Move active directory related logic from main branch to 4.0 branch (#…

…25282) * 1. Move active directory related code from main branch to 4.0 branch. 2. Change package name. 3. Resolve the errors reported by "mvn clean install". * Delete package-info.java in this package and is sub packages: com.azure.spring.cloud.autoconfigure.active.directory.implementation. * Create 2 starters: spring-cloud-azure-starter-active-directory and spring-cloud-azure-starter-active-directory-b2c. * Delete unnecessary contents in the 2 starters: spring-cloud-azure-starter-active-directory and spring-cloud-azure-starter-active-directory-b2c.
Azure · Nov 11, 2021 · 7ef326f · 7ef326f
1 parent 37c7c01
commit 7ef326f
Show file tree

Hide file tree

Showing 121 changed files with 10,317 additions and 9 deletions.
diff --git a/eng/code-quality-reports/src/main/resources/checkstyle/checkstyle-suppressions.xml b/eng/code-quality-reports/src/main/resources/checkstyle/checkstyle-suppressions.xml
@@ -422,6 +422,8 @@ the main ServiceBusClientBuilder. -->
 />
   <suppress checks="[a-zA-Z0-9]*" files="[/\\]azure-spring-cloud-feature-management[/\\]"/>
   <suppress checks="[a-zA-Z0-9]*" files="[/\\]azure-spring-cloud-feature-management-web[/\\]"/>
+  <!-- Suppress the long package name in spring security related implementation class. -->
+  <suppress checks="PackageName" files="com.azure.spring.cloud.autoconfigure.active.directory.implementation.*" />
 
   <!-- perf-test files are not public API, so they don't need to fulfill all requirements. -->
   <suppress checks="Javadoc" files=".*[/\\]azure-\w+-perf[/\\].*\.java"/>

diff --git a/eng/versioning/version_client.txt b/eng/versioning/version_client.txt
@@ -168,6 +168,8 @@ com.azure.spring:spring-cloud-azure-actuator;4.0.0-beta.1;4.0.0-beta.1
 com.azure.spring:spring-cloud-azure-autoconfigure;4.0.0-beta.1;4.0.0-beta.1
 com.azure.spring:spring-cloud-azure-resourcemanager;4.0.0-beta.1;4.0.0-beta.1
 com.azure.spring:spring-cloud-azure-service;4.0.0-beta.1;4.0.0-beta.1
+com.azure.spring:spring-cloud-azure-starter-active-directory;4.0.0-beta.1;4.0.0-beta.1
+com.azure.spring:spring-cloud-azure-starter-active-directory-b2c;4.0.0-beta.1;4.0.0-beta.1
 com.azure.spring:spring-cloud-azure-starter-actuator;4.0.0-beta.1;4.0.0-beta.1
 com.azure.spring:spring-cloud-azure-starter-appconfiguration;4.0.0-beta.1;4.0.0-beta.1
 com.azure.spring:spring-cloud-azure-starter-cosmos;4.0.0-beta.1;4.0.0-beta.1

diff --git a/sdk/spring/pom.xml b/sdk/spring/pom.xml
@@ -173,6 +173,8 @@
         <module>spring-cloud-azure-actuator</module>
         <module>spring-cloud-azure-actuator-autoconfigure</module>
         <module>spring-cloud-azure-autoconfigure</module>
+        <module>spring-cloud-azure-starter-active-directory</module>
+        <module>spring-cloud-azure-starter-active-directory-b2c</module>
         <module>spring-cloud-azure-starter-actuator</module>
         <module>spring-cloud-azure-starter-appconfiguration</module>
         <module>spring-cloud-azure-starter-cosmos</module>
@@ -221,6 +223,8 @@
         <module>spring-cloud-azure-actuator</module>
         <module>spring-cloud-azure-actuator-autoconfigure</module>
         <module>spring-cloud-azure-autoconfigure</module>
+        <module>spring-cloud-azure-starter-active-directory</module>
+        <module>spring-cloud-azure-starter-active-directory-b2c</module>
         <module>spring-cloud-azure-starter-actuator</module>
         <module>spring-cloud-azure-starter-appconfiguration</module>
         <module>spring-cloud-azure-starter-cosmos</module>

