List of usage examples for com.amazonaws.auth BasicSessionCredentials BasicSessionCredentials
public BasicSessionCredentials(String awsAccessKey, String awsSecretKey, String sessionToken)
From source file:CodeBuildCredentials.java
License:Open Source License
@Override public AWSCredentials getCredentials() { AWSCredentialsProvider credentialsProvider = AWSClientFactory.getBasicCredentialsOrDefaultChain(accessKey, secretKey);/* w w w . j a va 2s. c o m*/ AWSCredentials credentials = credentialsProvider.getCredentials(); if (!iamRoleArn.isEmpty()) { if (haveCredentialsExpired()) { refresh(); } credentials = new BasicSessionCredentials(roleCredentials.getAccessKeyId(), roleCredentials.getSecretAccessKey(), roleCredentials.getSessionToken()); } return credentials; }
From source file:awslabs.lab41.Lab41.java
License:Open Source License
public void appMode_Run(LabVariables labVariables) throws InterruptedException, IOException { AWSCredentials credentials = getCredentials("appmode"); Credentials devCredentials = null, prodCredentials = null; AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(credentials); //stsClient.setRegion(Lab41.region); System.out.println("\nAssuming developer role to retrieve developer session credentials."); Boolean retry;/* w ww. j a v a 2s.com*/ long start = System.currentTimeMillis(); do { try { devCredentials = labCode.appMode_AssumeRole(stsClient, labVariables.getDevelopmentRoleArn(), "dev_session"); retry = false; } catch (AmazonServiceException ase) { if (ase.getErrorCode().equals("AccessDenied")) { // If we get access denied, the policy that we created hasn't fully propagated through STS // so we need to wait and retry. This code will retry for 30 seconds before timing out. long now = System.currentTimeMillis(); if (now >= (start + 30 * 1000)) { System.out.println(); throw ase; // Stop waiting. } retry = true; System.out.print("."); // Sleep for a second before trying again. Thread.sleep(1000); } else { throw ase; } } } while (retry); System.out.println("\nAssuming production role to retrieve production session credentials."); start = System.currentTimeMillis(); do { try { prodCredentials = labCode.appMode_AssumeRole(stsClient, labVariables.getProductionRoleArn(), "prod_session"); retry = false; } catch (AmazonServiceException ase) { if (ase.getErrorCode().equals("AccessDenied")) { // If we get access denied, the policy that we created hasn't fully propagated through STS // so we need to wait and retry. This code will retry for 30 seconds before timing out. long now = System.currentTimeMillis(); if (now >= (start + 30 * 1000)) { System.out.println(); throw ase; // Stop waiting. } retry = true; System.out.print("."); // Sleep for a second before trying again. Thread.sleep(1000); } else { throw ase; } } } while (retry); System.out.println("\nCreating S3 client objects."); AmazonS3Client devS3Client = labCode.appMode_CreateS3Client(devCredentials, Lab41.region); AmazonS3Client prodS3Client = labCode.appMode_CreateS3Client(prodCredentials, Lab41.region); System.out.println("\nTesting Developer Session..."); // Create the dev credentials. BasicSessionCredentials devSession = new BasicSessionCredentials(devCredentials.getAccessKeyId(), devCredentials.getSecretAccessKey(), devCredentials.getSessionToken()); // Test services access using the dev credentials. System.out.println( " IAM: " + (optionalLabCode.appMode_TestIamAccess(Lab41.region, devSession) ? "Accessible." : "Inaccessible.")); System.out.println( " SQS: " + (optionalLabCode.appMode_TestSqsAccess(Lab41.region, devSession) ? "Accessible." : "Inaccessible.")); System.out.println( " SNS: " + (optionalLabCode.appMode_TestSnsAccess(Lab41.region, devSession) ? "Accessible." : "Inaccessible.")); System.out.println(" S3:"); for (String bucketName : labVariables.getBucketNames()) { testS3Client(devS3Client, bucketName); } System.out.println("\nTesting Production Session..."); // Create the prod credentials. BasicSessionCredentials prodSession = new BasicSessionCredentials(prodCredentials.getAccessKeyId(), prodCredentials.getSecretAccessKey(), prodCredentials.getSessionToken()); // Test services using the prod credentials. System.out.println( " IAM: " + (optionalLabCode.appMode_TestIamAccess(Lab41.region, prodSession) ? "Accessible." : "Inaccessible.")); System.out.println( " SQS: " + (optionalLabCode.appMode_TestSqsAccess(Lab41.region, prodSession) ? "Accessible." : "Inaccessible.")); System.out.println( " SNS: " + (optionalLabCode.appMode_TestSnsAccess(Lab41.region, prodSession) ? "Accessible." : "Inaccessible.")); System.out.println(" S3:"); for (String bucketName : labVariables.getBucketNames()) { testS3Client(prodS3Client, bucketName); } }
From source file:awslabs.lab41.SolutionCode.java
License:Open Source License
@Override public AmazonS3Client appMode_CreateS3Client(Credentials credentials, Region region) { AmazonS3Client s3Client;//from w w w. jav a 2 s .c om // Construct a BasicSessionCredentials object using the provided credentials. BasicSessionCredentials sessionCredentials = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()); // Construct an an AmazonS3Client object using the basic session credentials that you just created. s3Client = new AmazonS3Client(sessionCredentials); // Set the region of the S3 client object to the provided region. s3Client.setRegion(region); // Return the S3 client object. return s3Client; }
From source file:com.ad.mediasharing.tvmclient.AmazonSharedPreferencesWrapper.java
License:Open Source License
/** * Gets the AWS Access Key, AWS Secret Key and Security Token currently stored in Shared Preferences. Then creates a Credentials object * and returns that object.//from w ww . ja va2 s . c o m */ public static AWSCredentials getCredentialsFromSharedPreferences(SharedPreferences sharedPreferences) { String accessKey = AmazonSharedPreferencesWrapper.getValueFromSharedPreferences(sharedPreferences, AWS_ACCESS_KEY); String secretKey = AmazonSharedPreferencesWrapper.getValueFromSharedPreferences(sharedPreferences, AWS_SECRET_KEY); String securityToken = AmazonSharedPreferencesWrapper.getValueFromSharedPreferences(sharedPreferences, AWS_SECURITY_TOKEN); return new BasicSessionCredentials(accessKey, secretKey, securityToken); }
