本文整理汇总了Java中com.amazonaws.services.securitytoken.model.Credentials类的典型用法代码示例。如果您正苦于以下问题:Java Credentials类的具体用法?Java Credentials怎么用?Java Credentials使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
Credentials类属于com.amazonaws.services.securitytoken.model包,在下文中一共展示了Credentials类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getS3Client
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
public static AmazonS3 getS3Client(final String region, final String roleArn) {
final Regions awsRegion = StringUtils.isNullOrEmpty(region) ? Regions.US_EAST_1 : Regions.fromName(region);
if (StringUtils.isNullOrEmpty(roleArn)) {
return AmazonS3ClientBuilder.standard().withRegion(awsRegion).build();
} else {
final AssumeRoleRequest assumeRole = new AssumeRoleRequest().withRoleArn(roleArn).withRoleSessionName("io-klerch-mp3-converter");
final AWSSecurityTokenService sts = AWSSecurityTokenServiceClientBuilder.standard().withRegion(awsRegion).build();
final Credentials credentials = sts.assumeRole(assumeRole).getCredentials();
final BasicSessionCredentials sessionCredentials = new BasicSessionCredentials(
credentials.getAccessKeyId(),
credentials.getSecretAccessKey(),
credentials.getSessionToken());
return AmazonS3ClientBuilder.standard().withRegion(awsRegion).withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).build();
}
}
示例2: assumeRole
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
@Override
public AssumeRoleResult assumeRole(AWSSecurityTokenServiceClient awsSecurityTokenServiceClient, AssumeRoleRequest assumeRoleRequest)
{
assertNotNull(assumeRoleRequest);
if (assumeRoleRequest.getPolicy() != null && assumeRoleRequest.getPolicy().equals(MockAwsOperationsHelper.AMAZON_THROTTLING_EXCEPTION))
{
AmazonServiceException throttlingException = new AmazonServiceException("test throttling exception");
throttlingException.setErrorCode("ThrottlingException");
throw throttlingException;
}
AssumeRoleResult assumeRoleResult = new AssumeRoleResult();
assumeRoleResult.setCredentials(new Credentials(MOCK_AWS_ASSUMED_ROLE_ACCESS_KEY, MOCK_AWS_ASSUMED_ROLE_SECRET_KEY, MOCK_AWS_ASSUMED_ROLE_SESSION_TOKEN,
new Date(System.currentTimeMillis() + 1000 * assumeRoleRequest.getDurationSeconds())));
return assumeRoleResult;
}
示例3: getSessionCredentials
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
/**
* Creates a new session credential that is valid for 12 hours
*
* @return an authenticated {@link Credentials} for the new session token
*/
private Credentials getSessionCredentials() {
// Create a new session with the user credentials for the service instance
AWSSecurityTokenServiceClient stsClient =
new AWSSecurityTokenServiceClient(new BasicAWSCredentials(
amazonProperties.getAws().getAccessKeyId(),
amazonProperties.getAws().getAccessKeySecret()));
// Start a new session for managing a service instance's bucket
GetSessionTokenRequest getSessionTokenRequest =
new GetSessionTokenRequest().withDurationSeconds(43200);
// Get the session token for the service instance's bucket
sessionCredentials = stsClient.getSessionToken(getSessionTokenRequest).getCredentials();
return sessionCredentials;
}
示例4: getSessionCredentials
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
/**
* Creates a new session credential that is valid for 12 hours
*
* @return an authenticated {@link Credentials} for the new session token
*/
private Credentials getSessionCredentials() {
// Create a new session with the user credentials for the service instance
AWSSecurityTokenServiceClient stsClient =
new AWSSecurityTokenServiceClient(new BasicAWSCredentials(accessKeyId, accessKeySecret));
// Start a new session for managing a service instance's bucket
GetSessionTokenRequest getSessionTokenRequest =
new GetSessionTokenRequest().withDurationSeconds(43200);
// Get the session token for the service instance's bucket
sessionCredentials = stsClient.getSessionToken(getSessionTokenRequest).getCredentials();
return sessionCredentials;
}
示例5: testAssumeAWSRole
