Gra*_*son 1 java azure azure-active-directory azure-api-apps
我有一个与这篇文章类似的问题:使用 ADAL 对 Azure API 应用程序进行身份验证,但就我而言,我有一个客户,其 Java 客户端托管在 JBoss 中,需要访问我的 API。该服务被保护为“公共(经过身份验证)”,并且我从浏览器访问它没有任何问题。我知道我可以在 .net 中创建 Azure API 应用程序客户端,但我找不到任何有关如何从 Java 进行身份验证的示例。目前这是否可能,如果可以,是否有人有任何有帮助的样本或建议?
我查看了下面的一些文档,用 Java 制作了一个示例,用于从经过 AAD 身份验证的客户端调用 Azure API 应用程序。
作为参考:
对于示例,我在 Eclipse 中创建了一个 Maven 项目并使用了 libs adal4j、common-io& httpclient。这是文件中下面的依赖项配置pom.xml。
<dependencies>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>adal4j</artifactId>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.1</version>
</dependency>
</dependencies>
服务安全示例代码为Public (authenticated),请注意代码中的注释。
String gateway_url = "https://<GatewayHost>.azurewebsites.net/";
String app_id_uri = gateway_url + "login/aad";
String authority = "https://login.microsoftonline.com/<aad-domain>.onmicrosoft.com";
String clientId = "<clientId>";
String clientSecret = "<key>";
String url = "https://<ApiAppHost>.azurewebsites.net/...";
/*
* Get Access Token from Gateway Login URL with authentication provider name
* Note: Please refer to the aad sample in Java for Native Headless at https://github.com/Azure-Samples/active-directory-java-native-headless
*/
HttpsURLConnection conn = (HttpsURLConnection) new URL(app_id_uri).openConnection();
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(authority, false, service);
ClientCredential credential = new ClientCredential(clientId, clientSecret);
Future<AuthenticationResult> future = context.acquireToken(app_id_uri, credential, null);
result = future.get();
} finally {
service.shutdown();
}
String accessToken = null;
if (result == null) {
throw new ServiceUnavailableException(
"authentication result was null");
} else {
accessToken = result.getAccessToken();
System.out.println("Access Token: " +accessToken);
}
/*
* Using access token to get authentication token
*/
String data = "{\"access_token\": \""+accessToken+"\"}";
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.addRequestProperty("Content-Length", data.length()+"");
new DataOutputStream(conn.getOutputStream()).writeBytes(data);
String authTokenResp = IOUtils.toString(conn.getInputStream());
System.out.println("Get Authentication Token Response: " + authTokenResp);
/*
* The content of Authentication Token Response is as {"user": {"userId": "sid:xxx...xxx"}, "authenticationToken": "xxxx...xxxxx"}.
* Need to extract the authenticationToken from Json.
*/
Gson gson = new Gson();
Map<String, Object> map = gson.fromJson(authTokenResp, Map.class);
String authenticationToken = (String) map.get("authenticationToken");
System.out.println("Authentication Token: "+authenticationToken);
/*
* Using authentication token as X-ZUMO-AUTH header to get data from Api App
* Note: Must using Apache Common HttpClient supported HTTP 30x redirection, Class Http(s)URLConnection not support.
* There are three times continuous 302 redirection in accessing Api App with zumo token.
*/
HttpGet httpGet = new HttpGet(url);
httpGet.addHeader("x-zumo-auth", authenticationToken);
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpResponse resp = httpclient.execute(httpGet);
String apiAppData = IOUtils.toString(resp.getEntity().getContent());
System.out.println(apiAppData);
如有任何疑问,请随时告诉我。