时间戳

首页 > 解决方案 > 如何使用 Azure AD 对具有 POST 方法的 Spring Boot REST API 进行身份验证

spring-boot - 如何使用 Azure AD 对具有 POST 方法的 Spring Boot REST API 进行身份验证

问题描述

在我的 spring boot rest api 中,我使用的是 POST 方法。我正在使用 Azure AD 对 api 进行身份验证。到达端点时,它的状态为 200 OK,但未执行所需的 POST 操作。甚至记录器也没有从控制器中打印出来@PostMapping

可以帮助一些需要修复的东西...

在 POM spring security 和以下依赖项中。

<dependency>
        <groupId>com.microsoft.azure</groupId>
        <artifactId>azure-spring-boot-starter</artifactId>
</dependency>

在属性文件中注册了所需的属性。

azure.activedirectory.session-stateless
azure.activedirectory.tenant-id
azure.activedirectory.user-group.allowed-groups
spring.security.oauth2.client.registration.azure.client-id
spring.security.oauth2.client.registration.azure.client-secret

注意:目前还没有前端。

标签: spring-bootazure-active-directory

解决方案

如果您使用@PostMapping访问令牌进行身份验证,则不需要使用 azure-spring-boot-starter。您可以参考基于身份验证代码流的代码示例:

控制器:

@PostMapping("/access_token")
public AuthenticationResult authorizeToken(@RequestBody @Valid AuthorizationRequest authorizationCode) throws Exception {
    return tokenService.getAccessTokenFromAuthorizationCode(authorizationCode.getCode(), authorizationCode.getRedirectUri());
}

服务:

public AuthenticationResult getAccessTokenFromAuthorizationCode(String authorizationCode, String redirectUri) throws Exception {
   AuthorizationCode request = new AuthorizationCode(authorizationCode);
   try {
        return tokenGenerator.getAccessToken(request, redirectUri);
   } catch (Throwable throwable) {
        return throwException(throwable);
   }
}

令牌生成器功能:

public AuthenticationResult getAccessToken(
            AuthorizationCode authorizationCode, String currentUri)
            throws Throwable {
        String authCode = authorizationCode.getValue();
        ClientCredential credential = new ClientCredential(clientId,
                clientSecret);
        AuthenticationContext context = null;
        AuthenticationResult result = null;
        ExecutorService service = null;
        try {
            service = Executors.newFixedThreadPool(1);
            context = new AuthenticationContext(authority + tenant + "/", true,
                    service);
            Future<AuthenticationResult> future = context
                    .acquireTokenByAuthorizationCode(authCode, new URI(
                            currentUri), credential, resource, null);
            result = future.get();
        } catch (ExecutionException e) {
            throw e.getCause();
        } finally {
            service.shutdown();
        }

        if (result == null) {
            throw new ServiceUnavailableException(
                    "authentication result was null");
        }
        return result;
    }

pom.xml

<dependency>
    <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
    <version>2.2.0.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-jwt</artifactId>
</dependency>
<dependency>
    <groupId>com.microsoft.azure</groupId>
    <artifactId>adal4j</artifactId>
    <version>1.1.1</version>
</dependency>
<dependency>
    <groupId>com.nimbusds</groupId>
    <artifactId>oauth2-oidc-sdk</artifactId>
    <version>4.5</version>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
</dependency>

应用程序属性

security.oauth2.client.clientId=xxx
security.oauth2.client.clientSecret=xxx
security.oauth2.client.tenant=xxx
security.oauth2.client.accessTokenUri=https://login.microsoftonline.com/<tenant-id>/oauth2/token
security.oauth2.client.userAuthorizationUri=https://login.microsoftonline.com/<tenant-id>/oauth2/authorize
security.oauth2.client.authority=https://login.microsoftonline.com/
security.oauth2.client.resource=https://graph.windows.net/    // scope of API
security.oauth2.resource.userInfoUri=https://graph.windows.net/me?api-version=1.6    // call API

如果您想使用 Spring Boot Starter 在后端进行身份验证,请参考这个基于隐式授权流程的示例

推荐阅读