Azure · backwind1233 · Jun 1, 2021 · May 14, 2021 · May 14, 2021 · May 14, 2021
diff --git a/...-spring-boot-samples/azure-spring-boot-sample-active-directory-webapp/README.md b/...-spring-boot-samples/azure-spring-boot-sample-active-directory-webapp/README.md
@@ -95,7 +95,7 @@ azure:
 #        scopes:
 #          - <Web-API-A-app-id-url>/Obo.WebApiA.ExampleScope
 
-# enable-full-list is used to control whether to list all group id, default is false
+# enable-full-list is used to control whether to list all group ids, default is false
 
 # It's suggested the logged in user should at least belong to one of the above groups
 # If not, the logged in user will not be able to access any authorization controller rest APIs

diff --git a/sdk/spring/azure-spring-boot-starter-active-directory/CHANGELOG.md b/sdk/spring/azure-spring-boot-starter-active-directory/CHANGELOG.md
@@ -5,11 +5,26 @@
 
 ## 3.5.0 (2021-05-24)
 ### New Features
+- Add `AADB2CTrustedIssuerRepository` to manage the trusted issuer in AAD B2C.
 - Upgrade to [spring-boot-dependencies:2.4.5](https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-dependencies/2.4.5/spring-boot-dependencies-2.4.5.pom).
 - Upgrade to [spring-cloud-dependencies:2020.0.2](https://repo.maven.apache.org/maven2/org/springframework/cloud/spring-cloud-dependencies/2020.0.2/spring-cloud-dependencies-2020.0.2.pom).
 - Enable property azure.activedirectory.redirect-uri-template.([#21116](https://github.com/Azure/azure-sdk-for-java/issues/21116))
+- Support creating `GrantedAuthority` by groupId and groupName for web application.([#20218](https://github.com/Azure/azure-sdk-for-java/issues/20218))
+  ```yaml
+  user-group:
+      allowed-group-names: group1,group2
+      allowed-group-ids: <group1-id>,<group2-id>
+      enable-full-list: false  
+  ```
+  | Parameter           | Description                                             |
+  | ------------------- | ------------------------------------------------------------ |
+  | allowed-group-names | if `enable-full-list` is `false`, create `GrantedAuthority` with groupNames which belong to user and `allowed-group-names` |
+  | allowed-group-ids   | if `enable-full-list` is `false`, create `GrantedAuthority` with groupIds which belong to user and `allowed-group-ids` |
+  | enable-full-list    | default is `false`.<br> if the value is `true`, create `GrantedAuthority` only with user's  all groupIds, ignore group names|
 
-
+### Key Bug Fixes
+- Fix issue that where the AAD B2C starter cannot fetch the OpenID Connect metadata document via issuer. [#21036](https://github.com/Azure/azure-sdk-for-java/issues/21036)
+- Deprecate *addB2CIssuer*, *addB2CUserFlowIssuers*, *createB2CUserFlowIssuer* methods in `AADTrustedIssuerRepository`.
 
 ## 3.4.0 (2021-04-19)
 ### Key Bug Fixes

diff --git a/sdk/spring/azure-spring-boot-starter/CHANGELOG.md b/sdk/spring/azure-spring-boot-starter/CHANGELOG.md
@@ -5,10 +5,26 @@
 
 ## 3.5.0 (2021-05-24)
 ### New Features
+- Add `AADB2CTrustedIssuerRepository` to manage the trusted issuer in AAD B2C.
 - Upgrade to [spring-boot-dependencies:2.4.5](https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-dependencies/2.4.5/spring-boot-dependencies-2.4.5.pom).
 - Upgrade to [spring-cloud-dependencies:2020.0.2](https://repo.maven.apache.org/maven2/org/springframework/cloud/spring-cloud-dependencies/2020.0.2/spring-cloud-dependencies-2020.0.2.pom).
+- Enable property azure.activedirectory.redirect-uri-template.([#21116](https://github.com/Azure/azure-sdk-for-java/issues/21116))
+- Support creating `GrantedAuthority` by groupId and groupName for web application.([#20218](https://github.com/Azure/azure-sdk-for-java/issues/20218))
+  ```yaml
+  user-group:
+      allowed-group-names: group1,group2
+      allowed-group-ids: <group1-id>,<group2-id>
+      enable-full-list: false  
+  ```
+  | Parameter           | Description                                             |
+  | ------------------- | ------------------------------------------------------------ |
+  | allowed-group-names | if `enable-full-list` is `false`, create `GrantedAuthority` with groupNames which belong to user and `allowed-group-names` |
+  | allowed-group-ids   | if `enable-full-list` is `false`, create `GrantedAuthority` with groupIds which belong to user and `allowed-group-ids` |
+  | enable-full-list    | default is `false`.<br> if the value is `true`, create `GrantedAuthority` only with user's  all groupIds, ignore group names|
 