diff --git a/sdk/spring/spring-cloud-azure-autoconfigure/pom.xml b/sdk/spring/spring-cloud-azure-autoconfigure/pom.xml
@@ -181,28 +181,58 @@
       <artifactId>spring-boot-autoconfigure</artifactId>
       <version>2.5.4</version> <!-- {x-version-update;org.springframework.boot:spring-boot-autoconfigure;external_dependency} -->
     </dependency>
-
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-context-support</artifactId>
       <version>5.3.9</version> <!-- {x-version-update;org.springframework:spring-context-support;external_dependency} -->
       <optional>true</optional>
     </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-webflux</artifactId>
+      <version>5.3.9</version> <!-- {x-version-update;org.springframework:spring-webflux;external_dependency} -->
+      <optional>true</optional>
+    </dependency>
 
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-actuator-autoconfigure</artifactId>
       <version>2.5.4</version> <!-- {x-version-update;org.springframework.boot:spring-boot-actuator-autoconfigure;external_dependency} -->
       <optional>true</optional>
     </dependency>
-
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-configuration-processor</artifactId>
       <version>2.5.4</version> <!-- {x-version-update;org.springframework.boot:spring-boot-configuration-processor;external_dependency} -->
       <optional>true</optional>
     </dependency>
 
+    <!-- Spring Security-->
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-oauth2-client</artifactId>
+      <version>5.5.2</version> <!-- {x-version-update;org.springframework.security:spring-security-oauth2-client;external_dependency} -->
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-oauth2-resource-server</artifactId>
+      <version>5.5.2</version> <!-- {x-version-update;org.springframework.security:spring-security-oauth2-resource-server;external_dependency} -->
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-oauth2-jose</artifactId>
+      <version>5.5.2</version> <!-- {x-version-update;org.springframework.security:spring-security-oauth2-jose;external_dependency} -->
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-config</artifactId>
+      <version>5.5.2</version> <!-- {x-version-update;org.springframework.security:spring-security-config;external_dependency} -->
+      <optional>true</optional>
+    </dependency>
+
     <!-- Added this dependency to include necessary annotations used by reactor core.
         Without this dependency, javadoc throws a warning as it cannot find enum When.MAYBE
         which is used in @Nullable annotation in reactor core classes -->
@@ -212,6 +242,18 @@
       <version>3.0.2</version> <!-- {x-version-update;com.google.code.findbugs:jsr305;external_dependency} -->
       <scope>provided</scope>
     </dependency>
+    <dependency>
+      <groupId>javax.servlet</groupId>
+      <artifactId>javax.servlet-api</artifactId>
+      <version>4.0.1</version> <!-- {x-version-update;javax.servlet:javax.servlet-api;external_dependency} -->
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.hibernate.validator</groupId>
+      <artifactId>hibernate-validator</artifactId>
+      <version>6.2.0.Final</version> <!-- {x-version-update;org.hibernate.validator:hibernate-validator;external_dependency} -->
+      <optional>true</optional>
+    </dependency>
 
