I am trying to connect from Java to the Sharepoint Online REST API.
I previously used a SharepointOnline ADD-IN registered directly in the Sharepoint system that has permissions to all the site collections (FullControl).
I got the token with the app credentials from the url:
https://accounts.accesscontrol.windows.net//tokens/OAuth/2
I can make requests to the Sharepoint REST API directly
Now I have to switch to an Azure registered app.
The code is written in Java and I use the Azure sdk-com.microsoft.azure (artifactId-azure). I can successfully retrieve a token, but this is not valid for later requests to the Sharepoint REST API.
I get this error:
'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."
Is there any possibility to get a valid token for Sharepoint REST API requests?
Yes this is possible. Check out the below document:
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
When using SharePoint Online you can define applications in Azure AD and these applications can be granted permissions to SharePoint, but also to all the other services in Office 365. This model is the preferred model in case you’re using SharePoint Online, if you’re using SharePoint on-premises you have to use the SharePoint Only model via based Azure ACS as described in here.
Hope this helps!
You can take a look of this project i've develop (and i'm currently working on it on my free time) where you have a working implementation of a java API to communicate with sharepoint rest api v1 and perfom common operations (rest api is still not fully covered but has most common operations and also provides a starting point with working examples). You can take a look of it at
https://github.com/kikovalle/PLGSharepointRestAPI-java
Related
I have a REST API that i call from within my web application in order to get the result. I have a client which asks for my API only but I can't expose my API without any security. Apparently I have to use it with my application as well, so far the API is not secure, I want my client to consume my API with valid credentials, whether OAuth 2.0, JWT , Certificate, or some extra mechanism. How can I achieve this objective, any working example in Java with Azure will do and it should not hamper my pre-existing WebApp which is using the API for its own purpose. Thanks well in advance.
I tried to do it and I even completed the task but eventually found that it does not provide much value in my case. In my case the API is accessed by long-running background tasks where human login is not practical. Now there is no way for an application to log in to Azure, it must be done by a browser application which is protected by every conceivable way against automatic login. Other than that, Microsoft's solution for these kinds of tasks is the shared secret-protected token which essentially means that the app and Azure share a secret (a password generated by Azure). This does not differ significantly from the case where you store and check the passwords.
Other than that, there is the issue of Azure Active Directory and Azure Active Directory v2.0. This is a bit confusing because both solutions are based on OAuth2.0 tokens but Azure AD v2.0 is really a very different beast. For starter, Azure AD v2.0 tokens cannot be decoded as of writing this answer, they can be consumed only by Microsoft services. So if you want to know, who was the user that has logged in, you need to pass the token to the Graph API and that supposed that you have a logged-in user. For Azure AD, the token can be decoded and verified by your app, see this demonstration application, how to do it
So as a summary, I recommend protecting your API with Azure tokens only if the application you provide the login service for is an user-facing application that the user interacts with after the login. If it is a long-running server-type task, protecting it with Azure AD is pretty pointless.
It is easy to protect the web API using the Azure Active Directory. Microsoft provide lots of code samples to help developer to get started.
You can refer the links below about the code samples for your scenario:
Azure Active Directory Code Samples
I am developing an IOS app. I need to get Evernote note books using rest api. I don't want to use Evernote SDK. Is there any rest api available?
I succeeded to get oAuth Access token without using SDK.
Evernote does not have a publicly available REST API. Evernote's iOS SDK has been rewritten recently, is very easy to use and is available here: https://github.com/evernote/evernote-sdk-ios
Evernote uses a binary protocol based on Apache Thrift to communicate with its clients including 3rd party clients such as your application, not HTTP. OAuth is a HTTP based protocol and is independent from Evernote's client-server binary protocol communication.
In my SharePoint site, there are several document libraries, each assigned to a different group of people. Users need to transfer files between them often, and my boss wants a faster way than copy/pasting the files into another library then deleting the original, and he doesn't want anyone having direct access to the document hierarchy.
Someone had the idea to run Java code that would automatically transfer documents from one library to another, using inputs from a pop-up for the source and destination. Can Java code be stored on a SharePoint server and be executed by a user action?
Java code can not be used SharePoint directly. What you can try is using C# or VB.Net through which actions can be executed on SharePoint using object model of SharePoint.
Another option is using web services
1、You can use then Copy.asmx web service to upload document:http://msdn.microsoft.com/en-us/library/copy(v=office.12).aspx
2、upload large file:http://www.codeproject.com/Articles/166763/WCF-Streaming-Upload-Download-Files-Over-HTTP
3、About authenication:http://msdn.microsoft.com/en-us/library/copy.copy.copyintoitems(v=office.12)
4、You can use these web services from java:
http://www.coderanch.com/t/478814/Web-Services/java/Microsoft-Sharepoint-web-service-Java
SharePoint Webservice from Java Webapp using CXF with Kerberos/NTLM authentication
Authentication failure calling SharePoint Web Service (JAX-WS client)
Regards
Hiren Gondhiya
You can create a WCF service in SharePoint and then consume it from your Java application.
I want to use GAE datastore to store my data but instead of the java API we want to use the JSON API and making requests through spray.
But before I can even do any request I need to obtain an access token.
I can't figure out how this is done with either the Java API or any other means. Is there a way to obtain an access token which can then be used for the JSON API (through spray)?
Like many Google services, the Datastore API uses OAuth for authentication. The easiest way to use it is with one of the Google API client libraries.
Java: https://developers.google.com/api-client-library/java/
Java + Datastore: https://developers.google.com/api-client-library/java/apis/datastore/v1beta2
The documentation for the client does a pretty good job of explaining how OAuth works and how to get started calling APIs by registering your app with the Console.
(I'm not familiar with spray, but I assume you'd be able to use the Java client from Scala.)
I am new to appengine. I will write application which consist of two parts.
1) Core written in app engine with REST interface for clients.
2) Client application written in J2EE on my other (not appengine) server. But here, client may use any other technology (android, swing etc.)
I dont know, how to handle authentication of users in this schema. I think that I am in the middle between standard login and installed applications.
The simplest solution that occured to me, that the client will request username+password, pass it to appengine application via https and it will authenticate.
But dont know how to synchronized the login with client app, because it will need also data from google applications...
Is there any solution or pre-prepared facility in Java how to handle this?
Thanks
You probably want to use OAuth for this; client login or using username+password is not a good way to do this, and informed users will be -- or SHOULD be -- hesitant to give away their passwords. There is a page for using OAuth within AppEngine applications written in Java which may be of use. There is also some support for Oauth in the GData client library for Java. The OAuth in the Google Data Protocol Client Libraries document may help you to understand how to use those features.