How to authenticate Spring Boot rest API having POST method using Azure AD

Question

In my spring boot rest api I am using a POST method. I am using Azure AD to authenticate api. When hitting an endpoint it is giving status as 200 OK but not doing the required POST operations. Even loggers are not getting printed from the controller @PostMapping

Can some help what needs to be fixed ...

In POM spring security and below dependency.


        com.microsoft.azure
        azure-spring-boot-starter

Registered required properties in properties file.

azure.activedirectory.session-stateless
azure.activedirectory.tenant-id
azure.activedirectory.user-group.allowed-groups
spring.security.oauth2.client.registration.azure.client-id
spring.security.oauth2.client.registration.azure.client-secret

NOTE: There is no front end as of now.

unknown · Accepted Answer

If you use @PostMapping to authenticate for access token, you don't need to use azure-spring-boot-starter. You could refer the code sample based on auth code flow:

Controller:

@PostMapping("/access_token")
public AuthenticationResult authorizeToken(@RequestBody @Valid AuthorizationRequest authorizationCode) throws Exception {
    return tokenService.getAccessTokenFromAuthorizationCode(authorizationCode.getCode(), authorizationCode.getRedirectUri());
}

Service:

public AuthenticationResult getAccessTokenFromAuthorizationCode(String authorizationCode, String redirectUri) throws Exception {
   AuthorizationCode request = new AuthorizationCode(authorizationCode);
   try {
        return tokenGenerator.getAccessToken(request, redirectUri);
   } catch (Throwable throwable) {
        return throwException(throwable);
   }
}

TokenGenerator function:

public AuthenticationResult getAccessToken(
            AuthorizationCode authorizationCode, String currentUri)
            throws Throwable {
        String authCode = authorizationCode.getValue();
        ClientCredential credential = new ClientCredential(clientId,
                clientSecret);
        AuthenticationContext context = null;
        AuthenticationResult result = null;
        ExecutorService service = null;
        try {
            service = Executors.newFixedThreadPool(1);
            context = new AuthenticationContext(authority + tenant + "/", true,
                    service);
            Future future = context
                    .acquireTokenByAuthorizationCode(authCode, new URI(
                            currentUri), credential, resource, null);
            result = future.get();
        } catch (ExecutionException e) {
            throw e.getCause();
        } finally {
            service.shutdown();
        }

        if (result == null) {
            throw new ServiceUnavailableException(
                    "authentication result was null");
        }
        return result;
    }

pom.xml


    org.springframework.security.oauth
    spring-security-oauth2
    2.2.0.RELEASE


    org.springframework.security
    spring-security-jwt


    com.microsoft.azure
    adal4j
    1.1.1


    com.nimbusds
    oauth2-oidc-sdk
    4.5


    org.springframework.security
    spring-security-config

application.properties

security.oauth2.client.clientId=xxx
security.oauth2.client.clientSecret=xxx
security.oauth2.client.tenant=xxx
security.oauth2.client.accessTokenUri=https://login.microsoftonline.com//oauth2/token
security.oauth2.client.userAuthorizationUri=https://login.microsoftonline.com//oauth2/authorize
security.oauth2.client.authority=https://login.microsoftonline.com/
security.oauth2.client.resource=https://graph.windows.net/    // scope of API
security.oauth2.resource.userInfoUri=https://graph.windows.net/me?api-version=1.6    // call API

If you would like to authenticate in backend with Spring Boot Starter, please refer to this example based on implicit grant flow.

How to authenticate Spring Boot rest API having POST method using Azure AD

Answers (1)

Related Questions