阿里云oss存储使用sts时的后台处理逻辑

使用sts时需要开通ram子账号功能，具体开通方法参考：

https://help.aliyun.com/document_detail/31935.html

pom文件中添加：

                        <dependency>
				<groupId>com.aliyun</groupId>
				<artifactId>aliyun-java-sdk-sts</artifactId>
				<version>2.1.6</version>
			</dependency>
			<dependency>
				<groupId>com.aliyun</groupId>
				<artifactId>aliyun-java-sdk-core</artifactId>
				<version>2.1.7</version>
			</dependency>

后台代码：

    @RequestMapping(value = {"/getAliOssSts"}, method = RequestMethod.GET, produces = {"text/javascript;charset=UTF-8"})
    @ResponseBody
    public String getAliOssSts(HttpServletRequest request, HttpServletResponse response) 
        throws ServerException, ClientException
    {
        String REGION_CN_SHANGHAI = "cn-shanghai";
        // 当前 STS API 版本
        String STS_API_VERSION = "2015-04-01";
        // 请首先在RAM控制台创建一个RAM用户，并为这个用户创建AccessKeys
        String accessKeyId = "****";
        String accessKeySecret = "*****";
        // AssumeRole API 请求参数: RoleArn, RoleSessionName, Policy, and DurationSeconds
        // RoleArn 需要在 RAM 控制台上获取
        String roleArn = "acs:ram:*****";
        // RoleSessionName 是临时Token的会话名称，自己指定用于标识你的用户，主要用于审计，或者用于区分Token颁发给谁
        // 但是注意RoleSessionName的长度和规则，不要有空格，只能有'-' '_' 字母和数字等字符
        // 具体规则请参考API文档中的格式要求
        String roleSessionName = "alice-001";
        // 如何定制你的policy?
        ProtocolType protocolType = ProtocolType.HTTPS;
        IClientProfile profile = DefaultProfile.getProfile(REGION_CN_<span style="font-family: Arial, Helvetica, sans-serif;">SHANGHAI,</span><span style="font-family: Arial, Helvetica, sans-serif;">accessKeyId,accessKeySecret);</span>
        DefaultAcsClient client = new DefaultAcsClient(profile);
        String policy = "{\n" +
            "    \"Version\": \"1\", \n" +
            "    \"Statement\": [\n" +
            "        {\n" +
            "            \"Action\": [\n" +
            "                \"oss:ListObjects\", \n" +
            "                \"oss:GetObject\", \n" +
            "                \"oss:AbortMultipartUpload\", \n" +
            "                \"oss:PutObject\" \n" +
            "            ], \n" +
            "            \"Resource\": [\n" +
            "                \"acs:oss:*:*:空间名称\",\n" +
            "                \"acs:oss:*:*:*/*\"\n" +
            "            ], \n" +
            "            \"Effect\": \"Allow\"\n" +
            "        }\n" +
            "    ]\n" +
            "}";
        
        // 创建一个 AssumeRoleRequest 并设置请求参数
        final AssumeRoleRequest req = new AssumeRoleRequest();
        req.setVersion(STS_API_VERSION);
        req.setMethod(MethodType.POST);
        req.setProtocol(protocolType);
        req.setRoleArn(roleArn);
        req.setRoleSessionName(roleSessionName);
        req.setPolicy(policy);
        // 发起请求，并得到response
        final AssumeRoleResponse resp = client.getAcsResponse(req);
        JSONObject returnData = new JSONObject();
        returnData.put("expiration", resp.getCredentials().getExpiration());
        returnData.put("accessKeyId", resp.getCredentials().getAccessKeyId());
        returnData.put("accessKeySecret", resp.getCredentials().getAccessKeySecret());
        returnData.put("securityToken", resp.getCredentials().getSecurityToken());
        logger.info("获取oss sts：" + returnData.toString());
        return responseUtil.responseJson(ResponseCode.OK, "", returnData);
    }

android或者ios前端只需要使用后台返回的参数即可初始化，完成上传，注意此方法获取的token的默认有效时间为一个小时