services | platforms | author | level | client | service | endpoint |
---|---|---|---|---|---|---|
active-directory |
Java |
xerners |
200 |
Java Console Application |
Microsoft Graph |
AAD V1 |
This sample demonstrates a Java console application calling Microsoft Graph that is secured using Azure Active Directory.
- The Java application uses the Active Directory Authentication Library for Java (ADAL4J) to obtain a JWT access token through the OAuth 2.0 protocol.
- The access token is used as a bearer token to authenticate the user when calling the Microsoft Graph.
This sample shows you how to use ADAL to authenticate users via raw credentials (username and password) via a text-only interface. For more information about how the protocols work in this scenario and other scenarios, see Authentication Scenarios for Azure AD.
To run this sample, you'll need:
- Working installation of Java and Maven
- An Internet connection
- An Azure Active Directory (Azure AD) tenant. For more information on how to get an Azure AD tenant, see How to get an Azure AD tenant
- A user account in your Azure AD tenant. This sample will not work with a Microsoft account (formerly Windows Live account). Therefore, if you signed in to the Azure portal with a Microsoft account and have never created a user account in your directory before, you need to do that now.
Getting started with the sample is easy. It is configured to run out of the box with minimal setup.
To successfully use this sample, you need a working installation of Java and Maven.
From your shell or command line:
git clone https://github.com/Azure-Samples/active-directory-java-native-headless.git
To register the project, you can:
- either follow the steps in the paragraphs below
- or use PowerShell scripts that:
- automatically create for you the Azure AD applications and related objects (passwords, permissions, dependencies)
- modify the projects' configuration files.
If you want to use this automation, read the instructions in App Creation Scripts
As a first step you'll need to:
- Sign in to the Azure portal.
- On the top bar, click on your account, and then on Switch Directory.
- Once the Directory + subscription pane opens, choose the Active Directory tenant where you wish to register your application, from the Favorites or All Directories list.
- Click on All services in the left-hand nav, and choose Azure Active Directory.
In the next steps, you might need the tenant name (or directory name) or the tenant ID (or directory ID). These are presented in the Properties of the Azure Active Directory window respectively as Name and Directory ID
- In the Azure Active Directory pane, click on App registrations and choose New application registration.
- Enter a friendly name for the application, for example 'Native-Headless-Application' and select 'Native' as the Application Type.
- For the Redirect URI, enter
https://<your_tenant_name>/Native-Headless-Application
, replacing<your_tenant_name>
with the name of your Azure AD tenant. - Click Create to create the application.
- In the succeeding page, Find the Application ID value and copy it to the clipboard. You'll need it to configure the configuration file for this project.
- Then click on Settings, and choose Properties.
- Configure Permissions for your application. To that extent, in the Settings menu, choose the 'Required permissions' section and then,
click on Add, then Select an API, and type
Microsoft Graph
in the textbox. Then, click on Select Permissions and select User.Read. - Navigate back to the 'Required permissions' section, and click on Grant Permissions
In the steps below, ClientID is the same as Application ID or AppId.
- Open the
src\main\java\PublicClient.java
file - Find the line
private final static String CLIENT_ID
and replace the existing value with the application ID (clientId) of theNative-Headless-Application
application copied from the Azure portal.
From your shell or command line:
$ mvn package
This will generate a public-client-adal4j-sample-jar-with-dependencies.jar
file in your /targets directory. Run this using your Java executable like below:
$ java -jar public-client-adal4j-sample-jar-with-dependencies.jar
Your command line interface should prompt you for the username and password and then access the Microsoft Graph API to retrieve your user information.
The code to acquire a token is located entirely in the src\main\java\PublicClient.Java
file. The Authentication context is created (line 45), passing the Authority(https://login.microsoftonline.com/common/) and an ExecutorService.
context = new AuthenticationContext(AUTHORITY, false, service);
A call to acquire the token is made using the Authentication context (line 46), passing in the resource(Microsoft graph), CLIENT_ID(App id of the app that was registered on Azure AD), and the username and password of the user.
Future<AuthenticationResult> future = context.acquireToken("https://graph.microsoft.com", CLIENT_ID, username, password, null);
The result is passed back to the main() function, where then the access token is extracted and passed to the function making the call to Microsoft Graph(line 33)
String userInfo = getUserInfoFromGraph(result.getAccessToken());
The access token is then used as a bearer token to call the Microsoft Graph API (line 68)
conn.setRequestProperty("Authorization", "Bearer " + accessToken);
Use Stack Overflow to get support from the community.
Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
Make sure that your questions or comments are tagged with [adal
Java
].
If you find a bug in the sample, please raise the issue on GitHub Issues.
To provide a recommendation, visit the following User Voice page.
If you'd like to contribute to this sample, see CONTRIBUTING.md
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
For more information, see ADAL4J conceptual documentation.
For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see Authentication Scenarios for Azure AD.