使用Apache CXF為Java中的Azure Pack獲取安全令牌

Question

我正在嘗試用Java編寫代碼，以從Azure Pack的STS獲取安全令牌，然后將其用於驗證對Azure Pack API的調用。 這是Microsoft提供的 （適用於）在C＃中獲取此令牌的示例代碼 ：

        string windowsAuthSiteEndPoint = EnvironmentToUse + ":30072";
        var identityProviderEndpoint = new EndpointAddress(new Uri(windowsAuthSiteEndPoint + "/wstrust/issue/windowstransport"));
        var identityProviderBinding = new WS2007HttpBinding(SecurityMode.Transport);
        identityProviderBinding.Security.Message.EstablishSecurityContext = false;
        identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;
        identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

        var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint)
        {
            TrustVersion = TrustVersion.WSTrust13,
        };

        var channel = trustChannelFactory.CreateChannel();
        var rst = new RequestSecurityToken(RequestTypes.Issue)
        {
            AppliesTo = new EndpointReference("http://azureservices/AdminSite"),
            KeyType = KeyTypes.Bearer,
        };

        RequestSecurityTokenResponse rstr = null;
        SecurityToken token = null;
        token = channel.Issue(rst, out rstr);

這是我目前在Java中嘗試做的相同事情的地方：

    import org.apache.cxf.Bus;
    import org.apache.cxf.bus.spring.SpringBusFactory;
    import org.apache.cxf.sts.STSConstants;
    import org.apache.cxf.ws.security.SecurityConstants;
    import org.apache.cxf.ws.security.tokenstore.SecurityToken;
    import org.apache.cxf.ws.security.trust.STSClient;

    SpringBusFactory springBusFactory = new SpringBusFactory();
    Bus bus = springBusFactory.createBus();

    STSClient stsClient = new STSClient(bus);
    stsClient.setLocation("https://" + endpoint + ":30072/wstrust/issue/windowstransport");
    stsClient.setServiceName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService");
    stsClient.setEndpointName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}WS2007HttpBinding_IWSTrust13Sync");
    stsClient.setKeyType(STSConstants.BEARER_KEY_KEYTYPE);
    stsClient.isEnableAppliesTo();

    bus.setProperty(SecurityConstants.STS_CLIENT, stsClient);
    bus.setProperty(SecurityConstants.STS_APPLIES_TO, "http://azureservices/AdminSite");

    SecurityToken securityToken = stsClient.requestSecurityToken();

運行Java測試代碼時，我收到401未經授權的HTTP響應：

    Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '401: Unauthorized' when communicating with https://endpoint:30072/wstrust/issue/windowstransport

嘗試重新創建C＃代碼的功能時，似乎缺少以下功能，但是我無法弄清楚Java /使用Apache CXF庫中的以下代碼等效於什么：

1）identityProviderBinding.Security.Message.EstablishSecurityContext = false;

2）identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;

3）identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

我也可能在做其他錯誤的事情。 有什么想法或建議嗎？

Answer 1

您是否嘗試過使用管理證書而不是安全令牌來認證您的請求。 https://msdn.microsoft.com/zh-cn/library/azure/ee460782.aspx#bk_cert包含有關如何在Azure中執行此操作的信息，但對於Azure Pack來說應該沒有太大區別。