共用方式為


DefaultAzureCredentialBuilder Class

public class DefaultAzureCredentialBuilder
extends CredentialBuilderBase<DefaultAzureCredentialBuilder>

Fluent credential builder for instantiating DefaultAzureCredential.

Sample: Construct DefaultAzureCredential

The following code sample demonstrates the creation of a DefaultAzureCredential, using the DefaultAzureCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

TokenCredential defaultAzureCredential = new DefaultAzureCredentialBuilder().build();

Sample: Construct DefaultAzureCredential with User-Assigned Managed Identity

User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in Microsoft Entra ID that is associated with one or more Azure resources. This identity can then be used to authenticate and authorize access to various Azure services and resources. The following code sample demonstrates the creation of a DefaultAzureCredential to target a user-assigned managed identity, using the DefaultAzureCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.

TokenCredential dacWithUserAssignedManagedIdentity
     = new DefaultAzureCredentialBuilder().managedIdentityClientId("<Managed-Identity-Client-Id").build();

Constructor Summary

Constructor Description
DefaultAzureCredentialBuilder()

Creates an instance of a DefaultAzureCredentialBuilder.

Method Summary

Modifier and Type Method and Description
DefaultAzureCredentialBuilder additionallyAllowedTenants(String[] additionallyAllowedTenants)

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.

DefaultAzureCredentialBuilder additionallyAllowedTenants(List<String> additionallyAllowedTenants)

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.

DefaultAzureCredentialBuilder authorityHost(String authorityHost)

Specifies the Microsoft Entra endpoint to acquire tokens.

DefaultAzureCredential build()

Creates new DefaultAzureCredential with the configured options set.

DefaultAzureCredentialBuilder credentialProcessTimeout(Duration credentialProcessTimeout)

Specifies a Duration timeout for developer credentials (such as Azure CLI) that rely on separate process invocations.

DefaultAzureCredentialBuilder disableInstanceDiscovery()

Disables the setting which determines whether or not instance discovery is performed when attempting to authenticate.

DefaultAzureCredentialBuilder executorService(ExecutorService executorService)

Specifies the ExecutorService to be used to execute the authentication requests.

DefaultAzureCredentialBuilder intelliJKeePassDatabasePath(String databasePath)

Specifies the KeePass database path to read the cached credentials of Azure toolkit for IntelliJ plugin.

DefaultAzureCredentialBuilder managedIdentityClientId(String clientId)

Specifies the client ID of user assigned or system assigned identity, when this credential is running in an environment with managed identities.

DefaultAzureCredentialBuilder managedIdentityResourceId(String resourceId)

Specifies the resource ID of user assigned or system assigned identity, when this credential is running in an environment with managed identities.

DefaultAzureCredentialBuilder tenantId(String tenantId)

Sets the tenant id of the user to authenticate through the DefaultAzureCredential.

DefaultAzureCredentialBuilder workloadIdentityClientId(String clientId)

Specifies the client ID of Microsoft Entra app to be used for AKS workload identity authentication.

Methods inherited from CredentialBuilderBase

Methods inherited from java.lang.Object

Constructor Details

DefaultAzureCredentialBuilder

public DefaultAzureCredentialBuilder()

Creates an instance of a DefaultAzureCredentialBuilder.

Method Details

additionallyAllowedTenants

public DefaultAzureCredentialBuilder additionallyAllowedTenants(String[] additionallyAllowedTenants)

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.

Parameters:

additionallyAllowedTenants - the additionally allowed tenants.

Returns:

An updated instance of this builder with the tenant id set as specified.

additionallyAllowedTenants

public DefaultAzureCredentialBuilder additionallyAllowedTenants(List additionallyAllowedTenants)

For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.

Parameters:

additionallyAllowedTenants - the additionally allowed tenants.

Returns:

An updated instance of this builder with the tenant id set as specified.

authorityHost

public DefaultAzureCredentialBuilder authorityHost(String authorityHost)

Specifies the Microsoft Entra endpoint to acquire tokens.

