com.aliyun.sts20150401

类 Client

java.lang.Object

com.aliyun.teaopenapi.Client

com.aliyun.sts20150401.Client

public class Client
extends com.aliyun.teaopenapi.Client

字段概要

从类继承的字段 com.aliyun.teaopenapi.Client

_ca, _cert, _connectTimeout, _credential, _disableHttp2, _endpoint, _endpointMap, _endpointRule, _endpointType, _globalParameters, _headers, _httpProxy, _httpsProxy, _key, _maxIdleConns, _method, _network, _noProxy, _openPlatformEndpoint, _productId, _protocol, _readTimeout, _regionId, _signatureAlgorithm, _signatureVersion, _socks5NetWork, _socks5Proxy, _spi, _suffix, _tlsMinVersion, _userAgent

构造器概要

构造器

构造器和说明
Client(com.aliyun.teaopenapi.models.Config config)

方法概要

限定符和类型	方法和说明
AssumeRoleResponse	assumeRole(AssumeRoleRequest request) description : Prerequisites You cannot use an Alibaba Cloud account to call this operation.
AssumeRoleWithOIDCResponse	assumeRoleWithOIDC(AssumeRoleWithOIDCRequest request) description : Prerequisites An OIDC token is obtained from an external identity provider (IdP).
AssumeRoleWithOIDCResponse	assumeRoleWithOIDCWithOptions(AssumeRoleWithOIDCRequest request, com.aliyun.teautil.models.RuntimeOptions runtime) description : Prerequisites An OIDC token is obtained from an external identity provider (IdP).
AssumeRoleResponse	assumeRoleWithOptions(AssumeRoleRequest request, com.aliyun.teautil.models.RuntimeOptions runtime) description : Prerequisites You cannot use an Alibaba Cloud account to call this operation.
AssumeRoleWithSAMLResponse	assumeRoleWithSAML(AssumeRoleWithSAMLRequest request) description : A SAML response is obtained from an external identity provider (IdP).
AssumeRoleWithSAMLResponse	assumeRoleWithSAMLWithOptions(AssumeRoleWithSAMLRequest request, com.aliyun.teautil.models.RuntimeOptions runtime) description : A SAML response is obtained from an external identity provider (IdP).
GetCallerIdentityResponse	getCallerIdentity() summary : The ID of the Alibaba Cloud account to which the current requester belongs.
GetCallerIdentityResponse	getCallerIdentityWithOptions(com.aliyun.teautil.models.RuntimeOptions runtime) summary : The ID of the Alibaba Cloud account to which the current requester belongs.
String	getEndpoint(String productId, String regionId, String endpointRule, String network, String suffix, Map<String,String> endpointMap, String endpoint)

从类继承的方法 com.aliyun.teaopenapi.Client

addRequestInterceptor, addResponseInterceptor, addRuntimeOptionsInterceptor, callApi, checkConfig, defaultAny, doRequest, doROARequest, doROARequestWithForm, doRPCRequest, execute, getAccessKeyId, getAccessKeySecret, getBearerToken, getRpcHeaders, getSecurityToken, getType, getUserAgent, setGatewayClient, setRpcHeaders

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造器详细资料

Client

public Client(com.aliyun.teaopenapi.models.Config config)
       throws Exception

抛出:

Exception

方法详细资料

getEndpoint

public String getEndpoint(String productId,
                          String regionId,
                          String endpointRule,
                          String network,
                          String suffix,
                          Map<String,String> endpointMap,
                          String endpoint)
                   throws Exception

抛出:

Exception

assumeRoleWithOptions

public AssumeRoleResponse assumeRoleWithOptions(AssumeRoleRequest request,
                                                com.aliyun.teautil.models.RuntimeOptions runtime)
                                         throws Exception

description :

Prerequisites

You cannot use an Alibaba Cloud account to call this operation. The requester of this operation can only be a RAM user or RAM role. Make sure that the AliyunSTSAssumeRoleAccess policy is attached to the requester. After this policy is attached to the requester, the requester has the management permissions on STS. If you do not attach the AliyunSTSAssumeRoleAccess policy to the requester, the following error message is returned: You are not authorized to do this action. You should be authorized by RAM. You can refer to the following information to troubleshoot the error:

• Cause of the error: The policy that is required to assume a RAM role is not attached to the requester. To resolve this issue, attach the AliyunSTSAssumeRoleAccess policy or a custom policy to the requester. For more information, see Can I specify the RAM role that a RAM user can assume? and Grant permissions to a RAM user.
• Cause of the error: The requester is not authorized to assume the RAM role. To resolve this issue, add the requester to the Principal element in the trust policy of the RAM role For more information, see Edit the trust policy of a RAM role.

Best practices

An STS token is valid for a period of time after it is issued, and the number of STS tokens that can be issued within an interval is also limited. Therefore, we recommend that you configure a proper validity period for an STS token and repeatedly use the token within this period. This prevents frequent issuing of STS tokens from adversely affecting your services if a large number of requests are sent. For more information about the limit, see Is the number of STS API requests limited? You can configure the DurationSeconds parameter to specify a validity period for an STS token. When you upload or download Object Storage Service (OSS) objects on mobile devices, a large number of STS API requests are sent. In this case, repeated use of an STS token may not meet your business requirements. To avoid the limit on STS API requests from affecting access to OSS, you can add a signature to the URL of an OSS object. For more information, see Add signatures to URLs and Obtain signature information from the server and upload data to OSS.

summary :

Obtains a Security Token Service (STS) token to assume a Resource Access Management (RAM) role.

参数:

request - AssumeRoleRequest

runtime - runtime options for this request RuntimeOptions

返回:

AssumeRoleResponse

抛出:

Exception

assumeRole

public AssumeRoleResponse assumeRole(AssumeRoleRequest request)
                              throws Exception

description :

Prerequisites

You cannot use an Alibaba Cloud account to call this operation. The requester of this operation can only be a RAM user or RAM role. Make sure that the AliyunSTSAssumeRoleAccess policy is attached to the requester. After this policy is attached to the requester, the requester has the management permissions on STS. If you do not attach the AliyunSTSAssumeRoleAccess policy to the requester, the following error message is returned: You are not authorized to do this action. You should be authorized by RAM. You can refer to the following information to troubleshoot the error:

• Cause of the error: The policy that is required to assume a RAM role is not attached to the requester. To resolve this issue, attach the AliyunSTSAssumeRoleAccess policy or a custom policy to the requester. For more information, see Can I specify the RAM role that a RAM user can assume? and Grant permissions to a RAM user.
• Cause of the error: The requester is not authorized to assume the RAM role. To resolve this issue, add the requester to the Principal element in the trust policy of the RAM role For more information, see Edit the trust policy of a RAM role.

Best practices

An STS token is valid for a period of time after it is issued, and the number of STS tokens that can be issued within an interval is also limited. Therefore, we recommend that you configure a proper validity period for an STS token and repeatedly use the token within this period. This prevents frequent issuing of STS tokens from adversely affecting your services if a large number of requests are sent. For more information about the limit, see Is the number of STS API requests limited? You can configure the DurationSeconds parameter to specify a validity period for an STS token. When you upload or download Object Storage Service (OSS) objects on mobile devices, a large number of STS API requests are sent. In this case, repeated use of an STS token may not meet your business requirements. To avoid the limit on STS API requests from affecting access to OSS, you can add a signature to the URL of an OSS object. For more information, see Add signatures to URLs and Obtain signature information from the server and upload data to OSS.

summary :

Obtains a Security Token Service (STS) token to assume a Resource Access Management (RAM) role.

