├── .DS_Store
├── .github
    ├── dependabot.yml
    └── workflows
    │   ├── 1-Authentication-sign-in-b2c.yml
    │   ├── 1-Authentication-sign-in.yml
    │   ├── 2-Authorization-I-call-graph.yml
    │   ├── 3-Authorization-II-groups.yml
    │   └── 3-Authorization-II-roles.yml
├── .gitignore
├── 1-Authentication
    ├── sign-in-b2c
    │   ├── .github
    │   │   ├── CODE_OF_CONDUCT.md
    │   │   ├── ISSUE_TEMPLATE.md
    │   │   └── PULL_REQUEST_TEMPLATE.md
    │   ├── .gitignore
    │   ├── CHANGELOG.md
    │   ├── CONTRIBUTING.md
    │   ├── LICENSE.md
    │   ├── README.md
    │   ├── ReadmeFiles
    │   │   ├── app.png
    │   │   └── topology.png
    │   ├── pom.xml
    │   └── src
    │   │   └── main
    │   │       ├── java
    │   │           └── com
    │   │           │   └── microsoft
    │   │           │       └── azuresamples
    │   │           │           └── authenticationb2c
    │   │           │               ├── AADPasswordResetException.java
    │   │           │               ├── AADRedirectServlet.java
    │   │           │               ├── AuthHelper.java
    │   │           │               ├── AuthenticationFilter.java
    │   │           │               ├── Config.java
    │   │           │               ├── EditProfileServlet.java
    │   │           │               ├── MsalAuthSession.java
    │   │           │               ├── SignInServlet.java
    │   │           │               ├── SignInStatusServlet.java
    │   │           │               ├── SignOutServlet.java
    │   │           │               └── TokenDetailsServlet.java
    │   │       ├── resources
    │   │           ├── authentication.properties
    │   │           └── log4j.properties
    │   │       └── webapp
    │   │           ├── auth
    │   │               ├── 401.jsp
    │   │               ├── auth-bar.jsp
    │   │               ├── status.jsp
    │   │               └── token.jsp
    │   │           ├── index.jsp
    │   │           ├── navbar.jsp
    │   │           └── static
    │   │               ├── favicon.ico
    │   │               └── style.css
    └── sign-in
    │   ├── .classpath
    │   ├── .github
    │       ├── CODE_OF_CONDUCT.md
    │       ├── ISSUE_TEMPLATE.md
    │       └── PULL_REQUEST_TEMPLATE.md
    │   ├── .gitignore
    │   ├── AppCreationScripts
    │       ├── AppCreationScripts.md
    │       ├── Cleanup.ps1
    │       ├── Configure.ps1
    │       └── sample.json
    │   ├── CHANGELOG.md
    │   ├── CONTRIBUTING.md
    │   ├── LICENSE.md
    │   ├── README.md
    │   ├── ReadmeFiles
    │       ├── app.png
    │       └── topology.png
    │   ├── pom.xml
    │   └── src
    │       └── main
    │           ├── java
    │               └── com
    │               │   └── microsoft
    │               │       └── azuresamples
    │               │           └── msal4j
    │               │               ├── authservlets
    │               │                   ├── AADRedirectServlet.java
    │               │                   ├── AuthenticationFilter.java
    │               │                   ├── SignInServlet.java
    │               │                   └── SignOutServlet.java
    │               │               ├── authwebapp
    │               │                   ├── AuthErrorDetailsServlet.java
    │               │                   ├── SignInStatusServlet.java
    │               │                   └── TokenDetailsServlet.java
    │               │               ├── feedback
    │               │                   └── SurveyServlet.java
    │               │               └── helpers
    │               │                   ├── AuthException.java
    │               │                   ├── AuthHelper.java
    │               │                   ├── Config.java
    │               │                   ├── GraphHelper.java
    │               │                   ├── IdentityContextAdapter.java
    │               │                   ├── IdentityContextAdapterServlet.java
    │               │                   └── IdentityContextData.java
    │           ├── resources
    │               ├── authentication.properties
    │               └── log4j.properties
    │           └── webapp
    │               ├── content
    │                   ├── 401.jsp
    │                   ├── 500.jsp
    │                   ├── status.jsp
    │                   ├── survey.jsp
    │                   └── token.jsp
    │               ├── index.jsp