Parameters:

authorityHost - the Microsoft Entra endpoint

Returns:

An updated instance of this builder with the authority host set as specified.

build

public DefaultAzureCredential build()

Creates new DefaultAzureCredential with the configured options set.

Returns:

a DefaultAzureCredential with the current configurations.

credentialProcessTimeout

public DefaultAzureCredentialBuilder credentialProcessTimeout(Duration credentialProcessTimeout)

Specifies a Duration timeout for developer credentials (such as Azure CLI) that rely on separate process invocations.

Parameters:

credentialProcessTimeout - The Duration to wait.

Returns:

An updated instance of this builder with the timeout specified.

disableInstanceDiscovery

public DefaultAzureCredentialBuilder disableInstanceDiscovery()

Disables the setting which determines whether or not instance discovery is performed when attempting to authenticate. This will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By utilizing this API, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy.

Returns:

An updated instance of this builder with instance discovery disabled.

executorService

public DefaultAzureCredentialBuilder executorService(ExecutorService executorService)

Specifies the ExecutorService to be used to execute the authentication requests. Developer is responsible for maintaining the lifecycle of the ExecutorService.

If this is not configured, the common fork join pool will be used which is also shared with other application tasks. If the common pool is heavily used for other tasks, authentication requests might starve and setting up this executor service should be considered.

The executor service and can be safely shutdown if the TokenCredential is no longer being used by the Azure SDK clients and should be shutdown before the application exits.

Parameters:

executorService - the executor service to use for executing authentication requests.

Returns:

An updated instance of this builder with the executor service set as specified.

intelliJKeePassDatabasePath

public DefaultAzureCredentialBuilder intelliJKeePassDatabasePath(String databasePath)

Specifies the KeePass database path to read the cached credentials of Azure toolkit for IntelliJ plugin. The databasePath is required on Windows platform. For macOS and Linux platform native key chain / key ring will be accessed respectively to retrieve the cached credentials.

This path can be located in the IntelliJ IDE. Windows: File -> Settings -> Appearance & Behavior -> System Settings -> Passwords.

Parameters:

databasePath - the path to the KeePass database.

Returns:

An updated instance of this builder with the KeePass database path set as specified.

managedIdentityClientId

public DefaultAzureCredentialBuilder managedIdentityClientId(String clientId)

Specifies the client ID of user assigned or system assigned identity, when this credential is running in an environment with managed identities. If unset, the value in the AZURE_CLIENT_ID environment variable will be used. If neither is set, the default value is null and will only work with system assigned managed identities and not user assigned managed identities. Only one of managedIdentityClientId and managedIdentityResourceId can be specified.

Parameters:

clientId - the client ID

Returns:

the DefaultAzureCredentialBuilder itself

managedIdentityResourceId

public DefaultAzureCredentialBuilder managedIdentityResourceId(String resourceId)

Specifies the resource ID of user assigned or system assigned identity, when this credential is running in an environment with managed identities. If unset, the value in the AZURE_CLIENT_ID environment variable will be used. If neither is set, the default value is null and will only work with system assigned managed identities and not user assigned managed identities. Only one of managedIdentityResourceId and managedIdentityClientId can be specified.

Parameters:

resourceId - the resource ID

Returns:

the DefaultAzureCredentialBuilder itself

tenantId

public DefaultAzureCredentialBuilder tenantId(String tenantId)

Sets the tenant id of the user to authenticate through the DefaultAzureCredential. If unset, the value in the AZURE_TENANT_ID environment variable will be used. If neither is set, the default is null and will authenticate users to their default tenant.

Parameters:

tenantId - the tenant ID to set.

Returns:

An updated instance of this builder with the tenant id set as specified.

workloadIdentityClientId

public DefaultAzureCredentialBuilder workloadIdentityClientId(String clientId)

Specifies the client ID of Microsoft Entra app to be used for AKS workload identity authentication. if unset, managedIdentityClientId(String clientId) will be used. If both values are unset, the value in the AZURE_CLIENT_ID environment variable will be used. If none are set, the default value is null and Workload Identity authentication will not be attempted.

Parameters:

clientId - the client ID

Returns:

the DefaultAzureCredentialBuilder itself

Applies to