Search in sources :

Example 1 with GetFederationTokenRequest

use of com.amazonaws.services.securitytoken.model.GetFederationTokenRequest in project aws-doc-sdk-examples by awsdocs.

the class ConstructUrl method main.

public static void main(String[] args) {
    /* Calls to AWS STS API operations must be signed using the access key ID 
           and secret access key of an IAM user or using existing temporary 
           credentials. The credentials should not be embedded in code. For 
           this example, the code looks for the credentials in a 
           standard configuration file.
        */
    AWSCredentials credentials = new PropertiesCredentials(AwsConsoleApp.class.getResourceAsStream("AwsCredentials.properties"));
    AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(credentials);
    GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest();
    getFederationTokenRequest.setDurationSeconds(1800);
    getFederationTokenRequest.setName("UserName");
    // A sample policy for accessing Amazon Simple Notification Service (Amazon SNS) in the console.
    String policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"sns:*\"," + "\"Effect\":\"Allow\",\"Resource\":\"*\"}]}";
    getFederationTokenRequest.setPolicy(policy);
    GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest);
    Credentials federatedCredentials = federationTokenResult.getCredentials();
    // The issuer parameter specifies your internal sign-in
    // page, for example https://mysignin.internal.mycompany.com/.
    // The console parameter specifies the URL to the destination console of the
    // AWS Management Console. This example goes to Amazon SNS.
    // The signin parameter is the URL to send the request to.
    String issuerURL = "https://mysignin.internal.mycompany.com/";
    String consoleURL = "https://console.aws.amazon.com/sns";
    String signInURL = "https://signin.aws.amazon.com/federation";
    // Create the sign-in token using temporary credentials,
    // including the access key ID,  secret access key, and security token.
    String sessionJson = String.format("{\"%1$s\":\"%2$s\",\"%3$s\":\"%4$s\",\"%5$s\":\"%6$s\"}", "sessionId", federatedCredentials.getAccessKeyId(), "sessionKey", federatedCredentials.getSecretAccessKey(), "sessionToken", federatedCredentials.getSessionToken());
    // Construct the sign-in request with the request sign-in token action, a
    // 12-hour console session duration, and the JSON document with temporary
    // credentials as parameters.
    String getSigninTokenURL = signInURL + "?Action=getSigninToken" + "&DurationSeconds=43200" + "&SessionType=json&Session=" + URLEncoder.encode(sessionJson, "UTF-8");
    URL url = new URL(getSigninTokenURL);
    // Send the request to the AWS federation endpoint to get the sign-in token
    URLConnection conn = url.openConnection();
    BufferedReader bufferReader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
    String returnContent = bufferReader.readLine();
    String signinToken = new JSONObject(returnContent).getString("SigninToken");
    String signinTokenParameter = "&SigninToken=" + URLEncoder.encode(signinToken, "UTF-8");
    // The issuer parameter is optional, but recommended. Use it to direct users
    // to your sign-in page when their session expires.
    String issuerParameter = "&Issuer=" + URLEncoder.encode(issuerURL, "UTF-8");
    // Finally, present the completed URL for the AWS console session to the user
    String destinationParameter = "&Destination=" + URLEncoder.encode(consoleURL, "UTF-8");
    String loginURL = signInURL + "?Action=login" + signinTokenParameter + issuerParameter + destinationParameter;
}
Also used : InputStreamReader(java.io.InputStreamReader) GetFederationTokenRequest(com.amazonaws.services.securitytoken.model.GetFederationTokenRequest) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) AWSCredentials(com.amazonaws.auth.AWSCredentials) URL(java.net.URL) URLConnection(java.net.URLConnection) JSONObject(org.json.JSONObject) GetFederationTokenResult(com.amazonaws.services.securitytoken.model.GetFederationTokenResult) AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient) BufferedReader(java.io.BufferedReader) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) Credentials(com.amazonaws.services.securitytoken.model.Credentials) AWSCredentials(com.amazonaws.auth.AWSCredentials)

Example 2 with GetFederationTokenRequest

use of com.amazonaws.services.securitytoken.model.GetFederationTokenRequest in project aws-doc-sdk-examples by awsdocs.

the class MakingRequestsWithFederatedTempCredentials method main.

public static void main(String[] args) throws IOException {
    Regions clientRegion = Regions.DEFAULT_REGION;
    String bucketName = "*** Specify bucket name ***";
    String federatedUser = "*** Federated user name ***";
    String resourceARN = "arn:aws:s3:::" + bucketName;
    try {
        AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withRegion(clientRegion).build();
        GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest();
        getFederationTokenRequest.setDurationSeconds(7200);
        getFederationTokenRequest.setName(federatedUser);
        // Define the policy and add it to the request.
        Policy policy = new Policy();
        policy.withStatements(new Statement(Effect.Allow).withActions(S3Actions.ListObjects).withResources(new Resource(resourceARN)));
        getFederationTokenRequest.setPolicy(policy.toJson());
        // Get the temporary security credentials.
        GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest);
        Credentials sessionCredentials = federationTokenResult.getCredentials();
        // Package the session credentials as a BasicSessionCredentials
        // object for an Amazon S3 client object to use.
        BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken());
        AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)).withRegion(clientRegion).build();
        // To verify that the client works, send a listObjects request using
        // the temporary security credentials.
        ObjectListing objects = s3Client.listObjects(bucketName);
        System.out.println("No. of Objects = " + objects.getObjectSummaries().size());
    } catch (AmazonServiceException e) {
        // The call was transmitted successfully, but Amazon S3 couldn't process
        // it, so it returned an error response.
        e.printStackTrace();
    } catch (SdkClientException e) {
        // Amazon S3 couldn't be contacted for a response, or the client
        // couldn't parse the response from Amazon S3.
        e.printStackTrace();
    }
}
Also used : Policy(com.amazonaws.auth.policy.Policy) AmazonS3(com.amazonaws.services.s3.AmazonS3) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Statement(com.amazonaws.auth.policy.Statement) GetFederationTokenRequest(com.amazonaws.services.securitytoken.model.GetFederationTokenRequest) Resource(com.amazonaws.auth.policy.Resource) ObjectListing(com.amazonaws.services.s3.model.ObjectListing) Regions(com.amazonaws.regions.Regions) AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider) SdkClientException(com.amazonaws.SdkClientException) GetFederationTokenResult(com.amazonaws.services.securitytoken.model.GetFederationTokenResult) AmazonServiceException(com.amazonaws.AmazonServiceException) ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider) AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Credentials(com.amazonaws.services.securitytoken.model.Credentials)

Aggregations

Credentials (com.amazonaws.services.securitytoken.model.Credentials)2 GetFederationTokenRequest (com.amazonaws.services.securitytoken.model.GetFederationTokenRequest)2 GetFederationTokenResult (com.amazonaws.services.securitytoken.model.GetFederationTokenResult)2 AmazonServiceException (com.amazonaws.AmazonServiceException)1 SdkClientException (com.amazonaws.SdkClientException)1 AWSCredentials (com.amazonaws.auth.AWSCredentials)1 AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)1 BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)1 BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)1 Policy (com.amazonaws.auth.policy.Policy)1 Resource (com.amazonaws.auth.policy.Resource)1 Statement (com.amazonaws.auth.policy.Statement)1 ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)1 Regions (com.amazonaws.regions.Regions)1 AmazonS3 (com.amazonaws.services.s3.AmazonS3)1 ObjectListing (com.amazonaws.services.s3.model.ObjectListing)1 AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)1 AWSSecurityTokenServiceClient (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)1 BufferedReader (java.io.BufferedReader)1 InputStreamReader (java.io.InputStreamReader)1