From source file:com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl.java
License:Open Source License
public AWSCredentials getCredentials() { AWSCredentials initialCredentials = new BasicAWSCredentials(accessKey, secretKey.getPlainText()); if (StringUtils.isBlank(iamRoleArn)) { return initialCredentials; } else {//from ww w . j a v a 2 s . com // Check for available region from the SDK, otherwise specify default String clientRegion = null; DefaultAwsRegionProviderChain sdkRegionLookup = new DefaultAwsRegionProviderChain(); try { clientRegion = sdkRegionLookup.getRegion(); } catch (com.amazonaws.SdkClientException e) { LOGGER.log(Level.WARNING, "Could not find default region using SDK lookup.", e); } if (clientRegion == null) { clientRegion = Regions.DEFAULT_REGION.getName(); } AWSSecurityTokenService client; // Handle the case of delegation to instance profile if (StringUtils.isBlank(accessKey) && StringUtils.isBlank(secretKey.getPlainText())) { client = AWSSecurityTokenServiceClientBuilder.standard().withRegion(clientRegion).build(); } else { client = AWSSecurityTokenServiceClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(initialCredentials)) .withRegion(clientRegion).build(); } AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn) .withDurationSeconds(this.getStsTokenDuration()); AssumeRoleResult assumeResult = client.assumeRole(assumeRequest); return new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); } }
From source file:com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl.java
License:Open Source License
public AWSCredentials getCredentials(String mfaToken) { AWSCredentials initialCredentials = new BasicAWSCredentials(accessKey, secretKey.getPlainText()); AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn).withSerialNumber(iamMfaSerialNumber) .withTokenCode(mfaToken).withDurationSeconds(this.getStsTokenDuration()); AssumeRoleResult assumeResult = new AWSSecurityTokenServiceClient(initialCredentials) .assumeRole(assumeRequest);/*from w ww . jav a 2 s . co m*/ return new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); }
From source file:com.denismo.aws.iam.IAMPasswordValidator.java
License:Apache License
public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException { boolean role = false; AWSCredentials creds;/*from w w w . ja v a 2 s . c om*/ if (isRole(user)) { role = true; String[] parts = pw.split("\\|"); if (parts == null || parts.length < 3) throw new LdapAuthenticationException(); creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]); } else { creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw); } LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user", user.get("uid").getString()); AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds); try { client.getAccountSummary(); } catch (AmazonClientException e) { System.err.println(e.getMessage()); return false; } finally { client.shutdown(); } return true; }
From source file:com.denismo.aws.iam.IAMSecretKeyValidator.java
License:Apache License
@Override public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException { boolean role = false; AWSCredentials creds;/*from w ww . jav a2 s . co m*/ if (isRole(user)) { role = true; String[] parts = pw.split("\\|"); if (parts == null || parts.length < 3) throw new LdapAuthenticationException(); creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]); } else { creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw); } LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user", user.get("uid").getString()); AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds); try { client.getAccountSummary(); } catch (AmazonClientException e) { System.err.println(e.getMessage()); return false; } finally { client.shutdown(); } return true; }
From source file:com.dtolabs.rundeck.plugin.resources.ec2.EC2ResourceModelSource.java
License:Apache License
private void initialize() { final ArrayList<String> params = new ArrayList<String>(); if (null != filterParams) { Collections.addAll(params, filterParams.split(";")); }/*from w w w. ja v a 2 s .co m*/ loadMapping(); if (this.credentials == null && assumeRoleArn != null) { AWSSecurityTokenServiceClient sts_client = new AWSSecurityTokenServiceClient(); // sts_client.setEndpoint("sts-endpoint.amazonaws.com"); AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest(); assumeRoleRequest.setRoleArn(assumeRoleArn); assumeRoleRequest.setRoleSessionName("RundeckEC2ResourceModelSourceSession"); AssumeRoleResult assumeRoleResult = sts_client.assumeRole(assumeRoleRequest); Credentials assumeCredentials = assumeRoleResult.getCredentials(); credentials = new BasicSessionCredentials(assumeCredentials.getAccessKeyId(), assumeCredentials.getSecretAccessKey(), assumeCredentials.getSessionToken()); } mapper = new InstanceToNodeMapper(this.credentials, mapping, clientConfiguration); mapper.setFilterParams(params); mapper.setEndpoint(endpoint); mapper.setRunningStateOnly(runningOnly); }
From source file:com.eucalyptus.auth.tokens.SecurityTokenAWSCredentialsProvider.java
License:Open Source License
private Supplier<AWSCredentials> refreshCredentialsSupplier() { return Suppliers.memoizeWithExpiration(new Supplier<AWSCredentials>() { @Override// w ww. jav a 2s . c o m public AWSCredentials get() { try { final SecurityToken securityToken = SecurityTokenManager.issueSecurityToken(user.get(), expirationSecs); return new BasicSessionCredentials(securityToken.getAccessKeyId(), securityToken.getSecretKey(), securityToken.getToken()); } catch (final AuthException e) { throw Exceptions.toUndeclared(e); } } }, expirationSecs - preExpirySecs, TimeUnit.SECONDS); }