Create new test module: azure-spring-boot-test-aad-resource-server

eng/versioning/version_client.txt

@@ -142,6 +142,8 @@ com.azure.spring:azure-spring-data-gremlin;2.3.1-beta.1;2.3.1-beta.1
 com.azure.spring:azure-spring-boot-starter-data-gremlin;3.0.0-beta.1;3.0.0-beta.1
 com.azure.spring:azure-spring-boot-test-aad;1.0.0;1.0.0
 com.azure.spring:azure-spring-boot-test-aad-obo;1.0.0;1.0.0
+com.azure.spring:azure-spring-boot-test-aad-resource-server;1.0.0;1.0.0
+com.azure.spring:azure-spring-boot-test-aad-resource-server-by-filter;1.0.0;1.0.0
 com.azure.spring:azure-spring-boot-test-core;1.0.0;1.0.0
 com.azure.spring:azure-spring-boot-test-cosmosdb;1.0.0;1.0.0
 com.azure.spring:azure-spring-boot-test-keyvault;1.0.0;1.0.0

sdk/spring/azure-spring-boot-test-aad/HOW_TO_RUN_AAD_INTEGRATION_TEST_IN_LOCALHOST.md → sdk/spring/HOW_TO_RUN_AAD_INTEGRATION_TEST_IN_LOCALHOST.md

@@ -60,8 +60,11 @@ Get `AAD_TENANT_ID_2`, `AAD_USER_NAME_2`, `AAD_USER_PASSWORD_2` with the same me
 
 4. Add API permissions. Grant admin consent.
 ![add-api-permission](images/add-api-permission.png)
+
+5. Expose API: `ResourceAccessGraph.Read`, `TestScope1`, `TestScope2`.
+![expose-api](images/expose-api.png)
 
-5. Now we get value of `AAD_MULTI_TENANT_CLIENT_ID`, `AAD_MULTI_TENANT_CLIENT_SECRET`.
+6. Now we get value of `AAD_MULTI_TENANT_CLIENT_ID`, `AAD_MULTI_TENANT_CLIENT_SECRET`.
 
