使用临时秘钥访问OSS

{
	"Version": 3,
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"oss:PutObject"
			],
			"Resource": [
				"jrn:oss:*:111111111111:test-app/*"
			]
		}
	]
}

{
	"Version": 3,
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"sts:assumeRole"
			],
			"Resource": [
				"jrn:iam::111111111111:role/test-role"
			]
		}
	]
}

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.jdcloud.sdk.auth.CredentialsProvider;
import com.jdcloud.sdk.auth.StaticCredentialsProvider;
import com.jdcloud.sdk.http.HttpRequestConfig;
import com.jdcloud.sdk.http.Protocol;
import com.jdcloud.sdk.service.sts.client.StsClient;
import com.jdcloud.sdk.service.sts.model.AssumeRoleInfo;
import com.jdcloud.sdk.service.sts.model.AssumeRoleRequest;
import com.jdcloud.sdk.service.sts.model.AssumeRoleResponse;
import com.jdcloud.sdk.service.sts.model.Credentials;

public class TokenExample {

    public static Credentials getToken() {
        //使用子用户test-iam的AK/SK初始化stsClient
        String accessKey = "your-ak";
        String secretKey = "your-sk";
        CredentialsProvider credentialsProvider = new StaticCredentialsProvider(accessKey, secretKey);
        StsClient stsClient = StsClient.builder()
                .credentialsProvider(credentialsProvider)
                .httpRequestConfig(new HttpRequestConfig.Builder().protocol(Protocol.HTTPS).build())
                .build();
        //调用AssumeRole API代入角色
        AssumeRoleInfo assumeRoleInfo = new AssumeRoleInfo()
                .roleJrn("your-roleJrn")
                .roleSessionName("your-session-name");
        AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
        assumeRoleRequest.setAssumeRoleInfo(assumeRoleInfo);
        AssumeRoleResponse response = stsClient.assumeRole(assumeRoleRequest);
        Credentials credentials = response.getResult().getCredentials();
        //返回代入角色后的临时秘钥
        return credentials;
    }

    public static void main(String [ ]str) {
        //获取临时秘钥
        Credentials credentials = getToken();
        //使用临时秘钥初始化s3Client
        BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
                credentials.getAccessKey(), credentials.getSecretKey(),
                credentials.getSessionToken());

        String endpoint = "https://s3.<REGION>.jdcloud-oss.com";
        ClientConfiguration config = new ClientConfiguration();
        AwsClientBuilder.EndpointConfiguration endpointConfig =
                new AwsClientBuilder.EndpointConfiguration(endpoint, "<REGION>");

        AWSCredentialsProvider awsCredentialsProvider = new AWSStaticCredentialsProvider(basicSessionCredentials);

        AmazonS3 s3Client = AmazonS3Client.builder()
                .withEndpointConfiguration(endpointConfig)
                .withClientConfiguration(config)
                .withCredentials(awsCredentialsProvider)
                .disableChunkedEncoding()
                .build();
        //使用s3Client上传Object
        s3Client.putObject("your-bucket","your-key","this is test");
    }
}