public abstract class KeyVaultCredentials extends CloudCredentials implements BearerCredentialsSupport
CloudCredentials that supports automatic bearer
token refresh.| Constructor and Description |
|---|
KeyVaultCredentials() |
| Modifier and Type | Method and Description |
|---|---|
<T> void |
applyConfig(String profile,
Map<String,Object> properties) |
org.apache.http.Header |
authenticate(ServiceRequestContext request,
BearerAuthentication authentication)
Authenticates a request by answering a challenge.
|
abstract org.apache.http.Header |
doAuthenticate(ServiceRequestContext request,
Map<String,String> challenge)
Answers a server challenge with a token header.
|
public <T> void applyConfig(String profile, Map<String,Object> properties)
applyConfig in class CloudCredentialspublic org.apache.http.Header authenticate(ServiceRequestContext request, BearerAuthentication authentication)
BearerCredentialsSupport
Implementations typically call
BearerAuthentication.getParameters() to identify the challenge,
then obtain a token that satisfies the challenge, and finally return a
authorization header object.
This method can return null, in which case the user will
typically see a 401 Unauthorized error.
authenticate in interface BearerCredentialsSupportpublic abstract org.apache.http.Header doAuthenticate(ServiceRequestContext request, Map<String,String> challenge)
Implementations typically use ADAL to get a token, as performed in the sample below:
@Override
public Header doAuthenticate(ServiceRequestContext request, Map<String, String> challenge) {
String authorization = challenge.get("authorization");
String resource = challenge.get("resource");
String clientId = ...; // client GUID as shown in Azure portal.
String clientKey = ...; // client key as provided by Azure portal.
AuthenticationResult token = getAccessTokenFromClientCredentials(authorization, resource, clientId, clientKey);
return new BasicHeader("Authorization", token.getAccessTokenType() + " " + token.getAccessToken());
}
private static AuthenticationResult getAccessTokenFromClientCredentials(String authorization, String resource, String clientId, String clientKey) {
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(authorization, false, service);
ClientCredential credentials = new ClientCredential(clientId, clientKey);
Future<AuthenticationResult> future = context.acquireToken(resource, credentials, null);
result = future.get();
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
service.shutdown();
}
if (result == null) {
throw new RuntimeException("authentication result was null");
}
return result;
}
Note: The client key must be securely stored. It's advised to use two client applications - one for development and other for production - managed by separate parties.
/**
* Copyright Microsoft Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/