package com.fdkankan.cloud.acl.service.impl; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.date.DateTime; import cn.hutool.core.date.DateUtil; import cn.hutool.core.thread.ThreadUtil; import cn.hutool.core.util.StrUtil; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import com.aliyun.oss.ClientBuilderConfiguration; import com.aliyun.oss.OSS; import com.aliyun.oss.OSSClient; import com.aliyun.oss.OSSClientBuilder; import com.aliyun.oss.common.auth.CredentialsProviderFactory; import com.aliyun.oss.common.utils.BinaryUtil; import com.aliyun.oss.model.MatchMode; import com.aliyun.oss.model.PolicyConditions; import com.aliyun.sts20150401.Client; import com.aliyun.sts20150401.models.AssumeRoleRequest; import com.aliyun.sts20150401.models.AssumeRoleResponse; import com.aliyun.sts20150401.models.AssumeRoleResponseBody; import com.aliyun.teautil.models.RuntimeOptions; import com.aliyuncs.auth.EnvironmentVariableCredentialsProvider; import com.fdkankan.cloud.acl.bean.StsBean; import com.fdkankan.cloud.acl.constant.RedisKey; import com.fdkankan.cloud.acl.entity.AppConfig; import com.fdkankan.cloud.acl.service.IAppConfigService; import com.fdkankan.cloud.acl.service.IStsService; import com.fdkankan.common.constant.ErrorCode; import com.fdkankan.common.constant.ServerCode; import com.fdkankan.common.exception.BusinessException; import com.fdkankan.common.util.DateExtUtil; import com.fdkankan.redis.util.RedisUtil; import com.mybatisflex.core.query.QueryWrapper; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; import com.aliyun.tea.*; import java.io.File; import java.time.Instant; import java.time.ZoneId; import java.time.ZonedDateTime; import java.time.format.DateTimeFormatter; import java.util.*; import java.util.concurrent.ThreadPoolExecutor; @Slf4j @Service public class StsServiceImpl implements IStsService { @Autowired private IAppConfigService appConfigService; @Autowired private Client stsClient; @Autowired private RedisUtil redisUtil; public static void main(String[] args) throws Exception { // 工程代码泄露可能会导致 AccessKey 泄露,并威胁账号下所有资源的安全性。以下代码示例仅供参考,建议使用更安全的 STS 方式,更多鉴权访问方式请参见:https://help.aliyun.com/document_detail/378657.html。 com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config() // 必填,请确保代码运行环境设置了环境变量 ALIBABA_CLOUD_ACCESS_KEY_ID。 .setAccessKeyId("LTAI5tJnqRzcURptuSVnG57Z") // 必填,请确保代码运行环境设置了环境变量 ALIBABA_CLOUD_ACCESS_KEY_SECRET。 .setAccessKeySecret("1RomdGaoay2ABIUVSHOMG5HclPWw8D") .setEndpoint("sts.cn-shenzhen.aliyuncs.com"); // Endpoint 请参考 https://api.aliyun.com/product/Sts Client stsClient = new Client(config); com.aliyun.sts20150401.models.AssumeRoleRequest assumeRoleRequest = new com.aliyun.sts20150401.models.AssumeRoleRequest() .setDurationSeconds(3600L) .setRoleArn("acs:ram::1899912233141089:role/server-sts") .setRoleSessionName("app_user"); //设置权限,如果为空,则默认跟随rolearn的权限 // if(StrUtil.isNotEmpty(appConfig.getPolicy())){ // assumeRoleRequest.setPolicy(appConfig.getPolicy()); // } for (int i = 0; i < 200; i++){ new Thread(new Runnable() { @Override public void run() { RuntimeOptions runtime = new RuntimeOptions(); AssumeRoleResponse resp = null; while (Objects.isNull(resp)){ resp = get(assumeRoleRequest, runtime); if(Objects.isNull(resp)){ try { Thread.sleep(500L); } catch (InterruptedException e) { throw new RuntimeException(e); } } } System.out.println(JSON.toJSONString(resp)); } public AssumeRoleResponse get(AssumeRoleRequest assumeRoleRequest, RuntimeOptions runtime){ AssumeRoleResponse assumeRoleResponse = null; try { assumeRoleResponse = stsClient.assumeRoleWithOptions(assumeRoleRequest, runtime); } catch (Exception e) { System.out.println("请求失败"); } return assumeRoleResponse; } }).start(); } } @Override public StsBean genAssumeRole(String appCode) { AppConfig appConfig = appConfigService.getByAppCode(appCode); com.aliyun.sts20150401.models.AssumeRoleRequest assumeRoleRequest = new com.aliyun.sts20150401.models.AssumeRoleRequest() .setRoleArn(appConfig.getRoleArn()) .setRoleSessionName(appConfig.getRoleSessionName()); //设置权限,如果为空,则默认跟随rolearn的权限 if(StrUtil.isNotEmpty(appConfig.getPolicy())){ assumeRoleRequest.setPolicy(appConfig.getPolicy()); } if(Objects.nonNull(appConfig.getDurationSeconds())){ assumeRoleRequest.setDurationSeconds(appConfig.getDurationSeconds()); } com.aliyun.teautil.models.RuntimeOptions runtime = new com.aliyun.teautil.models.RuntimeOptions(); com.aliyun.sts20150401.models.AssumeRoleResponse resp = null; int index = 1; while (Objects.isNull(resp)){ try { resp = stsClient.assumeRoleWithOptions(assumeRoleRequest, runtime); } catch (Exception e) { log.error("请求阿里云sts接口失败", e); } if(++index > 10 || Objects.nonNull(resp)){ break; } ThreadUtil.sleep(200L); } if(Objects.isNull(resp)){ throw new BusinessException(ErrorCode.SYSTEM_BUSY); } String accessKeyId = resp.getBody().getCredentials().getAccessKeyId(); String accessKeySecret = resp.getBody().getCredentials().getAccessKeySecret(); String securityToken = resp.getBody().getCredentials().getSecurityToken(); String expiration = this.converToBjTime(resp.getBody().getCredentials().getExpiration()); long expirTimestamp = DateUtil.parse(expiration, DateExtUtil.dateStyle).getTime()/1000; return StsBean.builder().accessKeyId(accessKeyId).accessKeySecret(accessKeySecret).securityToken(securityToken).expiration(expiration).expirTimestamp(expirTimestamp).build(); } public String converToBjTime(String dateStr) { Instant utcTime = Instant.parse(dateStr); ZoneId beijingZoneId = ZoneId.of("Asia/Shanghai"); ZonedDateTime beijingTime = utcTime.atZone(beijingZoneId); return beijingTime.format(DateTimeFormatter.ofPattern(DateExtUtil.dateStyle)); } @Override public StsBean getAssumeRole(String appCode) { //调用阿里云接口生成 StsBean stsBean = this.genAssumeRole(appCode); return stsBean; } }