我试图使用我的AD帐户通过Java 8,JDBC驱动程序和accessToken连接到Azure SQL.
I am trying to use my AD account to connect to the Azure SQL using Java 8, JDBC Driver, and my accessToken.
当我使用自己的AD帐户使用Data Studio时,可以成功连接到Azure SQL DB.
When I use Data Studio using my AD Account, I can connect successfully to the Azure SQL DB.
但是当我使用Java程序时,它给了我这个错误:
But when I use my Java Program then it gives me this error:
请求处理失败;嵌套的异常是com.microsoft.sqlserver.jdbc.SQLServerException:用户"
Request processing failed; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user ''
我的代码摘要:
SQLServerDataSource ds = new SQLServerDataSource(); ds.setServerName("NAME.database.windows"); ds.setDatabaseName("db-name"); ds.setAccessToken(accessToken); ds.setEncrypt(true); ds.setTrustServerCertificate(true); try (Connection connection = ds.getConnection(); Statement stmt = connection.createStatement(); ResultSet rs = stmt.executeQuery("SELECT SUSER_SNAME()")) { if (rs.next()) { System.out.println("dbResults => You have successfully logged on as: " + rs.getString(1)); res = rs.getString(1); } }推荐答案
在评论中进行讨论之后,我们发现我们需要更改获取访问令牌时使用的范围. "User.Read.All";已指定,它是缩写形式"graph.microsoft/User.Read.All". 这意味着将返回Microsoft Graph API访问令牌,该令牌将不适用于Azure SQL DB.
After discussion in comments, we found out that we needed to change the scope used when getting the access token. "User.Read.All" was specified, which is the short form "graph.microsoft/User.Read.All". This means a Microsoft Graph API access token is returned, which won't work with Azure SQL DB.
将范围更改为"database.windows/.default"解决了该问题. 这将获得具有应用注册在Azure SQL DB上的静态权限的Azure SQL DB的访问令牌.
Changing the scope to "database.windows/.default" resolved the issue. This gets an access token for Azure SQL DB with the static permissions that the app registration has on Azure SQL DB.
文档: docs.microsoft/zh-CN/azure/active-directory/develop/v2-permissions-and-consent
更多推荐
用户'<令牌标识的主体>'登录失败但可以在Data Studio中使用
发布评论