Spring Security Azure AD: Wire up enterprise grade authentication and authorization

We are pleased to announce that Azure Active Directory (Azure AD) is integrated with Spring Security to secure your Java web applications. With only few lines of configurations, you can wire up enterprise grade authentication and authorization for your Spring Boot project.

With Spring Boot Starter for Azure AD, Java developers now can get started quickly to build the authentication workflow for a web application that uses Azure AD and OAuth 2.0 to secure its back end. It also enables developers to create a role based authorization workflow for a Web API secured by Azure AD with the power of the Spring Security.

Getting Started

Take the To-do App, which Erich Gamma showed on SpringOne 2017, as an example. The sample is composed of two layers: Angular JS client and Spring Boot RESTful web service. It illustrates the flow to login and retrieves user's information using AAD Graph API.

Authorization Flow Chart

The authorization flow is composed of 3 phrases:

  1. Login with credentials and get validated through Azure AD.
  2. Retrieve token and membership information from Azure AD Graph API.
  3. Evaluate the membership for role-based authorization.

spring security aad auth flow chart

Register a new application in Azure AD

To get started, first register a new application in Azure Active Directory. After the app is ready, generate a client key and grant permissions to the app.

spring security aad register a new app

Features of Spring Security Azure AD

Use Spring Initializer to quick-start a new project with dependencies of Spring Security and Azure Active Directory. Specify the Azure AD connections and wire up AAD AuthFilter in your project. Now you can easily set up AAD authentication and role-based authorization with the following features:

  • @PreAuthorize: Implement Spring’s @PreAuthorize annotation to provide method-level security with roles and permissions of logged-in users.
  • isMemberOf(): provide access control with roles and permissions based on a specified Azure user group.

spring security aad features

Access Control with Azure AD Group

Run and test your app in a web browser. Now you can easily use Azure AD Group for access control by adding or removing group members.

spring security aad todo app

spring security aad access control

Next Steps

For more information about using Spring on Azure, visit the following pages:

Feedback

Please share your feedback and ask questions to help us improve. You can contact us on Gitter.

Source: Security

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.