 ### `AAD_SINGLE_TENANT_CLIENT_ID`, `AAD_SINGLE_TENANT_CLIENT_SECRET`
 Get `AAD_SINGLE_TENANT_CLIENT_ID`, `AAD_SINGLE_TENANT_CLIENT_SECRET` with the same method.
@@ -102,10 +105,22 @@ $env:AAD_SINGLE_TENANT_CLIENT_SECRET_WITH_ROLE='xxxxxxxx'
 ```
 
 ## Run AAD integration test by maven.
-Command:
+azure-spring-boot-test-aad:
 ```
 mvn -f .\sdk\spring\azure-spring-boot-test-aad\pom.xml --fail-at-end "-Dmaven.javadoc.skip=true" "-Drevapi.skip=true" "-DskipSpringITs=false" verify
 ```
+azure-spring-boot-test-aad-obo:
+```
+mvn -f .\sdk\spring\azure-spring-boot-test-aad-obo\pom.xml --fail-at-end "-Dmaven.javadoc.skip=true" "-Drevapi.skip=true" "-DskipSpringITs=false" verify
+```
+azure-spring-boot-test-aad-resource-server:
+```
+mvn -f .\sdk\spring\azure-spring-boot-test-aad-resource-server\pom.xml --fail-at-end "-Dmaven.javadoc.skip=true" "-Drevapi.skip=true" "-DskipSpringITs=false" verify
+```
+azure-spring-boot-test-aad-resource-server-by-filter:
+```
+mvn -f .\sdk\spring\azure-spring-boot-test-aad-resource-server-by-filter\pom.xml --fail-at-end "-Dmaven.javadoc.skip=true" "-Drevapi.skip=true" "-DskipSpringITs=false" verify
+```
 
 
 [Create a new tenant in Azure Active Directory]: https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-access-create-new-tenant

sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-stateless/README.md → sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-by-filter-stateless/README.md

@@ -91,7 +91,7 @@ data: {
 
 ### Run with Maven
 ```shell
-cd azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-stateless
+cd azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-by-filter-stateless
 mvn spring-boot:run
 ```
 

sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-stateless/pom.xml → sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-by-filter-stateless/pom.xml

@@ -11,7 +11,7 @@
   </parent>
 
   <groupId>com.azure.spring</groupId>
-  <artifactId>azure-spring-boot-sample-active-directory-resource-server-stateless</artifactId>
+  <artifactId>azure-spring-boot-sample-active-directory-resource-server-by-filter-stateless</artifactId>
   <version>1.0.0</version>
 
   <name>Azure Spring Boot Starter Sample - Azure AD Stateless Spring Security Integration</name>

sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-with-filter/README.md → sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-by-filter/README.md

@@ -37,7 +37,7 @@ From your command line:
 ```command line
 git clone https://github.com/Azure/azure-sdk-for-java.git
 ```
-or download and extract the repository .zip file, and navigate to `azure-spring-boot-sample-active-directory-resource-server-with-filter` from the list of samples.
+or download and extract the repository .zip file, and navigate to `azure-spring-boot-sample-active-directory-resource-server-by-filter` from the list of samples.
 
 ---
 ### Step 2:  Register the sample with your Azure Active Directory tenant
@@ -140,7 +140,7 @@ msalProvider.init(
 
 * Run with Maven 
  ```
- cd azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-with-filter
+ cd azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-by-filter
  mvn spring-boot:run
  ```
 

sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-with-filter/pom.xml → sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-by-filter/pom.xml

@@ -10,7 +10,7 @@
   </parent>
 
   <groupId>com.azure.spring</groupId>
-  <artifactId>azure-spring-boot-sample-active-directory-resource-server-with-filter</artifactId>
+  <artifactId>azure-spring-boot-sample-active-directory-resource-server-by-filter</artifactId>
   <version>1.0.0</version>
   <packaging>jar</packaging>
 

sdk/spring/azure-spring-boot-starter-active-directory/README.md

@@ -16,7 +16,7 @@ With Spring Starter for Azure Active Directory, now you can get started quickly
 * **Create a client secret key for the application**: Go to API ACCESS - Keys to create a secret key (`client-secret`).
 
 ### Include the package
-To use this starter in an web application, please add following packages:
+To use this starter in a web application, please add following packages:
 
 [//]: # "{x-version-update-start;com.azure.spring:azure-spring-boot-starter-active-directory;current}"
 ```xml
@@ -26,13 +26,13 @@ To use this starter in an web application, please add following packages:
     <version>3.2.0-beta.1</version>
 </dependency>
 <dependency>
-    <groupId>org.springframework.security</groupId>
-    <artifactId>spring-security-oauth2-client</artifactId>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-oauth2-client</artifactId>
 </dependency>
 ```
 [//]: # "{x-version-update-end}"
 
-To use this starter in a resource server, please add following packages:
+To use this starter in a resource server without OBO function, please add following packages:
 
 [//]: # "{x-version-update-start;com.azure.spring:azure-spring-boot-starter-active-directory;current}"
 ```xml
@@ -42,12 +42,28 @@ To use this starter in a resource server, please add following packages:
     <version>3.2.0-beta.1</version>
 </dependency>
 <dependency>
-    <groupId>org.springframework.security</groupId>
-    <artifactId>spring-security-oauth2-client</artifactId>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+</dependency>
+```
+[//]: # "{x-version-update-end}"
+
+To use this starter in a resource server with OBO function, please add following packages:
+
+[//]: # "{x-version-update-start;com.azure.spring:azure-spring-boot-starter-active-directory;current}"
+```xml
+<dependency>
+    <groupId>com.azure.spring</groupId>
+    <artifactId>azure-spring-boot-starter-active-directory</artifactId>
+    <version>3.0.0-beta.1</version>
+</dependency>
+<dependency>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
 </dependency>
 <dependency>
-    <groupId>org.springframework.security</groupId>
-    <artifactId>spring-security-oauth2-resource-server</artifactId>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-oauth2-client</artifactId>
 </dependency>
 ```
 [//]: # "{x-version-update-end}"
@@ -299,7 +315,7 @@ azure:
 ```
 
 ### Authenticate in web APIs [Web APIs]
-Please refer to [azure-spring-boot-sample-active-directory-resource-server-with-filter] for how to integrate Spring Security and Azure AD for authentication and authorization in a Single Page Application (SPA) scenario.
+Please refer to [azure-spring-boot-sample-active-directory-resource-server-by-filter] for how to integrate Spring Security and Azure AD for authentication and authorization in a Single Page Application (SPA) scenario.
 