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
@Test
public void testAssumeAWSRole() {
MockCloudStore cloudStore = new MockCloudStore();
cloudStore.awsEnabled = true;
AssumeRoleResult mockResult = Mockito.mock(AssumeRoleResult.class);
Credentials creds = Mockito.mock(Credentials.class);
Mockito.when(creds.getAccessKeyId()).thenReturn("accesskeyid");
Mockito.when(creds.getSecretAccessKey()).thenReturn("secretaccesskey");
Mockito.when(creds.getSessionToken()).thenReturn("sessiontoken");
Mockito.when(creds.getExpiration()).thenReturn(new Date());
Mockito.when(mockResult.getCredentials()).thenReturn(creds);
cloudStore.setAssumeRoleResult(mockResult);
cloudStore.setAssumeAWSRole(true);
AWSTemporaryCredentials awsCreds = cloudStore.assumeAWSRole("account", "syncer", "athenz.syncer");
assertNotNull(awsCreds);
assertEquals(awsCreds.getAccessKeyId(), "accesskeyid");
assertEquals(awsCreds.getSessionToken(), "sessiontoken");
assertEquals(awsCreds.getSecretAccessKey(), "secretaccesskey");
}
示例6: getS3FileTransferRequestParamsDtoByRole
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
/**
* Returns a new {@link S3FileTransferRequestParamsDto} with temporary credentials as per specified AWS role and session name.
*
* @param roleArn the ARN of the role
* @param sessionName the session name
*
* @return the {@link S3FileTransferRequestParamsDto} object
*/
public S3FileTransferRequestParamsDto getS3FileTransferRequestParamsDtoByRole(String roleArn, String sessionName)
{
// Get the S3 file transfer request parameters DTO with proxy host and port populated from the configuration.
S3FileTransferRequestParamsDto params = getS3FileTransferRequestParamsDto();
// Assume the specified role. Set the duration of the role session to 3600 seconds (1 hour).
Credentials credentials = stsDao.getTemporarySecurityCredentials(params, sessionName, roleArn, 3600, null);
// Update the AWS parameters DTO with the temporary credentials.
params.setAwsAccessKeyId(credentials.getAccessKeyId());
params.setAwsSecretKey(credentials.getSecretAccessKey());
params.setSessionToken(credentials.getSessionToken());
return params;
}
示例7: loginWithAssumeRoleWithWebIdentity
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
@Override
public WifResponseDTO loginWithAssumeRoleWithWebIdentity(String token, IdentityProviderEnum identityProvider)
{
/*
* The token returned by GetOpenIdToken can be passed to the STS operation
* AssumeRoleWithWebIdentity to retrieve AWS credentials.
*
* The ProviderId parameter for an STS call with a Cognito OpenID token is
* cognito-identity.amazonaws.com.
*/
final AssumeRoleWithWebIdentityRequest request = new AssumeRoleWithWebIdentityRequest()
.withWebIdentityToken(token)
.withProviderId(identityProvider.getValueAsString())
.withRoleArn(ROLE_ARN)
.withRoleSessionName("wifSession")
.withDurationSeconds(300);
final AssumeRoleWithWebIdentityResult result = awsSecurityTokenServiceClient.assumeRoleWithWebIdentity(request);
final Credentials stsCredentials = result.getCredentials();
final BasicSessionCredentials credentials = new BasicSessionCredentials(stsCredentials.getAccessKeyId(),
stsCredentials.getSecretAccessKey(),
stsCredentials.getSessionToken());
return new WifResponseDTO(result.getSubjectFromWebIdentityToken(), new AmazonS3Client(credentials));
}
示例8: getToken
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
/**
* Generate tokens for given UID. The tokens are encrypted using the key
* corresponding to UID. Encrypted tokens are then wrapped in JSON object
* before returning it. Useful in Anonymous and Identity modes
*
* @param uid
* Unique device identifier
* @return encrypted tokens as JSON object
* @throws DataAccessException
* @throws UnauthorizedException
*/
public String getToken(String uid) throws DataAccessException, UnauthorizedException {
DeviceInfo device = deviceAuthenticator.getDeviceInfo(uid);
if (device == null) {
throw new UnauthorizedException("Couldn't find device: " + uid);
}
