From 5f3ed9c55ae8ec7ef02c97f3c1521f2f65eb7e6c Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Thu, 3 Aug 2017 16:38:27 +0800 Subject: [PATCH 01/12] AAD Jwt filter --- .../pom.xml | 124 ++++++++++++++++++ .../AzureADJwtFilterAutoConfiguration.java | 40 ++++++ .../AzureADJwtFilterProperties.java | 53 ++++++++ .../adintegration/AzureADJwtToken.java | 100 ++++++++++++++ .../adintegration/AzureADJwtTokenFilter.java | 119 +++++++++++++++++ .../adintegration/AzureADUserProfile.java | 76 +++++++++++ .../CustomPermissionEvaluator.java | 22 ++++ .../adintegration/DirectoryServiceObject.java | 32 +++++ .../JacksonObjectMapperFactory.java | 20 +++ .../main/resources/META-INF/spring.factories | 1 + ...AzureADJwtFilterAutoConfigurationTest.java | 33 +++++ .../AzureADJwtFilterPropertiesTest.java | 74 +++++++++++ .../AzureADJwtTokenFilterTest.java | 81 ++++++++++++ .../adintegration/Constants.java | 28 ++++ .../azure-spring-boot-starter-parent/pom.xml | 2 + pom.xml | 9 +- 16 files changed, 813 insertions(+), 1 deletion(-) create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfiguration.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterProperties.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtToken.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADUserProfile.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/CustomPermissionEvaluator.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/DirectoryServiceObject.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/JacksonObjectMapperFactory.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfigurationTest.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterPropertiesTest.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilterTest.java create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/Constants.java diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml new file mode 100644 index 000000000..a7c5ccc79 --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml @@ -0,0 +1,124 @@ + + + + azure-spring-boot-starter-bom + com.microsoft.azure + 0.1.4 + ../../pom.xml + + 4.0.0 + + azure-ad-integration-spring-boot-autoconfigure + jar + + Azure AD Spring Security Integration Spring Boot Autoconfigure + Spring Boot auto configuration package for Azure AD and Spring Security Integration + https://github.com/Microsoft/azure-spring-boot-starters + + + + MIT + https://github.com/Microsoft/azure-spring-boot-starters/blob/master/LICENSE + repo + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.7 + 1.7 + + + + + + + + yaweiw + Yawei Wang + yaweiw@microsoft.com + + + + + scm:git:git://github.com/Microsoft/azure-spring-boot-starters.git + scm:git:ssh://github.com:Microsoft/azure-spring-boot-starters.git + https://github.com/Microsoft/azure-spring-boot-starters/tree/master + + + + + org.springframework.boot + spring-boot-starter + + + org.springframework.boot + spring-boot-configuration-processor + true + + + com.microsoft.azure + azure-spring-common + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.boot + spring-boot-starter-validation + + + org.springframework.security + spring-security-test + test + + + com.nimbusds + nimbus-jose-jwt + 4.39.2 + + + com.microsoft.azure + adal4j + 1.2.0 + + + org.springframework + spring-web + 4.3.10.RELEASE + + + org.springframework.security + spring-security-core + 4.2.3.RELEASE + + + org.springframework.security + spring-security-web + 4.2.3.RELEASE + + + javax.servlet + javax.servlet-api + 3.1.0 + provided + + + com.fasterxml.jackson.core + jackson-databind + + + org.mockito + mockito-core + + + + + \ No newline at end of file diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfiguration.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfiguration.java new file mode 100644 index 000000000..a1de417be --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfiguration.java @@ -0,0 +1,40 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Scope; + +@Configuration +@ConditionalOnMissingBean(AzureADJwtTokenFilter.class) +@EnableConfigurationProperties(AzureADJwtFilterProperties.class) +public class AzureADJwtFilterAutoConfiguration { + private static final Logger LOG = LoggerFactory.getLogger(AzureADJwtFilterProperties.class); + + private final AzureADJwtFilterProperties aadJwtFilterProperties; + + public AzureADJwtFilterAutoConfiguration(AzureADJwtFilterProperties aadJwtFilterProperties) { + this.aadJwtFilterProperties = aadJwtFilterProperties; + } + + /** + * Declare AzureADJwtFilter bean. + * + * @return AzureADJwtFilter bean + */ + @Bean + @Scope("prototype") + public AzureADJwtTokenFilter azureADJwtFilter() { + LOG.info("AzureADJwtTokenFilter Constructor."); + return new AzureADJwtTokenFilter(aadJwtFilterProperties); + } + +} diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterProperties.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterProperties.java new file mode 100644 index 000000000..b29adbca4 --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterProperties.java @@ -0,0 +1,53 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import org.hibernate.validator.constraints.NotEmpty; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.validation.annotation.Validated; + +import java.util.List; + +@Validated +@ConfigurationProperties("azure.activedirectory") +public class AzureADJwtFilterProperties { + @NotEmpty + private String clientId; + @NotEmpty + private String clientSecret; + @NotEmpty + private List allowedRolesGroups; + + private final String aadSignInUri = "https://login.microsoftonline.com/"; + private final String aadGraphAPIUri = "https://graph.windows.net/"; + + public String getClientId() { + return clientId; + } + public void setClientId(String clientId) { + this.clientId = clientId; + } + public String getClientSecret() { + return clientSecret; + } + public void setClientSecret(String clientSecret) { + this.clientSecret = clientSecret; + } + public String getAadSignInUri() { + return aadSignInUri; + } + public String getAadGraphAPIUri() { + return aadGraphAPIUri; + } + + public List getAllowedRolesGroups() { + return allowedRolesGroups; + } + public void setAllowedRolesGroups(List allowedRolesGroups) { + this.allowedRolesGroups = allowedRolesGroups; + } + +} diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtToken.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtToken.java new file mode 100644 index 000000000..e29d0bec8 --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtToken.java @@ -0,0 +1,100 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSObject; +import com.nimbusds.jose.jwk.JWK; +import com.nimbusds.jose.jwk.JWKSet; +import com.nimbusds.jose.jwk.source.JWKSource; +import com.nimbusds.jose.jwk.source.RemoteJWKSet; +import com.nimbusds.jose.proc.BadJOSEException; +import com.nimbusds.jose.proc.JWSKeySelector; +import com.nimbusds.jose.proc.JWSVerificationKeySelector; +import com.nimbusds.jose.proc.SecurityContext; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.proc.*; + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.text.ParseException; +import java.util.Map; + +public final class AzureADJwtToken { + private final JWSObject jwsObject; + private final JWTClaimsSet jwsClaimsSet; + private final JWKSet jwsKeySet; + + public AzureADJwtToken(String bearerToken) throws Exception { + final ConfigurableJWTProcessor validator = getAadJwtTokenValidator(bearerToken); + jwsClaimsSet = validator.process(bearerToken, null); + final JWTClaimsSetVerifier verifier = validator.getJWTClaimsSetVerifier(); + verifier.verify(jwsClaimsSet, null); + jwsObject = JWSObject.parse(bearerToken); + jwsKeySet = loadAadPublicKeys(); + } + + private ConfigurableJWTProcessor getAadJwtTokenValidator( + String bearerToken) throws ParseException, JOSEException, BadJOSEException, MalformedURLException { + final ConfigurableJWTProcessor jwtProcessor = new DefaultJWTProcessor(); + final JWKSource keySource = new RemoteJWKSet( + new URL("https://login.microsoftonline.com/common/discovery/keys")); + final JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256; + final JWSKeySelector keySelector = new JWSVerificationKeySelector(expectedJWSAlg, keySource); + jwtProcessor.setJWSKeySelector(keySelector); + + jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(){ + @Override + public void verify(JWTClaimsSet claimsSet, SecurityContext ctx) throws BadJWTException { + super.verify(claimsSet, ctx); + final String issuer = claimsSet.getIssuer(); + if (issuer == null || !issuer.contains("https://sts.windows.net/")) { + throw new BadJWTException("Invalid token issuer"); + } + } + }); + return jwtProcessor; + } + + private JWKSet loadAadPublicKeys() throws IOException, ParseException { + final