web app sample (#84)

* web app sample

Author: SomkaPe

src/samples/msal-web-sample/pom.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>2.1.4.RELEASE</version>
+		<relativePath/> <!-- lookup parent from repository -->
+	</parent>
+	<groupId>com.microsoft.azure</groupId>
+	<artifactId>msal-web-sample</artifactId>
+	<packaging>war</packaging>
+	<version>0.1.0</version>
+	<name>msal-web-sample</name>
+	<description>Web sample for Microsoft Authentication Library for Java</description>
+
+	<properties>
+		<java.version>1.8</java.version>
+	</properties>
+
+	<dependencies>
+		<dependency>
+			<groupId>com.microsoft.azure</groupId>
+			<artifactId>msal4j</artifactId>
+			<version>0.5.0-preview</version>
+		</dependency>
+		<dependency>
+			<groupId>com.nimbusds</groupId>
+			<artifactId>oauth2-oidc-sdk</artifactId>
+			<version>6.5</version>
+		</dependency>
+		<dependency>
+			<groupId>org.json</groupId>
+			<artifactId>json</artifactId>
+			<version>20090211</version>
+		</dependency>
+		<!-- Spring 3 dependencies -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-thymeleaf</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok</artifactId>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+
+</project>

src/samples/web-app-samples-for-msal4j/src/main/java/com/microsoft/aad/msal4jsample/BasicFilter.java renamed to src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java

