spring_boot_aad_kv

Small demo of a dockerized Spring Boot web application with Azure AD and KeyVault.

This demo shows multiple aspects:

It's a Spring Boot-based web application
The web app is configured solely via environment variables (to be a good Docker citizen) and Azure KeyVault for confidential values
- Specifically, the SQL Azure connection information (connection string, username and password) come in from KeyVault.
The web app authenticates users via Azure AD.
- On the / endpoint, it enforces group membership.
- On the /claims endpoint, it prints out the user's security token's properties.
- On GET /pet, POST /pet/create, GET /pet/123 and DELETE /pet/123 we authenticate the user, and interact with SQL Azure in the back.
Security Setup
- The application has a service principal, which is used to query group membership information in the Azure Active Directory Graph API.
- The application uses a user-assigned managed identity to authN to KeyVault to fetch the Azure SQL DB's connection string.

Overview

Name		Name	Last commit message	Last commit date
Latest commit History 43 Commits
docs		docs
gradle/wrapper		gradle/wrapper
imds		imds
src/main		src/main
.gitignore		.gitignore
0-variables.sh		0-variables.sh
1-create-service-principal.sh		1-create-service-principal.sh
2-create-infra-imperatively.sh		2-create-infra-imperatively.sh
2-create-infra-via-ARM.sh		2-create-infra-via-ARM.sh
5-fetch-connection-string.sh		5-fetch-connection-string.sh
8-setup_dev_environment.cmd		8-setup_dev_environment.cmd
9-build-run-docker.cmd		9-build-run-docker.cmd
9-build-run-docker.sh		9-build-run-docker.sh
9-build-run-dos.cmd		9-build-run-dos.cmd
Dockerfile		Dockerfile
README.md		README.md
azuredeploy-0.json		azuredeploy-0.json
azuredeploy-1.json		azuredeploy-1.json
build.gradle		build.gradle
gradlew		gradlew
gradlew.bat		gradlew.bat
prepare.sh		prepare.sh
settings.gradle		settings.gradle