-
+### Key Bug Fixes
+- Fix issue that where the AAD B2C starter cannot fetch the OpenID Connect metadata document via issuer. [#21036](https://github.com/Azure/azure-sdk-for-java/issues/21036)
+- Deprecate *addB2CIssuer*, *addB2CUserFlowIssuers*, *createB2CUserFlowIssuer* methods in `AADTrustedIssuerRepository`.
 
 ## 3.4.0 (2021-04-19)
 ### Key Bug Fixes
@@ -93,4 +109,3 @@
 
 ### Key Bug Fixes 
 - Address CVEs and cleaned up all warnings at build time. 
-
diff --git a/sdk/spring/azure-spring-boot/CHANGELOG.md b/sdk/spring/azure-spring-boot/CHANGELOG.md
@@ -6,10 +6,24 @@
 ## 3.5.0 (2021-05-24)
 ### New Features
 - Add `AADB2CTrustedIssuerRepository` to manage the trusted issuer in AAD B2C.
-- Enable property azure.activedirectory.redirect-uri-template. ([#21116](https://github.com/Azure/azure-sdk-for-java/issues/21116))
+- Upgrade to [spring-boot-dependencies:2.4.5](https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-dependencies/2.4.5/spring-boot-dependencies-2.4.5.pom).
+- Upgrade to [spring-cloud-dependencies:2020.0.2](https://repo.maven.apache.org/maven2/org/springframework/cloud/spring-cloud-dependencies/2020.0.2/spring-cloud-dependencies-2020.0.2.pom).
+- Enable property azure.activedirectory.redirect-uri-template.([#21116](https://github.com/Azure/azure-sdk-for-java/issues/21116))
+- Support creating `GrantedAuthority` by groupId and groupName for web application.([#20218](https://github.com/Azure/azure-sdk-for-java/issues/20218))
+  ```yaml
+  user-group:
+      allowed-group-names: group1,group2
+      allowed-group-ids: <group1-id>,<group2-id>
+      enable-full-list: false  
+  ```
+  | Parameter           | Description                                             |
+  | ------------------- | ------------------------------------------------------------ |
+  | allowed-group-names | if `enable-full-list` is `false`, create `GrantedAuthority` with groupNames which belong to user and `allowed-group-names` |
+  | allowed-group-ids   | if `enable-full-list` is `false`, create `GrantedAuthority` with groupIds which belong to user and `allowed-group-ids` |
+  | enable-full-list    | default is `false`.<br> if the value is `true`, create `GrantedAuthority` only with user's  all groupIds, ignore group names|
 
 ### Key Bug Fixes
-- Fix the issue [#21036](https://github.com/Azure/azure-sdk-for-java/issues/21036) where the AAD B2C starter cannot fetch the OpenID Connect metadata document via issuer.
+- Fix issue that where the AAD B2C starter cannot fetch the OpenID Connect metadata document via issuer. [#21036](https://github.com/Azure/azure-sdk-for-java/issues/21036)
 - Deprecate *addB2CIssuer*, *addB2CUserFlowIssuers*, *createB2CUserFlowIssuer* methods in `AADTrustedIssuerRepository`.
 
 ## 3.4.0 (2021-04-19)
@@ -117,4 +131,3 @@ Updated to `Spring Boot` [2.4.3](https://github.com/spring-projects/spring-boot/
 
 ### Key Bug Fixes 
 - Address CVEs and cleaned up all warnings at build time. 
-