-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support conditional access policy in obo flow. #18354
Conversation
han-gao
commented
Dec 25, 2020
•
edited by chenrujun
Loading
edited by chenrujun
- Fix AzureOAuthenticationFailureHandler not display error info in web page.
- Support conditional access policy in this flow: webapp -> webapi(obo) -> other-webapi
Hi, @han-gao , you can push to this branch forced to continue your task. |
@han-gao , Rename |
…to fix_not_error_info # Conflicts: # sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADAuthenticationFailureHandler.java
…to fix_not_error_info
...g-boot/src/main/java/com/azure/spring/aad/webapi/AADOAuth2OboAuthorizedClientRepository.java
Outdated
Show resolved
Hide resolved
...g-boot/src/main/java/com/azure/spring/aad/webapi/AADOAuth2OboAuthorizedClientRepository.java
Outdated
Show resolved
Hide resolved
...ring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java
Outdated
Show resolved
Hide resolved
...ring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java
Outdated
Show resolved
Hide resolved
...ring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java
Outdated
Show resolved
Hide resolved
...ring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java
Outdated
Show resolved
Hide resolved
...ring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java
Outdated
Show resolved
Hide resolved
...e-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebSecurityConfigurerAdapter.java
Outdated
Show resolved
Hide resolved
...e-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebSecurityConfigurerAdapter.java
Outdated
Show resolved
Hide resolved
.../azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/ConditionalAccessException.java
Outdated
Show resolved
Hide resolved
...g-boot/src/main/java/com/azure/spring/aad/webapi/AADOAuth2OboAuthorizedClientRepository.java
Outdated
Show resolved
Hide resolved
...ring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java
Outdated
Show resolved
Hide resolved
...ring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java
Outdated
Show resolved
Hide resolved
…to fix_not_error_info
Hi, @han-gao , please merge latest master branch to your feature branch. |
…to fix_not_error_info # Conflicts: # sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebSecurityConfigurerAdapter.java
...-samples/azure-spring-boot-sample-active-directory-webapp/src/main/resources/application.yml
Outdated
Show resolved
Hide resolved
...g-boot/src/main/java/com/azure/spring/aad/webapi/AADOAuth2OboAuthorizedClientRepository.java
Outdated
Show resolved
Hide resolved
...g-boot/src/main/java/com/azure/spring/aad/webapi/AADOAuth2OboAuthorizedClientRepository.java
Show resolved
Hide resolved
...-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADHandleConditionalAccessFilter.java
Outdated
Show resolved
Hide resolved
...-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADHandleConditionalAccessFilter.java
Outdated
Show resolved
Hide resolved
...-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADHandleConditionalAccessFilter.java
Outdated
Show resolved
Hide resolved
...-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADHandleConditionalAccessFilter.java
Outdated
Show resolved
Hide resolved
...ring/azure-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebAppConfiguration.java
Outdated
Show resolved
Hide resolved
...e-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebSecurityConfigurerAdapter.java
Outdated
Show resolved
Hide resolved
…to fix_not_error_info # Conflicts: # sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-webapp/src/main/resources/application.yml # sdk/spring/azure-spring-boot/pom.xml
…to fix_not_error_info
...e-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebSecurityConfigurerAdapter.java
Outdated
Show resolved
Hide resolved
...g-boot/src/main/java/com/azure/spring/aad/webapi/AADOAuth2OboAuthorizedClientRepository.java
Outdated
Show resolved
Hide resolved
...g-boot/src/main/java/com/azure/spring/aad/webapi/AADOAuth2OboAuthorizedClientRepository.java
Show resolved
Hide resolved
...e-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebSecurityConfigurerAdapter.java
Outdated
Show resolved
Hide resolved
...e-spring-boot/src/main/java/com/azure/spring/aad/webapp/AADWebSecurityConfigurerAdapter.java
Outdated
Show resolved
Hide resolved
@@ -51,7 +50,8 @@ protected void configure(HttpSecurity http) throws Exception { | |||
.and() | |||
.logout() | |||
.logoutSuccessHandler(oidcLogoutSuccessHandler()) | |||
.and(); | |||
.and() | |||
.addFilterBefore(new AADHandleConditionalAccessFilter(), ExceptionTranslationFilter.class); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By doing this, do you mean ExceptionTranslationFilter
will always exist in context?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this filter handles most authorization failures and always loaded into the filterchain.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Add comments in java code about how conditional access work.
- Add content in readme about how to use conditional access.
You can do these after you finished adding integration test.
/azp run java - spring - tests |
Azure Pipelines successfully started running 1 pipeline(s). |
Hi, @han-gao , please merge latest master branch to your feature branch. |
…to fix_not_error_info
/azp run java - spring - tests |
Azure Pipelines successfully started running 1 pipeline(s). |
Adding Microsoft.App stable version 2022-03-01 (Azure#18356) * Adds base for updating Microsoft.App from version preview/2022-01-01-preview to version 2022-03-01 * Updates readme * Updates API version in new specs and examples * refactore properties (Azure#18137) * [Non Break Change]Update to use easy auth v2 same as Web App (Azure#18143) (Azure#18217) * Update auth config to use the same auth config in App Service * Update for spell check * Remove TokenStore/ConfigFilePath as not supported for ContainerApp * Copy AuthConfig from previous version (Azure#18221) * Copy updated AuthConfig from previous version * Add suppression * Add API for checkNameAvailability in 2022-03-01 (Azure#18204) * add API * update * fix * update * update * Add label property (Azure#18280) * Add label property * fix prettier Co-authored-by: Juliehzl <zuh@microsoft.com> * refactor sc properties in 03-01 (Azure#18343) * refactor sc properties in 03-01 * Revert "refactore properties (Azure#18137)" This reverts commit 4fe86bce74ae6a3566388d0a1037cb35be8a23e7. * add odata query (Azure#18364) * Updating patch spec. (Azure#18354) * Updating patch spec. * Fix linter * prettier fix * Adding x-ms-long-running-operation Co-authored-by: Ruslan Yakushev 🚴 <1664475+ruslany@users.noreply.github.com> Co-authored-by: Xingjian Wang <79332479+xwang971@users.noreply.github.com> Co-authored-by: erich-wang <eriwan@microsoft.com> Co-authored-by: Zunli Hu <zuh@microsoft.com> Co-authored-by: Michael Dai <michaelkira@live.cn> Co-authored-by: Vaclav Turecek <vturecek@microsoft.com>