Azure Active Directory (Azure AD) B2C is an identity management service that enables you to customize and control how customers sign up, sign in, and manage their profiles when using your applications. Azure AD B2C enables these actions while protecting the identities of your customers at the same time.
The following prerequisites are required in order to complete the steps in this article:
- A supported Java Development Kit (JDK). For more information about the JDKs available for use when developing on Azure, see https://aka.ms/azure-jdks.
- Apache Maven, version 3.0 or later.
- Azure subscription.
If you don't have an Azure subscription, create a free account before you begin.
-
Log into https://portal.azure.com.
-
Click +Create a resource, then Identity, and then Azure Active Directory B2C.
-
Enter your Organization name and your Initial domain name, then click Create. The domain name's format is like ${your-tenant-name}.onmicrosoft.com, so record the tenant name for later use.
-
Select your account name on the top-right of the Azure portal toolbar, then click Switch directory.
-
Select your new Azure Active Directory from the drop-down menu.
-
Search
b2cand clickAzure AD B2Cservice.
-
Select Azure AD B2C from the portal menu, click Applications, and then click Add.
-
Specify your application Name, add
http://localhost:8080/homefor the Reply URL, record the Application ID as your${your-client-id}and then click Save. -
Select Keys from your application, click Generate key to generate
${your-client-secret}and then Save. -
Select User flows on your left, and then Click **New user flow **.
-
Choose Sign up or in, Profile editing and Password reset to create user flows respectively. Specify your user flow Name and User attributes and claims, click Create.
-
Extract the files from the project archive you created and downloaded earlier in this tutorial into a directory.
-
Navigate to the parent folder for your project, and open the
pom.xmlMaven project file in a text editor. -
Add the dependencies for Spring OAuth2 security to the
pom.xml:<dependency> <groupId>com.microsoft.azure</groupId> <artifactId>azure-active-directory-b2c-spring-boot-starter</artifactId> <version>2.1.7</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity5</artifactId> </dependency>
-
Save and close the pom.xml file.
-
Navigate to the src/main/resources folder in your project and open the application.yml file in a text editor.
-
Specify the settings for your app registration using the values you created earlier; for example:
azure: activedirectory: b2c: tenant: ${your-tenant-name} client-id: ${your-client-id} client-secret: ${your-client-secret} reply-url: ${your-reply-url-from-aad} # should be absolute url. logout-success-url: ${you-logout-success-url} user-flows: sign-up-or-sign-in: ${your-sign-up-or-in-user-flow} profile-edit: ${your-profile-edit-user-flow} # optional password-reset: ${your-password-reset-user-flow} # optional
Where:
Parameter Description azure.activedirectory.b2c.tenantContains your AD B2C's ${your-tenant-name}from earlier.azure.activedirectory.b2c.client-idContains the ${your-client-id}from your application that you completed earlier.azure.activedirectory.b2c.client-secretContains the ${your-client-secret}from your application that you completed earlier.azure.activedirectory.b2c.reply-urlContains one of the Reply URL from your application that you completed earlier. azure.activedirectory.b2c.logout-success-urlSpecify the URL when your application logout successfully. azure.activedirectory.b2c.user-flowsContains the name of the user flows that you completed earlier. -
Save and close the application.yml file.
-
Create a folder named controller in the Java source folder for your application.
-
Create a new Java file named HelloController.java in the controller folder and open it in a text editor.
-
Enter the following code, then save and close the file:
package sample.aad.controller; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.GetMapping; @Controller public class WebController { private void initializeModel(Model model, OAuth2AuthenticationToken token) { if (token != null) { final OAuth2User user = token.getPrincipal(); model.addAttribute("grant_type", user.getAuthorities()); model.addAllAttributes(user.getAttributes()); } } @GetMapping(value = "/") public String index(Model model, OAuth2AuthenticationToken token) { initializeModel(model, token); return "home"; } @GetMapping(value = "/greeting") public String greeting(Model model, OAuth2AuthenticationToken token) { initializeModel(model, token); return "greeting"; } @GetMapping(value = "/home") public String home(Model model, OAuth2AuthenticationToken token) { initializeModel(model, token); return "home"; } }
-
Create a folder named security in the Java source folder for your application.
-
Create a new Java file named WebSecurityConfig.java in the security folder and open it in a text editor.
-
Enter the following code, then save and close the file:
package sample.aad.security; import com.microsoft.azure.spring.autoconfigure.b2c.AADB2COidcLoginConfigurer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @EnableWebSecurity public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { private final AADB2COidcLoginConfigurer configurer; public WebSecurityConfiguration(AADB2COidcLoginConfigurer configurer) { this.configurer = configurer; } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest() .authenticated() .and() .apply(configurer) ; } }
-
Copy the
greeting.htmlandhome.htmlfrom Azure AD B2C Spring Boot Sample, and replace the${your-profile-edit-user-flow}and${your-password-reset-user-flow}with your user flow name respectively that completed earlier.
-
Open a command prompt and change directory to the folder where your app's pom.xml file is located.
-
Build your Spring Boot application with Maven and run it; for example:
mvn clean package mvn spring-boot:run
-
After your application is built and started by Maven, open http://localhost:8080/ in a web browser; you should be redirected to login page.
-
Click linke with name of
${your-sign-up-or-in}user flow, you should be rediected Azure AD B2C to start the authentication process. -
After you have logged in successfully, you should see the sample
home pagefrom the browser.
Microsoft would like to collect data about how users use this Spring boot starter. Microsoft uses this information to improve our tooling experience. Participation is voluntary. If you don't want to participate, just simply disable it by setting below configuration in application.properties.
azure.activedirectory.b2c.allow-telemetry=false
When telemetry is enabled, an HTTP request will be sent to URL https://dc.services.visualstudio.com/v2/track. So please make sure it's not blocked by your firewall.
Find more information about Azure Service Privacy Statement, please check Microsoft Online Services Privacy Statement.
In this documentation, you created a new Java web application using the Azure Active Directory B2C starter, configured a new Azure AD B2C tenant and registered a new application in it, and then configured your application to use the Spring annotations and classes to protect the web app.