Merge pull request #210927 from MicrosoftDocs/release-cred-free-java

Merge release-cred-free-java to main--scheduled release at 10AM of 9/26

Author: huypub

articles/app-service/media/tutorial-java-quarkus-postgresql/quarkus-crud-running-locally.png

@@ -82,6 +82,8 @@
             items: 
               - name: .NET with SQL DB
                 href: tutorial-connect-msi-sql-database.md
+              - name: Java Tomcat with Postgres
+                href: tutorial-java-tomcat-connect-managed-identity-postgresql-database.md
               - name: Azure databases
                 href: tutorial-connect-msi-azure-database.md
           - name: Connect to services

articles/app-service/media/tutorial-java-quarkus-postgresql/quarkus-crud-running-remotely.png

@@ -11,10 +11,10 @@ ms.custom: mvc
 
 # Tutorial: Build a Quarkus web app with Azure App Service on Linux and PostgreSQL
 
-This tutorial walks you through the process of building, configuring, deploying, and scaling Java web apps on Azure. 
+This tutorial walks you through the process of building, configuring, deploying, and scaling Java web apps on Azure.
 When you are finished, you will have a [Quarkus](https://quarkus.io) application storing data in [PostgreSQL](../postgresql/index.yml) database running on [Azure App Service on Linux](overview.md).
 
-![Screenshot of Quarkus application storing data in PostgreSQL.](./media/tutorial-java-quarkus-postgresql/quarkus-crud-running-locally.png)
+:::image type="content" source="./media/tutorial-java-quarkus-postgresql/quarkus-crud-running-locally.png" alt-text="Screenshot of Quarkus application storing data in PostgreSQL.":::
 
 In this tutorial, you learn how to:
 
@@ -30,7 +30,7 @@ In this tutorial, you learn how to:
 
 ## Prerequisites
 
-* [Azure CLI](/cli/azure/overview), installed on your own computer. 
+* [Azure CLI](/cli/azure/overview), installed on your own computer.
 * [Git](https://git-scm.com/)
 * [Java JDK](/azure/developer/java/fundamentals/java-support-on-azure)
 * [Maven](https://maven.apache.org)
@@ -39,7 +39,6 @@ In this tutorial, you learn how to:
 
 This tutorial uses a sample Fruits list app with a web UI that calls a Quarkus REST API backed by [Azure Database for PostgreSQL](../postgresql/index.yml). The code for the app is available [on GitHub](https://github.com/quarkusio/quarkus-quickstarts/tree/main/hibernate-orm-panache-quickstart). To learn more about writing Java apps using Quarkus and PostgreSQL, see the [Quarkus Hibernate ORM with Panache Guide](https://quarkus.io/guides/hibernate-orm-panache) and the [Quarkus Datasource Guide](https://quarkus.io/guides/datasource).
 
-
 Run the following commands in your terminal to clone the sample repo and set up the sample app environment.
 
 ```bash
@@ -54,7 +53,7 @@ cd quarkus-quickstarts/hibernate-orm-panache-quickstart
     ```azurecli
     az login
     az account set -s <your-subscription-id>
-    ```   
+    ```
 
 2. Create an Azure Resource Group, noting the resource group name (referred to with `$RESOURCE_GROUP` later on)
 
@@ -63,6 +62,7 @@ cd quarkus-quickstarts/hibernate-orm-panache-quickstart
         --name <a-resource-group-name> \
         --location <a-resource-group-region>
     ```
+
 3. Create an App Service Plan. The App Service Plan is the compute container, it determines your cores, memory, price, and scale.
 
     ```azurecli
@@ -72,6 +72,7 @@ cd quarkus-quickstarts/hibernate-orm-panache-quickstart
         --sku B2 \
         --is-linux
     ```
+
 4. Create an app service within the App Service Plan.
 
     ```azurecli
@@ -82,6 +83,7 @@ cd quarkus-quickstarts/hibernate-orm-panache-quickstart
         --runtime "JAVA|11-java11" \
         --plan "quarkus-tutorial-app-service-plan"
     ```
+
 > [!IMPORTANT]
 > The `WEBAPP_NAME` must be **unique across all Azure**. A good pattern is to use a combination of your company name or initials of your name along with a good webapp name, for example `johndoe-quarkus-app`.
 
@@ -140,6 +142,7 @@ Follow these steps to create an Azure PostgreSQL database in your subscription.
       --start-ip-address 0.0.0.0 \
       --end-ip-address 0.0.0.0
     ```
+
 3. Create a database named `fruits` within the Postgres service with this command:
 
     ```azurecli
@@ -181,6 +184,9 @@ Use Maven to run the sample.
 mvn quarkus:dev
 ```
 