     <dependency>
       <groupId>jakarta.validation</groupId>
@@ -250,13 +292,6 @@
         </exclusion>
       </exclusions>
     </dependency>
-    <!-- For Validator -->
-    <dependency>
-      <groupId>org.hibernate.validator</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>6.2.0.Final</version> <!-- {x-version-update;org.hibernate.validator:hibernate-validator;external_dependency} -->
-      <scope>test</scope>
-    </dependency>
     <dependency>
       <groupId>org.glassfish</groupId>
       <artifactId>jakarta.el</artifactId>
@@ -299,6 +334,11 @@
                 <include>org.springframework.data:spring-data-redis:[2.5.4]</include> <!-- {x-include-update;org.springframework.data:spring-data-redis;external_dependency} -->
                 <include>org.springframework.kafka:spring-kafka:[2.7.6]</include> <!-- {x-include-update;org.springframework.kafka:spring-kafka;external_dependency} -->
                 <include>org.springframework:spring-context-support:[5.3.9]</include> <!-- {x-include-update;org.springframework:spring-context-support;external_dependency} -->
+                <include>org.springframework:spring-webflux:[5.3.9]</include> <!-- {x-include-update;org.springframework:spring-webflux;external_dependency} -->
+                <include>org.springframework.security:spring-security-oauth2-client:[5.5.2]</include> <!-- {x-include-update;org.springframework.security:spring-security-oauth2-client;external_dependency} -->
+                <include>org.springframework.security:spring-security-oauth2-resource-server:[5.5.2]</include> <!-- {x-include-update;org.springframework.security:spring-security-oauth2-resource-server;external_dependency} -->
+                <include>org.springframework.security:spring-security-oauth2-jose:[5.5.2]</include> <!-- {x-include-update;org.springframework.security:spring-security-oauth2-jose;external_dependency} -->
+                <include>org.springframework.security:spring-security-config:[5.5.2]</include> <!-- {x-include-update;org.springframework.security:spring-security-config;external_dependency} -->
                 <include>org.springframework:spring-jms:[5.3.9]</include> <!-- {x-include-update;org.springframework:spring-jms;external_dependency} -->
               </includes>
             </bannedDependencies>