int connectTimeout = 1000; + final int readTimeout = 1000; + final int sizeLimit = 10000; + return JWKSet.load( + new URL("https://login.microsoftonline.com/common/discovery/keys"), + connectTimeout, + readTimeout, + sizeLimit); + } + + // claimset + public String getIssuer() { + return jwsClaimsSet == null ? null : jwsClaimsSet.getIssuer(); + } + public String getSubject() { + return jwsClaimsSet == null ? null : jwsClaimsSet.getSubject(); + } + public Map getClaims() { + return jwsClaimsSet == null ? null : jwsClaimsSet.getClaims(); + } + public Object getClaim(String name) { + return jwsClaimsSet == null ? null : jwsClaimsSet.getClaim(name); + } + + // header + public String getKid() { + return jwsObject == null ? null : jwsObject.getHeader().getKeyID(); + } + + // JWK + public JWK getJWKByKid(String kid) { + return jwsKeySet == null ? null : jwsKeySet.getKeyByKeyId(kid); + } + +} + diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java new file mode 100644 index 000000000..530cbae5d --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java @@ -0,0 +1,119 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import com.microsoft.aad.adal4j.AuthenticationContext; +import com.microsoft.aad.adal4j.AuthenticationResult; +import com.microsoft.aad.adal4j.ClientAssertion; +import com.microsoft.aad.adal4j.ClientCredential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.naming.ServiceUnavailableException; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; + +public class AzureADJwtTokenFilter extends OncePerRequestFilter { + private static final Logger log = LoggerFactory.getLogger(AzureADJwtTokenFilter.class); + + private static final String TOKEN_HEADER = "Authorization"; + private static final String TOKEN_TYPE = "Bearer "; + + private AzureADJwtFilterProperties aadJwtFilterProp; + + public AzureADJwtTokenFilter(AzureADJwtFilterProperties aadJwtFilterProp) { + this.aadJwtFilterProp = aadJwtFilterProp; + } + + private AuthenticationResult acquireTokenForGraphApi( + String tokenEncoded, + String tenantId) throws Throwable { + ClientCredential credential = new ClientCredential(aadJwtFilterProp.getClientId(), aadJwtFilterProp.getClientSecret()); + ClientAssertion assertion = new ClientAssertion(tokenEncoded); + + AuthenticationResult result = null; + ExecutorService service = null; + try { + service = Executors.newFixedThreadPool(1); + AuthenticationContext context = new AuthenticationContext( + aadJwtFilterProp.getAadSignInUri()+ tenantId + "/", + true, + service); + Future future = context + .acquireToken(aadJwtFilterProp.getAadGraphAPIUri(), assertion, credential, null); + result = future.get(); + } catch (ExecutionException e) { + throw e.getCause(); + } finally { + service.shutdown(); + } + + if (result == null) { + throw new ServiceUnavailableException("authentication result was null"); + } + return result; + } + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + + String authHeader = request.getHeader(TOKEN_HEADER); + + if (authHeader != null && authHeader.startsWith(TOKEN_TYPE)) { + try { + String tokenEncoded = authHeader.replace(TOKEN_TYPE, ""); + AzureADJwtToken jwtToken = new AzureADJwtToken(tokenEncoded); + + AzureADUserProfile userProfile; + List authorities = new ArrayList(); + try { + String tid = jwtToken.getClaim("tid").toString(); + + AuthenticationResult result = acquireTokenForGraphApi( + tokenEncoded, + tid); + userProfile = new AzureADUserProfile(result.getAccessToken()); + //todo: judge based on user roles & groups + + if (CustomPermissionEvaluator.hasPermission( + userProfile.getUserMemberships(), aadJwtFilterProp.getAllowedRolesGroups())) { + authorities.add(new SimpleGrantedAuthority("ROLE_ALLOWED")); + } else { + authorities.add(new SimpleGrantedAuthority("ROLE_DISALLOWED")); + }; + } catch (Exception e) { + throw new RuntimeException(e); + } catch (Throwable throwable) { + throw new RuntimeException(throwable); + } + Authentication authentication = new PreAuthenticatedAuthenticationToken(jwtToken, null, authorities); + authentication.setAuthenticated(true); + log.info("Request token verification success. {}", authentication); + SecurityContextHolder.getContext().setAuthentication(authentication); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + filterChain.doFilter(request, response); + } + +} diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADUserProfile.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADUserProfile.java new file mode 100644 index 000000000..6a26377fc --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADUserProfile.java @@ -0,0 +1,76 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStreamReader; +import java.net.HttpURLConnection; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +public class AzureADUserProfile { + + private List UserMemberships; + private static String userMembershipRestAPI = "https://graph.windows.net/me/memberOf?api-version=1.6"; + + public AzureADUserProfile(String accessToken) { + try { + String responseInJson = getUserMembershipsV1(accessToken); + UserMemberships = new ArrayList(); + ObjectMapper objectMapper = JacksonObjectMapperFactory.getInstance(); + JsonNode rootNode = objectMapper.readValue(responseInJson, JsonNode.class); + JsonNode valuesNode = rootNode.get("value"); + int i = 0; + while(valuesNode != null && valuesNode.get(i) != null) { + UserMemberships.add(new DirectoryServiceObject( + valuesNode.get(i).get("odata.type").asText(), + valuesNode.get(i).get("objectType").asText(), + valuesNode.get(i).get("description").asText(), + valuesNode.get(i).get("displayName").asText())); + i++; + } + } catch (Exception e) { + e.printStackTrace(); + } + } + + public List getUserMemberships() { + return UserMemberships; + } + + private String getUserMembershipsV1(String accessToken) throws Exception { + URL url = new URL(String.format(userMembershipRestAPI, accessToken)); + + HttpURLConnection conn = (HttpURLConnection) url.openConnection(); + // Set the appropriate header fields in the request header. + conn.setRequestProperty("api-version", "1.6"); + conn.setRequestProperty("Authorization", accessToken); + conn.setRequestProperty("Accept", "application/json;odata=minimalmetadata"); + String responseInJson = getResponseStringFromConn(conn); + int responseCode = conn.getResponseCode(); + if (responseCode == 200) { + return responseInJson; + } else { + throw new Exception(responseInJson); + } + } + private String getResponseStringFromConn(HttpURLConnection conn) throws IOException { + + BufferedReader reader = null; + reader = new BufferedReader(new InputStreamReader(conn.getInputStream())); + StringBuffer stringBuffer = new StringBuffer(); + String line = ""; + while ((line = reader.readLine()) != null) { + stringBuffer.append(line); + } + return stringBuffer.toString(); + } +} diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/CustomPermissionEvaluator.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/CustomPermissionEvaluator.java new file mode 100644 index 000000000..4739fdf5c --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/CustomPermissionEvaluator.java @@ -0,0 +1,22 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import java.util.List; + +public class CustomPermissionEvaluator { + + public static boolean hasPermission(List customerRolesGroups, List targetRolesGroups) { + boolean permitted = false; + for (DirectoryServiceObject rg : customerRolesGroups) { + if (targetRolesGroups.contains(rg.getDisplayName())) { + permitted = true; + break; + } + } + return permitted; + } +} diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/DirectoryServiceObject.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/DirectoryServiceObject.java new file mode 100644 index 000000000..7231e663d --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/DirectoryServiceObject.java @@ -0,0 +1,32 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +public class DirectoryServiceObject { + private final String OdataType; + private final String ObjectType; + private final String Description; + private final String DisplayName; + + public DirectoryServiceObject(String odataType, String objectType, String description, String displayName) { + OdataType = odataType; + ObjectType = objectType; + Description = description; + DisplayName = displayName; + } + public String getOdataType() { + return OdataType; + } + public String getObjectType() { + return ObjectType; + } + public String getDisplayName() { + return DisplayName; + } + public String getDescription() { + return Description; + } +} diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/JacksonObjectMapperFactory.