+> [!IMPORTANT]
+> Be sure you have the H2 JDBC driver installed. You can add it using the following Maven command: `./mvnw quarkus:add-extension -Dextensions="jdbc-h2"`.
+
 This will build the app, run its unit tests, and then start the application in developer live coding. You should see:
 
 ```output
@@ -196,7 +202,7 @@ INFO  [io.quarkus] (Quarkus Main Thread) Installed features: [agroal, cdi, hiber
 
 You can access Quarkus app locally by typing the `w` character into the console, or using this link once the app is started: `http://localhost:8080/`.
 
-![Screenshot of Quarkus application storing data in PostgreSQL.](./media/tutorial-java-quarkus-postgresql/quarkus-crud-running-locally.png)
+:::image type="content" source="./media/tutorial-java-quarkus-postgresql/quarkus-crud-running-locally.png" alt-text="Screenshot of Quarkus application storing data in PostgreSQL.":::
 
 If you see exceptions in the output, double-check that the configuration values for `%dev` are correct.
 
@@ -221,6 +227,7 @@ az webapp config appsettings set \
         'PORT=8080' \
         'WEBSITES_PORT=8080'
 ```
+
 > [!NOTE]
 > The use of single quotes (`'`) to surround the settings is required if your password has special characters.
 
@@ -258,7 +265,7 @@ az webapp browse \
 
 You should see the app running with the remote URL in the address bar:
 
-![Screenshot of Quarkus application storing data in PostgreSQL running remotely.](./media/tutorial-java-quarkus-postgresql/quarkus-crud-running-remotely.png)
+:::image type="content" source="./media/tutorial-java-quarkus-postgresql/quarkus-crud-running-remotely.png" alt-text="Screenshot of Quarkus application storing data in PostgreSQL running remotely.":::
 
 If you see errors, use the following section to access the log file from the running app:
 
@@ -279,14 +286,15 @@ az appservice plan update --number-of-workers 2 \
 ## Clean up resources
 
 If you don't need these resources for another tutorial (see [Next steps](#next-steps)), you can delete them by running the following command in the Cloud Shell or on your local terminal:
+
 ```azurecli
 az group delete --name $RESOURCE_GROUP --yes
 ```
 
 ## Next steps
 
 [Azure for Java Developers](/java/azure/)
-[Quarkus](https://quarkus.io), 
+[Quarkus](https://quarkus.io),
 [Getting Started with Quarkus](https://quarkus.io/get-started/),
 and
 [App Service Linux](overview.md).

