概述
针对用户在使用官方文档控制台分享内嵌易出现问题的情况,这里使用RAM用户介绍相关参数的获取及配置,方便初次使用者快速使用该功能。
原理图
实验步骤
1、为RAM用户授权:AliyunSTSAssumeRoleAccess
2、创建RAM角色
3、为角色授权
4、roleArn参数获取
5、pom.xml
<dependencies>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-sts</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>3.5.0</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.5</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.47</version>
</dependency>
</dependencies>
6、Code Sample
import com.alibaba.fastjson.JSON;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import static java.lang.System.exit;
/**
* Hello world!
*
*/
public class slsconsole
{
public static void main( String[] args ) {
// RAM子账户的ak,sk
String akId = "******";
String ak = "**********";
String roleArn = "acs:ram::******:role/slsdemotest"; //角色
String roleSession = "console-role-session"; // 可以取任何值
String signInHost = "http://signin.aliyun.com";
try {
// 访问令牌获取临时AK & Token
IClientProfile profile = DefaultProfile.getProfile("cn-beijing", akId, ak);
DefaultAcsClient client = new DefaultAcsClient(profile);
AssumeRoleRequest assumeRoleReq = new AssumeRoleRequest();
assumeRoleReq.setRoleArn(roleArn);
assumeRoleReq.setRoleSessionName(roleSession);
assumeRoleReq.setMethod(MethodType.POST);
assumeRoleReq.setDurationSeconds(3600L);
// // 默认可以不需要setPolicy,即申请获得角色的所有权限
// assumeRoleReq.setPolicy(本次生成token实际需要的权限字符串,申请权限必须是角色对应权限的子集); // 权限示例参考链接:https://help.aliyun.com/document_detail/89676.html
AssumeRoleResponse assumeRoleRes = client.getAcsResponse(assumeRoleReq);
System.out.println(assumeRoleRes.getCredentials().getAccessKeyId());
System.out.println(assumeRoleRes.getCredentials().getAccessKeySecret());
System.out.println(assumeRoleRes.getCredentials().getExpiration());
System.out.println(assumeRoleRes.getCredentials().getSecurityToken());
// construct singin url
String signInTokenUrl = signInHost + String.format(
"/federation?Action=GetSigninToken"
+ "&AccessKeyId=%s"
+ "&AccessKeySecret=%s"
+ "&SecurityToken=%s&TicketType=mini",
URLEncoder.encode(assumeRoleRes.getCredentials().getAccessKeyId(), "utf-8"),
URLEncoder.encode(assumeRoleRes.getCredentials().getAccessKeySecret(), "utf-8"),
URLEncoder.encode(assumeRoleRes.getCredentials().getSecurityToken(), "utf-8")
);
System.out.println("signInTokenUrl: " + signInTokenUrl);
// 通过临时AK & Token 获取登录 Token
HttpGet signInGet = new HttpGet(signInTokenUrl);
CloseableHttpClient httpClient = HttpClients.createDefault();
HttpResponse httpResponse = httpClient.execute(signInGet);
String signInToken = "";
if (httpResponse.getStatusLine().getStatusCode() == 200) {
String signInRes = EntityUtils.toString(httpResponse.getEntity());
System.out.println(signInRes);
signInToken = JSON.parseObject(signInRes).getString("SigninToken");
if (signInToken == null) {
System.out.println("Invalid response message, contains no SigninToken: " + signInRes);
exit(-1);
}
} else {
System.out.println("Failed to retrieve signInToken");
exit(-1);
}
// construct final url 通过登录Token生成日志服务Web访问链接进行跳转登录
// 注意:生成的访问链接只能被使用一次
String signInUrl = signInHost + String.format(
"/federation?Action=Login"
+ "&LoginUrl=%s"
+ "&Destination=%s"
+ "&SigninToken=%s",
URLEncoder.encode("https://www.aliyun.com", "utf-8"),
URLEncoder.encode("https://sls4service.console.aliyun.com/next/project/yutarotest/logsearch/log5?isShare=true&hideTopbar=true&hideSidebar=true", "utf-8"),
URLEncoder.encode(signInToken, "utf-8")); //注意参数替换:project/<日志服务项目project>/logsearch/<日志库名称>
System.out.println(signInUrl); // 直接使用该URL即可
} catch (ClientException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
注意: 参考备注修改为自己的参数值后再进行测试。