Azure Active Directory, Azure Spring Cloud, Compute, How to, Identity
Spring Security Azure AD: Wire up enterprise grade authentication and authorization
By Yitao Dong Program Manager, Java on Azure
2 min read
We are pleased to announce that Azure Active Directory (Azure AD) is integrated with Spring Security to secure your Java web applications. With only few lines of configurations, you can wire up enterprise grade authentication and authorization for your Spring Boot project.
With Spring Boot Starter for Azure AD, Java developers now can get started quickly to build the authentication workflow for a web application that uses Azure AD and OAuth 2.0 to secure its back end. It also enables developers to create a role based authorization workflow for a Web API secured by Azure AD with the power of the Spring Security.
Take the To-do App, which Erich Gamma showed on SpringOne 2017, as an example. The sample is composed of two layers: Angular JS client and Spring Boot RESTful web service. It illustrates the flow to login and retrieves user's information using AAD Graph API.
Authorization Flow Chart
The authorization flow is composed of 3 phrases:
- Login with credentials and get validated through Azure AD.
- Retrieve token and membership information from Azure AD Graph API.
- Evaluate the membership for role-based authorization.
Register a new application in Azure AD
To get started, first register a new application in Azure Active Directory. After the app is ready, generate a client key and grant permissions to the app.
Features of Spring Security Azure AD
Use Spring Initializer to quick-start a new project with dependencies of Spring Security and Azure Active Directory. Specify the Azure AD connections and wire up AAD AuthFilter in your project. Now you can easily set up AAD authentication and role-based authorization with the following features:
- @PreAuthorize: Implement Spring’s @PreAuthorize annotation to provide method-level security with roles and permissions of logged-in users.
- isMemberOf(): provide access control with roles and permissions based on a specified Azure user group.
Access Control with Azure AD Group
Run and test your app in a web browser. Now you can easily use Azure AD Group for access control by adding or removing group members.
For more information about using Spring on Azure, visit the following pages:
- GitHub: Spring Boot Starters for Azure Services
- Tutorial: Spring on Azure Homepage
- Tutorial: Java support on Azure Homepage
Please share your feedback and ask questions to help us improve. You can contact us on Gitter.