articles/app-service/toc.yml

@@ -0,0 +1,164 @@
+---
+title: 'Tutorial: Access data with managed identity in Java'
+description: Secure Azure Database for PostgreSQL connectivity with managed identity from a sample Java Tomcat app, and apply it to other Azure services.
+ms.devlang: java
+ms.topic: tutorial
+ms.date: 09/26/2022
+author: shizn
+ms.author: xshi
+---
+
+# Tutorial: Connect to a PostgreSQL Database from Java Tomcat App Service without secrets using a managed identity
+
+[Azure App Service](overview.md) provides a highly scalable, self-patching web hosting service in Azure. It also provides a [managed identity](overview-managed-identity.md) for your app, which is a turn-key solution for securing access to [Azure Database for PostgreSQL](/azure/postgresql/) and other Azure services. Managed identities in App Service make your app more secure by eliminating secrets from your app, such as credentials in the environment variables. In this tutorial, you will learn how to:
+
+> [!div class="checklist"]
+> * Create a PostgreSQL database.
+> * Deploy the sample app to Azure App Service on Tomcat using WAR packaging.
+> * Configure a Spring Boot web application to use Azure AD authentication with PostgreSQL Database.
+> * Connect to PostgreSQL Database with Managed Identity using Service Connector.
+
+[!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
+
+## Prerequisites
+
+* [Git](https://git-scm.com/)
+* [Java JDK](/azure/developer/java/fundamentals/java-support-on-azure)
+* [Maven](https://maven.apache.org)
+* [Azure CLI](/cli/azure/overview). This quickstart requires that you are running the latest [edge build of Azure CLI](https://github.com/Azure/azure-cli/blob/dev/doc/try_new_features_before_release.md). [Download and install the edge builds](https://github.com/Azure/azure-cli#edge-builds) for your platform.
+
+## Clone the sample app and prepare the repo
+
+Run the following commands in your terminal to clone the sample repo and set up the sample app environment.
+
+```bash
+git clone https://github.com/Azure-Samples/Passwordless-Connections-for-Java-Apps
+cd Passwordless-Connections-for-Java-Apps/Tomcat/checklist/
+```
+
+## Create an Azure Postgres DB
+
+Follow these steps to create an Azure Database for Postgres Single Server in your subscription. The Spring Boot app will connect to this database and store its data when running, persisting the application state no matter where you run the application.
+
+1. Sign into the Azure CLI, and optionally set your subscription if you have more than one connected to your login credentials.
+
+   ```azurecli-interactive
+   az login
+   az account set --subscription <subscription-ID>
+   ```
+
+1. Create an Azure Resource Group, noting the resource group name.
+
+   ```azurecli-interactive
+   RESOURCE_GROUP=<resource-group-name>
+   LOCATION=eastus
+
+   az group create --name $RESOURCE_GROUP --location $LOCATION
+   ```
+
+1. Create an Azure Postgres Database server. The server is created with an administrator account, but it won't be used as we'll use the Azure Active Directory (Azure AD) admin account to perform administrative tasks.
+
+   ```azurecli-interactive
+   POSTGRESQL_ADMIN_USER=azureuser
+   # PostgreSQL admin access rights won't be used as Azure AD authentication is leveraged to administer the database.
+   POSTGRESQL_ADMIN_PASSWORD=<admin-password>
+   POSTGRESQL_HOST=<postgresql-host-name>
+
+   # Create a PostgreSQL server.
+   az postgres server create \
+       --resource-group $RESOURCE_GROUP \
+       --name $POSTGRESQL_HOST \
+       --location $LOCATION \
+       --admin-user $POSTGRESQL_ADMIN_USER \
+       --admin-password $POSTGRESQL_ADMIN_PASSWORD \
+       --public-network-access 0.0.0.0 \
+       --sku-name B_Gen5_1 
+   ```
+
+1. Create a database for the application.
+
+   ```azurecli-interactive
+   DATABASE_NAME=checklist
+
+   az postgres db create \
+       --resource-group $RESOURCE_GROUP \
+       --server-name $POSTGRESQL_HOST \
+       --name $DATABASE_NAME
+   ```
+
+## Deploy the application to App Service
+
+Follow these steps to build a WAR file and deploy to Azure App Service on Tomcat using a WAR packaging.
+
+The changes you made in *application.properties* also apply to the managed identity, so the only thing to do is to remove the existing application settings in App Service.
+
+1. The sample app contains a *pom-war.xml* file that can generate the WAR file. Run the following command to build the app.
+
+   ```bash
+   mvn clean package -f pom-war.xml
+   ```
+
+1. Create an Azure App Service resource on Linux using Tomcat 9.0.
+
+   ```azurecli-interactive
+   # Create an App Service plan
+   az appservice plan create \
+       --resource-group $RESOURCE_GROUP \
+       --name $APPSERVICE_PLAN \
+       --location $LOCATION \
+       --sku B1 \
+       --is-linux
+
+   # Create an App Service resource.
+   az webapp create \
+       --resource-group $RESOURCE_GROUP \
+       --name $APPSERVICE_NAME \
+       --plan $APPSERVICE_PLAN \
+       --runtime "TOMCAT:9.0-jre8" 
+   ```
+
+1. Deploy the WAR package to App Service.
+
+   ```azurecli-interactive
+   az webapp deploy \
+       --resource-group $RESOURCE_GROUP \
+       --name $APPSERVICE_NAME \
+       --src-path target/app.war \
+       --type war
+   ```
+
+## Connect Postgres Database with identity connectivity
+
+Next, connect your app to an Postgres Database Single Server with a system-assigned managed identity using Service Connector. To do this, run the [az webapp connection create](/cli/azure/webapp/connection/create#az-webapp-connection-create-postgres) command.
+
+```azurecli-interactive
+az webapp connection create postgres \
+    --resource-group $RESOURCE_GROUP \
+    --name $APPSERVICE_NAME \
+    --target-resource-group $RESOURCE_GROUP \
+    --server $POSTGRESQL_HOST \
+    --database $DATABASE_NAME \
+    --system-assigned-identity
+```
+
+This command creates a connection between your web app and your PostgreSQL server, and manages authentication through a system-assigned managed identity.
+
+## View sample web app
+
+Run the following command to open the deployed web app in your browser.
+
+```azurecli-interactive
+az webapp browse \
+    --resource-group $RESOURCE_GROUP \
+    --name MyWebapp \
+    --name $APPSERVICE_NAME
+```
+
+[!INCLUDE [cli-samples-clean-up](../../includes/cli-samples-clean-up.md)]
+
+## Next steps
+
+Learn more about running Java apps on App Service on Linux in the developer guide.
+
+> [!div class="nextstepaction"]
+> [Java in App Service Linux dev guide](configure-language-java.md?pivots=platform-linux)

articles/app-service/tutorial-java-quarkus-postgresql-app.md

@@ -89,7 +89,11 @@
     - name: Set up custom domains and certificates
       href: custom-domains-certificates.md
     - name: Connect to a cloud service using Service Connector
-      href: service-connector.md
+      items:
+        - name: .NET app with Blob Storage
+          href: service-connector.md
+        - name: Java Quarkus app with Postgres DB
+          href: tutorial-java-quarkus-connect-managed-identity-postgresql-database.md
     - name: Connect multiple apps
       href: connect-apps.md
     - name: Publish revisions with GitHub Actions