Skip to content

Latest commit

 

History

History
114 lines (80 loc) · 7.51 KB

File metadata and controls

114 lines (80 loc) · 7.51 KB
page_type languages products description urlFragment
sample
java
ms-graph
azure-app-services
azure-storage
azure-key-vault
azure-active-directory
azure-active-directory-b2c
Tutorial: Enable your Java Spring MVC webapp to sign users in, protect endpoints, call APIs with the Microsoft identity platform
ms-identity-java-spring-tutorial

Tutorial: Enable your Java Spring MVC web app to sign users in, protect endpoints, call APIs with the Microsoft identity platform

The Microsoft identity platform, along with Azure Active Directory (Azure AD) and Azure Azure Active Directory B2C (Azure AD B2C) are central to the Azure cloud ecosystem. This tutorial aims to take you through the fundamentals of modern authentication using the Azure AD Spring Boot Starter client library for Java.

We recommend following the chapters in successive order. However, the code samples are self-contained, so feel free to pick samples by topics that you may need at the moment.

⚠️ This is a work in progress. Come back frequently to discover more samples.

Prerequisites

Please refer to each chapter's README for sample-specific prerequisites.

Recommendations

  • Some familiarity with the Spring Framework
  • Some familiarity with Linux/OSX terminal or Windows PowerShell
  • jwt.ms for inspecting your tokens.
  • Fiddler for monitoring your network activity and troubleshooting.
  • Follow the Azure AD Blog to stay up-to-date with the latest developments.

Please refer to each sample's README for sample-specific recommendations.

Contents

Chapter 1: Enable your web application to sign in users

1.1 Sign-in with Azure AD
Sign your users in with Azure AD and learn to work with ID Tokens.
1.2 Sign-in with Azure AD B2C
Sign your customers in with Azure AD B2C. Learn to integrate with external social identity providers. Learn how to use user-flows and custom policies.

Chapter 2: Get an Access Token and call Microsoft Graph

2.1 Acquire an Access Token from Azure AD and call Microsoft Graph
Enable your web app to acquire an Access Token to Authorize it to call Microsoft Graph API.

Chapter 3: Restrict access to routes based on group and / or role membership

3.1 Acquire an ID Token with the roles claim
Enable your web app to acquire an ID Token with the Roles claim. Filter access to routes based on the role membership.
3.2 Acquire an ID Token with the Groups claim
Enable your web app to acquire an ID Token with a Groups claim. Filter access to routes based on the role membership. Learn how to call Graph to handle edge cases where the user is a member of too many groups to fit into an ID Token.

Chapter 4: Deploy your app to Azure

4.1 Deploy to Azure App Service
Prepare your app for deployment to Azure App Service. Learn how to package and upload files, configure authentication parameters and use various Azure services for managing your operations.

We'd love your feedback!

Were we successful in addressing your learning objective? Consider taking a moment to share your experience with us.

More information

Learn more about the Microsoft identity platform:

See more code samples:

Community Help and Support

Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [ms-identity azure-ad azure-ad-b2c msal java].

If you find a bug in the sample, please raise the issue on GitHub Issues.

To provide a recommendation, visit the following User Voice page.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.