    │               ├── navbar.jsp
    │               └── static
    │                   ├── favicon.ico
    │                   └── style.css
├── 2-Authorization-I
    └── call-graph
    │   ├── .classpath
    │   ├── .github
    │       ├── CODE_OF_CONDUCT.md
    │       ├── ISSUE_TEMPLATE.md
    │       └── PULL_REQUEST_TEMPLATE.md
    │   ├── .gitignore
    │   ├── AppCreationScripts
    │       ├── AppCreationScripts.md
    │       ├── Cleanup.ps1
    │       ├── Configure.ps1
    │       └── sample.json
    │   ├── CHANGELOG.md
    │   ├── CONTRIBUTING.md
    │   ├── LICENSE.md
    │   ├── README.md
    │   ├── ReadmeFiles
    │       ├── app.png
    │       └── topology.png
    │   ├── pom.xml
    │   └── src
    │       └── main
    │           ├── java
    │               └── com
    │               │   └── microsoft
    │               │       └── azuresamples
    │               │           └── msal4j
    │               │               ├── authservlets
    │               │                   ├── AADRedirectServlet.java
    │               │                   ├── AuthenticationFilter.java
    │               │                   ├── SignInServlet.java
    │               │                   └── SignOutServlet.java
    │               │               ├── callgraphwebapp
    │               │                   ├── AuthErrorDetailsServlet.java
    │               │                   ├── CallGraphServlet.java
    │               │                   ├── SignInStatusServlet.java
    │               │                   └── TokenDetailsServlet.java
    │               │               ├── feedback
    │               │                   └── SurveyServlet.java
    │               │               └── helpers
    │               │                   ├── AuthException.java
    │               │                   ├── AuthHelper.java
    │               │                   ├── Config.java
    │               │                   ├── GraphHelper.java
    │               │                   ├── IdentityContextAdapter.java
    │               │                   ├── IdentityContextAdapterServlet.java
    │               │                   └── IdentityContextData.java
    │           ├── resources
    │               ├── authentication.properties
    │               └── log4j.properties
    │           └── webapp
    │               ├── content
    │                   ├── 401.jsp
    │                   ├── 500.jsp
    │                   ├── graph.jsp
    │                   ├── status.jsp
    │                   ├── survey.jsp
    │                   └── token.jsp
    │               ├── index.jsp
    │               ├── navbar.jsp
    │               └── static
    │                   ├── favicon.ico
    │                   └── style.css
├── 3-Authorization-II
    ├── groups
    │   ├── .classpath
    │   ├── .github
    │   │   ├── CODE_OF_CONDUCT.md
    │   │   ├── ISSUE_TEMPLATE.md
    │   │   └── PULL_REQUEST_TEMPLATE.md
    │   ├── .gitignore
    │   ├── AppCreationScripts
    │   │   ├── AppCreationScripts.md
    │   │   ├── BulkCreateGroups.ps1
    │   │   ├── BulkRemoveGroups.ps1
    │   │   ├── Cleanup.ps1
    │   │   ├── Configure.ps1
    │   │   └── sample.json
    │   ├── CHANGELOG.md
    │   ├── CONTRIBUTING.md
    │   ├── LICENSE.md
    │   ├── README.md
    │   ├── ReadmeFiles
    │   │   ├── app.png
    │   │   └── topology.png
    │   ├── pom.xml
    │   └── src
    │   │   └── main
    │   │       ├── java
    │   │           └── com
    │   │           │   └── microsoft
    │   │           │       └── azuresamples
    │   │           │           └── msal4j
    │   │           │               ├── authservlets
    │   │           │                   ├── AADRedirectServlet.java
    │   │           │                   ├── AuthenticationFilter.java
    │   │           │                   ├── SignInServlet.java
    │   │           │                   └── SignOutServlet.java
    │   │           │               ├── feedback
    │   │           │                   └── SurveyServlet.java
    │   │           │               ├── groupswebapp
    │   │           │                   ├── AuthErrorDetailsServlet.java
    │   │           │                   ├── GroupProtectedPageServlet.java
    │   │           │                   ├── GroupsServlet.java
    │   │           │                   ├── SignInStatusServlet.java
    │   │           │                   └── TokenDetailsServlet.java
