1

我正在尝试用 Java 编写代码,该代码可以从 Azure Pack 的 STS 获取安全令牌,然后我可以使用它来验证对 Azure Pack API 的调用。以下是Microsoft 提供(有效)用于在 C# 中获取此令牌的示例代码:

        string windowsAuthSiteEndPoint = EnvironmentToUse + ":30072";
        var identityProviderEndpoint = new EndpointAddress(new Uri(windowsAuthSiteEndPoint + "/wstrust/issue/windowstransport"));
        var identityProviderBinding = new WS2007HttpBinding(SecurityMode.Transport);
        identityProviderBinding.Security.Message.EstablishSecurityContext = false;
        identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;
        identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

        var trustChannelFactory = new WSTrustChannelFactory(identityProviderBinding, identityProviderEndpoint)
        {
            TrustVersion = TrustVersion.WSTrust13,
        };

        var channel = trustChannelFactory.CreateChannel();
        var rst = new RequestSecurityToken(RequestTypes.Issue)
        {
            AppliesTo = new EndpointReference("http://azureservices/AdminSite"),
            KeyType = KeyTypes.Bearer,
        };

        RequestSecurityTokenResponse rstr = null;
        SecurityToken token = null;
        token = channel.Issue(rst, out rstr);

这是我目前在 Java 中所拥有的,我正在尝试做同样的事情:

    import org.apache.cxf.Bus;
    import org.apache.cxf.bus.spring.SpringBusFactory;
    import org.apache.cxf.sts.STSConstants;
    import org.apache.cxf.ws.security.SecurityConstants;
    import org.apache.cxf.ws.security.tokenstore.SecurityToken;
    import org.apache.cxf.ws.security.trust.STSClient;

    SpringBusFactory springBusFactory = new SpringBusFactory();
    Bus bus = springBusFactory.createBus();

    STSClient stsClient = new STSClient(bus);
    stsClient.setLocation("https://" + endpoint + ":30072/wstrust/issue/windowstransport");
    stsClient.setServiceName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService");
    stsClient.setEndpointName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}WS2007HttpBinding_IWSTrust13Sync");
    stsClient.setKeyType(STSConstants.BEARER_KEY_KEYTYPE);
    stsClient.isEnableAppliesTo();

    bus.setProperty(SecurityConstants.STS_CLIENT, stsClient);
    bus.setProperty(SecurityConstants.STS_APPLIES_TO, "http://azureservices/AdminSite");

    SecurityToken securityToken = stsClient.requestSecurityToken();

运行 Java 测试代码时收到 401 Unauthorized HTTP 响应:

    Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '401: Unauthorized' when communicating with https://endpoint:30072/wstrust/issue/windowstransport

在尝试重新创建 C# 代码的功能时,我似乎缺少以下功能,但我无法弄清楚在 Java/使用 Apache CXF 库中以下代码的等价物是什么:

1) identityProviderBinding.Security.Message.EstablishSecurityContext = false;

2) identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;

3) identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

我也有可能做错了其他事情。有什么想法或建议吗?

4

1 回答 1

0

您是否尝试过使用管理证书而不是安全令牌来验证您的请求。https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_cert提供了有关如何在 Azure 中执行此操作的信息,但 Azure Pack 应该没有太大差异。

于 2015-10-23T14:44:45.260 回答