@@ -0,0 +1,165 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.azure.msalwebsample;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.util.Collections;
+import java.util.Map;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+import javax.annotation.PostConstruct;
+import javax.naming.ServiceUnavailableException;
+import javax.servlet.http.HttpServletRequest;
+
+import com.microsoft.aad.msal4j.*;
+import com.nimbusds.oauth2.sdk.AuthorizationCode;
+import com.nimbusds.openid.connect.sdk.AuthenticationResponse;
+import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
+import lombok.Getter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+@Getter
+class AuthHelper {
+
+    static final String PRINCIPAL_SESSION_NAME = "principal";
+    static final String TOKEN_CACHE_SESSION_ATTRIBUTE = "token_cache";
+    static final String END_SESSION_ENDPOINT = "https://login.microsoftonline.com/common/oauth2/v2.0/logout";
+
+    private String clientId;
+    private String clientSecret;
+    private String authority;
+    private String redirectUri;
+
+    @Autowired
+    BasicConfiguration configuration;
+
+    @PostConstruct
+    public void init() {
+        clientId = configuration.getClientId();
+        authority = configuration.getAuthority();
+        clientSecret = configuration.getSecretKey();
+        redirectUri = configuration.getRedirectUri();
+    }
+
+    private ConfidentialClientApplication createClientApplication() throws MalformedURLException {
+        return ConfidentialClientApplication.builder(clientId, ClientCredentialFactory.create(clientSecret)).
+                authority(authority).
+                build();
+    }
+
+    IAuthenticationResult getAuthResultBySilentFlow(HttpServletRequest httpRequest) throws Throwable {
+        IAuthenticationResult result =  AuthHelper.getAuthSessionObject(httpRequest);
+
+        IAuthenticationResult updatedResult;
+        ConfidentialClientApplication app;
+        try {
+            app = createClientApplication();
+
+            Object tokenCache =  httpRequest.getSession().getAttribute("token_cache");
+            if(tokenCache != null){
+                app.tokenCache().deserialize(tokenCache.toString());
+            }
+
+            SilentParameters parameters = SilentParameters.builder(
+                    Collections.singleton("https://graph.microsoft.com/.default"),
+                    result.account()).build();
+
+            CompletableFuture<IAuthenticationResult> future = app.acquireTokenSilently(parameters);
+
+            updatedResult = future.get();
+        } catch (ExecutionException e) {
+            throw e.getCause();
+        }
+
+        if (updatedResult == null) {
+            throw new ServiceUnavailableException("authentication result was null");
+        }
+
+        //update session with latest token cache
+        storeTokenCacheInSession(httpRequest, app.tokenCache().serialize());
+
+        return updatedResult;
+    }
+
+    IAuthenticationResult getAuthResultByAuthCode(
+            HttpServletRequest httpServletRequest,
+            AuthorizationCode authorizationCode,
+            String currentUri) throws Throwable {
+
+        IAuthenticationResult result;
+        ConfidentialClientApplication app;
+        try {
+            app = createClientApplication();
+
+            String authCode = authorizationCode.getValue();
+            AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder(
+                    authCode,
+                    new URI(currentUri)).
+                    build();
+
+            Future<IAuthenticationResult> future = app.acquireToken(parameters);
+
+            result = future.get();
+        } catch (ExecutionException e) {
+            throw e.getCause();
+        }
+
+        if (result == null) {
+            throw new ServiceUnavailableException("authentication result was null");
+        }
+
+        storeTokenCacheInSession(httpServletRequest, app.tokenCache().serialize());
+
+        return result;
+    }
+
+    private void storeTokenCacheInSession(HttpServletRequest httpServletRequest, String tokenCache){
+        httpServletRequest.getSession().setAttribute(AuthHelper.TOKEN_CACHE_SESSION_ATTRIBUTE, tokenCache);
+    }
+
+    void setSessionPrincipal(HttpServletRequest httpRequest, IAuthenticationResult result) {
+        httpRequest.getSession().setAttribute(AuthHelper.PRINCIPAL_SESSION_NAME, result);
+    }
+
+    void removePrincipalFromSession(HttpServletRequest httpRequest) {
+        httpRequest.getSession().removeAttribute(AuthHelper.PRINCIPAL_SESSION_NAME);
+    }
+
+    void updateAuthDataUsingSilentFlow(HttpServletRequest httpRequest) throws Throwable {
+        IAuthenticationResult authResult = getAuthResultBySilentFlow(httpRequest);
+        setSessionPrincipal(httpRequest, authResult);
+    }
+
+    static boolean isAuthenticationSuccessful(AuthenticationResponse authResponse) {
+        return authResponse instanceof AuthenticationSuccessResponse;
+    }
+
+    static boolean isAuthenticated(HttpServletRequest request) {
+        return request.getSession().getAttribute(PRINCIPAL_SESSION_NAME) != null;
+    }
+
+    static IAuthenticationResult getAuthSessionObject(HttpServletRequest request) {
+        Object principalSession = request.getSession().getAttribute(PRINCIPAL_SESSION_NAME);
+        if(principalSession instanceof IAuthenticationResult){
+            return (IAuthenticationResult) principalSession;
+        } else {
+            throw new IllegalStateException();
+        }
+    }
+
+    static boolean containsAuthenticationCode(HttpServletRequest httpRequest) {
+        Map<String, String[]> httpParameters = httpRequest.getParameterMap();
+
+        boolean isPostRequest = httpRequest.getMethod().equalsIgnoreCase("POST");
+        boolean containsErrorData = httpParameters.containsKey("error");
+        boolean containIdToken = httpParameters.containsKey("id_token");
+        boolean containsCode = httpParameters.containsKey("code");
+
+        return isPostRequest && containsErrorData || containsCode || containIdToken;
+    }
+}

