I am looking for something similar to this but using JAVA rest API calls.
I want to get the list of all the resources (including virtual machines, storage disks, network devices etc) and their basic properties(like ip address, disk space etc)
I have tried making API calls following this link.
When I make an http request to this url
"https://management.azure.com/subscriptions/"+subscriptionId+"/resourceGroups/"+resourceGroupName+"/providers/Microsoft.Compute/virtualMachines?api-version="+apiVersion
But I am getting a 401 error. Am I calling the right URL ? if not which URL I should be calling ?
But I am getting a 401 error. Am I calling the right URL ? if not
which URL I should be calling ?
You're calling the right URL however you're providing incorrect parameters to the API call. The link you mentioned is for making Azure Service Management API calls however what you need to dod is make Azure Resource Manager (ARM) API calls.
Like Azure Service Management API, ARM API requests need to be authenticated. In case of former, the requests are authenticated by using a management certificate. In case of latter, you would need to use a token that you get by authenticating the user against an Azure AD.
Please see this link for more details on authenticating/authorizing ARM API requests: https://azure.microsoft.com/en-us/documentation/articles/resource-manager-api-authentication/.
In order to list all resources in a resource group, you can definitely make use of ARM REST API. However now SDKs are available for you that you can consume directly. To learn more about these SDKs, please see this link: https://azure.microsoft.com/en-in/blog/azure-resource-manager-preview-sdks/.
Related
I am planning on hosting my REST API in a VM in a VNET where the only point of entry is via Azure API Management.
I have multiple back ends so the API Management will route to a different backend base url depending on the group the user is in and the backend will also return different data depending on the user making the call.
Since the Azure API Management can handle authorisation, JWT validation and setting headers etc what type of authorisation code should I put in my REST API application?
Should I try to validate the JWT again in my Java code or just parse the headers?
i.e. is it safe to code it as a public API and trust that the headers have been set correctly by API Management?
Or should I make a call to Azure Active Directory from the Spring controller every time to validate that the user does actually exist in the specified group and that the group specified is the one expected for this backend?
If so, how would I do that from Java and how would I inject an offline version when running locally?
Since your API will be inside a VNET it'll be protected as it is. But, there is really no reason to just have it open. The more layers of protection you can add the better your chances to whistand a potential attack.
So see whatever is most convenient to you. You can rely on APIM doing user authentication and authorization and avoid doing that in your backend API. But it would be a good idea to check if call made to your backend API is coming from APIM, and you can do that by sending credentials from APIM. The best option here would be client certificates: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates
But you can also send basic credentials: https://learn.microsoft.com/en-us/azure/api-management/api-management-authentication-policies#Basic
I'm trying to develop a simple java client that needs to access Skype for Business APIs in order to setup an online meeting (i.e. I need to retrieve a simple setup meeting URL by invoking an UCWA API).
I followed this Microsoft tutorial step-by-step:
https://learn.microsoft.com/en-us/skype-sdk/ucwa/developingucwaapplicationsforsfbonline
I have an Office 365 Business Premium license and I configured a custom domain (correctly registered and added at the zone DNS file);
I configured and registered my java client app on Azure (taking care to assign required delegated permission for Skype for Business capabilities);
I performed the Sign-in phase and Azure is able to recognize me;
I performed the Autodiscovery phase in order to retrieve the user's UCWA home pool;
I sent a GET request to the Azure oauth2 endpoint with response 401 error (and this is the expected behaviour by the authentication handshake);
Unfortunately, I failed when I request an access token using implicit grant flow: Azure responds with a Sign-In HTML page rather than the json object containing the oauth2 access token.
What's wrong on this GET request?
GET https://login.microsoftonline.com/oauth2/authorize?
response_type=id_token
&client_id=my_application_client_id
&redirect_uri=configured_redirect_uri
&state=UUID_generated_code
&resource=UCWA_home_pool
HTTP/1.1
This GET URL looks like that one used for the Sign-In phase (step 3); I suspect that it isn't the right request URL.
I tryed to put my domain on the URL:
https://login.microsoftonline.com/my_domain_name/oauth2/authorize
and I tryed to put a common domain name (as reported on the documentation):
https://login.microsoftonline.com/common/oauth2/authorize
But Azure still reponds with a Sign-In page (and response code 200 OK).
Can someone help me please?