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/JacksonObjectMapperFactory.java new file mode 100644 index 000000000..10ad52feb --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/JacksonObjectMapperFactory.java @@ -0,0 +1,20 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import com.fasterxml.jackson.databind.ObjectMapper; + +public class JacksonObjectMapperFactory { + + private JacksonObjectMapperFactory(){} + + private static class SingletonHelper{ + private static final ObjectMapper INSTANCE = new ObjectMapper(); + } + public static ObjectMapper getInstance(){ + return SingletonHelper.INSTANCE; + } +} diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories new file mode 100644 index 000000000..2ee4ec7fc --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories @@ -0,0 +1 @@ +org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.microsoft.azure.autoconfigure.adintegration.AzureADJwtFilterAutoConfiguration \ No newline at end of file diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfigurationTest.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfigurationTest.java new file mode 100644 index 000000000..b3992d8ef --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfigurationTest.java @@ -0,0 +1,33 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import org.junit.Test; +import org.springframework.context.annotation.AnnotationConfigApplicationContext; + +import static org.assertj.core.api.Assertions.assertThat; + +public class AzureADJwtFilterAutoConfigurationTest { + @Test + public void createAzureADJwtFilter() throws Exception { + System.setProperty(Constants.CLIENT_ID_PROPERTY, Constants.CLIENT_ID); + System.setProperty(Constants.CLIENT_SECRET_PROPERTY, Constants.CLIENT_SECRET); + System.setProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY, Constants.ALLOWED_ROLES_GROUPS.toString().replace("[", "").replace("]", "")); + + try (AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext()) { + context.register(AzureADJwtFilterAutoConfiguration.class); + context.refresh(); + + final AzureADJwtTokenFilter azureADJwtTokenFilter = context.getBean(AzureADJwtTokenFilter.class); + assertThat(azureADJwtTokenFilter).isNotNull(); + assertThat(azureADJwtTokenFilter).isExactlyInstanceOf(AzureADJwtTokenFilter.class); + } + + System.clearProperty(Constants.CLIENT_ID_PROPERTY); + System.clearProperty(Constants.CLIENT_SECRET_PROPERTY); + System.clearProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY); + } +} \ No newline at end of file diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterPropertiesTest.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterPropertiesTest.java new file mode 100644 index 000000000..d01be3c84 --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterPropertiesTest.java @@ -0,0 +1,74 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import org.junit.Test; +import org.springframework.beans.factory.BeanCreationException; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.AnnotationConfigApplicationContext; +import org.springframework.context.annotation.Configuration; + +import static org.assertj.core.api.Assertions.assertThat; + + +public class AzureADJwtFilterPropertiesTest { + @Test + public void canSetProperties() { + System.setProperty(Constants.CLIENT_ID_PROPERTY, Constants.CLIENT_ID); + System.setProperty(Constants.CLIENT_SECRET_PROPERTY, Constants.CLIENT_SECRET); + System.setProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY, Constants.ALLOWED_ROLES_GROUPS.toString().replace("[", "").replace("]", "")); + + try (AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext()) { + context.register(Config.class); + context.refresh(); + + final AzureADJwtFilterProperties properties = context.getBean(AzureADJwtFilterProperties.class); + + assertThat(properties.getClientId()).isEqualTo(Constants.CLIENT_ID); + assertThat(properties.getClientSecret()).isEqualTo(Constants.CLIENT_SECRET); + assertThat(properties.getAllowedRolesGroups().toString()).isEqualTo(Constants.ALLOWED_ROLES_GROUPS.toString()); + } + + System.clearProperty(Constants.CLIENT_ID_PROPERTY); + System.clearProperty(Constants.CLIENT_SECRET_PROPERTY); + System.clearProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY); + } + + @Test + public void emptySettingsNotAllowed() { + System.setProperty(Constants.CLIENT_ID_PROPERTY, ""); + System.setProperty(Constants.CLIENT_SECRET_PROPERTY, ""); + + try (AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext()) { + context.register(Config.class); + + Exception exception = null; + try { + context.refresh(); + } catch (Exception e) { + exception = e; + } + + assertThat(exception).isNotNull(); + assertThat(exception).isExactlyInstanceOf(BeanCreationException.class); + assertThat(exception.getCause().getMessage()).contains( + "Field error in object 'azure.activedirectory' on field 'clientId': rejected value []"); + assertThat(exception.getCause().getMessage()).contains( + "Field error in object 'azure.activedirectory' on field 'clientSecret': rejected value []"); + assertThat(exception.getCause().getMessage()).contains( + "Field error in object 'azure.activedirectory' on field 'allowedRolesGroups': rejected value [null]"); + } + + System.clearProperty(Constants.CLIENT_ID_PROPERTY); + System.clearProperty(Constants.CLIENT_SECRET_PROPERTY); + } + + @Configuration + @EnableConfigurationProperties(AzureADJwtFilterProperties.class) + static class Config { + } + +} \ No newline at end of file diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilterTest.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilterTest.java new file mode 100644 index 000000000..36faf1adf --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilterTest.java @@ -0,0 +1,81 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import org.junit.Assume; +import org.junit.Before; +import org.junit.Test; +import org.springframework.context.annotation.AnnotationConfigApplicationContext; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; + +import javax.servlet.FilterChain; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Map; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class AzureADJwtTokenFilterTest { + + @Before + public void beforeEveryMethod() { + Assume.assumeTrue(!Constants.CLIENT_ID.contains("real_client_id")); + Assume.assumeTrue(!Constants.CLIENT_SECRET.contains("real_client_secret")); + Assume.assumeTrue(!Constants.BEARER_TOKEN.contains("real_jtw_bearer_token")); + } + @Test + public void doFilterInternal() throws Exception { + System.setProperty(Constants.CLIENT_ID_PROPERTY, Constants.CLIENT_ID); + System.setProperty(Constants.CLIENT_SECRET_PROPERTY, Constants.CLIENT_SECRET); + System.setProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY, Constants.ALLOWED_ROLES_GROUPS.toString().replace("[", "").replace("]", "")); + + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getHeader(Constants.TOKEN_HEADER)).thenReturn(Constants.BEARER_TOKEN); + + HttpServletResponse response = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + + Authentication authentication = mock(Authentication.class); + + try (AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext()) { + context.register(AzureADJwtFilterAutoConfiguration.class); + context.refresh(); + + final AzureADJwtTokenFilter azureADJwtTokenFilter = context.getBean(AzureADJwtTokenFilter.class); + assertThat(azureADJwtTokenFilter).isNotNull(); + assertThat(azureADJwtTokenFilter).isExactlyInstanceOf(AzureADJwtTokenFilter.class); + + azureADJwtTokenFilter.doFilterInternal(request, response, filterChain); + + authentication = SecurityContextHolder.getContext().getAuthentication(); + assertThat(authentication.getPrincipal()).isNotNull(); + assertThat(authentication.getPrincipal()).isExactlyInstanceOf(AzureADJwtToken.class); + assertThat(authentication.getAuthorities()).isNotNull(); + assertThat(authentication.getAuthorities().size()).isEqualTo(1); + assertThat(authentication.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ALLOWED")) + || authentication.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_DISALLOWED"))); + + AzureADJwtToken aadJwtToken = (AzureADJwtToken) authentication.getPrincipal(); + assertThat(aadJwtToken.getIssuer()).isNotNull().isNotEmpty(); + assertThat(aadJwtToken.getKid()).isNotNull().isNotEmpty(); + assertThat(aadJwtToken.getSubject()).isNotNull().isNotEmpty(); + + assertThat(aadJwtToken.getClaims()).isNotNull().isNotEmpty(); + Map claims = aadJwtToken.getClaims(); + assertThat(claims.get("iss")).isEqualTo(aadJwtToken.getIssuer()); + assertThat(claims.get("sub")).isEqualTo(aadJwtToken.getSubject()); + } + + System.clearProperty(Constants.CLIENT_ID_PROPERTY); + System.clearProperty(Constants.CLIENT_SECRET_PROPERTY); + System.clearProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY); + } + +} \ No newline at end of file diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/Constants.