Select to view content in your preferred language

Token authentication in 100.2.1

1314
3
03-26-2018 09:28 PM
DavidMomper
Emerging Contributor

I'm trying to authenticate with an ArcGIS Enterprise Portal using ArcGIS Tokens (not OAuth). It looks like the most recent version of the SDK added some capabilities in this area, such as the new method UserCredential.createFromToken(). But it is still unclear how to use this within the context of an AuthenticationManager.

What is the recommended process for obtaining tokens for an ArcGIS Enterprise portal? I know the URL of the Portal that I am connecting to, and the URL at which tokens are generated, but I don't see any intuitive way to pass a request to the token generation service.

This is a follow-up to an older question asking the same thing for the Java SDK version 100.0.0. In the previous version, I determined through a help ticket that this capability had not yet been implemented. It looks like the capability might be implemented now, but I haven't found anything in the documentation to explain how to get the token. In the .NET SDK they have AuthenticationManager.Current.GenerateCredentialAsync; I don't see anything similar in the Java SDK. I'd really appreciate any guidance in figuring this out.

Tags (1)
3 Replies
EricBader
Honored Contributor

Hi David,

We tried to address this in this topic, Access the ArcGIS platform—ArcGIS Runtime SDK for Java | ArcGIS for Developers , and with this example - OAuthentication—ArcGIS Runtime SDK for Java | ArcGIS for Developers.

Access private layers | ArcGIS for Developers  - This DevLab may be good to check out, too.

Let us know if these are not helpful, and what we can do to make the process clearer. Thanks!

0 Kudos
DavidMomper
Emerging Contributor

Hi Eric,

Sorry I didn't notice when you replied to this almost a year ago. From the first link you provided, I was able to find the following reference to ArcGIS Tokens (bolded below, but no description of how to obtain one through the API:

The ArcGIS Runtime SDK provides full support for access to secured ArcGIS Server, ArcGIS Online, or ArcGIS Enterprise resources using the following authorization methods:

  • ArcGIS Tokens: proprietary token-based authentication mechanism.
  • OAuth 2.0: secure delegated access to server resources.
  • Web-tier security: HTTP secured service / Integrated Windows Authentication (IWA).
  • Certificate: Public Key Infrastructure (PKI).

This is different from OAuth2 - I'm talking about the ArcGIS proprietary tokens obtained as described on this page. I'm looking for how to do in Java something similar to what is demonstrated in this .NET example. In the current 100.5.0 version of the Java SDK, I still don't see any straightforward way to do this. I've been writing my own HTTP code to send POST requests to the /generateToken service. Am I missing anything in the API or documentation that says how to do this?

0 Kudos
DavidMomper
Emerging Contributor

And in case it can help save anybody else from working to figure this out, here's the code I'm using to create ArcGIS tokens (not OAuth2). You will need to modify it if you're using client IDs and not just referer. I've been using this to successfully access token-secured geoprocessing services.

private static UserCredential tokenFromJson(String tokenJson, String referer) {
   JsonParser parser = new JsonParser();
   JsonObject obj = parser.parse(tokenJson).getAsJsonObject();
   String tokenValue = obj.get("token").getAsString();
   long expiration = obj.get("expires").getAsLong();
   Instant expirationInstant = Instant.ofEpochMilli(expiration);
   if (expirationInstant.isBefore(Instant.now())) {
      //token is expired.
      System.out.println("Token expired at " + expirationInstant);
      return null;
   }
   UserCredential cred = UserCredential.createFromToken(tokenValue, referer);
   return cred;
}

public static UserCredential createToken(UserCredential cred,

      URL tokenGenUrl, String referer, int expirationMins) {
   try {
      String tokenJSON = null;
      HttpsURLConnection conn = (HttpsURLConnection)tokenGenUrl.openConnection();
      final String charset = "UTF-8";
      String urlParameters = "username=" + cred.getUsername()
            + "&password=" + cred.getPassword()
            + "&client=" + "referer"
            + "&referer=" + referer
            + "&expiration=" + expirationMins + "&f=json";
      System.out.println(urlParameters);
      conn.setRequestMethod("POST");
      conn.setRequestProperty("Accept-Charset", charset);
      conn.setRequestProperty("Content-Length", "" +
      Integer.toString(urlParameters.getBytes().length));
      conn.setDoInput(true);
      conn.setDoOutput(true);
      conn.setUseCaches(false);
      OutputStream wr = conn.getOutputStream();
      wr.write(urlParameters.getBytes());
      BufferedReader in = new BufferedReader(
      new InputStreamReader(conn.getInputStream()));
      String inputLine;
      StringBuffer response = new StringBuffer();
      while ((inputLine = in.readLine()) != null) {
         response.append(inputLine);
      }
      in.close();
      wr.close();
      tokenJSON = response.toString();
      System.out.println("Generating new query from service");
      UserCredential tokenCred = tokenFromJson(tokenJSON, referer);
      return tokenCred;
   } catch (IOException e) {
      e.printStackTrace();
   }
   return null;
}

0 Kudos