-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update AAD Sample #248
Merged
saragluna
merged 12 commits into
Azure-Samples:spring-cloud-azure_4.0.0-beta.4
from
Netyyyy:mt/testaad
Mar 29, 2022
Merged
Update AAD Sample #248
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
c118ce8
change aad-resource-server-by-filter
Netyyyy 3c47515
change aad-resource-server-by-filter
Netyyyy 981b5bc
Merge remote-tracking branch 'origin/mt/testaad' into mt/testaad
Netyyyy 0016a9d
Merge remote-tracking branch 'origin/mt/testaad' into mt/testaad
Netyyyy 774f2d1
Merge remote-tracking branch 'origin/mt/testaad' into mt/testaad
Netyyyy 0a20080
change aad-resource-server-by-filter-stateless
Netyyyy e7a5866
change path
Netyyyy 9449bca
Merge branch 'azure/spring-cloud-azure_4.0.0-beta.4' into mt/testaad
Netyyyy c459944
for comments
Netyyyy 2d29782
Update README.md
saragluna 1f06de9
Update README.md
saragluna 78f3436
Update README.md
saragluna File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 0 additions & 6 deletions
6
...active-directory/aad-resource-server-by-filter-stateless/terraform/set_identifier_uris.sh
This file was deleted.
Oops, something went wrong.
17 changes: 17 additions & 0 deletions
17
...-starter-active-directory/aad-resource-server-by-filter-stateless/terraform/setup_env.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
$env:AZURE_TENANT_ID=$(terraform -chdir=terraform output -raw AZURE_TENANT_ID) | ||
|
||
# set identifier_uris | ||
echo "----------update identifier-uris start----------" | ||
az ad app update --id $env:AZURE_CLIENT_ID --identifier-uris api://$env:AZURE_CLIENT_ID | ||
echo "----------update identifier-uris completed----------" | ||
|
||
$env:AZURE_CLIENT_ID=$(terraform -chdir=terraform output -raw AZURE_CLIENT_ID) | ||
$env:USER_NAME=$(terraform -chdir=terraform output -raw USER_NAME) | ||
$env:USER_PASSWORD=$(terraform -chdir=terraform output -raw USER_PASSWORD) | ||
|
||
echo AZURE_CLIENT_ID=$env:AZURE_CLIENT_ID | ||
echo AZURE_TENANT_ID=$env:AZURE_TENANT_ID | ||
|
||
echo "--------created user--------" | ||
echo USER_NAME=$env:USER_NAME | ||
echo USER_PASSWORD=$env:USER_PASSWORD |
6 changes: 6 additions & 0 deletions
6
...e-starter-active-directory/aad-resource-server-by-filter-stateless/terraform/setup_env.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,7 +9,7 @@ products: | |
# Authentication filter sample for Azure AD Spring Boot Starter client library for Java | ||
|
||
## Key concepts | ||
This sample illustrates how to use `azure-spring-boot-starter-active-directory` package to plugin JWT token filter into Spring Security filter chain. The filter injects `UserPrincipal` object that is associated with the thread of the current user request. User's AAD membership info, along with token claimsset, JWS object etc. are accessible from the object which can be used for role based authorization. Methods like `isMemberOf` is also supported. | ||
This sample illustrates how to use `spring-cloud-azure-starter-active-directory` package to plugin JWT token filter into Spring Security filter chain. The filter injects `UserPrincipal` object that is associated with the thread of the current user request. User's AAD membership info, along with token claimsset, JWS object etc. are accessible from the object which can be used for role based authorization. Methods like `isMemberOf` is also supported. | ||
|
||
## Getting started | ||
The sample is composed of two layers: Angular JS client and Spring Boot RESTful Web Service. You need to make some changes to get it working with your Azure AD tenant on both sides. | ||
|
@@ -43,7 +43,7 @@ or download and extract the repository .zip file, and navigate to `azure-spring- | |
--- | ||
