如何使用Entra ID RBAC认证连接到中国区的Azure AI Search?
摘要:问题描述 使用Java SDK来获取中国区 AI Search资源,使用如下代码: package org.yourcompany.yourproject; import com.azure.core.credential.AccessTo
问题描述
使用Java SDK来获取中国区 AI Search资源,使用如下代码:
package org.yourcompany.yourproject;
import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenRequestContext;
import com.azure.identity.AzureAuthorityHosts;
import com.azure.identity.DefaultAzureCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.search.documents.SearchClient;
import com.azure.search.documents.SearchClientBuilder;
import com.azure.search.documents.models.SearchAudience;
public class Javademo1 {
public static void main(String[] args) {
System.out.println("Hello World!");
String indexName = "xxxxx";
// Get the service endpoint from the environment
String endpoint = "https://<your ai service name>.search.azure.cn";
String authorityHost = AzureAuthorityHosts.AZURE_CHINA;
DefaultAzureCredential credential = new DefaultAzureCredentialBuilder().authorityHost(authorityHost).build();
// Create a client
SearchClient client = new SearchClientBuilder()
.endpoint(endpoint)
.indexName(indexName)
.credential(credential)
.buildClient();
long documentCount = client.getDocumentCount();
System.out.println("Document count: " + documentCount);
}
}
当运行时,会获取到如下错误:
com.microsoft.aad.msal4j.MsalServiceException: AADSTS500011: The resource principal named https://search.azure.com was not found in the tenant named XXXXXXXX. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
那么,应该如何修改代码,让它正常运行呢?
问题解答
因为JDK中,SearchClient 默认的认证是在Global 环境中,所以使用的默认地址为https://search.azure.com,而在中国区,则需要修改为https://search.azure.cn 。参考官方文档介绍,可以在构建SearchClientBuilder对象时设置 audience值为SearchAudience.AZURE_CHINA。