目录
1.RAM访问控制
2.创建用户
- 访问方式添加编程访问 (将生成的AccessKey ID与Secret 进行文本保留)
3. 创建RAM角色
4.新添加自定义权限策略
- 添加oss访问策略
2.添加STS访问策略 其中 155****0653为AccountID aliyunoss为第三步创建的用户名字
5.给RAM授权
6.为用户授权
结束:
至此阿里云界面配置结束。
JAVA代码调用:
public static void main(String[] args) {
String endpoint = "sts.aliyuncs.com";
String accessKeyId = "子用户的accessKeyId";
String accessKeySecret = "子用户的accessKeySecret";
String roleArn = "角色的RoleArn";
//roleSessionName时临时Token的会话名称,自己指定用于标识你的用户,或者用于区分Token颁发给谁
//要注意roleSessionName的长度和规则,不要有空格,只能有'-'和'_'字母和数字等字符
String roleSessionName = "session-name";
String policy = null;
ProtocolType protocolType = ProtocolType.HTTPS;
try {
DefaultProfile.addEndpoint("", "", "Sts", endpoint);
IClientProfile profile = DefaultProfile.getProfile("", accessKeyId, accessKeySecret);
DefaultAcsClient client = new DefaultAcsClient(profile);
final AssumeRoleRequest request = new AssumeRoleRequest();
request.setMethod(MethodType.POST);
request.setRoleArn(roleArn);
request.setRoleSessionName(roleSessionName);
request.setPolicy(policy);
request.setProtocol(protocolType);
final AssumeRoleResponse response = client.getAcsResponse(request);
System.out.println("=============" + response.getCredentials().getAccessKeyId());
System.out.println("=============" + response.getCredentials().getAccessKeySecret());
System.out.println("=============" + response.getCredentials().getSecurityToken());
} catch (ClientException e) {
e.printStackTrace();
}
}
问题:
- You should be authorized by RAM 是由于未给用户授权策略