问题描述
想通过Java SDK的方式来获取Azure 门户中所列举的用户。一直报错无法正常调用接口,错误信息与AAD登录认证相关,提示tenant not found。
想要实现的目的,通过代码方式获取如下User List(https://portal.azure.cn/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers)
JAVA 代码
错误截图
如何来解决获取AAD认证的问题呢?
解决方法
在代码中,已经设置了AAD登录Scopes 为China Azure (https://microsoftgraph.chinacloudapi.cn/.default)。 但是GraphServiceClient对象依旧导向到Global的Endpoint,在查看GraphServiceClient的源码发现它为固定值("https://graph.microsoft.com/v1.0")。而该类没有提供可以重写该参数的方法,导致在最终请求时,每次生成的GraphServiceClient对象都无法请求到china的Endpoint。
这也就导致了即使输入正确China AAD认证信息但依旧无法登录成功。最后,找到了一个Graph扩展类中的IGraphServiceClient类,它提供了setServiceRoot的方法,需要引用import com.microsoft.graph.models.extensions.IGraphServiceClient;
然后在代码中修改GraphServiceClient定义(代码中高亮部分)
package GraphTest; import com.microsoft.graph.auth.confidentialClient.ClientCredentialProvider; import com.microsoft.graph.auth.enums.NationalCloud; import com.microsoft.graph.models.extensions.IGraphServiceClient; import com.microsoft.graph.requests.extensions.GraphServiceClient; import java.util.ArrayList; public class TestBase_Customer_Solve { private String clientId=""; private String clientSecret=""; private String grantType = "client_credentials"; private String tokenEndpoint = "https://login.partner.microsoftonline.cn/{teantId}/oauth2/v2.0/token"; private String resourceId = "https://microsoftgraph.chinacloudapi.cn/.default"; private String teantId = ""; public IGraphServiceClient graphClient = null; public IGraphServiceClient GetClient(boolean authenticate) { if (graphClient == null) { try { ArrayList<String> scope = new ArrayList(); scope.add( resourceId ); ClientCredentialProvider authProvider = new ClientCredentialProvider( clientId, scope, clientSecret, teantId, NationalCloud.China); graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient(); graphClient.setServiceRoot( "https://microsoftgraph.chinacloudapi.cn/v1.0" ); return graphClient; } catch (Exception e) { throw new Error("Could not create a graph client: " + e.getLocalizedMessage()); } } return null; } }
在修改了Graph Client的Service Root为https://microsoftgraph.chinacloudapi.cn/v1. 最终是成功拿到了Users的列表数据。
参考资料
msgraph-sdk-java-auth:https://github.com/microsoftgraph/msgraph-sdk-java-auth
GraphServiceClient.java: https://github.com/microsoftgraph/msgraph-sdk-java/blob/4638206053a5545a6d6ba73168337939cde34fed/src/main/java/com/microsoft/graph/requests/GraphServiceClient.java
Get a GraphServiceClient object:https://github.com/microsoftgraph/msgraph-sdk-java#23-get-a-graphserviceclient-object