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/Constants.java new file mode 100644 index 000000000..2268298bf --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/Constants.java @@ -0,0 +1,28 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See LICENSE in the project root for + * license information. + */ +package com.microsoft.azure.autoconfigure.adintegration; + +import java.util.ArrayList; +import java.util.List; + +/** + * Created by yaweiw on 8/1/2017. + */ +public class Constants { + public static final String CLIENT_ID_PROPERTY = "azure.activedirectory.clientId"; + public static final String CLIENT_SECRET_PROPERTY = "azure.activedirectory.clientSecret"; + public static final String ALLOWED_ROLES_GROUPS_PROPERTY = "azure.activedirectory.allowedRolesGroups"; + public static final String CLIENT_ID = "real_client_id"; + public static final String CLIENT_SECRET = "real_client_secret"; + public static final List ALLOWED_ROLES_GROUPS = new ArrayList() {{ + add("group1"); + add("group2"); + add("group3"); + }}; + + public static final String TOKEN_HEADER = "Authorization"; + public static final String BEARER_TOKEN = "Bearer real_jtw_bearer_token"; +} diff --git a/common/azure-spring-boot-starter-parent/pom.xml b/common/azure-spring-boot-starter-parent/pom.xml index e37dbda00..f8e8e4783 100644 --- a/common/azure-spring-boot-starter-parent/pom.xml +++ b/common/azure-spring-boot-starter-parent/pom.xml @@ -229,6 +229,8 @@ ../azure-spring-common + ../../activedirectory/azure-ad-integration-spring-boot-autoconfigure + ../../activedirectory/azure-ad-integration-spring-boot-autoconfigure-sample ../../documentdb/spring-data-azure-documentdb ../../documentdb/spring-data-azure-documentdb-sample ../../documentdb/azure-documentdb-spring-boot-autoconfigure diff --git a/pom.xml b/pom.xml index 7a0d0a0d7..4752c3cd5 100644 --- a/pom.xml +++ b/pom.xml @@ -52,6 +52,8 @@ 0.1.4 + ${bom.version} + ${bom.version} ${bom.version} ${bom.version} ${bom.version} @@ -84,7 +86,11 @@ pom import - + + com.microsoft.azure + azure-ad-integration-spring-boot-autoconfigure + ${azure.adintegration.autoconfigure.version} + com.microsoft.azure azure-documentdb-spring-boot-autoconfigure @@ -189,6 +195,7 @@ common/azure-spring-boot-starter-parent + activedirectory/azure-ad-integration-spring-boot-autoconfigure From 90b6db2c8028629210aeb856708ee9ba66972f05 Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Thu, 3 Aug 2017 16:40:44 +0800 Subject: [PATCH 02/12] remove a todo --- .../azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java | 1 - 1 file changed, 1 deletion(-) diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java index 530cbae5d..7c7bf86d0 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java @@ -91,7 +91,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse tokenEncoded, tid); userProfile = new AzureADUserProfile(result.getAccessToken()); - //todo: judge based on user roles & groups if (CustomPermissionEvaluator.hasPermission( userProfile.getUserMemberships(), aadJwtFilterProp.getAllowedRolesGroups())) { From bd66c2f7a5336aa0c5ec2b6097598678876a1a70 Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Fri, 4 Aug 2017 10:13:01 +0800 Subject: [PATCH 03/12] fix a minor build issue --- pom.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/pom.xml b/pom.xml index 4752c3cd5..7d473a80f 100644 --- a/pom.xml +++ b/pom.xml @@ -195,7 +195,5 @@ common/azure-spring-boot-starter-parent - activedirectory/azure-ad-integration-spring-boot-autoconfigure - From a56832d49d7b3e76a5b7960a653556f2e0bd0f1b Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Fri, 4 Aug 2017 10:39:04 +0800 Subject: [PATCH 04/12] fix pom in starter parent --- common/azure-spring-boot-starter-parent/pom.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/common/azure-spring-boot-starter-parent/pom.xml b/common/azure-spring-boot-starter-parent/pom.xml index f8e8e4783..428a903a9 100644 --- a/common/azure-spring-boot-starter-parent/pom.xml +++ b/common/azure-spring-boot-starter-parent/pom.xml @@ -230,7 +230,6 @@ ../azure-spring-common ../../activedirectory/azure-ad-integration-spring-boot-autoconfigure - ../../activedirectory/azure-ad-integration-spring-boot-autoconfigure-sample ../../documentdb/spring-data-azure-documentdb ../../documentdb/spring-data-azure-documentdb-sample ../../documentdb/azure-documentdb-spring-boot-autoconfigure From d37d24bf90625cd151c7d5a5fe1adfd7e04cf639 Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Fri, 4 Aug 2017 13:46:28 +0800 Subject: [PATCH 05/12] fix as recommended --- .../pom.xml | 6 --- .../AzureADJwtFilterAutoConfiguration.java | 2 +- .../AzureADJwtFilterProperties.java | 2 +- .../AzureADJwtToken.java | 14 +++---- .../AzureADJwtTokenFilter.java | 15 ++++--- .../AzureADUserMembership.java} | 39 +++++++++---------- .../CustomPermissionEvaluator.java | 2 +- .../DirectoryServiceObject.java | 2 +- .../JacksonObjectMapperFactory.java | 2 +- .../main/resources/META-INF/spring.factories | 2 +- ...AzureADJwtFilterAutoConfigurationTest.java | 2 +- .../AzureADJwtFilterPropertiesTest.java | 2 +- .../AzureADJwtTokenFilterTest.java | 2 +- .../{adintegration => aad}/Constants.java | 2 +- pom.xml | 20 +++++++++- 15 files changed, 63 insertions(+), 51 deletions(-) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/AzureADJwtFilterAutoConfiguration.java (96%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/AzureADJwtFilterProperties.java (96%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/AzureADJwtToken.java (92%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/AzureADJwtTokenFilter.java (88%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/{adintegration/AzureADUserProfile.java => aad/AzureADUserMembership.java} (63%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/CustomPermissionEvaluator.java (91%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/DirectoryServiceObject.java (93%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/JacksonObjectMapperFactory.java (90%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/AzureADJwtFilterAutoConfigurationTest.java (96%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/AzureADJwtFilterPropertiesTest.java (98%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/AzureADJwtTokenFilterTest.java (98%) rename activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/{adintegration => aad}/Constants.java (94%) diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml index a7c5ccc79..0139c4cd2 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml @@ -82,32 +82,26 @@ com.nimbusds nimbus-jose-jwt - 4.39.2 com.microsoft.azure adal4j - 1.2.0 org.springframework spring-web - 4.3.10.RELEASE org.springframework.security spring-security-core - 4.2.3.RELEASE org.springframework.security spring-security-web - 4.2.3.RELEASE javax.servlet javax.servlet-api - 3.1.0 provided diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfiguration.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfiguration.java similarity index 96% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfiguration.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfiguration.java index a1de417be..82e8d652a 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfiguration.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfiguration.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterProperties.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterProperties.java similarity index 96% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterProperties.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterProperties.java index b29adbca4..7e780c9d6 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterProperties.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterProperties.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import org.hibernate.validator.constraints.NotEmpty; import org.springframework.boot.context.properties.ConfigurationProperties; diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtToken.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtToken.java similarity index 92% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtToken.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtToken.java index e29d0bec8..d49eca54f 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtToken.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtToken.