Azure活动目录集成angular + adal + spring boot

问题描述 投票:0回答:1

我正在尝试将Azure Active Directory与我拥有的应用程序集成。应用程序的前端是Angular 7,后端是Spring boot。我所做的是通过使用Microsoft adal库在Azure门户和Angular端中创建一个Web应用程序来获取访问令牌,然后在每个请求中传递该令牌并在Spring Boot后端验证该令牌。我需要知道的是我的工作方式是正确的,即我在Angular和Spring Boot中使用相同的Azure应用凭据(客户端ID,租户ID .....)。我们是否需要为朋友和后端创建不同的应用程序?从前端获取访问令牌是否正确。

app.module.ts
-----------------



function initializer(adalService: MsAdalAngular6Service) {
      return () => new Promise((resolve, reject) => {
        if (adalService.isAuthenticated) {
          resolve();
        } else {
          adalService.login();
        }
      });
    }

    @NgModule({
      declarations: [
        AppComponent
      ],
      imports: [
        BrowserModule,
        HttpClientModule,
        MsAdalAngular6Module.forRoot({
          tenant: 'xxxbef18-40f6-44e6-972c-407462a99xxx',
          clientId: 'xxx4602f-e3c8-4114-ae23-42bf9e57dxxx',
          redirectUri: 'http://localhost:4200',
          navigateToLoginRequestUrl: false,
          cacheLocation: 'localStorage'
      })
      ],
      providers: [ {
        provide: APP_INITIALIZER,
        useFactory: initializer,
        multi: true,
        deps: [MsAdalAngular6Service]
      },
        {
          provide: HTTP_INTERCEPTORS,
          useClass: TokenInterceptorService,
          multi: true
        }],
      bootstrap: [AppComponent]
    })
    export class AppModule { }

后端中的过滤器类

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AADAuthenticationFilter aadAuthFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //allow all request access this url
        http.authorizeRequests().antMatchers("/home").permitAll();

        //access to this url requires authentication
        http.authorizeRequests().antMatchers("/api/**").authenticated();

        http.authorizeRequests().anyRequest().permitAll();
         http.addFilterBefore(aadAuthFilter, UsernamePasswordAuthenticationFilter.class);


    }

}

application.properties

# Specifies your Active Directory ID:
azure.activedirectory.tenant-id=92cbef18-40f6-44e6-972c-407462a99xxx

# Specifies your App Registration's Application ID:
spring.security.oauth2.client.registration.azure.client-id=xxx42c78-c557-48ef-8f09-be40c2093xxx
azure.activedirectory.client-id=xxx4602f-e3c8-4114-ae23-42bf9e57dxxx

# Specifies your App Registration's secret key:
spring.security.oauth2.client.registration.azure.client-secret=xxx-~H98Y68m5fFw9_P9sy-c4C4E3lAxxx
azure.activedirectory.client-secret=xxx-~H98Yxxxx5fFw9_P9sy-c4C4E3lAxxx

# Specifies the list of Active Directory groups to use for authorization:
azure.activedirectory.active-directory-groups=users

任何帮助都是可取的

spring-boot azure-active-directory angular7 adal
1个回答
0
投票
您可以想象,我们的一般方法是使用前端作为Web应用程序端,使用后端作为Web服务器端(提供访问令牌)为前端和后端创建不同的应用程序。
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.