src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java

@@ -0,0 +1,122 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.azure.msalwebsample;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.text.ParseException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.microsoft.aad.msal4j.*;
+import com.nimbusds.jwt.JWTParser;
+import org.json.JSONArray;
+import org.json.JSONObject;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.servlet.ModelAndView;
+
+import static com.microsoft.azure.msalwebsample.AuthHelper.getAuthSessionObject;
+
+@Controller
+public class AuthPageController {
+
+    @Autowired
+    AuthHelper authHelper;
+
+    @RequestMapping("/msal4jsample")
+    public String homepage(){
+        return "index";
+    }
+
+    @RequestMapping("/msal4jsample/secure/aad")
+    public ModelAndView securePage(HttpServletRequest httpRequest) throws ParseException {
+        ModelAndView mav = new ModelAndView("auth_page");
+
+        setAccountInfo(mav, httpRequest);
+
+        return mav;
+    }
+
+    @RequestMapping("/msal4jsample/sign_out")
+    public void signOut(HttpServletRequest httpRequest, HttpServletResponse response) throws ParseException, IOException {
+
+        httpRequest.getSession().invalidate();
+
+        String redirectUrl = "http://localhost:8080/msal4jsample/";
+        response.sendRedirect(AuthHelper.END_SESSION_ENDPOINT +
+                "?post_logout_redirect_uri=" + URLEncoder.encode(redirectUrl, "UTF-8"));
+    }
+
+    @RequestMapping("/graph/users")
+    public ModelAndView getUsersFromGraph(ModelMap model, HttpServletRequest httpRequest) throws Throwable {
+        IAuthenticationResult result =  authHelper.getAuthResultBySilentFlow(httpRequest);
+
+        ModelAndView mav;
+
+        if (result == null) {
+            mav = new ModelAndView("error");
+            mav.addObject("error", new Exception("AuthenticationResult not found in session."));
+        } else {
+            mav = new ModelAndView("auth_page");
+            setAccountInfo(mav, httpRequest);
+
+            try {
+                mav.addObject("users", getUserNamesFromGraph(result.accessToken()));
+
+                return mav;
+            } catch (Exception e) {
+                mav = new ModelAndView("error");
+                mav.addObject("error", e);
+            }
+        }
+        return mav;
+    }
+
+    private String getUserNamesFromGraph(String accessToken) throws Exception {
+        // Microsoft Graph users endpoint
+        URL url = new URL("https://graph.microsoft.com/v1.0/users");
+
+        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+
+        // Set the appropriate header fields in the request header.
+        conn.setRequestProperty("Authorization", "Bearer " + accessToken);
+        conn.setRequestProperty("Accept", "application/json");
+
+        String response = HttpClientHelper.getResponseStringFromConn(conn);
+
+        int responseCode = conn.getResponseCode();
+        if(responseCode != HttpURLConnection.HTTP_OK) {
+            throw new IOException(response);
+        }
+
+        JSONObject responseObject = HttpClientHelper.processResponse(responseCode, response);
+        JSONArray users = JSONHelper.fetchDirectoryObjectJSONArray(responseObject);
+
+        StringBuilder builder = new StringBuilder();
+        for (int i = 0; i < users.length(); i++) {
+            JSONObject thisUserJSONObject = users.optJSONObject(i);
+            User user = new User();
+            JSONHelper.convertJSONObjectToDirectoryObject(thisUserJSONObject, user);
+            builder.append(user.getUserPrincipalName());
+            builder.append("<br/>");
+        }
+        return builder.toString();
+    }
+
+    private void setAccountInfo(ModelAndView model, HttpServletRequest httpRequest) throws ParseException {
+        IAuthenticationResult auth = getAuthSessionObject(httpRequest);
+
+        String tenantId = JWTParser.parse(auth.idToken()).getJWTClaimsSet().getStringClaim("tid");
+
+        model.addObject("tenantId", tenantId);
+        model.addObject("account", getAuthSessionObject(httpRequest).account());
+    }
+}

src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java

@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.azure.msalwebsample;
+
+import lombok.AccessLevel;
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Getter
+@Setter
+@Component
+@ConfigurationProperties("aad")
+class BasicConfiguration {
+    String clientId;
+    @Getter(AccessLevel.NONE) String authority;
+    String redirectUri;
+    String secretKey;
+
+    String getAuthority(){
+        if (!authority.endsWith("/")) {
+            authority += "/";
+        }
+        return authority;
+    }
+}