    │   │           │               └── helpers
    │   │           │                   ├── AuthException.java
    │   │           │                   ├── AuthHelper.java
    │   │           │                   ├── Config.java
    │   │           │                   ├── GraphHelper.java
    │   │           │                   ├── IdentityContextAdapter.java
    │   │           │                   ├── IdentityContextAdapterServlet.java
    │   │           │                   └── IdentityContextData.java
    │   │       ├── resources
    │   │           ├── authentication.properties
    │   │           └── log4j.properties
    │   │       └── webapp
    │   │           ├── content
    │   │               ├── 200.jsp
    │   │               ├── 401.jsp
    │   │               ├── 403.jsp
    │   │               ├── 500.jsp
    │   │               ├── groups.jsp
    │   │               ├── status.jsp
    │   │               ├── survey.jsp
    │   │               └── token.jsp
    │   │           ├── index.jsp
    │   │           ├── navbar.jsp
    │   │           └── static
    │   │               ├── favicon.ico
    │   │               └── style.css
    └── roles
    │   ├── .classpath
    │   ├── .github
    │       ├── CODE_OF_CONDUCT.md
    │       ├── ISSUE_TEMPLATE.md
    │       └── PULL_REQUEST_TEMPLATE.md
    │   ├── .gitignore
    │   ├── AppCreationScripts
    │       ├── AppCreationScripts.md
    │       ├── Cleanup.ps1
    │       ├── CleanupUsersAndRoles.ps1
    │       ├── Configure.ps1
    │       ├── CreateUsersAndAssignRoles.ps1
    │       └── sample.json
    │   ├── CHANGELOG.md
    │   ├── CONTRIBUTING.md
    │   ├── LICENSE.md
    │   ├── README.md
    │   ├── ReadmeFiles
    │       └── app.png
    │   ├── pom.xml
    │   └── src
    │       └── main
    │           ├── java
    │               └── com
    │               │   └── microsoft
    │               │       └── azuresamples
    │               │           └── msal4j
    │               │               ├── authservlets
    │               │                   ├── AADRedirectServlet.java
    │               │                   ├── AuthenticationFilter.java
    │               │                   ├── SignInServlet.java
    │               │                   └── SignOutServlet.java
    │               │               ├── feedback
    │               │                   └── SurveyServlet.java
    │               │               ├── helpers
    │               │                   ├── AuthException.java
    │               │                   ├── AuthHelper.java
    │               │                   ├── Config.java
    │               │                   ├── GraphHelper.java
    │               │                   ├── IdentityContextAdapter.java
    │               │                   ├── IdentityContextAdapterServlet.java
    │               │                   └── IdentityContextData.java
    │               │               └── roles
    │               │                   ├── AuthErrorDetailsServlet.java
    │               │                   ├── RoleProtectedPageServlet.java
    │               │                   ├── SignInStatusServlet.java
    │               │                   └── TokenDetailsServlet.java
    │           ├── resources
    │               ├── authentication.properties
    │               └── log4j.properties
    │           └── webapp
    │               ├── content
    │                   ├── 200.jsp
    │                   ├── 401.jsp
    │                   ├── 403.jsp
    │                   ├── 500.jsp
    │                   ├── auth-bar.jsp
    │                   ├── status.jsp
    │                   ├── survey.jsp
    │                   └── token.jsp
    │               ├── index.jsp
    │               ├── navbar.jsp
    │               └── static
    │                   ├── favicon.ico
    │                   └── style.css
├── 4-Deployment
    └── deploy-to-azure-app-service
    │   ├── .github
    │       ├── CODE_OF_CONDUCT.md
    │       ├── ISSUE_TEMPLATE.md
    │       └── PULL_REQUEST_TEMPLATE.md
    │   ├── .gitignore
    │   ├── CHANGELOG.md
    │   ├── CONTRIBUTING.md
    │   ├── LICENSE.md
    │   ├── README.md
    │   └── ReadmeFiles
    │       ├── disable_easy_auth.png
    │       └── topology.png
├── CHANGELOG.md
├── CONTRIBUTING.md
├── LICENSE.md
├── README.md
└── ReadmeFiles
    ├── sign-in-2.png
    ├── sign-in.png
    └── topology.png