 #### Configure application.yml:
 ```yaml
@@ -402,7 +418,7 @@ The following section provides sample projects illustrating how to use the start
 - [Azure Active Directory for Web apps][azure-spring-boot-sample-active-directory-webapp]
 - [Azure Active Directory for Web APIs][azure-spring-boot-sample-active-directory-resource-server]
 - [Azure Active Directory for On-Behalf-Of flow][azure-spring-boot-sample-active-directory-resource-server-obo]
-- [Azure Active Directory for Resource Server with Filter(Deprecated)][azure-spring-boot-sample-active-directory-resource-server-with-filter]
+- [Azure Active Directory for Resource Server by Filter(Deprecated)][azure-spring-boot-sample-active-directory-resource-server-by-filter]
 
 ## Contributing
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
@@ -414,7 +430,7 @@ Please follow [instructions here] to build from source or contribute.
 [azure-spring-boot-sample-active-directory-webapp]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-webapp
 [azure-spring-boot-sample-active-directory-resource-server]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server/README.md
 [azure-spring-boot-sample-active-directory-resource-server-obo]: https://github.com/ZhuXiaoBing-cn/azure-sdk-for-java/tree/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-obo
-[azure-spring-boot-sample-active-directory-resource-server-with-filter]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-with-filter
+[azure-spring-boot-sample-active-directory-resource-server-by-filter]: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-by-filter
 [AAD App Roles feature]: https://docs.microsoft.com/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles
 [client credentials grant flow]: https://docs.microsoft.com/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow
 [configured in your manifest]: https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps#examples

sdk/spring/azure-spring-boot-starter/README.md

@@ -27,7 +27,7 @@ This starter brings auto configuration code for all Azure Spring modules, but to
 ## Examples
 The following section provides sample projects illustrating how to use the Azure Spring Boot starters.
 ### More sample code
-- [Azure Active Directory for Resource Server with Filter(Deprecated)](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-with-filter)
+- [Azure Active Directory for Resource Server by Filter(Deprecated)](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-by-filter)
 - [Azure Active Directory for Web Application](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-webapp)
 - [Azure Active Directory B2C](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-b2c-oidc)
 - [Cosmos DB SQL API](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-cosmos)
@@ -57,7 +57,7 @@ For more information about setting logging in spring, please refer to the [offic
 ## Next steps
 The following section provides sample projects illustrating how to use the Azure Spring Boot starters.
 ### More sample code
-- [Azure Active Directory for Resource Server with Filter(Deprecated)](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-with-filter)
+- [Azure Active Directory for Resource Server by Filter(Deprecated)](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-resource-server-by-filter)
 - [Azure Active Directory for Web Application](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-webapp)
 - [Azure Active Directory B2C](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-b2c-oidc)
 - [Cosmos DB SQL API](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-cosmos)

sdk/spring/azure-spring-boot-test-aad-obo/pom.xml

@@ -15,32 +15,37 @@
   <version>1.0.0</version> <!-- {x-version-update;com.azure.spring:azure-spring-boot-test-aad-obo;current} -->
 
   <dependencies>
-    <dependency>
-      <groupId>com.azure.spring</groupId>
-      <artifactId>azure-spring-boot-test-core</artifactId>
-      <version>1.0.0</version> <!-- {x-version-update;com.azure.spring:azure-spring-boot-test-core;current} -->
-    </dependency>
     <dependency>
       <groupId>com.azure.spring</groupId>
       <artifactId>azure-spring-boot-starter-active-directory</artifactId>
       <version>3.2.0-beta.1</version> <!-- {x-version-update;com.azure.spring:azure-spring-boot-starter-active-directory;current} -->
     </dependency>
+
+    <!-- spring boot starter dependencies. -->
     <dependency>
-      <groupId>org.springframework.security</groupId>
-      <artifactId>spring-security-oauth2-resource-server</artifactId>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-oauth2-client</artifactId>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-test</artifactId>
-      <scope>test</scope>
+      <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-web</artifactId>
