Fix bug: Can't change userNameAttributeName for azure sso. (#20340)

sdk/spring/azure-spring-boot-starter-active-directory/CHANGELOG.md

@@ -1,6 +1,8 @@
 # Release History
 
 ## 3.4.0-beta.1 (Unreleased)
+### Key Bug Fixes
+- Fix bug that user-name-attribute cannot be configured. ([#20209](https://github.com/Azure/azure-sdk-for-java/issues/20209))
 
 
 ## 3.3.0 (2021-03-22)

sdk/spring/azure-spring-boot-starter-active-directory/README.md

@@ -280,6 +280,7 @@ This starter provides following properties:
 | **azure.activedirectory**.post-logout-redirect-uri                      | Redirect uri for posting log-out.                            |
 | **azure.activedirectory**.tenant-id                                     | Azure Tenant ID.                                             |
 | **azure.activedirectory**.user-group.allowed-groups                     | Expected user groups that an authority will be granted to if found in the response from the MemeberOf Graph API Call. |
+| **azure.activedirectory**.user-name-attribute                           | Decide which claim to be principal's name. |
 
 Here are some examples about how to use these properties:
 

sdk/spring/azure-spring-boot-starter/CHANGELOG.md

@@ -1,6 +1,8 @@
 # Release History
 
 ## 3.4.0-beta.1 (Unreleased)
+### Key Bug Fixes
+- Fix bug that user-name-attribute cannot be configured. ([#20209](https://github.com/Azure/azure-sdk-for-java/issues/20209))
 
 
 ## 3.3.0 (2021-03-22)

sdk/spring/azure-spring-boot-test-aad-resource-server/src/test/java/com/azure/test/aad/resource/server/AADWeiResourceServerUserNameAttributeIT.java

@@ -0,0 +1,72 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.test.aad.resource.server;
+
+import com.azure.spring.test.aad.AADWebApiITHelper;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import static com.azure.spring.test.Constant.MULTI_TENANT_SCOPE_GRAPH_READ;
+import static com.azure.spring.test.EnvironmentVariable.AAD_MULTI_TENANT_CLIENT_ID;
+import static com.azure.spring.test.EnvironmentVariable.AAD_MULTI_TENANT_CLIENT_SECRET;
+import static com.azure.spring.test.EnvironmentVariable.AAD_USER_NAME_1;
+import static org.junit.Assert.assertEquals;
+
+public class AADWeiResourceServerUserNameAttributeIT {
+
+    private AADWebApiITHelper aadWebApiITHelper;
+
+    @Before
+    public void init() {
+        Map<String, String> properties = new HashMap<>();
+        properties.put("azure.activedirectory.client-id", AAD_MULTI_TENANT_CLIENT_ID);
+        properties.put("azure.activedirectory.client-secret", AAD_MULTI_TENANT_CLIENT_SECRET);
+        properties.put("azure.activedirectory.app-id-uri", "api://" + AAD_MULTI_TENANT_CLIENT_ID);
+        aadWebApiITHelper = new AADWebApiITHelper(
+            DumbApp.class,
+            properties,
+            AAD_MULTI_TENANT_CLIENT_ID,
+            AAD_MULTI_TENANT_CLIENT_SECRET,
+            Collections.singletonList(MULTI_TENANT_SCOPE_GRAPH_READ));
+    }
+
+    @Test
+    public void testPrincipalName() {
+        assertEquals(aadWebApiITHelper.httpGetStringByAccessToken("principalName"), AAD_USER_NAME_1);
+    }
+
+    @EnableWebSecurity
+    @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
+    @SpringBootApplication
+    @RestController
+    public static class DumbApp extends WebSecurityConfigurerAdapter {
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            http.authorizeRequests()
+                .anyRequest().authenticated()
+                .and()
+                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
+        }
+
+        @GetMapping(value = "/principalName")
+        public ResponseEntity<String> home(Principal principal) {
+            return ResponseEntity.ok(principal.getName());
+        }
+    }
+}

sdk/spring/azure-spring-boot-test-aad/src/test/java/com/azure/test/aad/selenium/user/name/attribute/UserNameAttributeIT.java

@@ -0,0 +1,60 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.test.aad.selenium.user.name.attribute;
+
+import com.azure.test.aad.selenium.AADSeleniumITHelper;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+import java.util.Map;
+
+import static com.azure.spring.test.EnvironmentVariable.AAD_SINGLE_TENANT_CLIENT_ID_WITH_ROLE;
+import static com.azure.spring.test.EnvironmentVariable.AAD_SINGLE_TENANT_CLIENT_SECRET_WITH_ROLE;
+import static com.azure.spring.test.EnvironmentVariable.AAD_USER_NAME_1;
+import static com.azure.spring.test.EnvironmentVariable.AAD_USER_PASSWORD_1;
+import static com.azure.test.aad.selenium.AADSeleniumITHelper.createDefaultProperties;
+
+public class UserNameAttributeIT {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(UserNameAttributeIT.class);
+    private AADSeleniumITHelper aadSeleniumITHelper;
+
+    @Test
+    public void roleTest() {
+        Map<String, String> properties = createDefaultProperties();
+        properties.put("azure.activedirectory.client-id", AAD_SINGLE_TENANT_CLIENT_ID_WITH_ROLE);
+        properties.put("azure.activedirectory.client-secret", AAD_SINGLE_TENANT_CLIENT_SECRET_WITH_ROLE);
+        aadSeleniumITHelper = new AADSeleniumITHelper(DumbApp.class, properties, AAD_USER_NAME_1, AAD_USER_PASSWORD_1);
+        aadSeleniumITHelper.logIn();
+        String httpResponse = aadSeleniumITHelper.httpGet("api/principalName");
+        Assert.assertTrue(httpResponse.contains(AAD_USER_NAME_1));
+    }
+
+    @After
+    public void destroy() {
+        aadSeleniumITHelper.destroy();
+    }
+
+    @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
+    @SpringBootApplication
+    @RestController
+    public static class DumbApp {
+
+        @GetMapping(value = "/api/principalName")
+        public ResponseEntity<String> home(Principal principal) {
+            String principalName = principal.getName();
+            LOGGER.info(principalName);
+            return ResponseEntity.ok(principalName);
+        }
+    }
+}

sdk/spring/azure-spring-boot/CHANGELOG.md

@@ -3,6 +3,7 @@
 ## 3.4.0-beta.1 (Unreleased)
 ### Key Bug Fixes
 - Fix bug of Keyvault refresh Timer task blocking application termination.
+- Fix bug that user-name-attribute cannot be configured. ([#20209](https://github.com/Azure/azure-sdk-for-java/issues/20209))
 
 ## 3.3.0 (2021-03-22)
 ### New Features

sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapi/AADResourceServerClientConfiguration.java

@@ -103,6 +103,7 @@ private ClientRegistration createOboClientBuilder(String id,
         result.redirectUri("{baseUrl}/login/oauth2/code/");
         result.clientId(properties.getClientId());
         result.clientSecret(properties.getClientSecret());
+        result.userNameAttributeName(properties.getUserNameAttribute());
 
         AADAuthorizationServerEndpoints endpoints = new AADAuthorizationServerEndpoints(
             properties.getBaseUri(), properties.getTenantId());

sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java

@@ -165,6 +165,7 @@ private ClientRegistration.Builder createClientBuilder(String id) {
         ClientRegistration.Builder result = ClientRegistration.withRegistrationId(id);
         result.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE);
         result.redirectUri("{baseUrl}/login/oauth2/code/");
+        result.userNameAttributeName(properties.getUserNameAttribute());
 
         result.clientId(properties.getClientId());
         result.clientSecret(properties.getClientSecret());

sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/autoconfigure/aad/AADAuthenticationProperties.java

@@ -44,6 +44,11 @@ public class AADAuthenticationProperties implements InitializingBean {
      */
     private String clientSecret;
 
+    /**
+     * Decide which claim to be principal's name..
+     */
+    private String userNameAttribute;
+
     /**
      * @deprecated Now the redirect-url-template is not configurable.
      * <p>
@@ -176,6 +181,14 @@ public void setClientSecret(String clientSecret) {
         this.clientSecret = clientSecret;
     }
 
+    public String getUserNameAttribute() {
+        return userNameAttribute;
+    }
+
+    public void setUserNameAttribute(String userNameAttribute) {
+        this.userNameAttribute = userNameAttribute;
+    }
+
     @Deprecated
     public String getRedirectUriTemplate() {
         return redirectUriTemplate;