从Java

Question

我对这篇文章有类似的问题：Authenticate to Azure API App using ADAL但在我的情况下，我有一个客户在JBoss中托管了一个需要访问我的API的Java客户端。该服务被保护为“公共（经过身份验证）”，我没有任何问题从浏览器访问它。我知道我可以在.net中创建Azure API App Client，但是我找不到任何关于如何从Java进行身份验证的示例。这目前是否可行，如果有的话，是否有人会提供任何有用的样品或建议？

Answer 1

我查看了下面的一些文档，用Java编写样本，用于从AAD验证的客户端调用Azure API应用程序。

作为参考：

1. https://azure.microsoft.com/en-us/documentation/articles/app-service-api-authentication-client-flow/
2. https://azure.microsoft.com/en-us/documentation/articles/app-service-api-dotnet-add-authentication/
3. https://azure.microsoft.com/en-us/documentation/articles/app-service-authentication-overview/

对于示例，我在Eclipse中创建了一个maven项目，并使用了库adal4j，common-io＆amp; httpclient。以下是pom.xml文件中的依赖项配置。

<dependencies>
    <dependency>
        <groupId>com.microsoft.azure</groupId>
        <artifactId>adal4j</artifactId>
        <version>1.1.2</version>
    </dependency>
    <dependency>
        <groupId>commons-io</groupId>
        <artifactId>commons-io</artifactId>
        <version>2.4</version>
    </dependency>
    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
        <version>4.5.1</version>
    </dependency>
</dependencies>

作为Public (authenticated)安全的服务示例代码，请注意代码中的注释。

    String gateway_url = "https://<GatewayHost>.azurewebsites.net/";
    String app_id_uri = gateway_url + "login/aad";
    String authority = "https://login.microsoftonline.com/<aad-domain>.onmicrosoft.com";
    String clientId = "<clientId>";
    String clientSecret = "<key>";
    String url = "https://<ApiAppHost>.azurewebsites.net/...";
/*
 *  Get Access Token from Gateway Login URL with authentication provider name
 *  Note: Please refer to the aad sample in Java for Native Headless at https://github.com/Azure-Samples/active-directory-java-native-headless
 */
HttpsURLConnection conn = (HttpsURLConnection) new URL(app_id_uri).openConnection();
AuthenticationContext context = null;
    AuthenticationResult result = null;
    ExecutorService service = null;
    try {
        service = Executors.newFixedThreadPool(1);
        context = new AuthenticationContext(authority, false, service);
        ClientCredential credential = new ClientCredential(clientId, clientSecret);
        Future<AuthenticationResult> future = context.acquireToken(app_id_uri, credential, null);
        result = future.get();
    } finally {
        service.shutdown();
    }
    String accessToken = null;
    if (result == null) {
        throw new ServiceUnavailableException(
                "authentication result was null");
    } else {
        accessToken = result.getAccessToken();
        System.out.println("Access Token: " +accessToken);
    }
    /*
     * Using access token to get authentication token
     */
    String data = "{\"access_token\": \""+accessToken+"\"}";
    conn.setRequestMethod("POST");
    conn.setDoOutput(true);
    conn.addRequestProperty("Content-Length", data.length()+"");
    new DataOutputStream(conn.getOutputStream()).writeBytes(data);
    String authTokenResp = IOUtils.toString(conn.getInputStream());
    System.out.println("Get Authentication Token Response: " + authTokenResp);
    /*
     * The content of Authentication Token Response is as {"user": {"userId": "sid:xxx...xxx"}, "authenticationToken": "xxxx...xxxxx"}.
     * Need to extract the authenticationToken from Json.
     */
    Gson gson = new Gson();
    Map<String, Object> map = gson.fromJson(authTokenResp, Map.class);
    String authenticationToken = (String) map.get("authenticationToken");
    System.out.println("Authentication Token: "+authenticationToken);
    /*
     * Using authentication token as X-ZUMO-AUTH header to get data from Api App
     * Note: Must using Apache Common HttpClient supported HTTP 30x redirection, Class Http(s)URLConnection not support.
     *          There are three times continuous 302 redirection in accessing Api App with zumo token. 
     */
    HttpGet httpGet = new HttpGet(url);
    httpGet.addHeader("x-zumo-auth", authenticationToken);
    CloseableHttpClient httpclient = HttpClients.createDefault();
    HttpResponse resp = httpclient.execute(httpGet);
    String apiAppData = IOUtils.toString(resp.getEntity().getContent());
    System.out.println(apiAppData);

如有任何疑虑，请随时告诉我。

Answer 2

try (CloseableHttpClient httpClient = HttpClients.custom()
                .setSSLSocketFactory(getSslConnectionSocketFactory(logger))
                .build();
             CloseableHttpResponse response = httpClient.execute(httpPost)) {

             final int httpStatusCode = response.getStatusLine().getStatusCode();
            
        } catch (IOException ex) {
            logger.info(format("Error relaying to court store %s , %s", caseReference, ex));
           
 }


    private SSLConnectionSocketFactory getSslConnectionSocketFactory(final Logger logger) {
        SSLConnectionSocketFactory sslConSocFactory = null;
        try {
            final KeyStore ks = KeyStore.getInstance("Windows-MY");
            ks.load(null, null);
            final Certificate certificate = ks.getCertificate(CERTIFICATE_SUBJECT);
            if (certificate == null) {
                logger.info(format("Certificate not found for %s", CERTIFICATE_SUBJECT));
            }
            final TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
            final SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(ks, acceptingTrustStrategy).build();
            sslConSocFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
        } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException | KeyManagementException ex) {
            logger.info(format("Error reading certificate : , %s", ex));
        }
        return sslConSocFactory;
    }