     </dependency>
+
+    <!-- test dependencies. -->
+    <dependency>
+      <groupId>com.azure.spring</groupId>
+      <artifactId>azure-spring-boot-test-core</artifactId>
+      <version>1.0.0</version> <!-- {x-version-update;com.azure.spring:azure-spring-boot-test-core;current} -->
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-oauth2-client</artifactId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <scope>test</scope>
     </dependency>
   </dependencies>
 

sdk/spring/azure-spring-boot-test-aad-obo/src/test/java/com/azure/test/aad/webapi/AADWebApiOboIT.java

@@ -3,20 +3,15 @@
 
 package com.azure.test.aad.webapi;
 
-import com.azure.test.oauth.OAuthResponse;
-import com.azure.test.oauth.OAuthUtils;
-import com.azure.test.utils.AppRunner;
+import com.azure.spring.test.aad.AADWebApiITHelper;
+import com.azure.spring.test.AppRunner;
+import org.junit.Before;
 import org.junit.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
-import org.springframework.http.HttpEntity;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -34,56 +29,49 @@
 import org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.client.RestTemplate;
 import org.springframework.web.reactive.function.client.WebClient;
 
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.Map;
 import java.util.function.Consumer;
 
-import static com.azure.test.oauth.OAuthUtils.AAD_MULTI_TENANT_CLIENT_ID;
-import static com.azure.test.oauth.OAuthUtils.AAD_MULTI_TENANT_CLIENT_SECRET;
+import static com.azure.spring.test.aad.EnvironmentVariables.AAD_MULTI_TENANT_CLIENT_ID;
+import static com.azure.spring.test.aad.EnvironmentVariables.AAD_MULTI_TENANT_CLIENT_SECRET;
+import static com.azure.spring.test.aad.EnvironmentVariables.MULTI_TENANT_SCOPE_GRAPH_READ;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
 import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient;
 
 public class AADWebApiOboIT {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(AADWebApiOboIT.class);
-
     private static final String GRAPH_ME_ENDPOINT = "https://graph.microsoft.com/v1.0/me";
 
-    private final RestTemplate restTemplate = new RestTemplate();
+    private AADWebApiITHelper aadWebApiITHelper;
+
+    @Before
+    public void init() {
+        Map<String, String> properties = new HashMap<>();
+        properties.put("azure.activedirectory.client-id", AAD_MULTI_TENANT_CLIENT_ID);
+        properties.put("azure.activedirectory.client-secret", AAD_MULTI_TENANT_CLIENT_SECRET);
+        properties.put("azure.activedirectory.app-id-uri", "api://" + AAD_MULTI_TENANT_CLIENT_ID);
+        properties.put("azure.activedirectory.authorization-clients.graph.scopes",
+            "https://graph.microsoft.com/User.Read");
+        aadWebApiITHelper = new AADWebApiITHelper(
+            DumbApp.class,
+            properties,
+            AAD_MULTI_TENANT_CLIENT_ID,
+            AAD_MULTI_TENANT_CLIENT_SECRET,
+            Collections.singletonList(MULTI_TENANT_SCOPE_GRAPH_READ));
+    }
 
     @Test
     public void testCallGraph() {
-        this.runApp(app -> {
-            final OAuthResponse authResponse = OAuthUtils.executeOAuth2ROPCFlow(
-                System.getenv(AAD_MULTI_TENANT_CLIENT_ID), System.getenv(AAD_MULTI_TENANT_CLIENT_SECRET));
-            assertNotNull(authResponse);
-
-            final HttpHeaders headers = new HttpHeaders();
-            headers.set("Authorization", String.format("Bearer %s", authResponse.getAccessToken()));
-            HttpEntity<Object> entity = new HttpEntity<>(headers);
-            final ResponseEntity<String> response = restTemplate.exchange(
-                app.root() + "/call-graph",
-                HttpMethod.GET,
-                entity,
-                String.class,
-                new HashMap<>()
-            );
-            assertEquals(HttpStatus.OK, response.getStatusCode());
-            assertEquals("Graph response success.", response.getBody());
-        });
+        assertEquals("Graph response success.", aadWebApiITHelper.httpGetStringByAccessToken("call-graph"));
     }
 
     private void runApp(Consumer<AppRunner> command) {
         try (AppRunner app = new AppRunner(AADWebApiOboIT.DumbApp.class)) {
-            final String clientId = System.getenv(AAD_MULTI_TENANT_CLIENT_ID);
-            final String clientSecret = System.getenv(AAD_MULTI_TENANT_CLIENT_SECRET);
-            app.property("azure.activedirectory.client-id", clientId);
-            app.property("azure.activedirectory.client-secret", clientSecret);
-            app.property("azure.activedirectory.app-id-uri", "api://" + clientId);
-            app.property("azure.activedirectory.authorization-clients.graph.scopes", "https://graph.microsoft.com/User.Read");
             app.start();
             command.accept(app);
         }