| title | titleSuffix | description | services | author | manager | ms.service | ms.subservice | ms.topic | ms.workload | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Quickstart: Add sign-in with Microsoft to a Java web app | Azure |
Microsoft identity platform |
In this quickstart, you'll learn how to add sign-in with Microsoft to a Java web application by using OpenID Connect. |
active-directory |
sangonzal |
CelesteDG |
active-directory |
develop |
quickstart |
identity |
10/09/2019 |
sagonzal |
aaddev, scenarios:getting-started, languages:Java, devx-track-java |
In this quickstart, you download and run a code sample that demonstrates how a Java web application can sign in users and call the Microsoft Graph API. Users from any Azure Active Directory (Azure AD) organization can sign in to the application.
For an overview, see the diagram of how the sample works.
To run this sample, you need:
- Java Development Kit (JDK) 8 or later.
- Maven.
[!div renderon="docs"]
There are two ways to start your quickstart application: express (option 1) and manual (option 2).
- Go to the Azure portal - App registrations quickstart experience.
- Enter a name for your application, and then select Register.
- Follow the instructions in the portal's quickstart experience to download the automatically configured application code.
To register your application and manually add the app's registration information to it, follow these steps:
- Sign in to the Azure portal.
- If you have access to multiple tenants, use the Directory + subscription filter :::image type="icon" source="./media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to select the tenant in which you want to register the application.
- Search for and select Azure Active Directory.
- Under Manage, select App registrations.
- Select New registration.
- Enter a Name for your application, for example java-webapp. Users of your app might see this name. You can change it later.
- Select Register.
- On the Overview page, note the Application (client) ID and the Directory (tenant) ID. You'll need these values later.
- Under Manage, select Authentication.
- Select Add a platform > Web.
- In the Redirect URIs section, enter
https://localhost:8443/msal4jsample/secure/aad.- Select Configure.
- In the Web section, under Redirect URIs, enter
https://localhost:8443/msal4jsample/graph/meas a second redirect URI.- Under Manage, select Certificates & secrets. In the Client secrets section, select New client secret.
- Enter a key description (for example, app secret), leave the default expiration, and select Add.
- Note the Value of the client secret. You'll need it later.
[!div class="sxs-lookup" renderon="portal"]
To use the code sample in this quickstart:
- Add reply URLs
https://localhost:8443/msal4jsample/secure/aadandhttps://localhost:8443/msal4jsample/graph/me.- Create a client secret.
[!div renderon="portal" id="makechanges" class="nextstepaction"] Make these changes for me
[!div id="appconfigured" class="alert alert-info"]
Your application is configured with these attributes.
[!div renderon="docs"] Download the code sample
[!div class="sxs-lookup" renderon="portal"] Download the project and extract the .zip file into a folder near the root of your drive. For example, C:\Azure-Samples.
To use HTTPS with localhost, provide the
server.ssl.keyproperties. To generate a self-signed certificate, use the keytool utility (included in JRE).Here's an example:
keytool -genkeypair -alias testCert -keyalg RSA -storetype PKCS12 -keystore keystore.p12 -storepass password server.ssl.key-store-type=PKCS12 server.ssl.key-store=classpath:keystore.p12 server.ssl.key-store-password=password server.ssl.key-alias=testCertPut the generated keystore file in the resources folder.
[!div renderon="portal" id="autoupdate" class="sxs-lookup nextstepaction"] Download the code sample
[!div class="sxs-lookup" renderon="portal"]
[!NOTE]
Enter_the_Supported_Account_Info_Here
[!div renderon="docs"]
Extract the zip file to a local folder.
Optional. If you use an integrated development environment, open the sample in that environment.
