APP上传图片需要开通临时授权(这里用的STS服务授权)
这时候需要开通OSS的RAM账户(访问控制)
开通链接如下:
https://www.cnblogs.com/kenshinobiy/p/7743386.html
package com.unionx.wsapi.controller;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.http.ProtocolType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.util.HashMap;
import java.util.Map;
/**
*
* ClassName: AliOSSAppToken.java <br>
* Description: <br>
* Create by: name:
* Create Time: 2019年1月18日<br>
*/
@Component
public class AliOSSAppToken {
public static final String REGION_CN_BEIJING = "cn-beijing";
public static final String STS_API_VERSION = "2015-04-01";
@Value("${oss.host.endpoint}")
private String endpoint;
@Value("${aliyunoss.accessKeyId}")
private String accessKeyId;
@Value("${aliyunoss.accessKeySecret}")
private String accessKeySecret;
@Value("${oss.bucket}")
private String bucketName;
@Value("${aliyunoss.roleArn}")
private String roleArn;
protected AssumeRoleResponse assumeRole(String accessKeyId, String accessKeySecret, String roleArn,
String roleSessionName, String policy, ProtocolType protocolType,
long durationSeconds) throws ClientException {
try {
// 创建一个 Aliyun Acs Client, 用于发起 OpenAPI 请求
IClientProfile profile = DefaultProfile.getProfile(REGION_CN_BEIJING, accessKeyId, accessKeySecret);
DefaultAcsClient client = new DefaultAcsClient(profile);
// 创建一个 AssumeRoleRequest 并设置请求参数
final AssumeRoleRequest request = new AssumeRoleRequest();
request.setVersion(STS_API_VERSION);
request.setMethod(MethodType.POST);
request.setProtocol(protocolType);
request.setRoleArn(roleArn);
request.setRoleSessionName(roleSessionName);
request.setPolicy(policy);
request.setDurationSeconds(durationSeconds);
// 发起请求,并得到response
final AssumeRoleResponse response = client.getAcsResponse(request);
return response;
} catch (ClientException e) {
throw e;
}
}
public Map<String,Object> getOss() throws Exception {
// 只有 RAM用户(子账号)才能调用 AssumeRole 接口
// 阿里云主账号的AccessKeys不能用于发起AssumeRole请求
// 请首先在RAM控制台创建一个RAM用户,并为这个用户创建AccessKeys
//String accessKeyId = "";
//String accessKeySecret = "";
// RoleArn 需要在 RAM 控制台上获取
//String roleArn = "";
long durationSeconds = 3600l;
/*
关于PolicyFile本来是根据业务场景配置的,此处先写死
String policy = ReadJson(jsonObj.getString("PolicyFile"));
*/
String policy = "{\"Statement\":[{\"Action\":[\"oss:*\"],\"Effect\":\"Allow\",\"Resource\":[\"acs:oss:*:*:*\"]}],\"Version\":\"1\"}";
// RoleSessionName 是临时Token的会话名称,自己指定用于标识你的用户,主要用于审计,或者用于区分Token颁发给谁
// 但是注意RoleSessionName的长度和规则,不要有空格,只能有'-' '_' 字母和数字等字符
// 具体规则请参考API文档中的格式要求
String roleSessionName = "alice";
// 此处必须为 HTTPS
ProtocolType protocolType = ProtocolType.HTTPS;
final AssumeRoleResponse stsResponse = assumeRole(accessKeyId, accessKeySecret, roleArn, roleSessionName,
policy, protocolType, durationSeconds);
Map<String,Object> map = new HashMap<String, Object>();
map.put("AccessKeyId", stsResponse.getCredentials().getAccessKeyId());
map.put("AccessKeySecret", stsResponse.getCredentials().getAccessKeySecret());
map.put("SecurityToken", stsResponse.getCredentials().getSecurityToken());
map.put("Expiration", stsResponse.getCredentials().getExpiration());
map.put("Endpoint", endpoint);
map.put("bucketName", bucketName);
return map;
}
}