diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md index aa6fecd9d496..cf791d11705d 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/README.md @@ -26,6 +26,9 @@ azure.activedirectory.tenant-id=xxxxxx-your-tenant-id-xxxxxx azure.activedirectory.active-directory-groups=group1, group2 ``` +If `azure.activedirectory.tenant-id` is configured, `AADOAuth2LoginSecurityConfig` will take effect and this app will use AAD to authentication and authorization. +If `azure.activedirectory.tenant-id` is **NOT** configured, `NoLoginSecurityConfig` will take effect and this app will **NOT** use AAD to authentication and authorization. + ### Run with Maven ```shell # Under sdk/spring project root directory diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/controller/HomeController.java b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/controller/HomeController.java index 6a0e802ea30a..c0ac526c1cf6 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/controller/HomeController.java +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/controller/HomeController.java @@ -4,6 +4,7 @@ package com.microsoft.azure.aad.controller; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; @@ -13,6 +14,7 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.ResponseBody; +@ConditionalOnProperty(prefix = "azure.activedirectory", value = "tenant-id") @Controller public class HomeController { @Autowired diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/security/AADOAuth2LoginSecurityConfig.java b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/security/AADOAuth2LoginSecurityConfig.java index b07f305f3d45..dee2f0268b37 100644 --- a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/security/AADOAuth2LoginSecurityConfig.java +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/security/AADOAuth2LoginSecurityConfig.java @@ -4,6 +4,7 @@ package com.microsoft.azure.aad.security; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -12,6 +13,7 @@ import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; import org.springframework.security.oauth2.core.oidc.user.OidcUser; +@ConditionalOnProperty(prefix = "azure.activedirectory", value = "tenant-id") @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class AADOAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter { diff --git a/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/security/NoLoginSecurityConfig.java b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/security/NoLoginSecurityConfig.java new file mode 100644 index 000000000000..7880d4c43c68 --- /dev/null +++ b/sdk/spring/azure-spring-boot-samples/azure-spring-boot-sample-active-directory-backend/src/main/java/com/microsoft/azure/aad/security/NoLoginSecurityConfig.java @@ -0,0 +1,25 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.microsoft.azure.aad.security; + +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +// If "azure.activedirectory.tenant-id" is not configured, +// this bean will take effect to disable login. +@ConditionalOnMissingBean(AADOAuth2LoginSecurityConfig.class) +@EnableWebSecurity +@EnableGlobalMethodSecurity(prePostEnabled = true) +public class NoLoginSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/**") + .permitAll(); + } +}