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.JWSAlgorithm; @@ -62,14 +62,14 @@ public void verify(JWTClaimsSet claimsSet, SecurityContext ctx) throws BadJWTEx } private JWKSet loadAadPublicKeys() throws IOException, ParseException { - final int connectTimeout = 1000; - final int readTimeout = 1000; - final int sizeLimit = 10000; + final int connectTimeoutinMS = 1000; + final int readTimeoutinMS = 1000; + final int sizeLimitinBytes = 10000; return JWKSet.load( new URL("https://login.microsoftonline.com/common/discovery/keys"), - connectTimeout, - readTimeout, - sizeLimit); + connectTimeoutinMS, + readTimeoutinMS, + sizeLimitinBytes); } // claimset diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilter.java similarity index 88% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilter.java index 7c7bf86d0..ff1f75de4 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilter.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilter.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import com.microsoft.aad.adal4j.AuthenticationContext; import com.microsoft.aad.adal4j.AuthenticationResult; @@ -67,13 +67,16 @@ private AuthenticationResult acquireTokenForGraphApi( } if (result == null) { - throw new ServiceUnavailableException("authentication result was null"); + throw new ServiceUnavailableException("unable to acquire on-behalf-of token for client " + aadJwtFilterProp.getClientId()); } return result; } @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + protected void doFilterInternal( + HttpServletRequest request, + HttpServletResponse response, + FilterChain filterChain) throws ServletException, IOException { String authHeader = request.getHeader(TOKEN_HEADER); @@ -82,7 +85,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse String tokenEncoded = authHeader.replace(TOKEN_TYPE, ""); AzureADJwtToken jwtToken = new AzureADJwtToken(tokenEncoded); - AzureADUserProfile userProfile; + AzureADUserMembership userProfile; List authorities = new ArrayList(); try { String tid = jwtToken.getClaim("tid").toString(); @@ -90,7 +93,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse AuthenticationResult result = acquireTokenForGraphApi( tokenEncoded, tid); - userProfile = new AzureADUserProfile(result.getAccessToken()); + userProfile = new AzureADUserMembership(result.getAccessToken()); if (CustomPermissionEvaluator.hasPermission( userProfile.getUserMemberships(), aadJwtFilterProp.getAllowedRolesGroups())) { @@ -105,7 +108,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse } Authentication authentication = new PreAuthenticatedAuthenticationToken(jwtToken, null, authorities); authentication.setAuthenticated(true); - log.info("Request token verification success. {}", authentication); + log.info("Request token verification success. {0}", authentication); SecurityContextHolder.getContext().setAuthentication(authentication); } catch (Exception e) { throw new RuntimeException(e); diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADUserProfile.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADUserMembership.java similarity index 63% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADUserProfile.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADUserMembership.java index 6a26377fc..1a3b01235 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/AzureADUserProfile.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADUserMembership.java @@ -3,10 +3,11 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; +import com.nimbusds.oauth2.sdk.http.HTTPResponse; import java.io.BufferedReader; import java.io.IOException; @@ -16,29 +17,25 @@ import java.util.ArrayList; import java.util.List; -public class AzureADUserProfile { +public class AzureADUserMembership { private List UserMemberships; private static String userMembershipRestAPI = "https://graph.windows.net/me/memberOf?api-version=1.6"; - public AzureADUserProfile(String accessToken) { - try { - String responseInJson = getUserMembershipsV1(accessToken); - UserMemberships = new ArrayList(); - ObjectMapper objectMapper = JacksonObjectMapperFactory.getInstance(); - JsonNode rootNode = objectMapper.readValue(responseInJson, JsonNode.class); - JsonNode valuesNode = rootNode.get("value"); - int i = 0; - while(valuesNode != null && valuesNode.get(i) != null) { - UserMemberships.add(new DirectoryServiceObject( - valuesNode.get(i).get("odata.type").asText(), - valuesNode.get(i).get("objectType").asText(), - valuesNode.get(i).get("description").asText(), - valuesNode.get(i).get("displayName").asText())); - i++; - } - } catch (Exception e) { - e.printStackTrace(); + public AzureADUserMembership(String accessToken) throws Exception { + String responseInJson = getUserMembershipsV1(accessToken); + UserMemberships = new ArrayList(); + ObjectMapper objectMapper = JacksonObjectMapperFactory.getInstance(); + JsonNode rootNode = objectMapper.readValue(responseInJson, JsonNode.class); + JsonNode valuesNode = rootNode.get("value"); + int i = 0; + while(valuesNode != null && valuesNode.get(i) != null) { + UserMemberships.add(new DirectoryServiceObject( + valuesNode.get(i).get("odata.type").asText(), + valuesNode.get(i).get("objectType").asText(), + valuesNode.get(i).get("description").asText(), + valuesNode.get(i).get("displayName").asText())); + i++; } } @@ -56,7 +53,7 @@ private String getUserMembershipsV1(String accessToken) throws Exception { conn.setRequestProperty("Accept", "application/json;odata=minimalmetadata"); String responseInJson = getResponseStringFromConn(conn); int responseCode = conn.getResponseCode(); - if (responseCode == 200) { + if (responseCode == HTTPResponse.SC_OK) { return responseInJson; } else { throw new Exception(responseInJson); diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/CustomPermissionEvaluator.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/CustomPermissionEvaluator.java similarity index 91% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/CustomPermissionEvaluator.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/CustomPermissionEvaluator.java index 4739fdf5c..fab50eee1 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/CustomPermissionEvaluator.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/CustomPermissionEvaluator.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import java.util.List; diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/DirectoryServiceObject.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/DirectoryServiceObject.java similarity index 93% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/DirectoryServiceObject.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/DirectoryServiceObject.java index 7231e663d..1250d9869 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/DirectoryServiceObject.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/DirectoryServiceObject.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; public class DirectoryServiceObject { private final String OdataType; diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/JacksonObjectMapperFactory.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/JacksonObjectMapperFactory.java similarity index 90% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/JacksonObjectMapperFactory.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/JacksonObjectMapperFactory.java index 10ad52feb..286bc5037 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/adintegration/JacksonObjectMapperFactory.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/JacksonObjectMapperFactory.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import com.fasterxml.jackson.databind.ObjectMapper; diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories index 2ee4ec7fc..76f3848d5 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories @@ -1 +1 @@ -org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.microsoft.azure.autoconfigure.adintegration.AzureADJwtFilterAutoConfiguration \ No newline at end of file +org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.microsoft.azure.autoconfigure.aad.AzureADJwtFilterAutoConfiguration \ No newline at end of file diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfigurationTest.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfigurationTest.java similarity index 96% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfigurationTest.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfigurationTest.java index b3992d8ef..b8b9a858f 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterAutoConfigurationTest.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfigurationTest.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import org.junit.Test; import org.springframework.context.annotation.AnnotationConfigApplicationContext; diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterPropertiesTest.