Authenticating Azure Resource Management REST API requests using Java
This blog talks about how to authenticate Azure Resource Manager requests through REST API using Java. All the tasks that are used to manage resources that are deployed in resource groups with the Azure Resource Manager will need to be authenticated using Azure Active Directory. There are multiple ways to setup authentication with .NET, but with java there are two ways, you can authenticate requests.
Both require that you have co-administrator access to the Azure Account and also global admin access to the active directory which we will use to make REST API requests.
You would first need to create a Service Principal with Azure Resource Manager. For this you will need to
- Download and configure Azure Active Directory Module for Windows PowerShell or CLI.
- Then follow instructions here to switch to Azure Resource Manager Mode.
- Once you are ready to use PowerShell/CLI with Azure Active Directory, follow the steps provided here to create a service principal.
Note down the ApplicationID and the password used to create the service principal. Now you will need to download multiple java modules to make this work. Here is the list:
- ADAL for Java: This can be downloaded from here. This module has multiple dependencies, which are:
- oauth2-oidc-sdk (Nimbus)
- gson (Google)
- slf4j-api (Apache)
- httpclient (Apache)
Once you download these and configure them in build path, add this code to request access tokens from Azure Resource Management REST API’s. You can add this code into a function and call the function to return the results. Please note that there are some parameters like tenant_id, password, client_id, subscription_id that will need to be replaced for this to work.
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import javax.naming.ServiceUnavailableException;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.ClientCredential;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
public class PublicClient {
/*tenant_id can be found from your azure portal. Login into azure portal and browse to active directory and choose the directory you want to use. Then click on Applications tab and at the bottom you should see "View EndPoints". In the endpoints, the tenant_id will show up like this in the endpoint url's: https://login.microsoftonline.com/{tenant_id} */
private final static String AUTHORITY = "https://login.windows.net/{tenant_id}";
public static void main(String args[]) throws Exception {
AuthenticationResult result = getAccessTokenFromUserCredentials();
System.out.println("Access Token - " + result.getAccessToken());
HttpClient client = new DefaultHttpClient();
/* replace {subscription_id} with your subscription id and {resourcegroupname} with the resource group name for which you want to list the VM's. */
HttpGet request = new HttpGet("https://management.azure.com/subscriptions/{subscription_id}/resourceGroups/{resourcegroupname}/providers/Microsoft.ClassicCompute/virtualMachines?api-version=2014-06-01");
request.addHeader("Authorization","Bearer " + result.getAccessToken());
HttpResponse response = client.execute(request);
BufferedReader rd = new BufferedReader (new InputStreamReader(response.getEntity().getContent()));
String line = "";
while ((line = rd.readLine()) != null)
{
System.out.println(line);
}
}
private static AuthenticationResult getAccessTokenFromUserCredentials() throws Exception {
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try
{
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(AUTHORITY, false, service);
/* Replace {client_id} with ApplicationID and {password} with password that were used to create Service Principal above. */
ClientCredential credential = new ClientCredential("{client_id}","{password}");
Future<AuthenticationResult> future = context.acquireToken("https://management.azure.com/", credential, null);
result = future.get();
} finally
{
service.shutdown();
}
if (result == null) {
throw new ServiceUnavailableException("authentication result was null");
}
return result;
}
}
The REST API endpoints can be found here which can be used to manage your resources on Azure Resource Manager.
Comments
Anonymous
September 23, 2015
Great article. I am trying to run the program but it gives " com/nimbusds/oauth2/sdk/AuthorizationGrant : Unsupported major.minor version 51.0"Anonymous
October 14, 2015
Which version of java are you using. You may be using a lower jdk/jre version than 1.7.Anonymous
November 01, 2015
Hi, I am trying to use Azure Rate Card REST API to get the prices for the VM. But the API don't return the price for many roles like Basic_A2,Basic_A3 etc. Below is the Rest API used msdn.microsoft.com/.../mt219004.aspx Any help why it don't return the prices for the certain roles. Thanks.Anonymous
November 05, 2015
It may depend on Offer Id you are using. Can you let me know the parameters being used. I can give it a try.