Below are the settings to configure a Spring Boot web app to use Azure Active Directory authentication.
App is based on spring-boot-starter-parent:2.1.4.RELEASE
.
POM dependencies snippet:
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-active-directory-spring-boot-starter</artifactId>
<version>2.1.6</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
Snippet of application.properties
:
# Active Directory Authentication
spring.security.oauth2.client.registration.azure.client-id=109a3748-yada-yada-yada-f80c1f30621e
spring.security.oauth2.client.registration.azure.client-secret=OBAYaOKp-HwhateverIxFxY@?
azure.activedirectory.tenant-id=f447e5ca-yada-yada-yada-370ff157fdb6
azure.activedirectory.user-group.allowed-groups=group1, group2
azure.activedirectory.active-directory-groups=group1, group2
AADOAuth2LoginSecurityConfig.java
:
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class AADOAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/**").hasRole("group1")
.anyRequest().authenticated()
.and()
.exceptionHandling().accessDeniedPage("/browse/403")
.and()
.oauth2Login()
.userInfoEndpoint()
.oidcUserService(oidcUserService);
}
}
I'm stuck with JSPs, so use taglibs, for example:
<security:authorize access="hasRole('group1')">
Authorised users only
</security:authorize>
User's name: <security:authentication property="name"/>
The Azure configuration is where it starts getting odd. There is an associated App Registration, with the Authentication configured as below:
I have a localhost
setting, which allows the http
prefix for local development - nothing wrong there.
However for my two app service deployments I have to use http
rather than https
(NB. my app is configured to accept only HTTPS), and I can only do this by selecting "Public client (mobile & desktop)".
If I try to use https
with Type of "Web" I get the following error on authenticating:
Top comments (3)
Please take a look at my answer:
stackoverflow.com/a/69827324/12172680
"With the new azure-spring-boot-starter-active-directory dependency for Spring you can add the azure.activedirectory.redirect-uri-template propertie."
Hello,
Can somebody help me with this issue?
I have a made a spring boot app with Azure AD integration using the spring boot azure ad starter and deployed to aws. I had secured only one url to test everything is working. But when I try to load the url from the browser it is not at all loading. It is just getting timed out. Everything is working fine in localhost. Problems is only when deploy to real server.
This is exactly what I am currently getting as I set up a local app on localhost.
I am stuck here, but I need to keep trying if I can brute force my way out of errors ...