问题描述
我想使用 Microsoft Graph Java SDK 检索由 Intune 管理的所有设备(托管设备)。我已在 Microsoft Azure 中创建了该应用程序并授予了相应的 API 权限:
以下代码创建了一个 graphClient 对象和一个检索所有托管设备的方法。
@Service
public class AzureServiceDefault implements AzureService
{
private static final String CLIENT_ID = "XXXXXXXXXXXXXXXXXXXXXXXX";
private static final List<String> SCOPES = Arrays.asList(new String[]{"https://graph.microsoft.com/.default"});
private static final String TENANT = "XXXXXXXXXXXXXXXXXXXXXXXX";
private static final String CLIENT_SECRET = "XXXXXXXXXXXXXXXXXXXXXXXX";
ClientCredentialProvider authProvider = new ClientCredentialProvider(CLIENT_ID,SCOPES,CLIENT_SECRET,TENANT,NationalCloud.Global);
IGraphServiceClient graphClient;
public AzureServiceDefault()
{
graphClient = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();
}
@Override
public List<IntuneDevice> getManagedDevices()
{
IManagedDeviceCollectionRequestBuilder managedDeviceRequestBuilder;
IDeviceManagementRequestBuilder builder = graphClient.deviceManagement();
IDeviceManagementRequest managedDevicesRequest = builder.buildRequest();
List<ManagedDevice> managedDevices = new ArrayList<>();
List<IntuneDevice> allManagedDevices = new ArrayList<>();
do {
try {
DeviceManagement deviceManagement = managedDevicesRequest.get();
ManagedDeviceCollectionPage managedDevicesCollectionPage = deviceManagement.managedDevices;
//Process items in the response
managedDevices.addAll(managedDevicesCollectionPage.getCurrentPage());
managedDevices.stream().forEach((device) -> allManagedDevices.add(new IntuneDevice(device.id,device.userId,device.deviceName,device.managedDeviceOwnerType.toString(),device.operatingSystem,device.osVersion,device.complianceState.toString(),device.azureADRegistered,device.azureADDeviceId,device.userPrincipalName,device.model,device.manufacturer,device.serialNumber)));
//Build the request for the next page,if there is one
managedDeviceRequestBuilder = managedDevicesCollectionPage.getNextPage();
if (managedDeviceRequestBuilder == null)
{
managedDevicesRequest = null;
}
else
{
managedDevicesRequest = (IDeviceManagementRequest) managedDeviceRequestBuilder.buildRequest();
}
}
catch(ClientException ex)
{
ex.printStackTrace();
managedDevicesRequest = null;
}
} while (managedDevicesRequest != null);
return allManagedDevices;
}
}
问题是变量 managedDevices 结果为空,这是错误消息:
SEVERE: Servlet.service() for servlet [dispatcher] in context with path [/] threw exception [Request processing failed; nested exception is java.lang.NullPointerException: Cannot invoke "com.microsoft.graph.requests.extensions.ManagedDeviceCollectionPage.getCurrentPage()" because "managedDevicesCollectionPage" is null] with root cause
java.lang.NullPointerException: Cannot invoke "com.microsoft.graph.requests.extensions.ManagedDeviceCollectionPage.getCurrentPage()" because "managedDevicesCollectionPage" is null
我需要更改什么才能使此代码正常工作?我能够成功检索 Azure AD 中的所有用户,但是我在从 Intune/Endpoint Manager 获取数据时遇到了困难。我需要对 SCOPE 进行更改吗?
应该可以检索所有托管设备,因为它的 REST API 是 https://graph.microsoft.com/v1.0/deviceManagement/managedDevices
感谢您的帮助
解决方法
此 MS Graph API 不支持应用程序权限,因此您无法使用 ClientCredentialProvider
列出 managedDevices。 ClientCredentialProvider 基于需要应用程序权限的客户端凭据流。
您可以使用 AuthorizationCodeProvider 来获取列表。然后按照this先获取 AUTHORIZATION_CODE。
String CLIENT_ID = "xxxxxx";
List<String> SCOPES = Arrays.asList(new String[] { "https://graph.microsoft.com/.default" });
String CLIENT_SECRET = "xxxxxx";
String TENANT = "xxxxxx";
String AUTHORIZATION_CODE = "";
String REDIRECT_URL = "xxxxxx";
AuthorizationCodeProvider authProvider = new AuthorizationCodeProvider(CLIENT_ID,SCOPES,AUTHORIZATION_CODE,REDIRECT_URL,NationalCloud.Global,TENANT,CLIENT_SECRET);
IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();
IManagedDeviceCollectionPage managedDeviceCollectionPage = graphClient.deviceManagement().managedDevices().buildRequest().get();
List<ManagedDevice> managedDeviceList = managedDeviceCollectionPage.getCurrentPage();