如何使用Java命令行应用程序对https://tfspreview.com（MIcrosoft托管的TFS）进行身份验证？ [英] How to authenticate to https://tfspreview.com (MIcrosoft-hosted TFS) using Java command line application?

问题描述

我正在尝试从命令行Java应用程序访问 https://tfspreview.com SOAP界面。与本地TFS服务不同，此服务使用Live ID身份验证，这会导致通信失败，并且302重定向到其身份验证服务。我不知道如何继续在那里进行身份验证。

I am trying to access https://tfspreview.com SOAP interface from my command line Java app. Unlike the on-premises TFS services, this one uses Live ID authentication, which makes causes the communication to fail with a 302 redirect to their authentication service. I have no idea how to proceed with authenticating there.

任何指针？

推荐答案

< tl; dr>

您可以使用基本身份验证，为 Team Foundation Service 提供无头体验。此外，如果您未使用 TFS SDK for Java ，则可能帮助你。

You can use Basic authentication to provide a headless experience to Team Foundation Service. Also, if you're not using the TFS SDK for Java, it may help you out.

< / tl; dr>

一般来说，您可以使用三种类型的凭据进行身份验证，并确定用于身份验证的机制：

Generally speaking, there are three types of credentials that you can use to authenticate, and that determines the mechanism you use for authentication:

1. Live ID。如您所述，这需要您使用Web浏览器登录Windows Live并使用生成的OAuth令牌进行身份验证。

1. A Live ID. As you noted, this requires you to log in to a Windows Live with a web browser and use the resultant OAuth tokens to authenticate.

映射到的其他密码您的Live ID，用于基本身份验证。有关设置此附加映射的说明，请参阅 8月27日有关此功能的公告。 。

An additional password mapped to your Live ID, which exists for the purposes of Basic authentication. Instructions for setting up this additional mapping are available in the August 27 announcement about this feature.

服务帐户。除了用户列表（由Live ID指定）之外，您的Team Foundation Service帐户还有一个特殊的用户帐户，可用于构建自动化等。每个Team Foundation Service帐户都有一个服务帐户，并且 - 顾名思义 - 这是一个管理员帐户。

A service account. In addition to the list of users (specified by Live ID), your Team Foundation Service account also has a special user account that it uses for things like build automation and the like. There is one service account for each Team Foundation Service account and - as the name implies - this is an administrator account.

让我们来看看每个选项：

Let's take a look at each option:

实时ID ：
使用OAuth使用Live ID进行身份验证会很困难用于命令行应用程序。 Visual Studio的作用是打开Internet Explorer以 tfspreview.com ，这最终会提示您输入Live ID凭据。此时，各种OAuth cookie将被设置到您的Web浏览器中。由于Visual Studio和Internet Explorer共享相同的底层HTTP连接机制，因此它可以使用这些相同的cookie。使用Java命令行客户端，你没有那么奢侈（除非你专门为Windows写这个并想写一些JNI来调用系统的HTTP库。）

Live ID: Authenticating with a Live ID using OAuth is going to be difficult for your command-line application. What Visual Studio does here is to open Internet Explorer to tfspreview.com, which will ultimately prompt you to enter your Live ID credentials. At that point, the various OAuth cookies will get set into your web browser. Since Visual Studio and Internet Explorer share the same underlying HTTP connection mechanism, it can make use of these same cookies. With a Java command-line client, you don't have that luxury (unless you're writing this exclusively for Windows and want to write some JNI to call the system's HTTP library that is.)

那你有什么选择？我想你可能会按照你给出的重定向进行操作 - 此时你最终会得到一个登录页面，你可以将你的凭据发布到最终，然后将一个OAuth cookie发送给你，然后你可以用它来进行身份验证。但我怀疑这可能不是你想要走下去的道路。我强烈怀疑您需要使用健康剂量的JavaScript才能登录。

So what are your options? I suppose it's possible that you could follow the redirect you're given - at which point you will eventually get a login page that you could POST your credentials to and ultimately get an OAuth cookie sent back to you that you could then use for authentication. But I suspect that this is probably not the road you want to go down, though. I strongly suspect that there's a healthy dose of JavaScript required to get you logged in.

基本身份验证：
这些需要额外的设置步骤，但简单明了。没有理由不使用这些。

Basic Authentication: These require an additional step in setup, but are simple and obvious. There's no reason not to use these.

服务帐户：
但是，缺少网络浏览器， 能够使用您的服务凭据提供 WRAP令牌。您可以使用非常有用的 TFS服务凭据查看器查看帐户的服务凭据。使用您的服务帐户用户名和密码，您可以创建一个WRAP cookie来进行身份验证。但此时，您正在验证服务帐户，而不是您的某个用户帐户。

Service Accounts: Lacking a web browser, though, you are able to present a WRAP token with your service credentials. You can view the service credentials for your account using the very helpful TFS Service Credential Viewer. With your service account username and password you can create a WRAP cookie to authenticate with. But at this point, you're authenticating as the service account, not one of your user accounts.

如果您不想自己创建WRAP令牌，您还可以使用 Team Foundation Server SDK for Java 来构建连接。在创建 TFSTeamProjectCollection 时，只需将您的服务凭据以 UsernamePasswordCredentials 的形式提交。即使您不想对服务器使用API​​方法，也可以从该连接获取原始 HTTPClient ，它将具有所有必要的配置集。如果我们将来向Team Foundation Service添加新的身份验证机制，那么依赖SDK也将使您受益，因为SDK的API不会发生显着变化。

If you don't want to mess with creating WRAP tokens yourself, you can also use the Team Foundation Server SDK for Java to build a connection. Simply hand your service credentials in as UsernamePasswordCredentials when you create a TFSTeamProjectCollection. Even if you don't want to use the API methods against the server, you can get the raw HTTPClient from that connection and it will have all the necessary configuration set. Taking a dependency on the SDK will also benefit you if we add new authentication mechanisms to the Team Foundation Service in the future as the SDK's API should not change dramatically.

这篇关于如何使用Java命令行应用程序对https://tfspreview.com（MIcrosoft托管的TFS）进行身份验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！