MSAL JAVA WEB API 用于 DNS 和记录
MSAL JAVA WEB API for DNS and records
我们如何使用 Azure Web 服务 API 和最新的 "MSAL" 库而不是基于 ADAL 的库在 Azure 服务器上创建区域 DNS 和记录?但是 dns 库支持 https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains 没有提到任何使用 MSAL 访问令牌的方法。例如
ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
.withRegion(Region.US_EAST2)
.create();
System.out.println("Creating root DNS zone " + customDomainName + "...");
DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
.withExistingResourceGroup(resourceGroup)
.create();
但它使用的是密钥而不是 msal 提供的访问令牌。这已经可以通过 azure 在内部使用 ADAL 的旧方法实现。
如果您想使用Azure java 管理SDK 来管理带有AD 访问令牌的Azure DNS,请参考以下代码
一个。创建一个服务主体(我使用 Azure CLI 来做到这一点)
az login
az account set --subscription "<your subscription id>"
# the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"
- 代码
public void test() throws MalformedURLException, ExecutionException, InterruptedException {
AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE,ADProperty.tenantId) {
@Override
public String getToken(String resource) throws IOException {
String token =null;
// use msal to get Azure AD access token
ConfidentialClientApplication app = ConfidentialClientApplication.builder(
ADProperty.clientId, // sp appid
ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // sp password
.authority(ADProperty.authority) // "https://login.microsoftonline.com/" + sp tenant id
.build();
ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
Collections.singleton("https://management.azure.com/.default"))
.build();
CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
try {
token =future.get().accessToken();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
return token;
}
};
Azure azure = Azure.authenticate(tokenCredentials)
.withSubscription(ADProperty.subscriptionId); // sp subscription id
DnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com")
.withExistingResourceGroup("jimtest")
.create();
System.out.println("create DNSZone " + rootDnsZone.name() + " successfully");
}
我们如何使用 Azure Web 服务 API 和最新的 "MSAL" 库而不是基于 ADAL 的库在 Azure 服务器上创建区域 DNS 和记录?但是 dns 库支持 https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains 没有提到任何使用 MSAL 访问令牌的方法。例如
ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
.withRegion(Region.US_EAST2)
.create();
System.out.println("Creating root DNS zone " + customDomainName + "...");
DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
.withExistingResourceGroup(resourceGroup)
.create();
但它使用的是密钥而不是 msal 提供的访问令牌。这已经可以通过 azure 在内部使用 ADAL 的旧方法实现。
如果您想使用Azure java 管理SDK 来管理带有AD 访问令牌的Azure DNS,请参考以下代码
一个。创建一个服务主体(我使用 Azure CLI 来做到这一点)
az login
az account set --subscription "<your subscription id>"
# the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"
- 代码
public void test() throws MalformedURLException, ExecutionException, InterruptedException {
AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE,ADProperty.tenantId) {
@Override
public String getToken(String resource) throws IOException {
String token =null;
// use msal to get Azure AD access token
ConfidentialClientApplication app = ConfidentialClientApplication.builder(
ADProperty.clientId, // sp appid
ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // sp password
.authority(ADProperty.authority) // "https://login.microsoftonline.com/" + sp tenant id
.build();
ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
Collections.singleton("https://management.azure.com/.default"))
.build();
CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
try {
token =future.get().accessToken();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
return token;
}
};
Azure azure = Azure.authenticate(tokenCredentials)
.withSubscription(ADProperty.subscriptionId); // sp subscription id
DnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com")
.withExistingResourceGroup("jimtest")
.create();
System.out.println("create DNSZone " + rootDnsZone.name() + " successfully");
}