本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # ListPermissions 以下 Java 範例示範如何使用 [ListPermissions](https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html) 操作。 此操作會列出您私有 CA 所指派的許可 (若有的話)。許可,包括 `IssueCertificate`、 `GetCertificate`和 `ListPermissions`,可以使用 [CreatePermission](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html) 操作指派給 AWS 服務主體,並使用 [DeletePermissions](https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html) 操作撤銷。 ``` package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.services.acmpca.AWSACMPCA; import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder; import com.amazonaws.services.acmpca.model.ListPermissionsRequest; import com.amazonaws.services.acmpca.model.ListPermissionsResult; import com.amazonaws.AmazonClientException; import com.amazonaws.services.acmpca.model.InvalidArnException; import com.amazonaws.services.acmpca.model.InvalidNextTokenException; import com.amazonaws.services.acmpca.model.InvalidStateException; import com.amazonaws.services.acmpca.model.ResourceNotFoundException; import com.amazonaws.services.acmpca.model.RequestFailedException; public class ListPermissions { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from disk", e); } // Define the endpoint for your sample. String endpointRegion = "{{region}}"; // Substitute your region here, e.g. "us-west-2" String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create a request object and set the CA ARN. ListPermissionsRequest req = new ListPermissionsRequest(); req.withCertificateAuthorityArn("arn:{{aws}}:acm-pca:{{us-east-1}}:{{111122223333}}:certificate-authority/{{11223344-1234-1122-2233-112233445566}}"); // List the tags. ListPermissionsResult result = null; try { result = client.listPermissions(req); } catch (InvalidArnException ex) { throw ex; } catch (InvalidStateException ex) { throw ex; } catch(RequestFailedException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } // Retrieve and display the permissions. System.out.println(result); } } ``` 若指定的私有 CA 已將許可指派給服務委託人,您的輸出應該會和以下內容相似: ``` [{ Arn: arn:aws:acm-pca:{{region}}:{{account}}:permission/{{12345678-1234-1234-1234-123456789012}}, CreatedAt: WedFeb0317: 05: 39PST2019, Prinicpal: acm.amazonaws.com, Permissions: { ISSUE_CERTIFICATE, GET_CERTIFICATE, DELETE,CERTIFICATE }, SourceAccount: {{account}} }] ```