Merge pull request #93261 from sangonzal/sangonzal/updateJavaWebAppQuickstart

itechedit · web-flow · commit 6db53d4b95ac · 2019-10-24T14:40:17.000-07:00
Update Java web app quickstart
diff --git a/articles/active-directory/develop/quickstart-v2-java-webapp.md b/articles/active-directory/develop/quickstart-v2-java-webapp.md
@@ -22,58 +22,60 @@ ms.custom: aaddev
 
 [!INCLUDE [active-directory-develop-applies-v2](../../../includes/active-directory-develop-applies-v2.md)]
 
-In this quickstart, you'll learn how to integrate a Java web application with the Microsoft identity platform. Your app 
-will sign in a user, get an access token to call the Microsoft Graph API, and make a request to the Microsoft Graph API. 
+In this quickstart, you'll learn how to integrate a Java web application with the Microsoft identity platform. Your app will sign in a user, get an access token to call the Microsoft Graph API, and make a request to the Microsoft Graph API.
 
-When you've completed the guide, your application will accept sign-ins of personal Microsoft accounts (including outlook.com,
- live.com, and others) and work or school accounts from any company or organization that uses Azure Active Directory.
+When you've completed this quickstart, your application will accept sign-ins of personal Microsoft accounts (including outlook.com, live.com, and others) and work or school accounts from any company or organization that uses Azure Active Directory.
 
 ![Shows how the sample app generated by this quickstart works](media/quickstart-v2-java-webapp/java-quickstart.svg)
 
 ## Prerequisites
 
 To run this sample you will need:
+
 - [Java Development Kit (JDK)](https://openjdk.java.net/) 8 or greater, and [Maven](https://maven.apache.org/).
+- An Azure Active Directory (Azure AD) tenant. For more information on how to get an Azure AD tenant, see [How to get an Azure AD tenant](https://azure.microsoft.com/documentation/articles/active-directory-howto-tenant/).
 
 > [!div renderon="docs"]
 > ## Register and download your quickstart app
 > You have two options to start your quickstart application: express (Option 1), or manual (Option 2)
 > 
 > ### Option 1: Register and auto configure your app and then download your code sample
->
+> 
 > 1. Go to the [Azure portal - App registrations](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps).
 > 1. Enter a name for your application and select **Register**.
 > 1. Follow the instructions to download and automatically configure your new application.
->
+> 
 > ### Option 2: Register and manually configure your application and code sample
 > 
->
 > #### Step 1: Register your application
+> 
 > To register your application and manually add the app's registration information to your solution, follow these steps:
->
+> 
 > 1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
 > 1. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant.
-> 1. Navigate to the Microsoft identity platform for developers [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) page.
+> 
+> 1. Navigate to the Microsoft identity platform for developers [App registrations](https://go.microsoft.com/fwlink/linkid=2083908) page.
 > 1. Select **New registration**.
 > 1. When the **Register an application** page appears, enter your application's registration information:
 >    - In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `java-webapp`.
 >    - Leave **Redirect URI** blank for now, and select **Register**.
-> 1. Find the **Application (client) ID** value of the application. Copy this value, you will need it later.
-> 1. Find the **Directory (tenant) ID** value of the application. Copy this value, you will need it later.
-> 1. Select the **Authentication** menu, and then add the following information:
->    - In **Redirect URIs**, add `http://localhost:8080/msal4jsamples/secure/aad` and `https://localhost:8080/msal4jsamples/graph/users`.
+> 1. On the **Overview** page, find the **Application (client) ID** and the **Directory (tenant) ID** values of the application. Copy these values for later.
+> 1. Select the **Authentication** from the menu, and then add the following information:
+>    - In **Redirect URIs**, add `http://localhost:8080/msal4jsamples/secure/aad` and `https://localhost:8080/msal4jsamples/graph/me`.
 >    - Select **Save**.
-> 1. On the left hand menu, choose **Certificates & secrets** and click on **New client secret** in the **Client Secrets** section:
->     
->    - Type a key description (of instance app secret).
->    - Select a key duration of **In 1 year**.
->    - When you click on **Add**, the key value will be displayed. 
->    - Copy the value of the key, you will need it later.
+> 1. Select the **Certificates & secrets** from the menu and in the **Client secrets** section, click on **New client secret**:
+> 
+>    - Type a key description (for instance app secret).
+>    - Select a key duration **In 1 year**.
+>    - The key value will display when you select **Add**.
+>    - Copy the value of the key for later. This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.
 >
 > [!div class="sxs-lookup" renderon="portal"]
 > #### Step 1: Configure your application in the Azure portal
+> 
 > For the code sample for this quickstart to work, you need to:
-> 1. Add reply URLs as `http://localhost:8080/msal4jsamples/secure/aad` and `https://localhost:8080/msal4jsamples/graph/users`.
+> 
+> 1. Add reply URLs as `http://localhost:8080/msal4jsamples/secure/aad` and `https://localhost:8080/msal4jsamples/graph/me`.
 > 1. Create a Client Secret.
 > > [!div renderon="portal" id="makechanges" class="nextstepaction"]
 > > [Make this change for me]()
@@ -82,18 +84,23 @@ To run this sample you will need:
 > > ![Already configured](media/quickstart-v2-aspnet-webapp/green-check.png) Your application is configured with these attributes.
 