### Step 2: Register the sample with your Azure Active Directory tenant | ||
|
||
To register it follow the steps below or follow the guide [here](https://docs.microsoft.com/azure/active-directory/develop/v1-protocols-oauth-code#register-your-application-with-your-ad-tenant). | ||
To register it follow the steps below or follow the guide [here](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app). | ||
|
||
#### Choose the Azure AD tenant where you want to create your applications | ||
|
||
|
@@ -103,31 +103,25 @@ spring: | |
client-secret: ${AZURE_CLIENT_SECRET} | ||
profile: | ||
tenant-id: ${AZURE_TENANT_ID} | ||
redirect-uri-template: http://localhost:8080/ | ||
# groups that you created in your Azure AD tenant | ||
user-group: | ||
allowed-group-names: group1,group2 | ||
# Optional, the default value is | ||
# environment: global | ||
redirect-uri-template: http://localhost:8080/ | ||
jwt-connect-timeout: 5000 | ||
``` | ||
|
||
|
||
|
||
1. If your azure account follows format [email protected], configure property `environment: cn` to use [Azure China][azure-china], the default value is `global`. | ||
|
||
2. Put Application ID and client-secret in `client-id` and `client-secret` respectively e.g. | ||
1. Put Application ID and client-secret in `client-id` and `client-secret` respectively e.g. | ||
```properties | ||
tenant-id: xxxxxx-your-client-id-xxxxxx | ||
client-id: xxxxxx-your-client-secret-xxxxxx | ||
``` | ||
|
||
3. List all the AAD groups `ActiveDirectoryGroups` that you want to have a Spring Security role object mapping to it. The role objects can then be used to manage access to resources that is behind Spring Security. e.g. | ||
2. List all the AAD groups `ActiveDirectoryGroups` that you want to have a Spring Security role object mapping to it. The role objects can then be used to manage access to resources that is behind Spring Security. e.g. | ||
```properties | ||
# groups that you created in your Azure AD tenant | ||
allowed-group-names: group1,group2 | ||
``` | ||
|
||
4. (Optional) If you want to configure oauth2 redirect uri, please configure by : | ||
3. (Optional) If you want to configure oauth2 redirect uri, please configure by : | ||
```properties | ||
redirectUriTemplate: xxxxxx-your-redirect-uri-xxxxxx | ||
``` | ||
|
@@ -142,7 +136,7 @@ redirectUriTemplate: xxxxxx-your-redirect-uri-xxxxxx | |
|
||
* Run with Maven | ||
``` | ||
cd azure-spring-boot-samples/aad/azure-spring-boot-starter-active-directory/aad-resource-server-by-filter | ||
cd azure-spring-boot-samples/aad/spring-cloud-azure-starter-active-directory/aad-resource-server-by-filter | ||
mvn spring-boot:run | ||
``` | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
...loud-azure-starter-active-directory/aad-resource-server-by-filter/terraform/setup_env.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
$env:AZURE_CLIENT_ID=$(terraform -chdir=terraform output -raw AZURE_CLIENT_ID) | ||
$env:AZURE_TENANT_ID=$(terraform -chdir=terraform output -raw AZURE_TENANT_ID) | ||
$env:AZURE_CLIENT_SECRET=$(terraform -chdir=terraform output -raw AZURE_CLIENT_SECRET) | ||
$env:USER_NAME=$(terraform -chdir=terraform output -raw USER_NAME) | ||
$env:USER_PASSWORD=$(terraform -chdir=terraform output -raw USER_PASSWORD) | ||
|
||
echo AZURE_CLIENT_ID=$env:AZURE_CLIENT_ID | ||
echo AZURE_TENANT_ID=$env:AZURE_TENANT_ID | ||
echo AZURE_CLIENT_SECRET=$env:AZURE_CLIENT_SECRET | ||
|
||
echo "--------created user--------" | ||
echo USER_NAME=$env:USER_NAME | ||
echo USER_PASSWORD=$env:USER_PASSWORD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't need this I think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's already configured in application.yml and checking the result needs this.