Fatal编程技术网
  • java/
  • 访问令牌的ADAL java库不返回组和角色

访问令牌的ADAL java库不返回组和角色

java active-directory

访问令牌的ADAL java库不返回组和角色,java,active-directory,token,adal,Java,Active Directory,Token,Adal,我正在尝试使用ADAL4J库获取Active Directory的组和角色,我所指的示例项目是 GitHub AzureAD示例项目 我得到的响应是具有以下内容的令牌: { "aud": "https://graph.windows.net", "iss": "[redacted for stackoverflow post]", "iat": 1474924521, "nbf": 1474924521, "exp": 1474928421, "appid": "MyAp

我正在尝试使用ADAL4J库获取Active Directory的组和角色,我所指的示例项目是 GitHub AzureAD示例项目

我得到的响应是具有以下内容的令牌:

{
  "aud": "https://graph.windows.net",
  "iss": "[redacted for stackoverflow post]",
  "iat": 1474924521,
  "nbf": 1474924521,
  "exp": 1474928421,
  "appid": "MyApplicationObjectId from AD",
  "appidacr": "1",
  "e_exp": 10800,
  "idp": "[redacted for stack overflow post]",
  "oid": "68467740-2af5-43ab-8bfb-362b494956c5",
  "roles": [
    "Device.ReadWrite.All",
    "Directory.Read.All",
    "Directory.ReadWrite.All",
    "Domain.ReadWrite.All"
  ],
  "sub": "68467740-2af5-43ab-8bfb-362b494956c5",
  "tid": "e536c1ed-4822-4b88-8c01-9f14c1c583e3",
  "ver": "1.0"
}
但是,我希望访问令牌中也包含以下声明:

"groups": [
    "8c335044-b534-4cfa-a816-c62588ca169e",
    "68ff7ec2-db1b-45cc-afb4-785723f9a2db",
    "a79ed389-c46f-4782-9752-90f4871e4b15",
    "657b2f05-15f2-4849-a831-c42ecdf7db13"
  ],
"roles": [
    "add-or-view-org-admin"
  ],
由于我的用户尝试访问的应用程序是web应用程序,因此我在请求中发送客户端密码,如下所示:

private static AuthenticationResult getAccessTokenFromUserCredentials(
    String username, String password) throws Exception
{
    AuthenticationContext context = null;
    AuthenticationResult result = null;
    ExecutorService service = null;
    try {
        service = Executors.newFixedThreadPool(1);
        context = new AuthenticationContext(AUTHORITY, true, service);
        ClientCredential clientCred = new ClientCredential(
            CLIENT_ID, "Client Key for my Application from Active Directory");
        Future<AuthenticationResult> future = context.acquireToken(
            "https://graph.windows.net", clientCred, null);
        result = future.get();
    } finally {
        service.shutdown();
    }
    if (result == null) {
        throw new ServiceUnavailableException(
                "authentication result was null");
    }
    return result;
}

私有静态身份验证结果getAccessTokenFromUserCredentials(
字符串用户名、字符串密码)引发异常
{
AuthenticationContext上下文=null;
AuthenticationResult=null;
ExecutorService=null;
试一试{
服务=Executors.newFixedThreadPool(1);
context=新的AuthenticationContext(AUTHORITY、true、service);
ClientCredential clientCred=新的ClientCredential(
客户端ID,“Active Directory中我的应用程序的客户端密钥”);
Future=context.acquireToken(
"https://graph.windows.net,clientCred,null);
结果=future.get();
}最后{
service.shutdown();
}
如果(结果==null){
抛出新ServiceUnavailableException(
“验证结果为空”);
}
返回结果;
}
有没有人能够使用这样的Java客户机做到这一点

我需要让它使用Java,因为我需要为它运行集成测试

非常感谢您的帮助。

配置集成测试以获取访问Azure Active Directory中配置的Web应用程序的访问令牌

  • 从中获取PublicClient.java

  • 遵循README.md中的步骤,并允许本机应用程序为AAD中配置的Web应用程序请求令牌

  • 单击“添加应用程序”,选择“显示所有应用程序”,单击“确定”按钮(显示勾号),然后选择已注册的应用程序
  • 授予此应用程序的权限。(“访问库存洞察”) 保存更改
  • 在PublicClient.java中使用以下命令
    • 私有最终静态字符串权限=”

    专用最终静态字符串客户端_ID=“675a9f3e-c78a-48cc-9151-59d14ac2205b”

    FutureFuture=context.acquireToken (“应用程序用户试图访问的客户端Id.”,客户端Id,用户名,密码,null)