Uso de roles de suplantación
Para acceder a los datos del buzón de correo, utilice la acción AssumeImpersonationRole de la API de Amazon WorkMail. Para obtener más detalles sobre las API de Amazon WorkMail, consulte Referencia de API.
AssumeImpersonationRole devuelve un Token. Este Token debe transmitirse en un plazo de 15 minutos al protocolo EWS a través del encabezado HTTP Authorization.
En los siguientes ejemplos se demuestra cómo utilizar los roles de suplantación con el protocolo EWS. Las constantes utilizadas en los ejemplos especifican los siguientes detalles exclusivos de su organización y cuenta:
WORKMAIL_ORGANIZATION_IDIMPERSONATION_ROLE_IDWORKMAIL_EWS_URLEMAIL_ADDRESS
ejemplo Java: API de Java de EWS
import software.amazon.awssdk.services.workmail.WorkMailClient;
import software.amazon.awssdk.services.workmail.model.AssumeImpersonationRoleRequest;
import software.amazon.awssdk.services.workmail.model.AssumeImpersonationRoleResponse;
import microsoft.exchange.webservices.data.core.ExchangeService;
import microsoft.exchange.webservices.data.core.enumeration.misc.ExchangeVersion;
import microsoft.exchange.webservices.data.misc.ImpersonatedUserId;
import microsoft.exchange.webservices.data.core.enumeration.misc.ConnectingIdType;
// ...
AssumeImpersonationRoleResponse response = workMailClient.assumeImpersonationRole(
AssumeImpersonationRoleRequest.builder()
.organizationId(WORKMAIL_ORGANIZATION_ID)
.impersonationRoleId(IMPERSONATION_ROLE_ID)
.build());
ExchangeService exchangeService = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
exchangeService.setUrl(URI.create(WORKMAIL_EWS_URL));
exchangeService.getHttpHeaders().put("Authorization", "Bearer " + response.token());
exchangeService.setImpersonatedUserId(new ImpersonatedUserId(ConnectingIdType.SmtpAddress, EMAIL_ADDRESS));ejemplo .Net: API gestionada por EWS
using Amazon.WorkMail; using Amazon.WorkMail.Model; using Microsoft.Exchange.WebServices.Data; // ... AssumeImpersonationRoleRequest request = new AssumeImpersonationRoleRequest(); request.OrganizationId =WORKMAIL_ORGANIZATION_ID; request.ImpersonationRoleId =IMPERSONATION_ROLE_ID; AssumeImpersonationRoleResponse response = workMailClient.AssumeImpersonationRole(request); ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010_SP2); service.Url = new Uri(WORKMAIL_EWS_URL); service.HttpHeaders.Add("Authorization", "Bearer " + response.Token); service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress,EMAIL_ADDRESS);
ejemplo Python: Exchangelib
import boto3
from requests.auth import AuthBase
from exchangelib.transport import AUTH_TYPE_MAP
from exchangelib import Configuration, Account, Version, IMPERSONATION
from exchangelib.version import EXCHANGE_2010_SP2
work_mail_client = boto3.client("workmail")
class ImpersonationRoleAuth(AuthBase):
def __init__(self):
self.token = work_mail_client.assume_impersonation_role(
OrganizationId=WORKMAIL_ORGANIZATION_ID,
ImpersonationRoleId=IMPERSONATION_ROLE_ID
)["Token"]
def __call__(self, r):
r.headers["Authorization"] = "Bearer " + self.token
return r
AUTH_TYPE_MAP["ImpersonationRoleAuth"] = ImpersonationRoleAuth
ews_config = Configuration(
service_endpoint=WORKMAIL_EWS_URL,
version=Version(build=EXCHANGE_2010_SP2),
auth_type="ImpersonationRoleAuth"
)
ews_account = Account(
config=ews_config,
primary_smtp_address=EMAIL_ADDRESS,
access_type=IMPERSONATION
)