Path: blob/master/code_examples/java_examples/S3Examples/MakingRequestsWithFederatedTempCredentials.java
4084 views
// Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.1// SPDX-License-Identifier: MIT-0 (For details, see https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/LICENSE-SAMPLECODE.)23import java.io.IOException;45import com.amazonaws.AmazonServiceException;6import com.amazonaws.SdkClientException;7import com.amazonaws.auth.AWSStaticCredentialsProvider;8import com.amazonaws.auth.BasicSessionCredentials;9import com.amazonaws.auth.policy.Policy;10import com.amazonaws.auth.policy.Resource;11import com.amazonaws.auth.policy.Statement;12import com.amazonaws.auth.policy.Statement.Effect;13import com.amazonaws.auth.policy.actions.S3Actions;14import com.amazonaws.auth.profile.ProfileCredentialsProvider;15import com.amazonaws.services.s3.AmazonS3;16import com.amazonaws.services.s3.AmazonS3ClientBuilder;17import com.amazonaws.services.securitytoken.AWSSecurityTokenService;18import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;19import com.amazonaws.services.securitytoken.model.Credentials;20import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;21import com.amazonaws.services.securitytoken.model.GetFederationTokenResult;22import com.amazonaws.services.s3.model.ObjectListing;2324public class MakingRequestsWithFederatedTempCredentials {2526public static void main(String[] args) throws IOException {27String clientRegion = "*** Client region ***";28String bucketName = "*** Specify bucket name ***";29String federatedUser = "*** Federated user name ***";30String resourceARN = "arn:aws:s3:::" + bucketName;3132try {33AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder34.standard()35.withCredentials(new ProfileCredentialsProvider())36.withRegion(clientRegion)37.build();3839GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest();40getFederationTokenRequest.setDurationSeconds(7200);41getFederationTokenRequest.setName(federatedUser);4243// Define the policy and add it to the request.44Policy policy = new Policy();45policy.withStatements(new Statement(Effect.Allow)46.withActions(S3Actions.ListObjects)47.withResources(new Resource(resourceARN)));48getFederationTokenRequest.setPolicy(policy.toJson());4950// Get the temporary security credentials.51GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest);52Credentials sessionCredentials = federationTokenResult.getCredentials();5354// Package the session credentials as a BasicSessionCredentials55// object for an Amazon S3 client object to use.56BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(57sessionCredentials.getAccessKeyId(),58sessionCredentials.getSecretAccessKey(),59sessionCredentials.getSessionToken());60AmazonS3 s3Client = AmazonS3ClientBuilder.standard()61.withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials))62.withRegion(clientRegion)63.build();6465// To verify that the client works, send a listObjects request using66// the temporary security credentials.67ObjectListing objects = s3Client.listObjects(bucketName);68System.out.println("No. of Objects = " + objects.getObjectSummaries().size());69}70catch(AmazonServiceException e) {71// The call was transmitted successfully, but Amazon S3 couldn't process72// it, so it returned an error response.73e.printStackTrace();74}75catch(SdkClientException e) {76// Amazon S3 couldn't be contacted for a response, or the client77// couldn't parse the response from Amazon S3.78e.printStackTrace();79}80}81}8283