위장 역할 사용 - Amazon WorkMail

위장 역할 사용

사서함 데이터에 액세스하려면 Amazon WorkMail API 작업 AssumeImpersonationRole를 사용하세요. Amazon WorkMail API에 대한 자세한 내용은 API 참조를 참조하세요.

AssumeImpersonationRole에서 Token을 반환합니다. 이 Token 정보는 HTTP 헤더 Authorization를 통해 15분 이내에 EWS 프로토콜로 전달되어야 합니다.

다음 예제에서는 EWS 프로토콜에서 위장 역할을 사용하는 방법을 보여줍니다. 예제에 사용된 상수는 조직 및 계정에 고유한 다음과 같은 세부 정보를 지정합니다.

  • WORKMAIL_ORGANIZATION_ID - Amazon WorkMail 조직 ID

  • IMPERSONATION_ROLE_ID - 위장 역할 ID

  • WORKMAIL_EWS_URL - Amazon WorkMail 엔드포인트 및 할당량에서 EWS 엔드포인트 사용 가능

  • EMAIL_ADDRESS - 사용자 사서함의 이메일 주소

예 Java – EWS Java API
import software.amazon.awssdk.services.workmail.WorkMailClient;
import software.amazon.awssdk.services.workmail.model.AssumeImpersonationRoleRequest;
import software.amazon.awssdk.services.workmail.model.AssumeImpersonationRoleResponse;

import microsoft.exchange.webservices.data.core.ExchangeService;
import microsoft.exchange.webservices.data.core.enumeration.misc.ExchangeVersion;
import microsoft.exchange.webservices.data.misc.ImpersonatedUserId;
import microsoft.exchange.webservices.data.core.enumeration.misc.ConnectingIdType;

// ...

AssumeImpersonationRoleResponse response = workMailClient.assumeImpersonationRole(
    AssumeImpersonationRoleRequest.builder()
        .organizationId(WORKMAIL_ORGANIZATION_ID)
        .impersonationRoleId(IMPERSONATION_ROLE_ID)
        .build());

ExchangeService exchangeService = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
exchangeService.setUrl(URI.create(WORKMAIL_EWS_URL));
exchangeService.getHttpHeaders().put("Authorization", "Bearer " + response.token());
exchangeService.setImpersonatedUserId(new ImpersonatedUserId(ConnectingIdType.SmtpAddress, EMAIL_ADDRESS));
예 .Net - EWS 관리형 API
using Amazon.WorkMail;
using Amazon.WorkMail.Model;

using Microsoft.Exchange.WebServices.Data;

// ...

AssumeImpersonationRoleRequest request = new AssumeImpersonationRoleRequest();
request.OrganizationId = WORKMAIL_ORGANIZATION_ID;
request.ImpersonationRoleId = IMPERSONATION_ROLE_ID;
AssumeImpersonationRoleResponse response = workMailClient.AssumeImpersonationRole(request);

ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
service.Url = new Uri(WORKMAIL_EWS_URL);
service.HttpHeaders.Add("Authorization", "Bearer " + response.Token);
service.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, EMAIL_ADDRESS);
예 Python – Exchangelib
import boto3

from requests.auth import AuthBase
from exchangelib.transport import AUTH_TYPE_MAP
from exchangelib import Configuration, Account, Version, IMPERSONATION
from exchangelib.version import EXCHANGE_2010_SP2


work_mail_client = boto3.client("workmail")

class ImpersonationRoleAuth(AuthBase):
    def __init__(self):
         self.token = work_mail_client.assume_impersonation_role(
             OrganizationId=WORKMAIL_ORGANIZATION_ID,
             ImpersonationRoleId=IMPERSONATION_ROLE_ID
        )["Token"]

     def __call__(self, r):
         r.headers["Authorization"] = "Bearer " + self.token
         return r

AUTH_TYPE_MAP["ImpersonationRoleAuth"] = ImpersonationRoleAuth

ews_config = Configuration(
     service_endpoint=WORKMAIL_EWS_URL,
     version=Version(build=EXCHANGE_2010_SP2),
     auth_type="ImpersonationRoleAuth"
)
ews_account = Account(
     config=ews_config,
     primary_smtp_address=EMAIL_ADDRESS,
     access_type=IMPERSONATION
)