getKey上的Azure KeyVaultErrorException
问题描述:
我正在运行AzureClient java sdk。我创建keyvault客户端这样的:getKey上的Azure KeyVaultErrorException
ApplicationTokenCredentials applicationTokenCredentials=new
ApplicationTokenCredentials(APPLICATION_ID, "DOMAIN", CLIENT_SECRET,
AzureEnvironment.AZURE);
vc = new KeyVaultClient(applicationTokenCredentials);
而且我写这个代码从蔚蓝的目录中获取关键:
Future<KeyBundle> keyBundleFuture = vc.getKeyAsync(testKeyIdentifier, new ServiceCallback<KeyBundle>() {
public void failure(Throwable throwable) {
}
public void success(KeyBundle keyBundle) {
System.out.print(keyBundle.toString());
}
});
KeyBundle keyBundle = keyBundleFuture.get();
,但我发现这个错误
Exception in thread "main" java.util.concurrent.ExecutionException: com.microsoft.azure.keyvault.models.KeyVaultErrorException: Status code 401.
而且到请注意,我已向Azure门户授予我的应用程序的权限以访问密钥模块
答
根据状态代码您的错误的401
以及Key Vault的REST API参考Authentication, requests, and responses
,这是由于Azure Java SDK使用的凭据不正确导致的。要使用Azure SDK访问Key Vault,必须使用KeyVaultCredentials
进行身份验证,这需要使用方法doAuthenticate
执行。
作为参考,下面是我的示例代码如下。
ServiceClientCredentials credentials = new KeyVaultCredentials() {
@Override
public String doAuthenticate(String authorization, String resource, String scope) {
AuthenticationResult res = null;
try {
res = GetAccessToken(authorization, resource, clientId, secret);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ExecutionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return res.getAccessToken();
}
private AuthenticationResult GetAccessToken(String authorization, String resource, String clientID, String clientKey)
throws InterruptedException, ExecutionException {
AuthenticationContext ctx = null;
ExecutorService service = Executors.newFixedThreadPool(1);
try {
ctx = new AuthenticationContext(authorization, false, service);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Future<AuthenticationResult> resp = ctx.acquireToken(resource, new ClientCredential(
clientID, clientKey), null);
AuthenticationResult res = resp.get();
return res;
}
};
KeyVaultClient client = new KeyVaultClient(credentials);
String keyIdentifier = "https://<your-keyvault>.vault.azure.net/keys/<your-key>/xxxxxxxxxxxxxxxxxxxxxx";
KeyBundle keyBundle = client.getKey(keyIdentifier);
然后,它工作。
谢谢,做了这个工作 –