Not let our sample down if property 'azure.activedirectory.tenant-id'…

… is not confugured. (#12645) * Not let our sample down if property 'azure.activedirectory.tenant-id' is not confugured. * Add NoLoginSecurityConfig to disable login. * Add comment to explain what NoLoginSecurityConfig used for. * Recover application.properties. * Update readme to explain what 'NoLoginSecurityConfig' is used for. Co-authored-by: Rujun Chen <rujche@microsoft.com>
Azure · Jul 3, 2020 · 7685539 · 7685539
1 parent f27af36
commit 7685539
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 0 deletions.
diff --git a/...spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md b/...spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md
@@ -26,6 +26,9 @@ azure.activedirectory.tenant-id=xxxxxx-your-tenant-id-xxxxxx
 azure.activedirectory.active-directory-groups=group1, group2
 ```
 
+If `azure.activedirectory.tenant-id` is configured, `AADOAuth2LoginSecurityConfig` will take effect and this app will use AAD to authentication and authorization.
+If `azure.activedirectory.tenant-id` is **NOT** configured, `NoLoginSecurityConfig` will take effect and this app will **NOT** use AAD to  authentication and authorization.
+
 ### Run with Maven
 ```shell
 # Under sdk/spring project root directory

diff --git a/...ve-directory-backend/src/main/java/com/microsoft/azure/aad/controller/HomeController.java b/...ve-directory-backend/src/main/java/com/microsoft/azure/aad/controller/HomeController.java
@@ -4,6 +4,7 @@
 package com.microsoft.azure.aad.controller;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
@@ -13,6 +14,7 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
 
+@ConditionalOnProperty(prefix = "azure.activedirectory", value = "tenant-id")
 @Controller
 public class HomeController {
     @Autowired

diff --git a/...-backend/src/main/java/com/microsoft/azure/aad/security/AADOAuth2LoginSecurityConfig.java b/...-backend/src/main/java/com/microsoft/azure/aad/security/AADOAuth2LoginSecurityConfig.java
@@ -4,6 +4,7 @@
 package com.microsoft.azure.aad.security;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -12,6 +13,7 @@
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 
+@ConditionalOnProperty(prefix = "azure.activedirectory", value = "tenant-id")
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class AADOAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {

diff --git a/...rectory-backend/src/main/java/com/microsoft/azure/aad/security/NoLoginSecurityConfig.java b/...rectory-backend/src/main/java/com/microsoft/azure/aad/security/NoLoginSecurityConfig.java
@@ -0,0 +1,25 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.azure.aad.security;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+// If "azure.activedirectory.tenant-id" is not configured,
+// this bean will take effect to disable login.
+@ConditionalOnMissingBean(AADOAuth2LoginSecurityConfig.class)
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class NoLoginSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/**")
+            .permitAll();
+    }
+}