Please check the oauth2AllowImplicitFlow property in manifest of your application after downloading the latest manifest file. It should be set to true for this to wrok. If it's still false, only then I would expect the redirect to sign-in page as you're seeing.
More detailed steps here -
Configure your app for OAuth implicit grant flow
I have a Java Application running on Tomcat. I want to get the details of all machines installed in Microsoft Azure portal by taking user's subscription details as input. Preferably a REST API. I am expecting response same like what we get in azure resource explorer.
I made a request with this url "https://management.core.windows.net/"+subscriptionId+"/services/disks" following this method. It gives me result like this
<Disks xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Disk>
<AttachedTo>
<DeploymentName>TEST1</DeploymentName>
<HostedServiceName>TEST1</HostedServiceName>
<RoleName>TEST1</RoleName>
</AttachedTo><OS>Linux</OS>
<Location>South Central US</Location>
<LogicalDiskSizeInGB>30</LogicalDiskSizeInGB>
<MediaLink>link.vhd</MediaLink>
<Name>TEST1-TEST1-0-20</Name>
<SourceImageName>imageName</SourceImageName>
When I call the same method with
"https://management.azure.com/subscriptions/"+subscriptionid+"/providers/Microsoft.Compute/virtualMachines?api-version=2016-03-30" I am getting 401 error.
I even tried downloading the SDK , ListVirtualMachines.java is listing some 600 images, not the one under my subscription.
How Can I achieve it using JAVA REST API?
Per my experience, this issue is due to the authentication method. I do all the requests that you have made and I get the same results with you.
The 401 error code means "Unauthorized". Your authentication method is right for the old REST API request, but not for new.
The new authentication is handled by Azure Active Directory(AD).
The followings may be useful for you.
You could figure out Virtual Machines Rest API by this URL https://msdn.microsoft.com/en-us/library/mt163647.aspx.
You could understand how to authenticate Azure Resource Manager Request by Azure Active Directory by this URL https://msdn.microsoft.com/en-us/library/dn790557.aspx.
Hope it helps. Any concerns, please feel free to let me know.
I have a local API service that is under a sub domain:
http://sub.192.168.1.1/api/endpoint
By adding the IP redirect to my machine's Hosts file, I can test and consume the API well when using browser tools like Postman, and even opening them via the browser itself (some don't have security at all and just returns plain JSON). Now I tried adding the IP redirect to my device's hosts file too so it can access the subdomain as well as my dev machine. All goes well and I can directly access the APIs via the browser, but when using the app, the endpoints can't be found.
I'm using Retrofit with OkHttp as of now. Hoping anyone can shed a light with this problem.
Did you try at retrofit object to add slash at the end of URL?
.baseUrl("http://sub.192.168.1.1/api/endpoint/")
.build();
I'm working on a stateless REST API which I needed to integrate Dropbox Login mechanism as described here: https://www.dropbox.com/developers/core/start/java
The main problem I am facing is getting the authorization code. Simply put I can't use the DbxWebAuth approach due to the stateless nature of the app (no sessions). And is stuck in using:
DbxWebAuthNoRedirect webAuth = new DbxWebAuthNoRedirect(config, appInfo);
And athough the code is generated, there is no callback and use has to "copy and paste" the authorization code from the Dropbox page after allowing. Is there a way to automate this process?
My main goal is to get that authorization code and send it back to the API like http://my-website.com/dropbox?authorization_code={authorization_code}
Having the authorization code passed back to your app requires you use the OAuth 2 flow with a redirect URI. In the Dropbox Java Core SDK, this would require you to use DbxWebAuth. The DbxWebAuth implementation however requires that you supply a non-null DbxSessionStore as the csrfTokenStore parameter in the constructor.
That is used to prevent cross-site request forgery attacks, per the Dropbox /oauth2/authorize documentation, which links to the relevant sections of the OAuth 2 spec for reference.
That said, the state parameter on /oauth2/authorize, where the CSRF token would be supplied, isn't required, so it would be technically possible to use the code flow with a redirect URI without supplying state. Suffice to say, this isn't recommended, and isn't supported in the Dropbox Java Core SDK. If you really needed to do this though, you could either implement it manually, use a different library that allows it, or modify the Dropbox Java Core SDK. Be aware that doing so may open your app up to cross-site request forgery attacks though.