret = map.get("sValue4") + "";
+						String webUrl = map.get("sValue5") + ""; 
+						
+						String endpoint = "sts.aliyuncs.com";
+						String accessKeyId = "<access-key-id>";
+						String accessKeySecret = "<access-key-secret>";
+						String roleArn = "<role-arn>";
+						String roleSessionName = "session-name";
+						String policy = "{\n" +
+						        "    \"Version\": \"1\", \n" +
+						        "    \"Statement\": [\n" +
+						        "        {\n" +
+						        "            \"Action\": [\n" +
+						        "                \"oss:*\"\n" +
+						        "            ], \n" +
+						        "            \"Resource\": [\n" +
+						        "                \"acs:oss:*:*:*\" \n" +
+						        "            ], \n" +
+						        "            \"Effect\": \"Allow\"\n" +
+						        "        }\n" +
+						        "    ]\n" +
+						        "}";
+						try {
+						    // 添加endpoint（直接使用STS endpoint，前两个参数留空，无需添加region ID）
+						    DefaultProfile.addEndpoint("", "", "Sts", endpoint);
+						    // 构造default profile（参数留空，无需添加region ID）
+						    IClientProfile profile = DefaultProfile.getProfile("", accessKeyId, accessKeySecret);
+						    // 用profile构造client
+						    DefaultAcsClient client = new DefaultAcsClient(profile);
+						    final AssumeRoleRequest aliyunRequest = new AssumeRoleRequest();
+						    aliyunRequest.setMethod(MethodType.POST);
+						    aliyunRequest.setRoleArn(roleArn);
+						    aliyunRequest.setRoleSessionName(roleSessionName);
+						    aliyunRequest.setPolicy(policy); // 若policy为空，则用户将获得该角色下所有权限
+						    aliyunRequest.setDurationSeconds(1000L); // 设置凭证有效时间
+						    final AssumeRoleResponse aliyunResponse = client.getAcsResponse(aliyunRequest);
+						    System.out.println("Expiration: " + aliyunResponse.getCredentials().getExpiration());
+						    System.out.println("Access Key Id: " + aliyunResponse.getCredentials().getAccessKeyId());
+						    System.out.println("Access Key Secret: " + aliyunResponse.getCredentials().getAccessKeySecret());
+						    System.out.println("Security Token: " + aliyunResponse.getCredentials().getSecurityToken());
+						    System.out.println("RequestId: " + aliyunResponse.getRequestId());
+						    
 						    Map<String,Object> resultMap = new HashMap<String,Object>();
-	            resultMap.put("tmpSecretId", "");
-	            resultMap.put("tmpSecretKey", "没做");
-	            resultMap.put("sessionToken", "");
-	            resultMap.put("webUrl", "");
+							resultMap.put("tmpSecretId", aliyunResponse.getCredentials().getAccessKeyId());
+							resultMap.put("tmpSecretKey", aliyunResponse.getCredentials().getAccessKeySecret());
+							resultMap.put("sessionToken", aliyunResponse.getCredentials().getSecurityToken());
+							resultMap.put("webUrl", webUrl);
 							resultMap.put("region","");
 							resultMap.put("bucketName", "");
 							resultMap.put("type", "aliyun");
 							return Rjx.json(resultMap).setCode(200).toString();
+							
+							
+						} catch (ClientException e1) {
+						    e1.printStackTrace();
+						    return Rjx.json().setMessage("阿里云临时密钥获取失败").toJson();
+						} 
+					}else {
+						return Rjx.json().setMessage("阿里云OSS参数未配置").toJson();
+					}
+				} catch (Exception e) {
+					e.printStackTrace();
+					return Rjx.json().setMessage("阿里云临时密钥获取异常").toJson();
+				}
 			} 
 			if(value1.equalsIgnoreCase(ShopContstrant.Tencent_Cos_Key)) {
 				int expiryTime = 1800; //秒