Step By Step
主要操作步骤
1、主账户A创建角色并进行相关授权;
2、主账户B下面创建子账户B1;
3、主账户B为子账户B1授权可以扮演角色;
4、子账户B1创建AccessKey&AccessSecret;
5、代码实现B1认证信息订阅主账户A下面的RocketMQ。
一、主账户A创建角色并进行相关授权
1、登陆主账户ARAM控制台创建角色
2、按需输入必要信息
3、为角色授权
4、必要认证参数获取
二、主账户B下面创建子账户B1
1、登陆主账户B RAM控制台下面创建子账户
三、主账户B为子账户B1授权可以扮演角色
四、子账户B1创建AccessKey&AccessSecret
五、代码实现B1认证信息订阅主账户A下面的RocketMQ
1、pom.xml
<dependencies>
<!-- https://mvnrepository.com/artifact/com.aliyun.openservices/ons-client -->
<dependency>
<groupId>com.aliyun.openservices</groupId>
<artifactId>ons-client</artifactId>
<version>1.8.6.Final</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-sts</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>4.4.6</version>
</dependency>
</dependencies>2、Code Sample
import com.aliyun.openservices.ons.api.Action;
import com.aliyun.openservices.ons.api.ConsumeContext;
import com.aliyun.openservices.ons.api.Consumer;
import com.aliyun.openservices.ons.api.Message;
import com.aliyun.openservices.ons.api.MessageListener;
import com.aliyun.openservices.ons.api.ONSFactory;
import com.aliyun.openservices.ons.api.PropertyKeyConst;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.IAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
import java.util.Properties;
public class ConsumerTest {
public static void main(String[] args) throws ClientException {
Properties properties = new Properties();
// 您在控制台创建的Group ID。
properties.put(PropertyKeyConst.GROUP_ID, "GID_******");
//子账户B1的AccessKey&AccessSecret
DefaultProfile profile = DefaultProfile.getProfile("cn-hangzhou", "LTAI4G26Yrjp5QjF********", "mHlYOVU6lhnFt6****************");
IAcsClient client = new DefaultAcsClient(profile);
// 构造请求,设置参数。
AssumeRoleRequest request = new AssumeRoleRequest();
request.setRoleArn("acs:ram::*********:role/taro-submq"); // ARN
request.setRoleSessionName("taro-submq"); // RAM 角色名称
request.setDurationSeconds(3600L); //过期时间,单位为秒,过期时间最小值为900秒,最大值为MaxSessionDuration设置的时间。默认值为3600秒。
AssumeRoleResponse response;
//发起请求,并得到响应
response = client.getAcsResponse(request);
// 从sts 请求response反馈结果获取认证信息
properties.put(PropertyKeyConst.AccessKey, response.getCredentials().getAccessKeyId());
properties.put(PropertyKeyConst.SecretKey, response.getCredentials().getAccessKeySecret());
properties.put(PropertyKeyConst.SecurityToken, response.getCredentials().getSecurityToken());
// 主账户A RocketMQ控制台获取:设置TCP接入域名,进入控制台的实例详情页面的TCP协议客户端接入点区域查看。
properties.put(PropertyKeyConst.NAMESRV_ADDR, "http://MQ_INST_*********.mq-internet-access.mq-internet.aliyuncs.com:80");
Consumer consumer = ONSFactory.createConsumer(properties);
consumer.subscribe("******", "*", new MessageListener() { //订阅多个Tag。
public Action consume(Message message, ConsumeContext context) {
System.out.println("Receive: " + message);
return Action.CommitMessage;
}
});
consumer.start();
System.out.println("Consumer Started");
}
} 3、测试效果
