Add scope when get token (#67)

* add scope when get token

* adding scope

adding scope

* fix code

* remove main

* Update SECURITY.md

* upgrade spring version

* Update SECURITY.md

* Update SECURITY.md

* Update code

* update

* Update mlc_config.json

* Update custom-config-server-client/README.md

Co-authored-by: Xiaolu Dai <31124698+saragluna@users.noreply.github.com>

* update pom

* Update CustomBootstrapRegistryInitializer.java

* Update spring.factories

* Update setup-env-variables-template.sh

---------

Co-authored-by: Xiaoyun Ding <xiading@microsoft.com>
Co-authored-by: yorkzhang <yorkzhangsir@gmail.com>
Co-authored-by: Dingmeng Xue <dixue@microsoft.com>
Co-authored-by: Xiaolu Dai <31124698+saragluna@users.noreply.github.com>

.github/workflows/mlc_config.json

@@ -16,5 +16,8 @@
         "pattern": "^http://proxyserver"
       }
     ],
+    "timeout": "20s",
+    "retryOn429": true,
+    "retryCount": 5,
     "aliveStatusCodes": [200]
   }

SECURITY.md

@@ -4,17 +4,17 @@
 
 Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
 
-If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://www.microsoft.com/msrc/definition-of-a-security-vulnerability), please report it to us as described below.
 
 ## Reporting Security Issues
 
 **Please do not report security vulnerabilities through public GitHub issues.**
 
 Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
 
-If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/msrc/pgp-key-msrc).
 
-You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
 
 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
 
@@ -28,7 +28,7 @@ Please include the requested information listed below (as much as you can provid
 
 This information will help us triage your report more quickly.
 
-If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://www.microsoft.com/msrc/bounty) page for more details about our active programs.
 
 ## Preferred Languages
 

custom-config-server-client/README.md

@@ -1,62 +1,87 @@
 # Access Azure Spring Apps managed Config Server
 
-This sample shows how to access Azure Spring Apps managed Config Server through Azure RBAC when your applications are running outside Azure Spring Apps.
+> [!NOTE]
+> This sample project applies to Azure Spring Apps standard pricing plan.
+
+As Config Server is a protected resource in Azure Spring Apps service, the client from outside needs to [customize the request](https://docs.spring.io/spring-cloud-config/docs/current/reference/html/#custom-rest-template) when using Config Data or Bootstrap. Since Spring Boot 2.4, the latter approach has been deprecated. This sample shows how to custom RestTemplate using Config Data and send Bearer token in the `Authorization` header to access Config Server.
 
 ## Prerequisite
 
-* [JDK 8](https://docs.microsoft.com/azure/java/jdk/java-jdk-install)
+* [JDK 17](https://docs.microsoft.com/azure/java/jdk/java-jdk-install)
 * [Maven 3.0 and above](http://maven.apache.org/install.html)
-* [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest) or [Azure Cloud Shell](https://docs.microsoft.com/azure/cloud-shell/overview)
+* [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli) or [Azure Cloud Shell](https://docs.microsoft.com/azure/cloud-shell/overview)
 
-## How to run
+## Prepare your sample applications
 
-1. Clone this repo and go to folder
+Clone the sample repository to your develop environment. 
+```bash
+git clone https://github.com/Azure-Samples/Azure-Spring-Cloud-Samples
+cd Azure-Spring-Cloud-Samples/custom-config-server-client
+```
 
-    ```bash
-    git clone https://github.com/Azure-Samples/Azure-Spring-Cloud-Samples
-    cd Azure-Spring-Cloud-Samples/custom-config-server-client
-    ```
+## Provision your Azure Spring Apps instance
+Please reference doc to provision Azure Spring Apps instance: https://learn.microsoft.com/azure/spring-apps/quickstart?pivots=sc-standard
 
-1. Install Azure CLI extension for Azure Spring Apps
+Create environment variables file `setup-env-variables.sh` based on template. 
+```bash
+cp setup-env-variables-template.sh setup-env-variables.sh
+```
 
-    ```bash
-    az extension add --name spring-cloud
-    ```
+Update below resource information in `setup-env-variables.sh`.
+```bash
+export SUBSCRIPTION='subscription-id'                 # replace it with your subscription-id
+export RESOURCE_GROUP='resource-group-name'           # existing resource group or one that will be created in next steps
+export SPRING_APPS_SERVICE='azure-spring-apps-name'   # name of the service that will be created in the next steps
+```
 
-1. Create an instance of Azure Spring Apps
+Source setting.
+```bash
+source ./setup-env-variables.sh
+```
 
-    ```bash
-    az spring-cloud create -n <service name> -g <resource group name>
-    ```
+Update default subscription.
+```bash
+az account set --subscription ${SUBSCRIPTION}
+```
+
+## Create and Configure Azure Spring Service instance in Standard Pricing Plan
+```bash
+# Install Azure CLI extension for Azure Spring Apps
+az extension add --name spring
+
+# Create an instance of Azure Spring Apps
+az spring create -g ${RESOURCE_GROUP} -n ${SPRING_APPS_SERVICE}
+
+# Using piggymetrics-config as the backend git repo from which Azure Spring Apps to pull config
+az spring config-server git set -g ${RESOURCE_GROUP} -n ${SPRING_APPS_SERVICE} --uri "https://github.com/Azure-Samples/piggymetrics-config.git"
+```
+
+## Create Microsoft Entra Service Principal for Sample App
 
-1. Using piggymetrics-config as the backend git repo from which Azure Spring Apps to pull config
-
-    ```bash
-    az spring-cloud config-server git set --name <service name> --uri "https://github.com/Azure-Samples/piggymetrics-config.git"
-    ```
-
 1. Create a service principal to access the Config Server in your application. Please mark down 
-    ```bash
-    az ad sp create-for-rbac --scopes /subscriptions/<subscription id>/resourceGroups/<resource group name>/providers/Microsoft.AppPlatform/Spring/<service name> --role "Azure Spring Cloud Config Server Reader"
-    ```
-   The output includes credentials you will need in the next step.
+  ```bash
+  # Get resource id of service instance
+  RESOURCE_ID=$(az spring show -g ${RESOURCE_GROUP} -n ${SPRING_APPS_SERVICE} --query id -o tsv)
+
+  # Create service principal and create role assignment
+  az ad sp create-for-rbac --scopes ${RESOURCE_ID} --role "Azure Spring Cloud Config Server Reader"
+  ```
+
+  The output includes credentials you will need in the next step.
 
 1. Update the `application.properties` under `src/main/resources` with the credentials you get above and your Azure Spring Apps instance.
     ```properties
-    spring.cloud.config.uri=https://<service name>.svc.asc-test.net/config
+    spring.config.import=configserver:https://<service name>.svc.asc-test.net/config
     access.token.clientId=<appId>
     access.token.secret=<password>
     access.token.tenantId=<tenant>
     ```
 
-1. Package the app using maven and run it locally
-    ```bash
-    mvn clean package -D skipTests
-    mvn spring-boot:run
-    ```
-
-1. The endpoint should be access now with the configuration content
-    ```bash
-   curl http://127.0.0.1:8080/config
-   20000%
-    ```
+## Execute Sample App
+```bash
+mvn clean package -D skipTests
+mvn spring-boot:run
+
+# Get output of config and check its value
+curl http://127.0.0.1:8080/config
+```