Update condition in @ConditionalOnProperty, add some comments. (Azure…

…#16449) * Update condition in @ConditionalOnProperty, add some comments. Co-authored-by: Rujun Chen <[email protected]>
AzureSDKAutomation · Oct 19, 2020 · 0d7301c · 0d7301c
1 parent e18e1ef
commit 0d7301c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 20 deletions.
diff --git a/...ain/java/com/azure/spring/autoconfigure/aad/AADAuthenticationFilterAutoConfiguration.java b/...ain/java/com/azure/spring/autoconfigure/aad/AADAuthenticationFilterAutoConfiguration.java
@@ -49,13 +49,13 @@ public class AADAuthenticationFilterAutoConfiguration {
     public static final String PROPERTY_PREFIX = "azure.activedirectory";
     private static final Logger LOG = LoggerFactory.getLogger(AADAuthenticationProperties.class);
 
-    private final AADAuthenticationProperties aadAuthProps;
-    private final ServiceEndpointsProperties serviceEndpointsProps;
+    private final AADAuthenticationProperties aadAuthenticationProperties;
+    private final ServiceEndpointsProperties serviceEndpointsProperties;
 
-    public AADAuthenticationFilterAutoConfiguration(AADAuthenticationProperties aadAuthFilterProps,
-                                                    ServiceEndpointsProperties serviceEndpointsProps) {
-        this.aadAuthProps = aadAuthFilterProps;
-        this.serviceEndpointsProps = serviceEndpointsProps;
+    public AADAuthenticationFilterAutoConfiguration(AADAuthenticationProperties aadAuthenticationProperties,
+                                                    ServiceEndpointsProperties serviceEndpointsProperties) {
+        this.aadAuthenticationProperties = aadAuthenticationProperties;
+        this.serviceEndpointsProperties = serviceEndpointsProperties;
     }
 
     /**
@@ -65,13 +65,14 @@ public AADAuthenticationFilterAutoConfiguration(AADAuthenticationProperties aadA
      */
     @Bean
     @ConditionalOnMissingBean(AADAuthenticationFilter.class)
-    @ConditionalOnProperty(prefix = PROPERTY_PREFIX, value = {"client-id", "client-secret"})
     @ConditionalOnExpression("${azure.activedirectory.session-stateless:false} == false")
+    // client-id and client-secret used to: get graphApiToken -> groups
+    @ConditionalOnProperty(prefix = PROPERTY_PREFIX, value = {"client-id", "client-secret"})
     public AADAuthenticationFilter azureADJwtTokenFilter() {
         LOG.info("AzureADJwtTokenFilter Constructor.");
         return new AADAuthenticationFilter(
-            aadAuthProps,
-            serviceEndpointsProps,
+            aadAuthenticationProperties,
+            serviceEndpointsProperties,
             getJWTResourceRetriever(),
             getJWKSetCache()
         );
@@ -80,15 +81,16 @@ public AADAuthenticationFilter azureADJwtTokenFilter() {
     @Bean
     @ConditionalOnMissingBean(AADAppRoleStatelessAuthenticationFilter.class)
     @ConditionalOnExpression("${azure.activedirectory.session-stateless:false} == true")
+    // client-id used to: userPrincipalManager.getValidator
+    @ConditionalOnProperty(prefix = PROPERTY_PREFIX, value = {"client-id"})
     public AADAppRoleStatelessAuthenticationFilter azureADStatelessAuthFilter(ResourceRetriever resourceRetriever) {
         LOG.info("Creating AzureADStatelessAuthFilter bean.");
-        final boolean useExplicitAudienceCheck = true;
         return new AADAppRoleStatelessAuthenticationFilter(
             new UserPrincipalManager(
-                serviceEndpointsProps,
-                aadAuthProps,
+                serviceEndpointsProperties,
+                aadAuthenticationProperties,
                 resourceRetriever,
-                useExplicitAudienceCheck
+                true
             )
         );
     }
@@ -97,21 +99,21 @@ public AADAppRoleStatelessAuthenticationFilter azureADStatelessAuthFilter(Resour
     @ConditionalOnMissingBean(ResourceRetriever.class)
     public ResourceRetriever getJWTResourceRetriever() {
         return new DefaultResourceRetriever(
-            aadAuthProps.getJwtConnectTimeout(),
-            aadAuthProps.getJwtReadTimeout(),
-            aadAuthProps.getJwtSizeLimit()
+            aadAuthenticationProperties.getJwtConnectTimeout(),
+            aadAuthenticationProperties.getJwtReadTimeout(),
+            aadAuthenticationProperties.getJwtSizeLimit()
         );
     }
 
     @Bean
     @ConditionalOnMissingBean(JWKSetCache.class)
     public JWKSetCache getJWKSetCache() {
-        return new DefaultJWKSetCache(aadAuthProps.getJwkSetCacheLifespan(), TimeUnit.MILLISECONDS);
+        return new DefaultJWKSetCache(aadAuthenticationProperties.getJwkSetCacheLifespan(), TimeUnit.MILLISECONDS);
     }
 
     @PostConstruct
     private void sendTelemetry() {
-        if (aadAuthProps.isAllowTelemetry()) {
+        if (aadAuthenticationProperties.isAllowTelemetry()) {
             final Map<String, String> events = new HashMap<>();
             final TelemetrySender sender = new TelemetrySender();
             events.put(SERVICE_NAME, getClassPackageSimpleName(AADAuthenticationFilterAutoConfiguration.class));

diff --git a/...ing-boot/src/main/java/com/azure/spring/autoconfigure/aad/AADOAuth2AutoConfiguration.java b/...ing-boot/src/main/java/com/azure/spring/autoconfigure/aad/AADOAuth2AutoConfiguration.java
@@ -37,15 +37,20 @@
 /**
  * {@link EnableAutoConfiguration Auto-configuration} for Azure Active Authentication OAuth 2.0.
  * <p>
- * The configuration will not be activated if no {@literal azure.activedirectory.tenant-id} property provided.
+ * The configuration will be activated when configured:
+ * 1. {@literal azure.activedirectory.client-id}
+ * 2. {@literal azure.activedirectory.client-secret}
+ * 3. {@literal azure.activedirectory.tenant-id}
+ * client-id, client-secret, tenant-id used in ClientRegistration.
+ * client-id, client-secret also used to get graphApiToken, then get groups.
  * <p>
  * A OAuth2 user service {@link AADOAuth2UserService} will be auto-configured by specifying {@literal
  * azure.activedirectory.user-group.allowed-groups} property.
  */
 @Configuration
 @ConditionalOnResource(resources = "classpath:aad.enable.config")
 @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
-@ConditionalOnProperty(prefix = "azure.activedirectory", value = "tenant-id")
+@ConditionalOnProperty(prefix = "azure.activedirectory", value = {"client-id", "client-secret", "tenant-id"})
 @PropertySource(value = "classpath:service-endpoints.properties")
 @EnableConfigurationProperties({ AADAuthenticationProperties.class, ServiceEndpointsProperties.class })
 public class AADOAuth2AutoConfiguration {