参数:

request - AssumeRoleRequest

返回:

AssumeRoleResponse

抛出:

Exception

assumeRoleWithOIDCWithOptions

public AssumeRoleWithOIDCResponse assumeRoleWithOIDCWithOptions(AssumeRoleWithOIDCRequest request,
                                                                com.aliyun.teautil.models.RuntimeOptions runtime)
                                                         throws Exception

description :

Prerequisites

• An OIDC token is obtained from an external identity provider (IdP).
• An OIDC IdP is created in the RAM console. For more information, see Create an OIDC IdP or CreateOIDCProvider.
• A RAM role whose trusted entity is an OIDC IdP is created in the RAM console. For more information, see Create a RAM role for a trusted IdP or CreateRole.

summary :

Queries a Security Token Service (STS) token to assume a Resource Access Management (RAM) role during role-based single sign-on (SSO) by using OpenID Connect (OIDC).

参数:

request - AssumeRoleWithOIDCRequest

runtime - runtime options for this request RuntimeOptions

返回:

AssumeRoleWithOIDCResponse

抛出:

Exception

assumeRoleWithOIDC

public AssumeRoleWithOIDCResponse assumeRoleWithOIDC(AssumeRoleWithOIDCRequest request)
                                              throws Exception

description :

Prerequisites

• An OIDC token is obtained from an external identity provider (IdP).
• An OIDC IdP is created in the RAM console. For more information, see Create an OIDC IdP or CreateOIDCProvider.
• A RAM role whose trusted entity is an OIDC IdP is created in the RAM console. For more information, see Create a RAM role for a trusted IdP or CreateRole.

summary :

Queries a Security Token Service (STS) token to assume a Resource Access Management (RAM) role during role-based single sign-on (SSO) by using OpenID Connect (OIDC).

参数:

request - AssumeRoleWithOIDCRequest

返回:

AssumeRoleWithOIDCResponse

抛出:

Exception

assumeRoleWithSAMLWithOptions

public AssumeRoleWithSAMLResponse assumeRoleWithSAMLWithOptions(AssumeRoleWithSAMLRequest request,
                                                                com.aliyun.teautil.models.RuntimeOptions runtime)
                                                         throws Exception

description :

• A SAML response is obtained from an external identity provider (IdP).
• A SAML IdP is created in the RAM console. For more information, see Create a SAML IdP or CreateSAMLProvider.
• A RAM role whose trusted entity is a SAML IdP is created in the RAM console. For more information, see Create a RAM role for a trusted IdP or CreateRole.

summary :

Obtains a Security Token Service (STS) token to assume a Resource Access Management (RAM) role during role-based single sign-on (SSO) by using Security Assertion Markup Language (SAML).

参数:

request - AssumeRoleWithSAMLRequest

runtime - runtime options for this request RuntimeOptions

返回:

AssumeRoleWithSAMLResponse

抛出:

Exception

assumeRoleWithSAML

public AssumeRoleWithSAMLResponse assumeRoleWithSAML(AssumeRoleWithSAMLRequest request)
                                              throws Exception

description :

• A SAML response is obtained from an external identity provider (IdP).
• A SAML IdP is created in the RAM console. For more information, see Create a SAML IdP or CreateSAMLProvider.
• A RAM role whose trusted entity is a SAML IdP is created in the RAM console. For more information, see Create a RAM role for a trusted IdP or CreateRole.

summary :

Obtains a Security Token Service (STS) token to assume a Resource Access Management (RAM) role during role-based single sign-on (SSO) by using Security Assertion Markup Language (SAML).

参数:

request - AssumeRoleWithSAMLRequest

返回:

AssumeRoleWithSAMLResponse

抛出:

Exception

getCallerIdentityWithOptions

public GetCallerIdentityResponse getCallerIdentityWithOptions(com.aliyun.teautil.models.RuntimeOptions runtime)
                                                       throws Exception

summary :

The ID of the Alibaba Cloud account to which the current requester belongs.

参数:

request - GetCallerIdentityRequest

runtime - runtime options for this request RuntimeOptions

返回:

GetCallerIdentityResponse

抛出:

Exception

getCallerIdentity

public GetCallerIdentityResponse getCallerIdentity()
                                            throws Exception

summary :

The ID of the Alibaba Cloud account to which the current requester belongs.

返回:

GetCallerIdentityResponse

抛出:

Exception