|
Tutorial: How to leverage Access Control Service using
the AppFabric SDK for Java
Developers |
|
|
|
|
|
|
|
|
|
|
|
Overview
|
|
|
This tutorial explains how developers can easily use the
AppFabric SDK to write Java applications that use the Access Control Services provided by Services.
|
|
|
| For more
information about AppFabric
ACS please refer to
MSDN documenation |
AppFabric SDK for Java Developers
provides classes to:
- Retrieve different types
of tokens from ACS
- Validate ACS Token
- Validate Claims
|
|
|
|
|
The following sections provide examples
of the above functionality. Once you
have installed and configured the SDK,
you can follow the examples below.
|
|
|
|
|
|
|
|
Retrieving Token from ACS
|
|
|
The Authentication class shows how the SDK can be used to retrieve
a token from ACS.
We first create a Credentials object, which represents
the kind of token we desire. In this case we want a SimpleApiAuth token. ACS requires the requestor to provide scope name and issuer key values to produce the token.
|
|
|
|
Note that scope creation and other such ACS management functions can be achieved using ACM tool provided by SDK for Microsoft Services (Nov 2009 CTP Release). More info about ACM tool can be found under Access Control samples provided along with that SDK under following path "{Installation folder of SDK}\Samples\AccessControl\ExploringFeatures\Management\AcmTool\Readme.htm"
|
|
|
|
We then create the URI from where the token is to be obtained using the CreateSimpleApiAuthUri function provided by ACSUri class. The getACSToken method of the ACSTokenProvider class returns the desired token.
|
|
|
|
|
import com.persistent.appfabric.acs.ACSTokenProvider;
import com.persistent.appfabric.acs.ACSUri;
import com.persistent.appfabric.acs.Credentials;
/**
* Class to retrieve token from ACS and validate it
* */
public class Authentication {
public static void main(String[] args) {
String scopeName="infocorp";
String issuerKey ="WX8uETbRzxQblodDcYg+XDmiv61mu/K7RXM2z+uoueM=";
String serviceName ="javaservice";
String appliesTo = "http://localhost/SalesDashboard/";
try {
//Create the credentials object
Credentials credentials = new Credentials
(Credentials.TOKEN_TYPE.SimpleApiAuthToken,scopeName,
issuerKey);
//Initialize ACSTokenProvider
ACSTokenProvider service = new ACSTokenProvider
credentials);
//Get the URI for retrieving token
String requestUri = ACSUri.CreateSimpleApiAuthUri
(serviceName);
//Method call for retrieving token
String token = service.getACSToken(requestUri,
appliesTo );
//Print result
System.out.println("Token= " + token);
} catch (Exception e) {
e.printStackTrace();
}
}
}
|
|
|
|
|
Result:
|
|
|
|
|
|
|
|
|
|
|
Token Validation
|
|
|
|
We can use ACS tokens for validating requests from client applications. One way to achieve this is retrieving the token as described above and passing it in the header to the service application. The service application will serve only the requests that have valid tokens in their headers.
|
|
|
|
The validateToken function of the TokenValidator class returns true if the passed token is valid. The function requires the signing key (obtained from ACS while creating service) for validation.
|
|
|
|
|
TokenValidator tokenValidator = new TokenValidator("javaservice",
"http://localhost/SalesDashboard/", signingKey , token);
if(tokenValidator.validateToken())
System.out.println("Validate token success");
else{
System.out.println("Validate token failed");
}
|
|
|
|
|
|
|
|
|
Validating Claims
|
|
|
|
Tokens contain claims that can be used to track the access rights of the requestor. Suppose we have a calculator service that provides services like addition, subtraction, multiplication and division. A request for addition should have a token that has claims required for addition. E.g. addition=true.
|
|
|
|
We can now use the validateClaims method of TokenValidator class to check if the client has the claims necessary for getting the desired service.
|
|
|
|
The following code will return true if the token has claims "addition=true"
|
|
|
Hashtable<String,String> RequiredClaims = new Hashtable<String,String>();
RequiredClaims.put("addition", "true");
if(tokenValidator.validateClaims(RequiredClaims)){
System.out.println("Valid claims for addition");
else{
System.out.println("Addition not allowed");
}
|
|
|
|
|
|
|
|
|
The Credentials Class in Detail
|
|
|
The Credentials class has the authentication details required by ACS for retrieving token.
Each token type requires different types of credential values:
- Simple API Auth token
- Simple web token
- Shared secret token
- Issuer Name
- Issuer Secret
- SAML token
|
|
|
|
E.g. for Shared Secret Token the credentials object will be initialized as follows:
|
|
|
|
|
Credentials credentials = new Credentials
(Credentials.TOKEN_TYPE.SharedSecretToken,issuerName,issuerSecret);
|
|
|
|
|
|
|
|
|
Acquiring Different Types of Tokens using ACSTokenProvider
|
|
|
|
Simple API Auth: Acquiring SimpleAPIAuth token using ACSTokenProvider.
|
|
|
|
|
Credentials credentials = new Credentials
(Credentials.TOKEN_TYPE.SimpleApiAuthToken,wrapName,wrapPassword);
ACSTokenProvider tp = new ACSTokenProvider(httpProxy,httpPort,credentials);
String token = tp.getACSToken(requestUriStr, appliesTo);
|
|
|
|
|
Shared Secret Key: Acquiring SharedSecretKey token using ACSTokenProvider
|
|
|
|
|
Credentials credentials = new Credentials
(Credentials.TOKEN_TYPE.SharedSecretToken,issuerName,issuerSecret);
ACSTokenProvider tp = new ACSTokenProvider(httpProxy,httpPort,credentials);
String token = tp.getACSToken(requestUriStr, appliesTo);
|
|
|
|
|
Simple Web Token: Acquiring SimpleWebToken using ACSTokenProvider
|
|
|
|
|
String simpleWebToken = SharedSecretCredential.ComputeSimpleWebToken
(issuerName, issuerSecret);
Credentials credentials = new Credentials
(Credentials.TOKEN_TYPE.SimpleWebToken,simpleWebToken);
ACSTokenProvider tp = new ACSTokenProvider(httpProxy,httpPort,credentials);
String token1 = tp.getACSToken(requestUriStr, appliesTo);
|
|
|
|
|
SAML Token: Acquiring SAML token using ACSTokenProvider
|
|
|
|
|
Credentials credentials = new Credentials
(Credentials.TOKEN_TYPE.SamlToken,samlToken);
ACSTokenProvider tp = new ACSTokenProvider(httpProxy,httpPort,credentials);
String token = tp.getACSToken(requestUriStr, appliesTo);
|
|
|
|
|
|