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterPropertiesTest.java similarity index 98% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterPropertiesTest.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterPropertiesTest.java index d01be3c84..41bebe7e4 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtFilterPropertiesTest.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterPropertiesTest.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import org.junit.Test; import org.springframework.beans.factory.BeanCreationException; diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilterTest.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilterTest.java similarity index 98% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilterTest.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilterTest.java index 36faf1adf..5661db5f6 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/AzureADJwtTokenFilterTest.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilterTest.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import org.junit.Assume; import org.junit.Before; diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/Constants.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/Constants.java similarity index 94% rename from activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/Constants.java rename to activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/Constants.java index 2268298bf..a21134f81 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/adintegration/Constants.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/Constants.java @@ -3,7 +3,7 @@ * Licensed under the MIT License. See LICENSE in the project root for * license information. */ -package com.microsoft.azure.autoconfigure.adintegration; +package com.microsoft.azure.autoconfigure.aad; import java.util.ArrayList; import java.util.List; diff --git a/pom.xml b/pom.xml index 7d473a80f..0730692e5 100644 --- a/pom.xml +++ b/pom.xml @@ -72,8 +72,10 @@ 1.0.0-PREVIEW-3 5.3.1 0.9.7 - + 1.2.0 2.8.7 + 4.39.2 + 3.1.0 @@ -190,6 +192,22 @@ jackson-databind ${jackson.version} + + + com.nimbusds + nimbus-jose-jwt + ${nimbusds.version} + + + com.microsoft.azure + adal4j + ${azure.adal4j.version} + + + javax.servlet + javax.servlet-api + ${javax.servlet.version} + From c44444b1bf5784cc138caf354f155ee3a93300fa Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Fri, 4 Aug 2017 14:46:00 +0800 Subject: [PATCH 06/12] code refine --- .../pom.xml | 16 +------ .../aad/AzureADJwtTokenFilter.java | 35 ++++++++------- .../aad/AzureADUserMembership.java | 45 +++++++++++-------- .../aad/CustomPermissionEvaluator.java | 5 ++- .../aad/DirectoryServiceObject.java | 24 +++++----- ...AzureADJwtFilterAutoConfigurationTest.java | 5 ++- .../aad/AzureADJwtFilterPropertiesTest.java | 18 +++++--- .../aad/AzureADJwtTokenFilterTest.java | 15 ++++--- common/config/findbugs-exclude.xml | 2 + 9 files changed, 87 insertions(+), 78 deletions(-) diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml index 0139c4cd2..27a792742 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml @@ -3,10 +3,10 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - azure-spring-boot-starter-bom com.microsoft.azure + azure-spring-boot-starter-parent 0.1.4 - ../../pom.xml + ../../common/azure-spring-boot-starter-parent/pom.xml 4.0.0 @@ -24,18 +24,6 @@ repo - - - - org.apache.maven.plugins - maven-compiler-plugin - - 1.7 - 1.7 - - - - diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilter.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilter.java index ff1f75de4..c9efd8b0f 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilter.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilter.java @@ -46,28 +46,32 @@ public AzureADJwtTokenFilter(AzureADJwtFilterProperties aadJwtFilterProp) { private AuthenticationResult acquireTokenForGraphApi( String tokenEncoded, String tenantId) throws Throwable { - ClientCredential credential = new ClientCredential(aadJwtFilterProp.getClientId(), aadJwtFilterProp.getClientSecret()); - ClientAssertion assertion = new ClientAssertion(tokenEncoded); + final ClientCredential credential = new ClientCredential( + aadJwtFilterProp.getClientId(), aadJwtFilterProp.getClientSecret()); + final ClientAssertion assertion = new ClientAssertion(tokenEncoded); AuthenticationResult result = null; ExecutorService service = null; try { service = Executors.newFixedThreadPool(1); - AuthenticationContext context = new AuthenticationContext( - aadJwtFilterProp.getAadSignInUri()+ tenantId + "/", + final AuthenticationContext context = new AuthenticationContext( + aadJwtFilterProp.getAadSignInUri() + tenantId + "/", true, service); - Future future = context + final Future future = context .acquireToken(aadJwtFilterProp.getAadGraphAPIUri(), assertion, credential, null); result = future.get(); } catch (ExecutionException e) { throw e.getCause(); } finally { - service.shutdown(); + if (service != null) { + service.shutdown(); + } } if (result == null) { - throw new ServiceUnavailableException("unable to acquire on-behalf-of token for client " + aadJwtFilterProp.getClientId()); + throw new ServiceUnavailableException( + "unable to acquire on-behalf-of token for client " + aadJwtFilterProp.getClientId()); } return result; } @@ -78,19 +82,19 @@ protected void doFilterInternal( HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - String authHeader = request.getHeader(TOKEN_HEADER); + final String authHeader = request.getHeader(TOKEN_HEADER); if (authHeader != null && authHeader.startsWith(TOKEN_TYPE)) { try { - String tokenEncoded = authHeader.replace(TOKEN_TYPE, ""); - AzureADJwtToken jwtToken = new AzureADJwtToken(tokenEncoded); + final String tokenEncoded = authHeader.replace(TOKEN_TYPE, ""); + final AzureADJwtToken jwtToken = new AzureADJwtToken(tokenEncoded); AzureADUserMembership userProfile; - List authorities = new ArrayList(); + final List authorities = new ArrayList(); try { - String tid = jwtToken.getClaim("tid").toString(); + final String tid = jwtToken.getClaim("tid").toString(); - AuthenticationResult result = acquireTokenForGraphApi( + final AuthenticationResult result = acquireTokenForGraphApi( tokenEncoded, tid); userProfile = new AzureADUserMembership(result.getAccessToken()); @@ -100,13 +104,14 @@ protected void doFilterInternal( authorities.add(new SimpleGrantedAuthority("ROLE_ALLOWED")); } else { authorities.add(new SimpleGrantedAuthority("ROLE_DISALLOWED")); - }; + } } catch (Exception e) { throw new RuntimeException(e); } catch (Throwable throwable) { throw new RuntimeException(throwable); } - Authentication authentication = new PreAuthenticatedAuthenticationToken(jwtToken, null, authorities); + final Authentication authentication = new + PreAuthenticatedAuthenticationToken(jwtToken, null, authorities); authentication.setAuthenticated(true); log.info("Request token verification success. {0}", authentication); SecurityContextHolder.getContext().setAuthentication(authentication); diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADUserMembership.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADUserMembership.java index 1a3b01235..c20469b1a 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADUserMembership.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADUserMembership.java @@ -14,23 +14,24 @@ import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.List; public class AzureADUserMembership { - private List UserMemberships; + private List userMemberships; private static String userMembershipRestAPI = "https://graph.windows.net/me/memberOf?api-version=1.6"; public AzureADUserMembership(String accessToken) throws Exception { - String responseInJson = getUserMembershipsV1(accessToken); - UserMemberships = new ArrayList(); - ObjectMapper objectMapper = JacksonObjectMapperFactory.getInstance(); - JsonNode rootNode = objectMapper.readValue(responseInJson, JsonNode.class); - JsonNode valuesNode = rootNode.get("value"); + final String responseInJson = getUserMembershipsV1(accessToken); + userMemberships = new ArrayList(); + final ObjectMapper objectMapper = JacksonObjectMapperFactory.getInstance(); + final JsonNode rootNode = objectMapper.readValue(responseInJson, JsonNode.class); + final JsonNode valuesNode = rootNode.get("value"); int i = 0; - while(valuesNode != null && valuesNode.get(i) != null) { - UserMemberships.add(new DirectoryServiceObject( + while (valuesNode != null && valuesNode.get(i) != null) { + userMemberships.add(new DirectoryServiceObject( valuesNode.get(i).get("odata.type").asText(), valuesNode.get(i).get("objectType").asText(), valuesNode.get(i).get("description").asText(), @@ -40,19 +41,19 @@ public AzureADUserMembership(String accessToken) throws