使用Apache CXF在Java中获取Azure Pack的安全性令牌

时间:2015-10-16 18:33:00

标签: java azure cxf sts-securitytokenservice ws-trust

我正在尝试用Java编写可以从STS for Azure Pack获取安全令牌的代码,然后我可以使用它来验证对Azure Pack API的调用。以下是example code that Microsoft provides(用于)在C#中获取此令牌:

        string windowsAuthSiteEndPoint = EnvironmentToUse + ":30072";
        var identityProviderEndpoint = new EndpointAddress(new Uri(windowsAuthSiteEndPoint + "/wstrust/issue/windowstransport"));
        var identityProviderBinding = new WS2007HttpBinding(SecurityMode.Transport);
        identityProviderBinding.Security.Message.EstablishSecurityContext = false;
        identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;
        identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

        var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint)
        {
            TrustVersion = TrustVersion.WSTrust13,
        };

        var channel = trustChannelFactory.CreateChannel();
        var rst = new RequestSecurityToken(RequestTypes.Issue)
        {
            AppliesTo = new EndpointReference("http://azureservices/AdminSite"),
            KeyType = KeyTypes.Bearer,
        };

        RequestSecurityTokenResponse rstr = null;
        SecurityToken token = null;
        token = channel.Issue(rst, out rstr);

以下是我目前在Java中所做的事情,我试图做同样的事情:

    import org.apache.cxf.Bus;
    import org.apache.cxf.bus.spring.SpringBusFactory;
    import org.apache.cxf.sts.STSConstants;
    import org.apache.cxf.ws.security.SecurityConstants;
    import org.apache.cxf.ws.security.tokenstore.SecurityToken;
    import org.apache.cxf.ws.security.trust.STSClient;

    SpringBusFactory springBusFactory = new SpringBusFactory();
    Bus bus = springBusFactory.createBus();

    STSClient stsClient = new STSClient(bus);
    stsClient.setLocation("https://" + endpoint + ":30072/wstrust/issue/windowstransport");
    stsClient.setServiceName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService");
    stsClient.setEndpointName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}WS2007HttpBinding_IWSTrust13Sync");
    stsClient.setKeyType(STSConstants.BEARER_KEY_KEYTYPE);
    stsClient.isEnableAppliesTo();

    bus.setProperty(SecurityConstants.STS_CLIENT, stsClient);
    bus.setProperty(SecurityConstants.STS_APPLIES_TO, "http://azureservices/AdminSite");

    SecurityToken securityToken = stsClient.requestSecurityToken();

运行Java测试代码时,我收到了401 Unauthorized HTTP响应:

    Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '401: Unauthorized' when communicating with https://endpoint:30072/wstrust/issue/windowstransport

在尝试重新创建C#代码的内容时,我似乎缺少以下功能,但我无法弄清楚Java /使用Apache CXF库的以下代码的等效内容:

1)identityProviderBinding.Security.Message.EstablishSecurityContext = false;

2)identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;

3)identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

我也可能做其他事情。有什么想法或建议吗?

1 个答案:

答案 0 :(得分:0)

您是否尝试过使用管理证书来验证您的请求而不是安全令牌。 https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_cert有关于如何在Azure中执行此操作的信息,但Azure Pack应该没有太大区别。

相关问题
最新问题