In this second article of our series, we will start building a prototype that uses Spring Boot authentication to connect with Microsoft 365 Azure Active Directory (Azure AD). If you haven’t already completed part one of this series, please review that article now and create your Azure AD configuration.
Getting Started with Spring Initializr
In order to get the spring boot authentication prototype assembled quickly, first create an initial project structure using the Spring Initializr utility.
Spring Initializr, provided by the Pivotal, is a web application that will generate a Spring Boot project structure for you. Along with the structure, it provides a basic application class as well as either a Maven or a Gradle build script (we will use Gradle). The four primary Spring dependencies to import for our project include:
- Azure Active Directory
- OAUTH2 Client
- Spring Web
Thymeleaf is a server-side Java templating engine for web applications. It has been around the block a few times, and does not have as much overhead as Angular so will keep our prototype example focused on authentication and easier to read.
Spring Initializr Project Structure
After making the dependency selections, click the “GENERATE” button to download the project file. As you can see from the snapshot below, Initializr has completed a fair amount of grunt work for our prototype.
Upgrading Versions in the Build Script
Spring Initializr choices can be a bit restrictive. At the time of this writing, the website only supports using version 2.5.8 while importing the Azure AD dependency. Selecting another version will give you the following error:
However, this is easily remedied by upgrading the versions in your build script after generating and downloading the project files.
We have upgraded both Spring Boot and Azure AD versions in the build.gradle script. Note that we have also upgraded the version of log4j to compensate for recent high profile vulnerabilities. Once Pivotal has upgraded the default log4j versions in Spring Boot, this log4j upgrade should no longer be necessary.
Sensitive Property Values
In part one of this series, we configured an Azure AD profile. During this step we created three values required for our prototype. These values should be treated as passwords. They should not be shared nor published to GitHub. Create the following file src/main/resources/sensitive.properties:
azure.activedirectory.tenant-id=your-azure-ad-tenant-id azure.activedirectory.client-id=your-azure-ad--application-id azure.activedirectory.client-secret=your-azure-ad-client-secret
Spring Boot Authentication Prototype
Our prototype is now stubbed out and ready for implementation. Part 3 of this series will focus on the code changes necessary to authenticate with Microsoft 365.