Open the application.properties file. You can find it in the src/main/resources/ folder. Replace the values in the fields
aad.clientId,aad.authority, andaad.secretKeywith the application ID, tenant ID, and client secret values, respectively. Here's what it should look like:aad.clientId=Enter_the_Application_Id_here aad.authority=https://login.microsoftonline.com/Enter_the_Tenant_Info_Here/ aad.secretKey=Enter_the_Client_Secret_Here aad.redirectUriSignin=https://localhost:8443/msal4jsample/secure/aad aad.redirectUriGraph=https://localhost:8443/msal4jsample/graph/me aad.msGraphEndpointHost="https://graph.microsoft.com/"In the previous code:
Enter_the_Application_Id_hereis the application ID for the application you registered.Enter_the_Client_Secret_Hereis the Client Secret you created in Certificates & secrets for the application you registered.Enter_the_Tenant_Info_Hereis the Directory (tenant) ID value of the application you registered.To use HTTPS with localhost, provide the
server.ssl.keyproperties. To generate a self-signed certificate, use the keytool utility (included in JRE).Here's an example:
keytool -genkeypair -alias testCert -keyalg RSA -storetype PKCS12 -keystore keystore.p12 -storepass password server.ssl.key-store-type=PKCS12 server.ssl.key-store=classpath:keystore.p12 server.ssl.key-store-password=password server.ssl.key-alias=testCertPut the generated keystore file in the resources folder.
[!div class="sxs-lookup" renderon="portal"]
[!div renderon="docs"]
To run the project, take one of these steps:
- Run it directly from your IDE by using the embedded Spring Boot server.
- Package it to a WAR file by using Maven, and then deploy it to a J2EE container solution like Apache Tomcat.
To run the web application from an IDE, select run, and then go to the home page of the project. For this sample, the standard home page URL is https://localhost:8443.
-
On the front page, select the Login button to redirect users to Azure Active Directory and prompt them for credentials.
-
After users are authenticated, they're redirected to
https://localhost:8443/msal4jsample/secure/aad. They're now signed in, and the page will show information about the user account. The sample UI has these buttons:- Sign Out: Signs the current user out of the application and redirects that user to the home page.
- Show User Info: Acquires a token for Microsoft Graph and calls Microsoft Graph with a request that contains the token, which returns basic information about the signed-in user.
If you want to deploy the web sample to Tomcat, make a couple changes to the source code.
-
Open ms-identity-java-webapp/src/main/java/com.microsoft.azure.msalwebsample/MsalWebSampleApplication.
-
Delete all source code and replace it with this code:
package com.microsoft.azure.msalwebsample; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; @SpringBootApplication public class MsalWebSampleApplication extends SpringBootServletInitializer { public static void main(String[] args) { SpringApplication.run(MsalWebSampleApplication.class, args); } @Override protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) { return builder.sources(MsalWebSampleApplication.class); } }
-
-
Tomcat's default HTTP port is 8080, but you need an HTTPS connection over port 8443. To configure this setting:
-
Go to tomcat/conf/server.xml.
-
Search for the
<connector>tag, and replace the existing connector with this connector:<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:/Path/To/Keystore/File/keystore.p12" keystorePass="KeystorePassword" clientAuth="false" sslProtocol="TLS"/>
-
-
Open a Command Prompt window. Go to the root folder of this sample (where the pom.xml file is located), and run
mvn packageto build the project.- This command will generate a msal-web-sample-0.1.0.war file in your /targets directory.
- Rename this file to msal4jsample.war.
- Deploy the WAR file by using Tomcat or any other J2EE container solution.
- To deploy the msal4jsample.war file, copy it to the /webapps/ directory in your Tomcat installation, and then start the Tomcat server.
-
After the file is deployed, go to https://localhost:8443/msal4jsample by using a browser.
Important
This quickstart application uses a client secret to identify itself as a confidential client. Because the client secret is added as plain text to your project files, for security reasons we recommend that you use a certificate instead of a client secret before using the application in a production environment. For more information on how to use a certificate, see Certificate credentials for application authentication.
MSAL for Java (MSAL4J) is the Java library used to sign in users and request tokens that are used to access an API that's protected by the Microsoft identity platform.
Add MSAL4J to your application by using Maven or Gradle to manage your dependencies by making the following changes to the application's pom.xml (Maven) or build.gradle (Gradle) file.
In pom.xml:
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>msal4j</artifactId>
<version>1.0.0</version>
</dependency>In build.gradle:
compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.0.0'
Add a reference to MSAL for Java by adding the following code at the start of the file where you'll be using MSAL4J:
import com.microsoft.aad.msal4j.*;[!INCLUDE Help and support]
For a more in-depth discussion of building web apps that sign in users on the Microsoft identity platform, see the multipart scenario series:
[!div class="nextstepaction"] Scenario: Web app that signs in users