以下是用于配置Spring Boot Web应用程序以使用Azure Active Directory身份验证的设置。
应用基于spring-boot-starter-parent:2。1。4。发布。
POM依赖项片段:
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-active-directory-spring-boot-starter</artifactId>
<version>2.1.6</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
的片段application.properties:
# Active Directory Authentication
spring.security.oauth2.client.registration.azure.client-id=109a3748-yada-yada-yada-f80c1f30621e
spring.security.oauth2.client.registration.azure.client-secret=OBAYaOKp-HwhateverIxFxY@?
azure.activedirectory.tenant-id=f447e5ca-yada-yada-yada-370ff157fdb6
azure.activedirectory.user-group.allowed-groups=group1, group2
azure.activedirectory.active-directory-groups=group1, group2
AADOAuth2LoginSecurityConfig.java:
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class AADOAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/**").hasRole("group1")
.anyRequest().authenticated()
.and()
.exceptionHandling().accessDeniedPage("/browse/403")
.and()
.oauth2Login()
.userInfoEndpoint()
.oidcUserService(oidcUserService);
}
}
我受制于JSP,因此请使用taglibs,例如:
<security:authorize access="hasRole('group1')">
Authorised users only
</security:authorize>
User's name: <security:authentication property="name"/>
Azure配置开始变得奇怪。 有一个关联的应用程序注册,其身份验证配置如下:
我有一个本地主机设置,允许http本地开发的前缀-那里没有错。
但是对于我的两个应用程序服务部署,我必须使用http而不是https (NB. my app is configured to accept only HTTPS), and I can only do this by selecting "Public client (mobile & desktop)".
如果我尝试使用https使用“ Web”类型时,在身份验证时出现以下错误: