Pomiń nawigację

Use Azure Active Directory with Spring Security 5.0 for OAuth 2.0

Opublikowano: 27 czerwca, 2018

Program Manager, Java on Azure

We are excited to announce that Spring Starter for Azure Active Directory (AD) is now integrated with Spring Security 5.0. It offers you an easy way to build OAuth2.0 authentication and authorization flow for your Java apps in the cloud, supporting both implicit and authorization code grant types. With only a few lines of configuration, you can build apps that perform authentication with Azure Active Directory OAuth2 and manage authorization with Azure Active Directory groups.


Spring Initializr

Get started

To start, open the Azure portal and register a new application in Azure Active Directory (AD). Next, grant permissions to the newly created application. Use Azure Active Directory’s group and member to set up the access rules. Add the Spring Security Azure AD library to your project. Depending on the kind of application that you’re building, choose from the following two authentication types to build up OAuth2.0 authentication and authorization flow. Learn more about Spring Starter for Azure Active Directory on GitHub.

Back-end authentication

Once the library of Spring Security Azure AD is added to the project, it will automatically map the Azure AD groups and Spring Security authorization logics. It allows developers to build the OAuth2.0 flow in the back end. To enable that, you only need to add the following configurations to specify the usage of OAuth2 User Service. Then you can use the annotation @PreAuthorize("hasRole('GROUP_NAME')") for role-based authorization. To learn more, please review our example on GitHub.

@Autowired
private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;

@Override
protected void configure(HttpSecurity http) throws Exception {
     http
             .authorizeRequests()
             .anyRequest().authenticated()
             .and()
             .oauth2Login()
             .userInfoEndpoint()
             .oidcUserService(oidcUserService);
}

Front-end authentication

For a Single Page Application (SPA) scenario, use Azure AD library for JavaScript to handle Azure AD authentication in the front end, and autowire the AADAuthenticationFilter in your Spring Boot project. Then you can use the annotation @PreAuthorize("hasRole('GROUP_NAME')") for role-based authorization. Learn more by reviewing the Azure Active Directory Spring Boot sample.

Next steps

Check out our project on GitHub and learn about Spring integrations with Azure services.

Feedback

Please share your feedback and ask questions to help us improve by commenting below or contacting us on GitHub.