diff --git a/...re/spring/cloud/autoconfigure/active/directory/implementation/aad/AADApplicationType.java b/...re/spring/cloud/autoconfigure/active/directory/implementation/aad/AADApplicationType.java
@@ -0,0 +1,74 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+package com.azure.spring.cloud.autoconfigure.active.directory.implementation.aad;
+
+import org.springframework.util.ClassUtils;
+
+/**
+ * AAD application type.
+ * <p>The value can be inferred by dependencies, only 'web_application_and_resource_server' must be configured manually.</p>
+ * <pre>
+ * | Has dependency: spring-security-oauth2-client | Has dependency: spring-security-oauth2-resource-server | Valid values of application type                                                                       | Default value               |
+ * |-----------------------------------------------|--------------------------------------------------------|--------------------------------------------------------------------------------------------------------|-----------------------------|
+ * |                      Yes                      |                          No                            |  'web_application'                                                                                     |       'web_application'     |
+ * |                      No                       |                          Yes                           |  'resource_server'                                                                                     |       'resource_server'     |
+ * |                      Yes                      |                          Yes                           |  'web_application','resource_server','resource_server_with_obo', 'web_application_and_resource_server' | 'resource_server_with_obo'  |
+ * </pre>
+ */
+public enum AADApplicationType {
+
+    WEB_APPLICATION("web_application"),
+    RESOURCE_SERVER("resource_server"),
+    RESOURCE_SERVER_WITH_OBO("resource_server_with_obo"),
+    WEB_APPLICATION_AND_RESOURCE_SERVER("web_application_and_resource_server");
+
+    private final String applicationType;
+
+    AADApplicationType(String applicationType) {
+        this.applicationType = applicationType;
+    }
+
+    public String getValue() {
+        return applicationType;
+    }
+
+    public static final String SPRING_SECURITY_OAUTH2_CLIENT_CLASS_NAME =
+        "org.springframework.security.oauth2.client.registration.ClientRegistration";
+    public static final String SPRING_SECURITY_OAUTH2_RESOURCE_SERVER_CLASS_NAME =
+        "org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken";
+
+    /**
+     * Infer application type by dependencies
+     *
+     * @return AADApplicationType
+     */
+    public static AADApplicationType inferApplicationTypeByDependencies() {
+        AADApplicationType type;
+        if (isOAuth2ClientAvailable()) {
+            if (isResourceServerAvailable()) {
+                type = AADApplicationType.RESOURCE_SERVER_WITH_OBO;
+            } else {
+                type = AADApplicationType.WEB_APPLICATION;
+            }
+        } else {
+            if (isResourceServerAvailable()) {
+                type = AADApplicationType.RESOURCE_SERVER;
+            } else {
+                type = null;
+            }
+        }
+        return type;
+    }
+
+    private static boolean isOAuth2ClientAvailable() {
+        return isPresent(SPRING_SECURITY_OAUTH2_CLIENT_CLASS_NAME);
+    }
+
+    private static boolean isResourceServerAvailable() {
+        return isPresent(SPRING_SECURITY_OAUTH2_RESOURCE_SERVER_CLASS_NAME);
+    }
+
+    private static boolean isPresent(String className) {
+        return ClassUtils.isPresent(className, ClassUtils.getDefaultClassLoader());
+    }
+}
diff --git a/...ng/cloud/autoconfigure/active/directory/implementation/aad/AADAuthorizationGrantType.java b/...ng/cloud/autoconfigure/active/directory/implementation/aad/AADAuthorizationGrantType.java
@@ -0,0 +1,35 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+package com.azure.spring.cloud.autoconfigure.active.directory.implementation.aad;
+
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+
+/**
+ * Defines grant types: client_credentials, authorization_code, on_behalf_of, azure_delegated.
+ */
+public enum AADAuthorizationGrantType {
+
+    CLIENT_CREDENTIALS("client_credentials"),
+    AUTHORIZATION_CODE("authorization_code"),
+    ON_BEHALF_OF("on_behalf_of"),
+    AZURE_DELEGATED("azure_delegated");
+
+    private final String authorizationGrantType;
+
+    AADAuthorizationGrantType(String authorizationGrantType) {
+        // For backward compatibility, we support 'on-behalf-of'.
+        if ("on-behalf-of".equals(authorizationGrantType)) {
+            this.authorizationGrantType = "on_behalf_of";
+        } else {
+            this.authorizationGrantType = authorizationGrantType;
+        }
+    }
+
+    public String getValue() {
+        return authorizationGrantType;
+    }
+
+    public boolean isSameGrantType(AuthorizationGrantType grantType) {
+        return this.authorizationGrantType.equals(grantType.getValue());
+    }
+}
diff --git a/...ud/autoconfigure/active/directory/implementation/aad/AADAuthorizationServerEndpoints.java b/...ud/autoconfigure/active/directory/implementation/aad/AADAuthorizationServerEndpoints.java
@@ -0,0 +1,54 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.spring.cloud.autoconfigure.active.directory.implementation.aad;
+
+import com.nimbusds.oauth2.sdk.util.StringUtils;
+
+/**
+ * Used to get endpoints for Microsoft Identity authorization server.
+ */
+public class AADAuthorizationServerEndpoints {
+
+    private static final String DEFAULT_BASE_URI = "https://login.microsoftonline.com/";
+
+    private static final String AUTHORIZATION_ENDPOINT = "/oauth2/v2.0/authorize";
+    private static final String TOKEN_ENDPOINT = "/oauth2/v2.0/token";
+    private static final String JWK_SET_ENDPOINT = "/discovery/v2.0/keys";
+    private static final String END_SESSION_ENDPOINT = "/oauth2/v2.0/logout";
+
+    private final String baseUri;
+    private final String tenantId;
+
+    public AADAuthorizationServerEndpoints(String baseUri, String tenantId) {
+        if (StringUtils.isBlank(baseUri)) {
+            baseUri = DEFAULT_BASE_URI;
+        }
+        this.baseUri = addSlash(baseUri);
+        this.tenantId = tenantId;
+    }
+
+    public String getBaseUri() {
+        return this.baseUri;
+    }
+
+    private String addSlash(String uri) {
+        return uri.endsWith("/") ? uri : uri + "/";
+    }
+
+    public String authorizationEndpoint() {
+        return baseUri + tenantId + AUTHORIZATION_ENDPOINT;
+    }
+
+    public String tokenEndpoint() {
+        return baseUri + tenantId + TOKEN_ENDPOINT;
+    }
+
+    public String jwkSetEndpoint() {
+        return baseUri + tenantId + JWK_SET_ENDPOINT;
+    }
+
+    public String endSessionEndpoint() {
+        return baseUri + tenantId + END_SESSION_ENDPOINT;
+    }
+}