com.microsoft.sqlserver.jdbc.SQLServerException:MSI令牌失败:无法从MSI端点获取令牌 [英] com.microsoft.sqlserver.jdbc.SQLServerException: MSI Token failure: Failed to acquire token from MSI Endpoint

问题描述

我想使用具有MSI(托管服务身份)身份验证的App Service API(Java)访问Azure SQL数据库.

I want to Access the Azure SQL Database using App service API(Java) with MSI (Managed Service Identity) authentication.

我正在尝试找出如何通过Azure面向Java的App服务将Azure sql与MSI连接起来.

I am trying to find out the how to connect Azure sql with MSI from Azure App service for Java.

这是我正在使用的连接字符串.

Here is the connection string I am using.

jdbc:sqlserver://mysqldb.database.windows.net:1433;数据库= TestDB;身份验证= ActiveDirectoryMsi;加密= true; trustServerCertificate = false; hostNameInCertificate = *.database.windows.net; loginTimeout = 30;

jdbc:sqlserver://mysqldb.database.windows.net:1433;database=TestDB;Authentication=ActiveDirectoryMsi;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;

这是我使用的步骤:

1. 创建AAD组
2. 将Azure Web应用程序的MI(托管身份)添加到此AAD组中
3. 将此组作为Active Directory管理员添加到Azure SQL Server

4. 创建用户并为此群组指定角色.

1. Create AAD group
2. Add Azure web app'S MI(Managed Identity) to this AAD group
3. Add this group as Active Directory admin to Azure SQL Server

4. Create user and give roles for this group.

CREATE USER [myAADgroup] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [myAADgroup];
ALTER ROLE db_datawriter ADD MEMBER [myAADgroup];
ALTER ROLE db_ddladmin ADD MEMBER [myAADgroup];

JDBC驱动程序的连接字符串.

Connection string for JDBC driver.

推荐答案

我在本地进行了测试，并获得了成功.这是我的步骤供您参考:

I tested locally and got a success. Here are my steps for your reference:

在这里，我将使用功能应用程序.

Here, I will use function app.

，然后将状态设置为开并保存.然后您将获得一个对象ID.

and then set the status to on and save. And you will get an object ID.

在这里，我将我的应用程序部署到功能应用程序.样本:

Here, I deploy my app to a function app. The sample:

public class Function {

    @FunctionName("HttpTrigger-Java")
    public HttpResponseMessage run(@HttpTrigger(name = "req", methods = {
            HttpMethod.GET }, authLevel = AuthorizationLevel.ANONYMOUS) HttpRequestMessage<Optional<String>> request,
            final ExecutionContext context) {

        String result = "";

        SQLServerDataSource ds = new SQLServerDataSource();
        ds.setServerName("jacksqldemo.database.windows.net"); // Replace with your server name
        ds.setDatabaseName("sqldemo"); // Replace with your database name
        ds.setAuthentication("ActiveDirectoryMSI");

        try (Connection connection = ds.getConnection(); 
                Statement stmt = connection.createStatement();
                ResultSet rs = stmt.executeQuery("SELECT SUSER_SNAME()")) {
            if (rs.next()) {
                String s = rs.getString(1);
                context.getLogger().info("You have successfully logged on as: " + s);
                result += "You have successfully logged on as: " + s;
            }
        }catch(Exception e){
            context.getLogger().log(Level.WARNING, e.getMessage(),e);
        }
        return request.createResponseBuilder(HttpStatus.OK).body(result).build();
    }
}

最后，我可以连接到Azure SQL:

Finally, I can connect to Azure SQL:

这篇关于com.microsoft.sqlserver.jdbc.SQLServerException:MSI令牌失败:无法从MSI端点获取令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！