我有類似的問題到這個職位:Authenticate to Azure API App using ADAL但在我的情況下,我有一個客戶在JBoss中託管的Java客戶端需要訪問我的API。該服務的安全性爲「公開(已驗證)」,我從瀏覽器訪問它時沒有任何問題。我知道我可以在.NET中創建一個Azure API應用程序客戶端,但是我找不到有關如何從Java進行身份驗證的示例。目前這是可能的嗎?如果有的話,是否有人有任何樣本或建議可以幫助?從Java驗證Azure API應用程序
我回顧了下面的一些文檔,用Java調用Azure API應用程序,從AAD認證的客戶端調用Azure API應用程序。
作爲參考:
對於樣品,我創建在Eclipse中Maven項目和使用庫adal4j,common-io & httpclient。以下是pom.xml文件中的依賴關係配置。
<dependencies>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>adal4j</artifactId>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.1</version>
</dependency>
</dependencies>
服務示例代碼安全爲Public (authenticated),請注意代碼中的註釋。
String gateway_url = "https://<GatewayHost>.azurewebsites.net/";
String app_id_uri = gateway_url + "login/aad";
String authority = "https://login.microsoftonline.com/<aad-domain>.onmicrosoft.com";
String clientId = "<clientId>";
String clientSecret = "<key>";
String url = "https://<ApiAppHost>.azurewebsites.net/...";
/*
* Get Access Token from Gateway Login URL with authentication provider name
* Note: Please refer to the aad sample in Java for Native Headless at https://github.com/Azure-Samples/active-directory-java-native-headless
*/
HttpsURLConnection conn = (HttpsURLConnection) new URL(app_id_uri).openConnection();
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(authority, false, service);
ClientCredential credential = new ClientCredential(clientId, clientSecret);
Future<AuthenticationResult> future = context.acquireToken(app_id_uri, credential, null);
result = future.get();
} finally {
service.shutdown();
}
String accessToken = null;
if (result == null) {
throw new ServiceUnavailableException(
"authentication result was null");
} else {
accessToken = result.getAccessToken();
System.out.println("Access Token: " +accessToken);
}
/*
* Using access token to get authentication token
*/
String data = "{\"access_token\": \""+accessToken+"\"}";
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.addRequestProperty("Content-Length", data.length()+"");
new DataOutputStream(conn.getOutputStream()).writeBytes(data);
String authTokenResp = IOUtils.toString(conn.getInputStream());
System.out.println("Get Authentication Token Response: " + authTokenResp);
/*
* The content of Authentication Token Response is as {"user": {"userId": "sid:xxx...xxx"}, "authenticationToken": "xxxx...xxxxx"}.
* Need to extract the authenticationToken from Json.
*/
Gson gson = new Gson();
Map<String, Object> map = gson.fromJson(authTokenResp, Map.class);
String authenticationToken = (String) map.get("authenticationToken");
System.out.println("Authentication Token: "+authenticationToken);
/*
* Using authentication token as X-ZUMO-AUTH header to get data from Api App
* Note: Must using Apache Common HttpClient supported HTTP 30x redirection, Class Http(s)URLConnection not support.
* There are three times continuous 302 redirection in accessing Api App with zumo token.
*/
HttpGet httpGet = new HttpGet(url);
httpGet.addHeader("x-zumo-auth", authenticationToken);
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpResponse resp = httpclient.execute(httpGet);
String apiAppData = IOUtils.toString(resp.getEntity().getContent());
System.out.println(apiAppData);
任何問題,請隨時讓我知道。
@ peter-pan-msft這是比我所希望的更完整的答案。謝謝!我所缺少的是如何從認證令牌響應中提取認證令牌。 –