阿里云OSS STS临时访问凭证

common/pom.xml

@@ -104,15 +104,19 @@
             <artifactId>commons-pool2</artifactId>
         </dependency>
 
-
-<!--        oss文件服务器-->
+        <!--oss文件服务器-->
         <dependency>
             <groupId>com.aliyun.oss</groupId>
             <artifactId>aliyun-sdk-oss</artifactId>
             <version>3.16.1</version>
         </dependency>
 
-
+        <!-- STS SDK 用于临时授权访问OSS -->
+        <dependency>
+            <groupId>com.aliyun</groupId>
+            <artifactId>sts20150401</artifactId>
+            <version>1.1.4</version>
+        </dependency>
 
     </dependencies>
 

common/src/main/java/com/kym/common/utils/OssUtil.java

@@ -7,6 +7,8 @@ import com.aliyun.oss.OSSClientBuilder;
 import com.aliyun.oss.model.OSSObject;
 import com.aliyun.oss.model.PutObjectRequest;
 import com.aliyun.oss.model.PutObjectResult;
+import com.aliyun.sts20150401.models.AssumeRoleResponse;
+import com.aliyun.tea.TeaException;
 import com.kym.common.config.OssConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -100,4 +102,46 @@ public class OssUtil {
         }
     }
 
+
+    /**
+     * 使用AK&SK初始化账号Client
+     * @param accessKeyId
+     * @param accessKeySecret
+     * @return Client
+     * @throws Exception
+     */
+    public static com.aliyun.sts20150401.Client createClient(String accessKeyId, String accessKeySecret) throws Exception {
+        com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config()
+                // 必填，您的 AccessKey ID
+                .setAccessKeyId(accessKeyId)
+                // 必填，您的 AccessKey Secret
+                .setAccessKeySecret(accessKeySecret);
+        // Endpoint 请参考 https://api.aliyun.com/product/Sts
+        config.endpoint = "sts.cn-shenzhen.aliyuncs.com";
+        return new com.aliyun.sts20150401.Client(config);
+    }
+
+    public static AssumeRoleResponse getSts() throws Exception {
+        // 请确保代码运行环境设置了环境变量 ALIBABA_CLOUD_ACCESS_KEY_ID 和 ALIBABA_CLOUD_ACCESS_KEY_SECRET。
+        // 工程代码泄露可能会导致 AccessKey 泄露，并威胁账号下所有资源的安全性。以下代码示例使用环境变量获取 AccessKey 的方式进行调用，仅供参考，建议使用更安全的 STS 方式，更多鉴权访问方式请参见：https://help.aliyun.com/document_detail/378657.html
+        com.aliyun.sts20150401.Client client = createClient("LTAI5tEPpmhZGDRb6sgqhiA2", "HjlRw844NVP894jAzZna45Vns6axes");
+        com.aliyun.sts20150401.models.AssumeRoleRequest assumeRoleRequest = new com.aliyun.sts20150401.models.AssumeRoleRequest()
+                .setDurationSeconds(3600L)
+//                .setPolicy("AliyunOSSFullAccess")
+                .setRoleArn("acs:ram::1757940634296846:role/aliyunosstokengeneratorrole")
+                .setRoleSessionName("AliyunOSSTokenGeneratorRole");
+        try {
+            // 复制代码运行请自行打印 API 的返回值
+            return client.assumeRoleWithOptions(assumeRoleRequest, new com.aliyun.teautil.models.RuntimeOptions());
+        } catch (TeaException error) {
+            // 如有需要，请打印 error
+            com.aliyun.teautil.Common.assertAsString(error.message);
+        } catch (Exception _error) {
+            TeaException error = new TeaException(_error.getMessage(), _error);
+            // 如有需要，请打印 error
+            com.aliyun.teautil.Common.assertAsString(error.message);
+        }
+        return null;
+    }
+
 }

miniapp/src/main/java/com/kym/miniapp/controller/FileController.java

@@ -5,12 +5,10 @@ import com.kym.common.R;
 import com.kym.common.annotation.ApiLog;
 import com.kym.common.controller.IController;
 import com.kym.common.utils.CommUtil;
+import com.kym.common.utils.OssUtil;
 import com.kym.service.miniapp.AttachmentService;
 import jakarta.annotation.Resource;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
 import java.io.IOException;
@@ -55,4 +53,11 @@ public class FileController extends IController {
         return resp((t) -> attachmentService.delete(fileId));
     }
 
+    @GetMapping("/getSts")
+    public R<?> getSts() throws Exception {
+        return R.success(OssUtil.getSts());
+    }
+
 }
+
+