我需要添加实现以使用 Azure AD 进行身份验证。我能够跟踪的唯一有用的文章是https://github.com/AzureCAT-GSI/DevCamp/tree/master/HOL/java/03-azureread-office365
但是我的 Web 应用程序没有使用上面文章中所述的 Spring Boot。 我找到的所有示例上下文 xml 都描述了如何将 webapp 配置为授权服务器。
在 spring security xml 中需要进行哪些相关配置才能使其使用 azure ad 进行身份验证?
下面是我的 xml,设置不正确:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:sec="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
">
<sec:http pattern="/" security="none"/>
<!--<sec:http pattern="/login" security="none"/>-->
<sec:http pattern="/resources/assets/**" security="none"/>
<sec:http pattern="/resources/bootstrap/**" security="none"/>
<sec:http pattern="/resources/config/**" security="none"/>
<sec:http pattern="/resources/css/**" security="none"/>
<!-- HTTP Root Access configuration -->
<sec:http pattern="/rest/**" create-session="never" access-decision-manager-ref="accessDecisionManager"
entry-point-ref="oauthAuthenticationEntryPoint" use-expressions="true" auto-config="true">
<sec:anonymous enabled="false"/>
<sec:intercept-url pattern="/**" access="isAuthenticated()" />
<sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
<sec:access-denied-handler ref="oauthAccessDeniedHandler"/>
<sec:expression-handler ref="oauthWebExpressionHandler"/>
</sec:http>
<!-- OAuth2 Authentication Entry Point -->
<bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="conference"/>
</bean>
<bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
<bean class="org.springframework.security.web.access.expression.WebExpressionVoter">
<property name="expressionHandler" ref="oauthWebExpressionHandler"/>
</bean>
</list>
</constructor-arg>
</bean>
<!--<oauth:web-expression-handler id="oauthWebExpressionHandler"/>-->
<bean id="oauthWebExpressionHandler" class="org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler"/>
<!-- OAuth2 Token Generation Services -->
<sec:http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager">
<sec:intercept-url pattern="/**" access="isAuthenticated()" />
<sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/>
<sec:anonymous enabled="false"/>
<sec:http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<sec:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER"/>
<sec:access-denied-handler ref="oauthAccessDeniedHandler"/>
</sec:http>
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore"/>
<property name="supportRefreshToken" value="true"/>
<property name="accessTokenValiditySeconds" value="300000"/>
<property name="clientDetailsService" ref="clientDetails"/>
</bean>
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore"/>
<bean id="approvalStore" class="org.springframework.security.oauth2.provider.approval.TokenApprovalStore">
<property name="tokenStore" ref="tokenStore"/>
</bean>
<bean id="userApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler">
<property name="approvalStore" ref="approvalStore"/>
<property name="clientDetailsService" ref="clientDetails"/>
<property name="requestFactory">
<bean class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
<constructor-arg index="0" ref="clientDetails"/>
</bean>
</property>
</bean>
<!-- OAuth2 Authorization Server -->
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code/>
<oauth:implicit/>
<oauth:refresh-token/>
<oauth:client-credentials/>
<oauth:password/>
</oauth:authorization-server>
<!-- OAuth2 Protected Resources Server -->
<oauth:resource-server id="resourceServerFilter" resource-id="conference" token-services-ref="tokenServices"/>
<!-- OAuth2 Client Configuration -->
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager"/>
</bean>
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="conference/client"/>
<property name="typeName" value="Basic"/>
</bean>
<bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails"/>
</bean>
<!-- OAuth2 Client's Authentication Manager -->
<sec:authentication-manager id="clientAuthenticationManager">
<sec:authentication-provider user-service-ref="clientDetailsUserService"/>
</sec:authentication-manager>
<!-- File based client details access -->
<oauth:client-details-service id="clientDetails">
<!-- Web Application clients -->
<oauth:client client-id="7c7ecd48-a83e-453c-b0f8-658edf4d1519"
secret=""
redirect-uri="http://localhost:8080/auth/openid/return"
authorities="APP"
authorized-grant-types="authorization_code"
resource-ids="conference"
scope="read,write,trust"/>
</oauth:client-details-service>
<oauth:resource client-id="7c7ecd48-a83e-453c-b0f8-658edf4d1519" authentication-scheme="header"
client-secret="" user-authorization-uri="https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
token-name="access_token" client-authentication-scheme="form" pre-established-redirect-uri="http://localhost:8080/auth/openid/return"
scope="openid,profile,User.Read, Mail.Send"
access-token-uri="https://login.microsoftonline.com/common/oauth2/v2.0/token"/>
<sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
<sec:expression-handler ref="oauthExpressionHandler"/>
</sec:global-method-security>
<oauth:expression-handler id="oauthExpressionHandler"/>
</beans>
您可以查看下面的媒体博客 -->媒体博客