UserInfo user = userAuthenticator.getUserInfo(device.getUsername());
if (user == null) {
throw new UnauthorizedException("Couldn't find user: " + device.getUsername());
}
log.info("Creating temporary credentials");
Credentials sessionCredentials = credentialManagement.getTemporaryCredentials(user.getUsername());
log.info("Generating session tokens for UID : " + uid);
return Utilities.prepareJsonResponseForTokens(sessionCredentials, device.getKey());
}
开发者ID:aws-samples,项目名称:reinvent2013-mobile-photo-share,代码行数:29,代码来源:IdentityTokenVendingMachine.java
示例9: validCredentials
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
private static FederatedUserCredentials validCredentials() {
return new FederatedUserCredentials(
"expectedRegion",
"expectedBucket",
"expectedUser",
new Credentials("expectedKeyId",
"expectedSecretKey",
"expectedSessionToken",
null));
}
示例10: setUp
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
@Before
public void setUp() throws Exception {
Credentials federatedUserCredentials = federatedUserCredentialsProvider
.getFederatedTokenFor(TEST_USERNAME)
.getCredentials();
federatedS3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(new BasicSessionCredentials(
federatedUserCredentials.getAccessKeyId(),
federatedUserCredentials.getSecretAccessKey(),
federatedUserCredentials.getSessionToken())))
.withRegion(TEST_AWS_REGION)
.build();
}
示例11: assumeAWSRole
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
public AWSTemporaryCredentials assumeAWSRole(String account, String roleName, String principal) {
if (!awsEnabled) {
throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR,
"AWS Support not enabled");
}
AssumeRoleRequest req = getAssumeRoleRequest(account, roleName, principal);
AWSTemporaryCredentials tempCreds = null;
try {
AWSSecurityTokenServiceClient client = getTokenServiceClient();
AssumeRoleResult res = client.assumeRole(req);
Credentials awsCreds = res.getCredentials();
tempCreds = new AWSTemporaryCredentials()
.setAccessKeyId(awsCreds.getAccessKeyId())
.setSecretAccessKey(awsCreds.getSecretAccessKey())
.setSessionToken(awsCreds.getSessionToken())
.setExpiration(Timestamp.fromMillis(awsCreds.getExpiration().getTime()));
} catch (Exception ex) {
LOGGER.error("CloudStore: assumeAWSRole - unable to assume role: " + ex.getMessage());
return null;
}
return tempCreds;
}
示例12: updateAwsParamsForCrossAccountAccess
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
private void updateAwsParamsForCrossAccountAccess(AwsParamsDto awsParamsDto, String accountId)
{
// Retrieve the role ARN and make sure it exists.
TrustingAccountEntity trustingAccountEntity = trustingAccountDaoHelper.getTrustingAccountEntity(accountId.trim());
String roleArn = trustingAccountEntity.getRoleArn();
// Assume the role. Set the duration of the role session to 3600 seconds (1 hour).
Credentials credentials = stsDao.getTemporarySecurityCredentials(awsParamsDto, UUID.randomUUID().toString(), roleArn, 3600, null);
// Update the AWS parameters DTO with the temporary credentials.
awsParamsDto.setAwsAccessKeyId(credentials.getAccessKeyId());
awsParamsDto.setAwsSecretKey(credentials.getSecretAccessKey());
awsParamsDto.setSessionToken(credentials.getSessionToken());
}
示例13: getTemporarySecurityCredentials
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
/**
* Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) that can be used to access
* the specified AWS resource.
*
* @param sessionName the session name that will be associated with the temporary credentials. The session name must be the same for an initial set of
* credentials and an extended set of credentials if credentials are to be refreshed. The session name also is used to identify the user in AWS logs so it
* should be something unique and useful to identify the caller/use.
* @param awsRoleArn the AWS ARN for the role required to provide access to the specified AWS resource
* @param awsRoleDurationSeconds the duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour).