Exception { } public List getUserMemberships() { - return UserMemberships; + return userMemberships; } private String getUserMembershipsV1(String accessToken) throws Exception { - URL url = new URL(String.format(userMembershipRestAPI, accessToken)); + final URL url = new URL(userMembershipRestAPI); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); + final HttpURLConnection conn = (HttpURLConnection) url.openConnection(); // Set the appropriate header fields in the request header. conn.setRequestProperty("api-version", "1.6"); conn.setRequestProperty("Authorization", accessToken); conn.setRequestProperty("Accept", "application/json;odata=minimalmetadata"); - String responseInJson = getResponseStringFromConn(conn); - int responseCode = conn.getResponseCode(); + final String responseInJson = getResponseStringFromConn(conn); + final int responseCode = conn.getResponseCode(); if (responseCode == HTTPResponse.SC_OK) { return responseInJson; } else { @@ -62,12 +63,18 @@ private String getUserMembershipsV1(String accessToken) throws Exception { private String getResponseStringFromConn(HttpURLConnection conn) throws IOException { BufferedReader reader = null; - reader = new BufferedReader(new InputStreamReader(conn.getInputStream())); - StringBuffer stringBuffer = new StringBuffer(); - String line = ""; - while ((line = reader.readLine()) != null) { - stringBuffer.append(line); + try { + reader = new BufferedReader(new InputStreamReader(conn.getInputStream(), StandardCharsets.UTF_8)); + final StringBuffer stringBuffer = new StringBuffer(); + String line = ""; + while ((line = reader.readLine()) != null) { + stringBuffer.append(line); + } + return stringBuffer.toString(); + } finally { + if (reader != null) { + reader.close(); + } } - return stringBuffer.toString(); } } diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/CustomPermissionEvaluator.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/CustomPermissionEvaluator.java index fab50eee1..e3097998b 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/CustomPermissionEvaluator.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/CustomPermissionEvaluator.java @@ -9,9 +9,10 @@ public class CustomPermissionEvaluator { - public static boolean hasPermission(List customerRolesGroups, List targetRolesGroups) { + public static boolean hasPermission( + List customerRolesGroups, List targetRolesGroups) { boolean permitted = false; - for (DirectoryServiceObject rg : customerRolesGroups) { + for (final DirectoryServiceObject rg : customerRolesGroups) { if (targetRolesGroups.contains(rg.getDisplayName())) { permitted = true; break; diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/DirectoryServiceObject.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/DirectoryServiceObject.java index 1250d9869..eea1c8d17 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/DirectoryServiceObject.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/DirectoryServiceObject.java @@ -6,27 +6,27 @@ package com.microsoft.azure.autoconfigure.aad; public class DirectoryServiceObject { - private final String OdataType; - private final String ObjectType; - private final String Description; - private final String DisplayName; + private String odataType; + private String objectType; + private String description; + private String displayName; public DirectoryServiceObject(String odataType, String objectType, String description, String displayName) { - OdataType = odataType; - ObjectType = objectType; - Description = description; - DisplayName = displayName; + this.odataType = odataType; + this.objectType = objectType; + this.description = description; + this.displayName = displayName; } public String getOdataType() { - return OdataType; + return odataType; } public String getObjectType() { - return ObjectType; + return objectType; } public String getDisplayName() { - return DisplayName; + return displayName; } public String getDescription() { - return Description; + return description; } } diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfigurationTest.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfigurationTest.java index b8b9a858f..d599bde93 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfigurationTest.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterAutoConfigurationTest.java @@ -15,7 +15,8 @@ public class AzureADJwtFilterAutoConfigurationTest { public void createAzureADJwtFilter() throws Exception { System.setProperty(Constants.CLIENT_ID_PROPERTY, Constants.CLIENT_ID); System.setProperty(Constants.CLIENT_SECRET_PROPERTY, Constants.CLIENT_SECRET); - System.setProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY, Constants.ALLOWED_ROLES_GROUPS.toString().replace("[", "").replace("]", "")); + System.setProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY, + Constants.ALLOWED_ROLES_GROUPS.toString().replace("[", "").replace("]", "")); try (AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext()) { context.register(AzureADJwtFilterAutoConfiguration.class); @@ -30,4 +31,4 @@ public void createAzureADJwtFilter() throws Exception { System.clearProperty(Constants.CLIENT_SECRET_PROPERTY); System.clearProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY); } -} \ No newline at end of file +} diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterPropertiesTest.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterPropertiesTest.java index 41bebe7e4..21030bc5b 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterPropertiesTest.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterPropertiesTest.java @@ -19,7 +19,8 @@ public class AzureADJwtFilterPropertiesTest { public void canSetProperties() { System.setProperty(Constants.CLIENT_ID_PROPERTY, Constants.CLIENT_ID); System.setProperty(Constants.CLIENT_SECRET_PROPERTY, Constants.CLIENT_SECRET); - System.setProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY, Constants.ALLOWED_ROLES_GROUPS.toString().replace("[", "").replace("]", "")); + System.setProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY, + Constants.ALLOWED_ROLES_GROUPS.toString().replace("[", "").replace("]", "")); try (AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext()) { context.register(Config.class); @@ -29,7 +30,8 @@ public void canSetProperties() { assertThat(properties.getClientId()).isEqualTo(Constants.CLIENT_ID); assertThat(properties.getClientSecret()).isEqualTo(Constants.CLIENT_SECRET); - assertThat(properties.getAllowedRolesGroups().toString()).isEqualTo(Constants.ALLOWED_ROLES_GROUPS.toString()); + assertThat(properties.getAllowedRolesGroups() + .toString()).isEqualTo(Constants.ALLOWED_ROLES_GROUPS.toString()); } System.clearProperty(Constants.CLIENT_ID_PROPERTY); @@ -55,11 +57,14 @@ public void emptySettingsNotAllowed() { assertThat(exception).isNotNull(); assertThat(exception).isExactlyInstanceOf(BeanCreationException.class); assertThat(exception.getCause().getMessage()).contains( - "Field error in object 'azure.activedirectory' on field 'clientId': rejected value []"); + "Field error in object " + + "'azure.activedirectory' on field 'clientId': rejected value []"); assertThat(exception.getCause().getMessage()).contains( - "Field error in object 'azure.activedirectory' on field 'clientSecret': rejected value []"); + "Field error in object " + + "'azure.activedirectory' on field 'clientSecret': rejected value []"); assertThat(exception.getCause().getMessage()).contains( - "Field error in object 'azure.activedirectory' on field 'allowedRolesGroups': rejected value [null]"); + "Field error in object " + + "'azure.activedirectory' on field 'allowedRolesGroups': rejected value [null]"); } System.clearProperty(Constants.CLIENT_ID_PROPERTY); @@ -70,5 +75,4 @@ public void emptySettingsNotAllowed() { @EnableConfigurationProperties(AzureADJwtFilterProperties.class) static class Config { } - -} \ No newline at end of file +} diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilterTest.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilterTest.java index 5661db5f6..60c8a45ec 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilterTest.