阿里云日志服务控制台内嵌分享功能使用

概述

针对用户在使用官方文档控制台分享内嵌易出现问题的情况,这里使用RAM用户介绍相关参数的获取及配置,方便初次使用者快速使用该功能。

原理图

阿里云日志服务控制台内嵌分享功能使用

实验步骤

1、为RAM用户授权:AliyunSTSAssumeRoleAccess

阿里云日志服务控制台内嵌分享功能使用

2、创建RAM角色

阿里云日志服务控制台内嵌分享功能使用
阿里云日志服务控制台内嵌分享功能使用

3、为角色授权

阿里云日志服务控制台内嵌分享功能使用

4、roleArn参数获取

阿里云日志服务控制台内嵌分享功能使用

5、pom.xml

 <dependencies>
        <dependency>
            <groupId>com.aliyun</groupId>
            <artifactId>aliyun-java-sdk-sts</artifactId>
            <version>3.0.0</version>
        </dependency>
        <dependency>
            <groupId>com.aliyun</groupId>
            <artifactId>aliyun-java-sdk-core</artifactId>
            <version>3.5.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.5.5</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.47</version>
        </dependency>
    </dependencies>

6、Code Sample


import com.alibaba.fastjson.JSON;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;

import static java.lang.System.exit;

/**
 * Hello world!
 *
 */
public class slsconsole
{
    public static void main( String[] args ) {
        // RAM子账户的ak,sk
        String akId = "******";
        String ak = "**********";
        String roleArn = "acs:ram::******:role/slsdemotest";  //角色
        String roleSession = "console-role-session"; // 可以取任何值
        String signInHost = "http://signin.aliyun.com";

        try {

            // 访问令牌获取临时AK & Token
            IClientProfile profile = DefaultProfile.getProfile("cn-beijing", akId, ak);
            DefaultAcsClient client = new DefaultAcsClient(profile);

            AssumeRoleRequest assumeRoleReq = new AssumeRoleRequest();
            assumeRoleReq.setRoleArn(roleArn);
            assumeRoleReq.setRoleSessionName(roleSession);
            assumeRoleReq.setMethod(MethodType.POST);
            assumeRoleReq.setDurationSeconds(3600L);
//            // 默认可以不需要setPolicy,即申请获得角色的所有权限
//            assumeRoleReq.setPolicy(本次生成token实际需要的权限字符串,申请权限必须是角色对应权限的子集); // 权限示例参考链接:https://help.aliyun.com/document_detail/89676.html

            AssumeRoleResponse assumeRoleRes = client.getAcsResponse(assumeRoleReq);
            System.out.println(assumeRoleRes.getCredentials().getAccessKeyId());
            System.out.println(assumeRoleRes.getCredentials().getAccessKeySecret());
            System.out.println(assumeRoleRes.getCredentials().getExpiration());
            System.out.println(assumeRoleRes.getCredentials().getSecurityToken());

            // construct singin url
            String signInTokenUrl = signInHost + String.format(
                    "/federation?Action=GetSigninToken"
                            + "&AccessKeyId=%s"
                            + "&AccessKeySecret=%s"
                            + "&SecurityToken=%s&TicketType=mini",
                    URLEncoder.encode(assumeRoleRes.getCredentials().getAccessKeyId(), "utf-8"),
                    URLEncoder.encode(assumeRoleRes.getCredentials().getAccessKeySecret(), "utf-8"),
                    URLEncoder.encode(assumeRoleRes.getCredentials().getSecurityToken(), "utf-8")
            );

            System.out.println("signInTokenUrl: " + signInTokenUrl);

            // 通过临时AK & Token 获取登录 Token
            HttpGet signInGet = new HttpGet(signInTokenUrl);
            CloseableHttpClient httpClient = HttpClients.createDefault();
            HttpResponse httpResponse = httpClient.execute(signInGet);
            String signInToken = "";
            if (httpResponse.getStatusLine().getStatusCode() == 200) {
                String signInRes = EntityUtils.toString(httpResponse.getEntity());
                System.out.println(signInRes);
                signInToken = JSON.parseObject(signInRes).getString("SigninToken");

                if (signInToken == null) {
                    System.out.println("Invalid response message, contains no SigninToken: " + signInRes);
                    exit(-1);
                }
            } else {
                System.out.println("Failed to retrieve signInToken");
                exit(-1);
            }

            // construct final url   通过登录Token生成日志服务Web访问链接进行跳转登录
            // 注意:生成的访问链接只能被使用一次
            String signInUrl = signInHost + String.format(
                    "/federation?Action=Login"
                            + "&LoginUrl=%s"
                            + "&Destination=%s"
                            + "&SigninToken=%s",
                    URLEncoder.encode("https://www.aliyun.com", "utf-8"),
                    URLEncoder.encode("https://sls4service.console.aliyun.com/next/project/yutarotest/logsearch/log5?isShare=true&hideTopbar=true&hideSidebar=true", "utf-8"),
                    URLEncoder.encode(signInToken, "utf-8"));    //注意参数替换:project/<日志服务项目project>/logsearch/<日志库名称>
            System.out.println(signInUrl);  // 直接使用该URL即可
        } catch (ClientException e) {
            e.printStackTrace();
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        } catch (ClientProtocolException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

注意: 参考备注修改为自己的参数值后再进行测试。

更多参考

控制台分享内嵌
Java SDK

上一篇:什么是带宽?宽带独享?共享?


下一篇:“共享女友”项目地推被三里屯的警察蜀黍罚款了,你怎么看?