/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/.DS_Store


--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
 1 | version: 2
 2 | updates:
 3 | - package-ecosystem: maven
 4 |   directory: "/1-Authentication/sign-in"
 5 |   schedule:
 6 |     interval: daily
 7 |   open-pull-requests-limit: 10
 8 | - package-ecosystem: maven
 9 |   directory: "/1-Authentication/sign-in-b2c"
10 |   schedule:
11 |     interval: daily
12 |   open-pull-requests-limit: 10
13 | - package-ecosystem: maven
14 |   directory: "/2-Authorization-I/call-graph"
15 |   schedule:
16 |     interval: daily
17 |   open-pull-requests-limit: 10
18 | - package-ecosystem: maven
19 |   directory: "/3-Authorization-II/groups"
20 |   schedule:
21 |     interval: daily
22 |   open-pull-requests-limit: 10
23 | - package-ecosystem: maven
24 |   directory: "/3-Authorization-II/roles"
25 |   schedule:
26 |     interval: daily
27 |   open-pull-requests-limit: 10
28 | 


--------------------------------------------------------------------------------
/.github/workflows/1-Authentication-sign-in-b2c.yml:
--------------------------------------------------------------------------------
 1 | name: Sign-in B2C
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ main ]
 6 |     paths: ['1-Authentication/sign-in-b2c/**', '.github/workflows/**']
 7 |   pull_request:
 8 |     branches: [ main ]
 9 |     paths: ['1-Authentication/sign-in-b2c/**', '.github/workflows/**']
10 | 
11 |   workflow_dispatch:
12 | 
13 | jobs:
14 |   build:
15 |     runs-on: ubuntu-latest
16 |     env:
17 |       relativePath: ./1-Authentication/sign-in-b2c
18 | 
19 |     steps:
20 |       - uses: actions/checkout@v2
21 |       - uses: actions/setup-java@v2
22 |         with:
23 |           distribution: 'adopt'
24 |           java-version: 16
25 |       - name: Build with Maven
26 |         run: mvn --batch-mode --update-snapshots verify
27 |         working-directory: ${{ env.relativePath }}
28 | 


--------------------------------------------------------------------------------
/.github/workflows/1-Authentication-sign-in.yml:
--------------------------------------------------------------------------------
 1 | name: Sign-in Sample CI
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ main ]
 6 |     paths: ['1-Authentication/sign-in/**', '.github/workflows/**']
 7 |   pull_request:
 8 |     branches: [ main ]
 9 |     paths: ['1-Authentication/sign-in/**', '.github/workflows/**']
10 | 
11 |   workflow_dispatch:
12 | 
13 | jobs:
14 |   build:
15 |     runs-on: ubuntu-latest
16 |     env:
17 |       relativePath: ./1-Authentication/sign-in
18 | 
19 |     steps:
20 |       - uses: actions/checkout@v2
21 |       - uses: actions/setup-java@v2
22 |         with:
23 |           distribution: 'adopt'
24 |           java-version: 16
25 |       - name: Build with Maven
26 |         run: mvn --batch-mode --update-snapshots verify
27 |         working-directory: ${{ env.relativePath }}
28 | 


--------------------------------------------------------------------------------
/.github/workflows/2-Authorization-I-call-graph.yml:
--------------------------------------------------------------------------------
 1 | name: Call Graph Sample CI
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ main ]
 6 |     paths: ['2-Authorization-I/call-graph/**', '.github/workflows/**']
 7 |   pull_request:
 8 |     branches: [ main ]
 9 |     paths: ['2-Authorization-I/call-graph/**', '.github/workflows/**']
10 | 
11 |   workflow_dispatch:
12 | 
13 | jobs:
14 |   build:
15 |     runs-on: ubuntu-latest
16 |     env:
17 |       relativePath: ./2-Authorization-I/call-graph
18 | 
19 |     steps:
20 |       - uses: actions/checkout@v2
21 |       - uses: actions/setup-java@v2
22 |         with:
23 |           distribution: 'adopt'
24 |           java-version: 16
25 |       - name: Build with Maven
26 |         run: mvn --batch-mode --update-snapshots verify
27 |         working-directory: ${{ env.relativePath }}
28 | 


