DefaultAzureCredentialBuilder Class
- java.
lang. Object - com.
azure. identity. CredentialBuilderBase<T> - com.
azure. identity. DefaultAzureCredentialBuilder
- com.
- com.
public class DefaultAzureCredentialBuilder
extends CredentialBuilderBase<DefaultAzureCredentialBuilder>
Fluent credential builder for instantiating a DefaultAzureCredential.
The DefaultAzureCredential is appropriate for most scenarios where the application is intended to ultimately be run in Azure. DefaultAzureCredential combines credentials that are commonly used to authenticate when deployed, with credentials that are used to authenticate in a development environment. The DefaultAzureCredential will attempt to authenticate via the following mechanisms in order.
Sample: Construct DefaultAzureCredential
The following code sample demonstrates the creation of a DefaultAzureCredential, using the DefaultAzureCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.
TokenCredential defaultAzureCredential = new DefaultAzureCredentialBuilder()
.build();
Sample: Construct DefaultAzureCredential with User Assigned Managed Identity
User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in Microsoft Entra ID that is associated with one or more Azure resources. This identity can then be used to authenticate and authorize access to various Azure services and resources. The following code sample demonstrates the creation of a DefaultAzureCredential to target a user assigned managed identity, using the DefaultAzureCredentialBuilder to configure it. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.
TokenCredential dacWithUserAssignedManagedIdentity = new DefaultAzureCredentialBuilder()
.managedIdentityClientId("<Managed-Identity-Client-Id")
.build();
Constructor Summary
| Constructor | Description |
|---|---|
| DefaultAzureCredentialBuilder() |
Creates an instance of a Default |
Method Summary
| Modifier and Type | Method and Description |
|---|---|
|
Default |
additionallyAllowedTenants(String[] additionallyAllowedTenants)
For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. |
|
Default |
additionallyAllowedTenants(List<String> additionallyAllowedTenants)
For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. |
|
Default |
authorityHost(String authorityHost)
Specifies the Microsoft Entra endpoint to acquire tokens. |
|
Default |
build()
Creates new DefaultAzureCredential with the configured options set. |
|
Default |
credentialProcessTimeout(Duration credentialProcessTimeout)
Specifies a Duration timeout for developer credentials (such as Azure CLI) that rely on separate process invocations. |
|
Default |
disableInstanceDiscovery()
Disables the setting which determines whether or not instance discovery is performed when attempting to authenticate. |
|
Default |
executorService(ExecutorService executorService)
Specifies the Executor |
|
Default |
intelliJKeePassDatabasePath(String databasePath)
Specifies the Kee |
|
Default |
managedIdentityClientId(String clientId)
Specifies the client ID of user assigned or system assigned identity, when this credential is running in an environment with managed identities. |
|
Default |
managedIdentityResourceId(String resourceId)
Specifies the resource ID of user assigned or system assigned identity, when this credential is running in an environment with managed identities. |
|
Default |
tenantId(String tenantId)
Sets the tenant id of the user to authenticate through the DefaultAzureCredential. |
|
Default |
workloadIdentityClientId(String clientId)
Specifies the client ID of Microsoft Entra app to be used for AKS workload identity authentication. |
Methods inherited from CredentialBuilderBase
Methods inherited from java.lang.Object
Constructor Details
DefaultAzureCredentialBuilder
public DefaultAzureCredentialBuilder()
Creates an instance of a DefaultAzureCredentialBuilder.
Method Details
additionallyAllowedTenants
public DefaultAzureCredentialBuilder additionallyAllowedTenants(String[] additionallyAllowedTenants)
For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
Parameters:
Returns:
additionallyAllowedTenants
public DefaultAzureCredentialBuilder additionallyAllowedTenants(List
For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens. Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
Parameters:
Returns:
authorityHost
public DefaultAzureCredentialBuilder authorityHost(String authorityHost)
Specifies the Microsoft Entra endpoint to acquire tokens.
Parameters:
Returns:
build
public DefaultAzureCredential build()
Creates new DefaultAzureCredential with the configured options set.
Returns:
credentialProcessTimeout
public DefaultAzureCredentialBuilder credentialProcessTimeout(Duration credentialProcessTimeout)
Specifies a Duration timeout for developer credentials (such as Azure CLI) that rely on separate process invocations.
Parameters:
Returns:
disableInstanceDiscovery
public DefaultAzureCredentialBuilder disableInstanceDiscovery()
Disables the setting which determines whether or not instance discovery is performed when attempting to authenticate. This will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By utilizing this API, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy.
Returns:
executorService
public DefaultAzureCredentialBuilder executorService(ExecutorService executorService)
Specifies the ExecutorService to be used to execute the authentication requests. Developer is responsible for maintaining the lifecycle of the ExecutorService.
If this is not configured, the common fork join pool will be used which is also shared with other application tasks. If the common pool is heavily used for other tasks, authentication requests might starve and setting up this executor service should be considered.
The executor service and can be safely shutdown if the TokenCredential is no longer being used by the Azure SDK clients and should be shutdown before the application exits.
Parameters:
Returns:
intelliJKeePassDatabasePath
public DefaultAzureCredentialBuilder intelliJKeePassDatabasePath(String databasePath)
Specifies the KeePass database path to read the cached credentials of Azure toolkit for IntelliJ plugin. The databasePath is required on Windows platform. For macOS and Linux platform native key chain / key ring will be accessed respectively to retrieve the cached credentials.
This path can be located in the IntelliJ IDE. Windows: File -> Settings -> Appearance & Behavior -> System Settings -> Passwords.
Parameters:
Returns:
managedIdentityClientId
public DefaultAzureCredentialBuilder managedIdentityClientId(String clientId)
Specifies the client ID of user assigned or system assigned identity, when this credential is running in an environment with managed identities. If unset, the value in the AZURE_CLIENT_ID environment variable will be used. If neither is set, the default value is null and will only work with system assigned managed identities and not user assigned managed identities. Only one of managedIdentityClientId and managedIdentityResourceId can be specified.
Parameters:
Returns:
managedIdentityResourceId
public DefaultAzureCredentialBuilder managedIdentityResourceId(String resourceId)
Specifies the resource ID of user assigned or system assigned identity, when this credential is running in an environment with managed identities. If unset, the value in the AZURE_CLIENT_ID environment variable will be used. If neither is set, the default value is null and will only work with system assigned managed identities and not user assigned managed identities. Only one of managedIdentityResourceId and managedIdentityClientId can be specified.
Parameters:
Returns:
tenantId
public DefaultAzureCredentialBuilder tenantId(String tenantId)
Sets the tenant id of the user to authenticate through the DefaultAzureCredential. If unset, the value in the AZURE_TENANT_ID environment variable will be used. If neither is set, the default is null and will authenticate users to their default tenant.
Parameters:
Returns:
workloadIdentityClientId
public DefaultAzureCredentialBuilder workloadIdentityClientId(String clientId)
Specifies the client ID of Microsoft Entra app to be used for AKS workload identity authentication. if unset, managedIdentityClientId(String clientId) will be used. If both values are unset, the value in the AZURE_CLIENT_ID environment variable will be used. If none are set, the default value is null and Workload Identity authentication will not be attempted.
Parameters:
Returns:
Applies to
Azure SDK for Java
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for