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/test/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtTokenFilterTest.java @@ -34,13 +34,14 @@ public void beforeEveryMethod() { public void doFilterInternal() throws Exception { System.setProperty(Constants.CLIENT_ID_PROPERTY, Constants.CLIENT_ID); System.setProperty(Constants.CLIENT_SECRET_PROPERTY, Constants.CLIENT_SECRET); - System.setProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY, Constants.ALLOWED_ROLES_GROUPS.toString().replace("[", "").replace("]", "")); + System.setProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY, + Constants.ALLOWED_ROLES_GROUPS.toString().replace("[", "").replace("]", "")); - HttpServletRequest request = mock(HttpServletRequest.class); + final HttpServletRequest request = mock(HttpServletRequest.class); when(request.getHeader(Constants.TOKEN_HEADER)).thenReturn(Constants.BEARER_TOKEN); - HttpServletResponse response = mock(HttpServletResponse.class); - FilterChain filterChain = mock(FilterChain.class); + final HttpServletResponse response = mock(HttpServletResponse.class); + final FilterChain filterChain = mock(FilterChain.class); Authentication authentication = mock(Authentication.class); @@ -62,13 +63,13 @@ public void doFilterInternal() throws Exception { assertThat(authentication.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ALLOWED")) || authentication.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_DISALLOWED"))); - AzureADJwtToken aadJwtToken = (AzureADJwtToken) authentication.getPrincipal(); + final AzureADJwtToken aadJwtToken = (AzureADJwtToken) authentication.getPrincipal(); assertThat(aadJwtToken.getIssuer()).isNotNull().isNotEmpty(); assertThat(aadJwtToken.getKid()).isNotNull().isNotEmpty(); assertThat(aadJwtToken.getSubject()).isNotNull().isNotEmpty(); assertThat(aadJwtToken.getClaims()).isNotNull().isNotEmpty(); - Map claims = aadJwtToken.getClaims(); + final Map claims = aadJwtToken.getClaims(); assertThat(claims.get("iss")).isEqualTo(aadJwtToken.getIssuer()); assertThat(claims.get("sub")).isEqualTo(aadJwtToken.getSubject()); } @@ -78,4 +79,4 @@ public void doFilterInternal() throws Exception { System.clearProperty(Constants.ALLOWED_ROLES_GROUPS_PROPERTY); } -} \ No newline at end of file +} diff --git a/common/config/findbugs-exclude.xml b/common/config/findbugs-exclude.xml index ab6bb6c09..5a48d6930 100644 --- a/common/config/findbugs-exclude.xml +++ b/common/config/findbugs-exclude.xml @@ -3,4 +3,6 @@ + + \ No newline at end of file From a2dca258f797f99549160c4cb8a308b4f5f2e329 Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Fri, 4 Aug 2017 15:15:19 +0800 Subject: [PATCH 07/12] add readme for autoconfigure usage --- .../README.md | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md new file mode 100644 index 000000000..43be1681a --- /dev/null +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md @@ -0,0 +1,39 @@ +## Usage + +### Register the application in Azure AD +* Go to Azure Active Directory - App registrations - New application registration to register the application in Azure Active Directory. `Application ID` is `clientId` in `application.properties`. +* After application registration succeeded, go to API ACCESS - Required permissions - DELEGATED PERMISSIONS, tick `Access the directory as the signed-in user` and `Sign in and read user profile`. +* Click `Grant Permissions` (Note: you will need administrator privilege to grant permission). +* Go to API ACCESS - Keys to create a secret key (`clientSecret`). + +### Add the dependency + +`azure-ad-integration-spring-boot-autoconfigure` is published on Maven Central Repository. +If you are using Maven, add the following dependency. + +```xml + + com.microsoft.azure + azure-ad-integration-spring-boot-autoconfigure + 0.1.4 + +``` + +### Add application properties + +Open `application.properties` file and add below properties with your Document DB credentials. + +``` +azure.activedirectory.clientId=Application-ID-in-AAD-App-registrations +azure.activedirectory.clientSecret=Key-in-AAD-API-ACCESS +azure.activedirectory.allowedRolesGroups=roles-groups-allowed-to-access-API-resource e.g. group1,group2,group3 +``` + +### Configure WebSecurityConfigurerAdapter class to use `AzureADJwtTokenFilter` + +``` +@Autowired +private AzureADJwtTokenFilter aadJwtFilter; +``` + +You can refer to [azure-ad-integration-spring-boot-autoconfigure-sample]() for how to integrate Spring Security and Azure AD for authentication and authorization in a Single Page Application (SPA) scenario. From 0dd6672c777b7351898336b5602433f97984eaaf Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Fri, 4 Aug 2017 15:36:55 +0800 Subject: [PATCH 08/12] add overview --- .../azure-ad-integration-spring-boot-autoconfigure/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md index 43be1681a..7c8a6f4e3 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md @@ -1,7 +1,8 @@ -## Usage +## Overview +This package provides a Spring Security filter to validate the Jwt token from Azure AD. The Jwt token is also used to acquire a On-Behalf-Of token for Azure AD Graph API so that authenticated user's membership information is available for authorization of access of API resources. ### Register the application in Azure AD -* Go to Azure Active Directory - App registrations - New application registration to register the application in Azure Active Directory. `Application ID` is `clientId` in `application.properties`. +* Go to Azure Portal - Azure Active Directory - App registrations - New application registration to register the application in Azure Active Directory. `Application ID` is `clientId` in `application.properties`. * After application registration succeeded, go to API ACCESS - Required permissions - DELEGATED PERMISSIONS, tick `Access the directory as the signed-in user` and `Sign in and read user profile`. * Click `Grant Permissions` (Note: you will need administrator privilege to grant permission). * Go to API ACCESS - Keys to create a secret key (`clientSecret`). From 694371d4b1bacd8df0ee34a1094f2c1eee816f5b Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Fri, 4 Aug 2017 16:02:21 +0800 Subject: [PATCH 09/12] fix a minor in readme --- .../azure-ad-integration-spring-boot-autoconfigure/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md index 7c8a6f4e3..7cce72c1b 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/README.md @@ -22,7 +22,7 @@ If you are using Maven, add the following dependency. ### Add application properties -Open `application.properties` file and add below properties with your Document DB credentials. +Open `application.properties` file and add below properties. ``` azure.activedirectory.clientId=Application-ID-in-AAD-App-registrations From 3902f9a8ea66fa289116dcbade0f8c6ce7e25119 Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Mon, 7 Aug 2017 10:22:11 +0800 Subject: [PATCH 10/12] fix as Zhijun suggested --- .../aad/AzureADJwtFilterProperties.java | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterProperties.java b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterProperties.java index 7e780c9d6..8511f9cbf 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterProperties.java +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/src/main/java/com/microsoft/azure/autoconfigure/aad/AzureADJwtFilterProperties.java @@ -14,15 +14,24 @@ @Validated @ConfigurationProperties("azure.activedirectory") public class AzureADJwtFilterProperties { + /** + * Registered application ID in Azure AD. + */ @NotEmpty private String clientId; + /** + * API Access Key of the registered application. + */ @NotEmpty private String clientSecret; + /** + * Allowed roles and groups in Azure AD. + */ @NotEmpty private List allowedRolesGroups; - private final String aadSignInUri = "https://login.microsoftonline.com/"; - private final String aadGraphAPIUri = "https://graph.windows.net/"; + private static final String aadSignInUri = "https://login.microsoftonline.com/"; + private static final String aadGraphAPIUri = "https://graph.windows.net/"; public String getClientId() { return clientId; From e4ad6585b10b875e642c2e352c5a7ed1cf22c5d7 Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Mon, 7 Aug 2017 10:25:20 +0800 Subject: [PATCH 11/12] move adal4j up to lib --- pom.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index 0730692e5..29d821c42 100644 --- a/pom.xml +++ b/pom.xml @@ -180,6 +180,11 @@ azure-media ${azure.media.version} + + com.microsoft.azure + adal4j + ${azure.adal4j.version} + @@ -198,11 +203,6 @@ nimbus-jose-jwt ${nimbusds.version} - - com.microsoft.azure - adal4j - ${azure.adal4j.version} - javax.servlet javax.servlet-api From 0621ed32d5058fc7ab8af3d34ffccbd63d91bc81 Mon Sep 17 00:00:00 2001 From: Yawei Wang Date: Mon, 7 Aug 2017 11:10:32 +0800 Subject: [PATCH 12/12] remove a unnecessary dependency --- .../azure-ad-integration-spring-boot-autoconfigure/pom.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml index 27a792742..351edbacf 100644 --- a/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml +++ b/activedirectory/azure-ad-integration-spring-boot-autoconfigure/pom.xml @@ -96,11 +96,6 @@ com.fasterxml.jackson.core jackson-databind - - org.mockito - mockito-core - - \ No newline at end of file