Thursday 1 March 2018

Spring Security Azure AD: Wire up enterprise grade authentication and authorization

We are pleased to announce that Azure Active Directory (Azure AD) is integrated with Spring Security to secure your Java web applications. With only few lines of configurations, you can wire up enterprise grade authentication and authorization for your Spring Boot project.

With Spring Boot Starter for Azure AD, Java developers now can get started quickly to build the authentication workflow for a web application that uses Azure AD and OAuth 2.0 to secure its back end. It also enables developers to create a role based authorization workflow for a Web API secured by Azure AD with the power of the Spring Security.

Getting Started


Take the To-do App, which Erich Gamma showed on SpringOne 2017, as an example. The sample is composed of two layers: Angular JS client and Spring Boot RESTful web service. It illustrates the flow to login and retrieves user's information using AAD Graph API.

Authorization Flow Chart

The authorization flow is composed of 3 phrases:

1. Login with credentials and get validated through Azure AD.
2. Retrieve token and membership information from Azure AD Graph API.
3. Evaluate the membership for role-based authorization.

Azure Tutorials and Materials, Azure Learning, Azure Certifications, Azure Guides

Register a new application in Azure AD


To get started, first register a new application in Azure Active Directory. After the app is ready, generate a client key and grant permissions to the app.

Azure Tutorials and Materials, Azure Learning, Azure Certifications, Azure Guides

Features of Spring Security Azure AD


Use Spring Initializer to quick-start a new project with dependencies of Spring Security and Azure Active Directory. Specify the Azure AD connections and wire up AAD AuthFilter in your project. Now you can easily set up AAD authentication and role-based authorization with the following features:

◈ @PreAuthorize: Implement Spring’s @PreAuthorize annotation to provide method-level security with roles and permissions of logged-in users.

◈ isMemberOf(): provide access control with roles and permissions based on a specified Azure user group.

Azure Tutorials and Materials, Azure Learning, Azure Certifications, Azure Guides

Access Control with Azure AD Group


Run and test your app in a web browser. Now you can easily use Azure AD Group for access control by adding or removing group members.

Azure Tutorials and Materials, Azure Learning, Azure Certifications, Azure Guides

Azure Tutorials and Materials, Azure Learning, Azure Certifications, Azure Guides

Related Posts

1 comment:

  1. Can you please upload project of spring boot azure active directory authentication oauth2 without using mfa and spring security features

    ReplyDelete