我有一个与本文类似的问题:使用ADAL验证Azure API应用程序,但在我的情况下,我有一位客户的Java客户端托管在JBoss中,他需要访问我的API。该服务的安全性为"公共(已验证)",我从浏览器访问它没有任何问题。我知道我可以在.net中创建Azure API应用程序客户端,但我找不到任何关于如何从Java进行身份验证的示例。目前这可能吗?如果可能,有人有任何样本或建议可以帮助吗?
我查看了下面的一些文档,用Java制作了一个示例,用于从经过AAD验证的客户端调用Azure API应用程序。
作为参考:
- https://azure.microsoft.com/en-us/documentation/articles/app-service-api-authentication-client-flow/
- https://azure.microsoft.com/en-us/documentation/articles/app-service-api-dotnet-add-authentication/
- https://azure.microsoft.com/en-us/documentation/articles/app-service-authentication-overview/
对于这个示例,我在Eclipse中创建了一个maven项目,并使用了库adal4j、common-io&httpclient。以下是pom.xml文件中的依赖项配置。
<dependencies>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>adal4j</artifactId>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.1</version>
</dependency>
</dependencies>
服务的示例代码被保护为Public (authenticated),请注意代码中的注释。
String gateway_url = "https://<GatewayHost>.azurewebsites.net/";
String app_id_uri = gateway_url + "login/aad";
String authority = "https://login.microsoftonline.com/<aad-domain>.onmicrosoft.com";
String clientId = "<clientId>";
String clientSecret = "<key>";
String url = "https://<ApiAppHost>.azurewebsites.net/...";
/*
* Get Access Token from Gateway Login URL with authentication provider name
* Note: Please refer to the aad sample in Java for Native Headless at https://github.com/Azure-Samples/active-directory-java-native-headless
*/
HttpsURLConnection conn = (HttpsURLConnection) new URL(app_id_uri).openConnection();
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(authority, false, service);
ClientCredential credential = new ClientCredential(clientId, clientSecret);
Future<AuthenticationResult> future = context.acquireToken(app_id_uri, credential, null);
result = future.get();
} finally {
service.shutdown();
}
String accessToken = null;
if (result == null) {
throw new ServiceUnavailableException(
"authentication result was null");
} else {
accessToken = result.getAccessToken();
System.out.println("Access Token: " +accessToken);
}
/*
* Using access token to get authentication token
*/
String data = "{"access_token": ""+accessToken+""}";
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.addRequestProperty("Content-Length", data.length()+"");
new DataOutputStream(conn.getOutputStream()).writeBytes(data);
String authTokenResp = IOUtils.toString(conn.getInputStream());
System.out.println("Get Authentication Token Response: " + authTokenResp);
/*
* The content of Authentication Token Response is as {"user": {"userId": "sid:xxx...xxx"}, "authenticationToken": "xxxx...xxxxx"}.
* Need to extract the authenticationToken from Json.
*/
Gson gson = new Gson();
Map<String, Object> map = gson.fromJson(authTokenResp, Map.class);
String authenticationToken = (String) map.get("authenticationToken");
System.out.println("Authentication Token: "+authenticationToken);
/*
* Using authentication token as X-ZUMO-AUTH header to get data from Api App
* Note: Must using Apache Common HttpClient supported HTTP 30x redirection, Class Http(s)URLConnection not support.
* There are three times continuous 302 redirection in accessing Api App with zumo token.
*/
HttpGet httpGet = new HttpGet(url);
httpGet.addHeader("x-zumo-auth", authenticationToken);
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpResponse resp = httpclient.execute(httpGet);
String apiAppData = IOUtils.toString(resp.getEntity().getContent());
System.out.println(apiAppData);
如有任何问题,请随时通知我。
try (CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(getSslConnectionSocketFactory(logger))
.build();
CloseableHttpResponse response = httpClient.execute(httpPost)) {
final int httpStatusCode = response.getStatusLine().getStatusCode();
} catch (IOException ex) {
logger.info(format("Error relaying to court store %s , %s", caseReference, ex));
}
private SSLConnectionSocketFactory getSslConnectionSocketFactory(final Logger logger) {
SSLConnectionSocketFactory sslConSocFactory = null;
try {
final KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
final Certificate certificate = ks.getCertificate(CERTIFICATE_SUBJECT);
if (certificate == null) {
logger.info(format("Certificate not found for %s", CERTIFICATE_SUBJECT));
}
final TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
final SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(ks, acceptingTrustStrategy).build();
sslConSocFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
} catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException | KeyManagementException ex) {
logger.info(format("Error reading certificate : , %s", ex));
}
return sslConSocFactory;
}