--------------------------------------------------------------------------------
/.github/workflows/3-Authorization-II-groups.yml:
--------------------------------------------------------------------------------
 1 | name: 3 II Groups Sample CI
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ main ]
 6 |     paths: ['3-Authorization-II/groups/**', '.github/workflows/**']
 7 |   pull_request:
 8 |     branches: [ main ]
 9 |     paths: ['3-Authorization-II/groups/**', '.github/workflows/**']
10 | 
11 |   workflow_dispatch:
12 | 
13 | jobs:
14 |   build:
15 |     runs-on: ubuntu-latest
16 |     env:
17 |       relativePath: ./3-Authorization-II/groups
18 | 
19 |     steps:
20 |       - uses: actions/checkout@v2
21 |       - uses: actions/setup-java@v2
22 |         with:
23 |           distribution: 'adopt'
24 |           java-version: 16
25 |       - name: Build with Maven
26 |         run: mvn --batch-mode --update-snapshots verify
27 |         working-directory: ${{ env.relativePath }}
28 | 


--------------------------------------------------------------------------------
/.github/workflows/3-Authorization-II-roles.yml:
--------------------------------------------------------------------------------
 1 | name: 3 II Roles Sample CI
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ main ]
 6 |     paths: ['3-Authorization-II/roles/**', '.github/workflows/**']
 7 |   pull_request:
 8 |     branches: [ main ]
 9 |     paths: ['3-Authorization-II/roles/**', '.github/workflows/**']
10 | 
11 |   workflow_dispatch:
12 | 
13 | jobs:
14 |   build:
15 |     runs-on: ubuntu-latest
16 |     env:
17 |       relativePath: ./3-Authorization-II/roles
18 | 
19 |     steps:
20 |       - uses: actions/checkout@v2
21 |       - uses: actions/setup-java@v2
22 |         with:
23 |           distribution: 'adopt'
24 |           java-version: 16
25 |       - name: Build with Maven
26 |         run: mvn --batch-mode --update-snapshots verify
27 |         working-directory: ${{ env.relativePath }}
28 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | .project
 2 | .settings/
 3 | .vscode/
 4 | target/
 5 | 
 6 | # Compiled class file
 7 | *.class
 8 | 
 9 | # Log file
10 | *.log
11 | 
12 | # BlueJ files
13 | *.ctxt
14 | 
15 | # Mobile Tools for Java (J2ME)
16 | .mtj.tmp/
17 | 
18 | # Package Files #
19 | *.jar
20 | *.war
21 | *.nar
22 | *.ear
23 | *.zip
24 | *.tar.gz
25 | *.rar
26 | 
27 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
28 | hs_err_pid*
29 | .vs/msal4j-servlet-webapp/v16/.suo
30 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/.github/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Microsoft Open Source Code of Conduct
 2 | 
 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 4 | 
 5 | Resources:
 6 | 
 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
10 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!--
 2 | IF SUFFICIENT INFORMATION IS NOT PROVIDED VIA THE FOLLOWING TEMPLATE THE ISSUE MIGHT BE CLOSED WITHOUT FURTHER CONSIDERATION OR INVESTIGATION
 3 | -->
 4 | > Please provide us with the following information:
 5 | > ---------------------------------------------------------------
 6 | 
 7 | ### This issue is for a: (mark with an `x`)
 8 | ```
 9 | - [ ] bug report -> please search issues before submitting
10 | - [ ] feature request
11 | - [ ] documentation issue or request
12 | - [ ] regression (a behavior that used to work and stopped in a new release)
13 | ```
14 | 
15 | ### Minimal steps to reproduce
16 | >
17 | 
18 | ### Any log messages given by the failure
19 | >
20 | 
21 | ### Expected/desired behavior
22 | >
23 | 
24 | ### OS and Version?
25 | > Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
26 | 
27 | ### Versions
28 | >
29 | 
30 | ### Mention any other details that might be useful
31 | 
32 | > ---------------------------------------------------------------
33 | > Thanks! We'll be in touch soon.
34 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | ## Purpose
 2 | <!-- Describe the intention of the changes being proposed. What problem does it solve or functionality does it add? -->
 3 | * ...
 4 | 
 5 | ## Does this introduce a breaking change?
 6 | <!-- Mark one with an "x". -->
 7 | ```
 8 | [ ] Yes
 9 | [ ] No
10 | ```
11 | 
12 | ## Pull Request Type
13 | What kind of change does this Pull Request introduce?
14 | 
15 | <!-- Please check the one that applies to this PR using "x". -->
16 | ```
17 | [ ] Bugfix
18 | [ ] Feature
19 | [ ] Code style update (formatting, local variables)
20 | [ ] Refactoring (no functional changes, no api changes)
21 | [ ] Documentation content changes
22 | [ ] Other... Please describe:
23 | ```
24 | 
25 | ## How to Test
26 | *  Get the code
27 | 
28 | ```
29 | git clone [repo-address]
30 | cd [repo-name]
31 | git checkout [branch-name]
32 | npm install
33 | ```
34 | 
35 | * Test the code
36 | <!-- Add steps to run the tests suite and/or manually test -->
37 | ```
38 | ```
39 | 
40 | ## What to Check
41 | Verify that the following are valid
42 | * ...
43 | 
44 | ## Other Information
45 | <!-- Add any other helpful information that may be needed here. -->