 #### Step 2: Download the code sample
- 
+
  [Download the Code Sample](https://github.com/Azure-Samples/ms-identity-java-webapp/archive/master.zip)
- 
- #### Step 3: Configure the code sample 
- 
+
+#### Step 3: Configure the code sample
+
  1. Extract the zip file to a local folder.
  1. If you use an integrated development environment, open the sample in your favorite IDE (optional).
- 1. Open the **application.properties** file, which can be found in *src/main/resources/*.
- 1. Replace application properties.
-   1. Find `aad.clientId` and update the value of `Enter_the_Application_Id_here` with the **Application (client) ID** value of the application you registered. 
-   1. Find `aad.authority` and update the value of `Enter_the_Tenant_Name_Here` with the **Directory (tenant) ID** value of the application you registered.
-   1. Find `aad.secretKey` and update the value of `Enter_the_Client_Secret_Here` with the **Client Secret** you created in **Certificates & Secrets** for the application you registered.
+
+ 1. Open the application.properties file, which can be found in src/main/resources/ folder and replace the value of the fields *aad.clientId*, *aad.authority* and *aad.secretKey* with the respective values of **Application Id**, **Tenant Id** and **Client Secret** as the following:
+
+    ```file
+    aad.clientId=Enter_the_Application_Id_here
+    aad.authority=https://login.microsoftonline.com/Enter_the_Tenant_Name_Here/
+    aad.secretKey=Enter_the_Client_Secret_Here
+    aad.redirectUriSignin=http://localhost:8080/msal4jsample/secure/aad
+    aad.redirectUriGraph=http://localhost:8080/msal4jsample/graph/me
+    ```
 
 > [!div renderon="docs"]
 > Where:
@@ -103,17 +110,31 @@ To run this sample you will need:
 > - `Enter_the_Tenant_Name_Here` - is the **Directory (tenant) ID** value of the application you registered.
 
 #### Step 4: Run the code sample
-1. Run the code sample, and open a browser and navigate to *http://localhost:8080*.
-1. The front page contains a **sign-in** button. Click on the **sign-in** button to redirect to Azure Active Directory. The user will be prompted for their credentials.  
-1. After successfully authenticating on Azure Active Directory, they will be redirected to *http://localhost:8080/msal4jsamples/secure/aad*. They are officially signed in to the application, and the page should show information for the signed in account. It will also contain buttons for:
-    - *Sign Out*: Will sign out the current user from the application, and redirect them the home page.
-    - *Show Users*: Will acquire a token for the Microsoft Graph, then call the Microsoft Graph with the token attached to the request to get all of the users in the tenant.
+
+To run the project, you can either:
+
+Run it directly from your IDE by using the embedded spring boot server or package it to a WAR file using [maven](https://maven.apache.org/plugins/maven-war-plugin/usage.html) and deploy it to a J2EE container solution such as [Apache Tomcat](http://tomcat.apache.org/).
+
+##### Running from IDE
+
+If you are running the web application from an IDE, click on run, then navigate to the home page of the project. For this sample, the standard home page URL is http://localhost:8080
+
+1. On the front page, select the **Login** button to redirect to Azure Active Directory and prompt the user for their credentials.
+
+1. After the user is authenticated, they are redirected to *http://localhost:8080/msal4jsamples/secure/aad*. They are now signed in, and the page will show information about the signed-in account. The sample UI has the following buttons:
+    - *Sign Out*: Signs the current user out of the application and redirects them to the home page.
+    - *Show User Info*: Acquires a token for Microsoft Graph and calls Microsoft Graph with a request containing the token, which returns basic information about the signed-in user.
+
+> [!IMPORTANT]
+> This quickstart application uses a client secret to identify itself as confidential client. Because the client secret is added as a plain-text to your project files, for security reasons it is recommended that you use a certificate instead of a client secret before considering the application as production application. For more information on how to use a certificate, see [Certificate credentials for application authentication](https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials).
 
 ## More information
 
 ### Getting MSAL
-MSAL4J is the library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform.
-You can add MSAL4J to your application by using Maven or Gradle to manage your dependencies by making the following changes to the pom.xml or build.gradle file in your application.
+
+MSAL4J is the Java library used to sign in users and request tokens used to access an API protected by the Microsoft identity Platform.
+
+Add MSAL4J to your application by using Maven or Gradle to manage your dependencies by making the following changes to the application's pom.xml (Maven) or build.gradle (Gradle) file.
 
 ```XML
 <dependency>
@@ -127,9 +148,9 @@ You can add MSAL4J to your application by using Maven or Gradle to manage your d
 compile group: 'com.microsoft.azure', name: 'msal4j', version: '0.5.0-preview'
 ```
 
-
 ### MSAL initialization
-You can add the reference to MSAL4J by adding the following code to the top of the file where you will be using MSAL4J: 
+
+Add a reference to MSAL4J by adding the following code to the top of the file where you will be using MSAL4J:
 
 ```Java
 import com.microsoft.aad.msal4j.*;
@@ -140,16 +161,16 @@ import com.microsoft.aad.msal4j.*;
 Learn more about permissions and consent:
 
 > [!div class="nextstepaction"]
-> [Permissions and Consent](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent)
+> [Permissions and Consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent)
 
 To know more about the auth flow for this scenario, see the Oauth 2.0 authorization code flow:
 
 > [!div class="nextstepaction"]
-> [Authorization Code Oauth flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow)
+> [Authorization Code Oauth flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow)
 
 Help us improve the Microsoft identity platform. Tell us what you think by completing a short two-question survey.
 
 > [!div class="nextstepaction"]
-> [Microsoft identity platform survey](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRyKrNDMV_xBIiPGgSvnbQZdUQjFIUUFGUE1SMEVFTkdaVU5YT0EyOEtJVi4u)
+> [Microsoft identity platform survey](https://forms.office.com/Pages/ResponsePage.aspxid=v4j5cvGGr0GRqy180BHbRyKrNDMV_xBIiPGgSvnbQZdUQjFIUUFGUE1SMEVFTkdaVU5YT0EyOEtJVi4u)
 
 [!INCLUDE [Help and support](../../../includes/active-directory-develop-help-support-include.md)]
