你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

KeyVaultCredentials 类

  • 参考
包:
com.microsoft.azure.keyvault.authentication
  • java.lang.Object
    • ServiceClientCredentials
      • com.microsoft.azure.keyvault.authentication.KeyVaultCredentials

public class KeyVaultCredentials

支持自动持有者令牌刷新的 ServiceClientCredentials 实现。

方法摘要

修饰符和类型 方法和描述
void applyCredentialsFilter(OkHttpClient.Builder clientBuilder)
abstract String doAuthenticate(String authorization, String resource, String scope)

要实现的抽象方法。

使用令牌标头回答服务器质询。

实现通常使用 ADAL 来获取令牌,如以下示例中所示:


@Override
public String doAuthenticate(String authorization, String resource, String scope) {

    String clientId = ...; // client GUID as shown in Azure portal.

    String clientKey = ...; // client key as provided by Azure portal.

    AuthenticationResult token = getAccessTokenFromClientCredentials(authorization, resource, clientId, clientKey);

    return token.getAccessToken();;

}

private static AuthenticationResult getAccessTokenFromClientCredentials(String authorization, String resource, String clientId, String clientKey) {

    AuthenticationContext context = null;

    AuthenticationResult result = null;

    ExecutorService service = null;

    try {

        service = Executors.newFixedThreadPool(1);

        context = new AuthenticationContext(authorization, false, service);

        ClientCredential credentials = new ClientCredential(clientId, clientKey);

        Future<AuthenticationResult> future = context.acquireToken(resource, credentials, null);

        result = future.get();

    } catch (Exception e) {

        throw new RuntimeException(e);

    } finally {

        service.shutdown();

    }

    if (result == null) {

        throw new RuntimeException("authentication result was null");

    }

    return result;

}

注意:必须安全地存储客户端密钥。 建议使用两个客户端应用程序(一个用于开发,另一个用于生产)由单独的各方管理。

方法详细信息

applyCredentialsFilter

public void applyCredentialsFilter(OkHttpClient.Builder clientBuilder)

Parameters:

clientBuilder

doAuthenticate

public abstract String doAuthenticate(String authorization, String resource, String scope)

要实现的抽象方法。

使用令牌标头回答服务器质询。

实现通常使用 ADAL 来获取令牌,如以下示例中所示:


&#064;Override
public String doAuthenticate(String authorization, String resource, String scope) {

    String clientId = ...; // client GUID as shown in Azure portal.

    String clientKey = ...; // client key as provided by Azure portal.

    AuthenticationResult token = getAccessTokenFromClientCredentials(authorization, resource, clientId, clientKey);

    return token.getAccessToken();;

}

private static AuthenticationResult getAccessTokenFromClientCredentials(String authorization, String resource, String clientId, String clientKey) {

    AuthenticationContext context = null;

    AuthenticationResult result = null;

    ExecutorService service = null;

    try {

        service = Executors.newFixedThreadPool(1);

        context = new AuthenticationContext(authorization, false, service);

        ClientCredential credentials = new ClientCredential(clientId, clientKey);

        Future<AuthenticationResult> future = context.acquireToken(resource, credentials, null);

        result = future.get();

    } catch (Exception e) {

        throw new RuntimeException(e);

    } finally {

        service.shutdown();

    }

    if (result == null) {

        throw new RuntimeException("authentication result was null");

    }

    return result;

}

注意:必须安全地存储客户端密钥。 建议使用两个客户端应用程序(一个用于开发,另一个用于生产)由单独的各方管理。

Parameters:

authorization - 颁发机构的标识符,URL。
resource - 作为所请求令牌的接收方的目标资源的标识符(URL)。
scope - 身份验证请求的范围。

Returns:

访问令牌

适用于