* @param policy the temporary policy to apply to this request
*
* @return the assumed session credentials
*/
@Override
public Credentials getTemporarySecurityCredentials(AwsParamsDto awsParamsDto, String sessionName, String awsRoleArn, int awsRoleDurationSeconds,
Policy policy)
{
// Construct a new AWS security token service client using the specified client configuration to access Amazon S3.
// A credentials provider chain will be used that searches for credentials in this order:
// - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
// - Java System Properties - aws.accessKeyId and aws.secretKey
// - Instance Profile Credentials - delivered through the Amazon EC2 metadata service
ClientConfiguration clientConfiguration = new ClientConfiguration().withRetryPolicy(retryPolicyFactory.getRetryPolicy());
// Only set the proxy hostname and/or port if they're configured.
if (StringUtils.isNotBlank(awsParamsDto.getHttpProxyHost()))
{
clientConfiguration.setProxyHost(awsParamsDto.getHttpProxyHost());
}
if (awsParamsDto.getHttpProxyPort() != null)
{
clientConfiguration.setProxyPort(awsParamsDto.getHttpProxyPort());
}
AWSSecurityTokenServiceClient awsSecurityTokenServiceClient = new AWSSecurityTokenServiceClient(clientConfiguration);
// Create the request.
AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
assumeRoleRequest.setRoleSessionName(sessionName);
assumeRoleRequest.setRoleArn(awsRoleArn);
assumeRoleRequest.setDurationSeconds(awsRoleDurationSeconds);
if (policy != null)
{
assumeRoleRequest.setPolicy(policy.toJson());
}
// Get the temporary security credentials.
AssumeRoleResult assumeRoleResult = stsOperations.assumeRole(awsSecurityTokenServiceClient, assumeRoleRequest);
return assumeRoleResult.getCredentials();
}
示例14: getCredentials
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
private static AWSCredentials getCredentials(String iamRole, String externalId) {
if (isEmpty(iamRole)) return null;
AWSSecurityTokenServiceClient sts = new AWSSecurityTokenServiceClient();
int credsDuration = (int) (AWSCodeDeployPublisher.DEFAULT_TIMEOUT_SECONDS
* AWSCodeDeployPublisher.DEFAULT_POLLING_FREQUENCY_SECONDS);
if (credsDuration > 3600) {
credsDuration = 3600;
}
AssumeRoleResult assumeRoleResult = sts.assumeRole(new AssumeRoleRequest()
.withRoleArn(iamRole)
.withExternalId(externalId)
.withDurationSeconds(credsDuration)
.withRoleSessionName(AWSCodeDeployPublisher.ROLE_SESSION_NAME)
);
Credentials stsCredentials = assumeRoleResult.getCredentials();
BasicSessionCredentials credentials = new BasicSessionCredentials(
stsCredentials.getAccessKeyId(),
stsCredentials.getSecretAccessKey(),
stsCredentials.getSessionToken()
);
return credentials;
}
示例15: getToken
import com.amazonaws.services.securitytoken.model.Credentials; //导入依赖的package包/类
/**
* Generate tokens for given UID. The tokens are encrypted using the key
* corresponding to UID. Encrypted tokens are then wrapped in JSON object
* before returning it. Useful in Anonymous and Identity modes
*
* @param uid
* Unique device identifier
* @return encrypted tokens as JSON object
* @throws DataAccessException
* @throws UnauthorizedException
*/
public String getToken(String uid) throws DataAccessException, UnauthorizedException {
DeviceInfo device = authenticator.getDeviceInfo(uid);
if (device == null) {
throw new UnauthorizedException("Couldn't find device: " + uid);
}
log.info("Creating temporary credentials");
Credentials sessionCredentials = credentialManagement.getTemporaryCredentials(uid);
log.info("Generating session tokens for UID : " + uid);
return Utilities.prepareJsonResponseForTokens(sessionCredentials, device.getKey());
}
开发者ID:aws-samples,项目名称:reinvent2013-mobile-photo-share,代码行数:24,代码来源:AnonymousTokenVendingMachine.java