0

What is the easiest way to switch from jsession based authentication to a token based authentication with Azure AD and Spring security? The documentation is not clear on other approaches to authenticate with azure AD other than the default session based one.

I am trying to see how can I validate the jwt access token using azure AD. The default implementation works with session based authentication (which will not work in a system with multiple instances.) The session-stateless property mentioned in the doc doesn't seem to have any effect on the authentication.

sm0217
  • 1
  • You can't validate AD tokens issued by MS Graph unfortunately. I tried for a while and saw this link https://stackoverflow.com/a/65172084/319826. I ended up using Azure API gateway. This can validate an AD-token on your behalf. So I use it as a frontend to my backend-service. – kometen Jan 16 '23 at 12:27

1 Answers1

1

Spring Cloud Azure integrate Spring Security with Azure Active Directory.

You could use spring-cloud-azure-starter-active-directory starter to integrate with Spring Security, please refer this sample to see how to use it.

For further reading, please refer the Azure Active Directory dev guide, it covers these scenarios for you:

  • Access a web application
  • Access resource servers from a web application
  • Protect a resource server/API
  • Access other resource servers from a resource server
  • Web application and resource server in one application
Jimmy Fang
  • 21
  • 2