GithubHelp home page GithubHelp logo

vaadin7-azure's Introduction

vaadin7 Azure AD Sample Application

A simple Vaadin 7 application that integrates with Azure AD to add azure login and logout.

Workflow

To compile the entire project, run "mvn install".

To run the application, run "mvn jetty:run" and open http://localhost:8080/ .

Azure Authentication and references

This is a Spring Vaadin 7 application using Spring security for restricting access to the application.

The below lines in Security config makes sure that all requests to the application are authenticated except \login and \logout

 antMatchers("/login").permitAll()
.antMatchers("/logout").permitAll()
.anyRequest().authenticated()

Following these documents https://www.baeldung.com/spring-security-openid-connect-legacy and https://jar-download.com/artifacts/org.springframework.security.oauth/spring-security-oauth2/2.0.10.RELEASE/source-code/org/springframework/security/oauth2/client/filter/OAuth2ClientAuthenticationProcessingFilter.java OpenIdConnectFilter has been designed and in SecurityConfig it has been added as a Filter which is responsible for the authentication. Also a bean of type OAuth2RestTemplate has been created with the authorization details in AzureOpenIdConnectConfig which is responsible to get the access token.

On getting the access token, the "id_token" is extracted from the access token which is a JWT token that contains identity information about the user, signed by the identity provider. In this case the identity provider is microsoft azure.

Next we need to verify the signature if the access token issued by Azure Ad by using public endpoint. The "kid" is the key identifier which we can extract from the id_token and verify it with the public keys. This has been done using the decodeAndVerify method of JwtHelper and finally verified that the id_token was issued by azure and is not expired.

The public key can be obtained by calling the public Azure AD OpenID configuration endpoint. It has been referenced from here https://learn.microsoft.com/en-us/answers/questions/1359059/signature-validation-of-my-access-token-private-ke and https://www.voitanos.io/blog/validating-entra-id-generated-oauth-tokens

On successful authentication user has been created with the claims and the granted authorities.

For logout, a logoutSuccessHandler has been added which is responsible for redirecting to azure logout after logging out of the application.

vaadin7-azure's People

Contributors

mukherjeesudebi avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.