Azure AD 的 Spring security oauth

我需要添加实现以使用 Azure AD 进行身份验证。我能够跟踪的唯一有用的文章是https://github.com/AzureCAT-GSI/DevCamp/tree/master/HOL/java/03-azureread-office365

但是我的 Web 应用程序没有使用上面文章中所述的 Spring Boot。 我找到的所有示例上下文 xml 都描述了如何将 webapp 配置为授权服务器。

在 spring security xml 中需要进行哪些相关配置才能使其使用 azure ad 进行身份验证？

下面是我的 xml，设置不正确：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
       xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security
                    http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
    ">
    <sec:http pattern="/" security="none"/>
    <!--<sec:http pattern="/login" security="none"/>-->
    <sec:http pattern="/resources/assets/**" security="none"/>
    <sec:http pattern="/resources/bootstrap/**" security="none"/>
    <sec:http pattern="/resources/config/**" security="none"/>
    <sec:http pattern="/resources/css/**" security="none"/>
    <!-- HTTP Root Access configuration -->
    <sec:http pattern="/rest/**" create-session="never" access-decision-manager-ref="accessDecisionManager"
              entry-point-ref="oauthAuthenticationEntryPoint" use-expressions="true" auto-config="true">
        <sec:anonymous enabled="false"/>
        <sec:intercept-url pattern="/**" access="isAuthenticated()" />
        <sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
        <sec:access-denied-handler ref="oauthAccessDeniedHandler"/>
        <sec:expression-handler ref="oauthWebExpressionHandler"/>
    </sec:http>

    <!-- OAuth2 Authentication Entry Point -->
    <bean id="oauthAuthenticationEntryPoint"
          class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
        <property name="realmName" value="conference"/>
    </bean>

    <bean id="oauthAccessDeniedHandler"
          class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>

    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
        <constructor-arg>
            <list>
                <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/>
                <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
                <bean class="org.springframework.security.web.access.expression.WebExpressionVoter">
                    <property name="expressionHandler" ref="oauthWebExpressionHandler"/>
                </bean>
            </list>
        </constructor-arg>
    </bean>

    <!--<oauth:web-expression-handler id="oauthWebExpressionHandler"/>-->
    <bean id="oauthWebExpressionHandler" class="org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler"/>
    <!-- OAuth2 Token Generation Services -->
    <sec:http pattern="/oauth/token" create-session="stateless"
              authentication-manager-ref="clientAuthenticationManager">
        <sec:intercept-url pattern="/**" access="isAuthenticated()" />
        <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/>
        <sec:anonymous enabled="false"/>
        <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
        <sec:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER"/>
        <sec:access-denied-handler ref="oauthAccessDeniedHandler"/>
    </sec:http>

    <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <property name="tokenStore" ref="tokenStore"/>
        <property name="supportRefreshToken" value="true"/>
        <property name="accessTokenValiditySeconds" value="300000"/>
        <property name="clientDetailsService" ref="clientDetails"/>
    </bean>

    <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore"/>

    <bean id="approvalStore" class="org.springframework.security.oauth2.provider.approval.TokenApprovalStore">
        <property name="tokenStore" ref="tokenStore"/>
    </bean>

    <bean id="userApprovalHandler"
          class="org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler">
        <property name="approvalStore" ref="approvalStore"/>
        <property name="clientDetailsService" ref="clientDetails"/>
        <property name="requestFactory">
            <bean class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
                <constructor-arg index="0" ref="clientDetails"/>
            </bean>
        </property>
    </bean>

    <!-- OAuth2 Authorization Server -->
    <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
                                user-approval-handler-ref="userApprovalHandler">
        <oauth:authorization-code/>
        <oauth:implicit/>
        <oauth:refresh-token/>
        <oauth:client-credentials/>
        <oauth:password/>
    </oauth:authorization-server>

    <!-- OAuth2 Protected Resources Server -->
    <oauth:resource-server id="resourceServerFilter" resource-id="conference" token-services-ref="tokenServices"/>

    <!-- OAuth2 Client Configuration -->
    <bean id="clientCredentialsTokenEndpointFilter"
          class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
        <property name="authenticationManager" ref="clientAuthenticationManager"/>
    </bean>

    <bean id="clientAuthenticationEntryPoint"
          class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
        <property name="realmName" value="conference/client"/>
        <property name="typeName" value="Basic"/>
    </bean>

    <bean id="clientDetailsUserService"
          class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <constructor-arg ref="clientDetails"/>
    </bean>

    <!-- OAuth2 Client's Authentication Manager -->
    <sec:authentication-manager id="clientAuthenticationManager">
        <sec:authentication-provider user-service-ref="clientDetailsUserService"/>
    </sec:authentication-manager>

    <!-- File based client details access -->
    <oauth:client-details-service id="clientDetails">
        <!-- Web Application clients -->
        <oauth:client client-id="7c7ecd48-a83e-453c-b0f8-658edf4d1519"
                      secret=""
                      redirect-uri="http://localhost:8080/auth/openid/return"
                      authorities="APP"
                      authorized-grant-types="authorization_code"
                      resource-ids="conference"
                      scope="read,write,trust"/>
    </oauth:client-details-service>
    <oauth:resource client-id="7c7ecd48-a83e-453c-b0f8-658edf4d1519" authentication-scheme="header"
                    client-secret="" user-authorization-uri="https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
                    token-name="access_token" client-authentication-scheme="form" pre-established-redirect-uri="http://localhost:8080/auth/openid/return"
                    scope="openid,profile,User.Read, Mail.Send"
                    access-token-uri="https://login.microsoftonline.com/common/oauth2/v2.0/token"/>

    <sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
        <sec:expression-handler ref="oauthExpressionHandler"/>
    </sec:global-method-security>

    <oauth:expression-handler id="oauthExpressionHandler"/>

</beans>