• 【Azure Developer】Java代码访问Key Vault Secret时候的认证问题,使用 DefaultAzureCredentialBuilder 或者 ClientSecretCredentialBuilder


    问题描述

    使用Java SDK获取Key Vault Secret机密信息时,需要获取授权。通常是使用AAD的注册应用(Client ID, Tenant ID, Client Secret)来获取 credential 对象。

            SecretClient secretClientidentity = new SecretClientBuilder()
                            .vaultUrl(keyVaultUri)
                            .credential(new DefaultAzureCredentialBuilder() 
                                            .authorityHost(AzureAuthorityHosts.AZURE_CHINA)
                                            .build())
                            .buildClient();

    如果使用 DefaultAzureCredentialBuilder  来创建,则需要把 Client ID, Secret 和 Tenant ID 设置为环境变量。

    如果不想设置环境变量,而想直接把三个参数值通过代码传递,是否有示例代码呢?

    问题解答

    可以的。使用 ClientSecretCredentialBuilder 就可以把Client ID,Secret 和 Tenant ID 参数显示设置。

    代码如下:

            // /**
            //  *  Authenticate with client secret.
            //  */
            String clientID="xxxxxxxx-8216-xxxxxxxx-8924-xxxxxxxxxxxxxxxx";
            String tenantID="xxxxxxxx-66d7-xxxxxxxx-8f9f-xxxxxxxxxxxxxxxx";
            String clientSecret="xxxxxxxx.3ay_aOti..4";
            ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
                    .clientId(clientID)
                    .clientSecret(clientSecret)
                    .tenantId(clientSecret)
                    .authorityHost(AzureAuthorityHosts.AZURE_CHINA)
                    .build();
    
            SecretClient secretClientidentity = new SecretClientBuilder()
                    .vaultUrl(keyVaultUri)
                    .credential(clientSecretCredential)
                    .buildClient();

    完整代码

    package com.example.demokeyvault;
    
    import org.springframework.boot.SpringApplication;
    import org.springframework.boot.autoconfigure.SpringBootApplication;
    
    import com.azure.identity.AzureAuthorityHosts;
    import com.azure.identity.ClientSecretCredential;
    import com.azure.identity.ClientSecretCredentialBuilder;
    import com.azure.identity.DefaultAzureCredentialBuilder;
    
    import com.azure.security.keyvault.secrets.SecretClient;
    import com.azure.security.keyvault.secrets.SecretClientBuilder;
    import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
    
    @SpringBootApplication
    public class DemokeyvaultApplication {
    
        public static void main(String[] args) {
            SpringApplication.run(DemokeyvaultApplication.class, args);
    
            System.out.println("Hello World!");
            String keyVaultUri = "https://yourkeyvaultname.vault.azure.cn/";
    
            System.out.printf(" key vault URI = %s \n", keyVaultUri);
    
            // String userIdentityID = " - - - - ";
            // .managedIdentityClientId(userIdentityID)
    
            // /**
            // * Authenticate with client secret.
            // */
            String clientID = "xxxx-xxxx-xxxx-xxxx-xxxx";
            String tenantID = "xxxx-xxxx-xxxx-xxxx-xxxx";
            String clientSecret = "xxxx.xxxx..4";
            ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
                    .clientId(clientID)
                    .clientSecret(clientSecret)
                    .tenantId(clientSecret)
                    .authorityHost(AzureAuthorityHosts.AZURE_CHINA)
                    .build();
    
            SecretClient secretClientidentity = new SecretClientBuilder()
                    .vaultUrl(keyVaultUri)
                    .credential(clientSecretCredential)
                    .buildClient();
    
            // /**
            // * Authenticate with DefaultAzureCredentialBuilder.
            // */
            // SecretClient secretClientidentity = new SecretClientBuilder()
            //         .vaultUrl(keyVaultUri)
            //         .credential(new DefaultAzureCredentialBuilder()
            //                 .authorityHost(AzureAuthorityHosts.AZURE_CHINA)
            //                 .build())
            //         .buildClient();
    
            String secretName = "testsecret01";
    
            KeyVaultSecret retrievedSecret = secretClientidentity.getSecret(secretName);
    
            System.out.println("Your secret's value is '" + retrievedSecret.getValue() + "'.");
    
            System.out.println("done.");
        }
    
    }

    POM.XML

    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <parent>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-parent</artifactId>
            <version>1.5.9.RELEASE</version>
            <relativePath /> <!-- lookup parent from repository -->
        </parent>
        <groupId>com.example</groupId>
        <artifactId>demokeyvault</artifactId>
        <version>0.0.1-SNAPSHOT</version>
        <name>demokeyvault</name>
        <description>Demo project for Spring Boot</description>
        <properties>
            <java.version>8</java.version>
        </properties>
        <dependencies>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-web</artifactId>
            </dependency>
    
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-test</artifactId>
                <scope>test</scope>
            </dependency>
            <dependency>
                <groupId>com.azure</groupId>
                <artifactId>azure-security-keyvault-secrets</artifactId>
                <version>4.2.3</version>
            </dependency>
    
            <dependency>
                <groupId>com.azure</groupId>
                <artifactId>azure-identity</artifactId>
                <version>1.2.0</version>
            </dependency>
            <dependency>
                <groupId>io.projectreactor</groupId>
                <artifactId>reactor-core</artifactId>
                <version>3.4.19</version>
            </dependency>
        </dependencies>
    
        <build>
            <plugins>
                <plugin>
                    <groupId>org.springframework.boot</groupId>
                    <artifactId>spring-boot-maven-plugin</artifactId>
                </plugin>
            </plugins>
        </build>
    
    </project>

    参考资料

    Client secret credential : https://learn.microsoft.com/en-us/azure/developer/java/sdk/identity-service-principal-auth#client-secret-credential

    适用于 Java 的 Azure Key Vault 机密客户端库 : https://docs.azure.cn/zh-cn/key-vault/secrets/quick-create-java?tabs=azure-cli

  • 相关阅读:
    下一座“金矿”:移动医疗的契机和风险
    android ViewStub简单介绍
    IT人员必须掌握的10项软技能
    Android ListView item 点击事件失效问题的解决
    前端之Android入门(3):MVC模式(上)
    Android 错误提示: Can't create handler inside thread that has not called Looper.prepare()
    Android 性能优化提示
    Android 学习资源
    元素水平对齐
    div垂直居中
  • 原文地址:https://www.cnblogs.com/lulight/p/16739485.html
Copyright © 2020-2023  润新知