您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

用于 Java 的 Azure Active Directory 库Azure Active Directory libraries for Java

概述Overview

使用 Azure Active Directory 将用户登录并控制对应用程序和 API 的访问。Sign-on users and control access to applications and APIs with Azure Active Directory.

若要开始使用 Azure AD,请参阅使用 Azure AD 进行 Java Web 应用登录和注销To get started with Azure AD, see Java web app sign-in and sign-out with Azure AD.

客户端库Client library

使用用于 Java 的 Azure Active Directory 身份验证库 (ADAL) 配置 OAuth2、OpenID Connect 或 Active Directory Graph 身份验证和 SAML 2.0 单一登录。Configure OAuth2, OpenID Connect, or Active Directory Graph authentication and SAML 2.0 single-sign on with the Azure Active Directory authentication library (ADAL) for Java.

向 Maven pom.xml 文件中添加依赖项,以便在项目中使用客户端库。Add a dependency to your Maven pom.xml file to use the client library in your project.

<dependency>
    <groupId>com.microsoft.azure</groupId>
    <artifactId>adal4j</artifactId>
    <version>1.2.0</version>
</dependency>

示例Example

使用 Azure Active Directory 的图形 API 检索 Active Directory 租户中某个用户的 JSON Web 令牌 (JWT)。Retrieve a JSON Web Token (JWT) for a user in your an Active Directory tenant using Azure Active Directory's Graph API. 然后,可以使用此令牌在应用程序或 API 中对用户进行身份验证。This token can then be used to authenticate the user with an application or API.

ExecutorService service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext(AUTHORITY, false, service);
Future<AuthenticationResult> future = context.acquireToken(
    "https://graph.windows.net", YOUR_TENANT_ID, username, password,
    null);
AuthenticationResult result = future.get();
System.out.println("Access Token - " + result.getAccessToken());
System.out.println("Refresh Token - " + result.getRefreshToken());
System.out.println("ID Token - " + result.getIdToken());

管理 APIManagement API

配置基于角色的访问控制,并使用管理 API 将标识(例如用户和服务主体)分配到这些角色。Configure role based access control and assign identities (such as users and service principals) to those roles with the management API.

向 Maven pom.xml 文件中添加依赖项,以便在项目中使用管理 API。Add a dependency to your Maven pom.xml file to use the management API in your project.

<dependency>
    <groupId>com.microsoft.azure</groupId>
    <artifactId>azure-mgmt-graph-rbac</artifactId>
    <version>1.3.0</version>
</dependency>

示例Example

创建新的服务主体并为其分配参与者角色。Create a new service principal and assign it the Contributor role.

ServicePrincipal sp = Azure.servicePrincipals().define(spName)
    .withNewApplication("http://" + spName)
    .create();
RoleAssignment roleAssignment2 = authenticated.roleAssignments()
    .define("contribRoleAssignment")
    .forServicePrincipal(sp)
    .withBuiltInRole(BuiltInRole.CONTRIBUTOR)
    .withSubscriptionScope("862f67bc-d3ae-4243-bec7-3da6dca77717")
    .create();

示例Samples

管理组、用户和角色 Manage groups, users, and roles
在 Java Web 应用中登录和注销用户 Sign-in and sign-out users in a Java web app
在 Azure AD 中使用命令行应用访问 API Access an API with Azure AD using a command line app
从 Java Web 应用调用 Active AD 图形 APICall the Active AD Graph API from your Java web app

详细了解可在应用中使用的 Azure AD 示例 Java 代码Explore more sample Java code for Azure AD you can use in your apps.