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/.gitignore:
--------------------------------------------------------------------------------
 1 | .idea/
 2 | target/
 3 | .vscode/
 4 | .settings/
 5 | *.iml
 6 | *.project
 7 | .classpath
 8 | 
 9 | # Compiled class file
10 | *.class
11 | 
12 | # Log file
13 | *.log
14 | 
15 | # BlueJ files
16 | *.ctxt
17 | 
18 | # Mobile Tools for Java (J2ME)
19 | .mtj.tmp/
20 | 
21 | # Package Files #
22 | *.jar
23 | *.war
24 | *.nar
25 | *.ear
26 | *.zip
27 | *.tar.gz
28 | *.rar
29 | 
30 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
31 | hs_err_pid*
32 | 
33 | 
34 | target/
35 | /target
36 | target/**
37 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | ## [project-title] Changelog
 2 | 
 3 | <a name="x.y.z"></a>
 4 | # x.y.z (yyyy-mm-dd)
 5 | 
 6 | *Features*
 7 | * ...
 8 | 
 9 | *Bug Fixes*
10 | * ...
11 | 
12 | *Breaking Changes*
13 | * ...
14 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/LICENSE.md:
--------------------------------------------------------------------------------
 1 |     MIT License
 2 | 
 3 |     Copyright (c) Microsoft Corporation.
 4 | 
 5 |     Permission is hereby granted, free of charge, to any person obtaining a copy
 6 |     of this software and associated documentation files (the "Software"), to deal
 7 |     in the Software without restriction, including without limitation the rights
 8 |     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 |     copies of the Software, and to permit persons to whom the Software is
10 |     furnished to do so, subject to the following conditions:
11 | 
12 |     The above copyright notice and this permission notice shall be included in all
13 |     copies or substantial portions of the Software.
14 | 
15 |     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 |     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 |     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 |     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 |     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 |     SOFTWARE


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/ReadmeFiles/app.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/1-Authentication/sign-in-b2c/ReadmeFiles/app.png


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/ReadmeFiles/topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/1-Authentication/sign-in-b2c/ReadmeFiles/topology.png


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/java/com/microsoft/azuresamples/authenticationb2c/AADPasswordResetException.java:
--------------------------------------------------------------------------------
1 | package com.microsoft.azuresamples.authenticationb2c;
2 | 
3 | public class AADPasswordResetException extends Exception {
4 |     static final String FORGOT_PASSWORD_ERROR_CODE = Config.getProperty("aad.forgotPasswordErrCode");
5 | 
6 |     AADPasswordResetException(String message){
7 |         super(message);
8 |     }
9 | }


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/java/com/microsoft/azuresamples/authenticationb2c/AADRedirectServlet.java:
--------------------------------------------------------------------------------
 1 | package com.microsoft.azuresamples.authenticationb2c;
 2 | 
 3 | import javax.servlet.ServletException;
 4 | import javax.servlet.annotation.WebServlet;
 5 | import javax.servlet.http.HttpServlet;
 6 | import javax.servlet.http.HttpServletRequest;
 7 | import javax.servlet.http.HttpServletResponse;
 8 | import java.io.IOException;
 9 | import java.util.Arrays;
10 | import java.util.logging.Level;
11 | 
12 | @WebServlet(name = "AADRedirectServlet", urlPatterns = "/auth_redirect")
13 | public class AADRedirectServlet extends HttpServlet {
14 |     
15 |     @Override
16 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
17 |         Config.logger.log(Level.FINE, "Request has come with params {0}", req.getQueryString());
18 |         try {
19 |             AuthHelper.processAADCallback(req, resp);
20 |         } catch (Exception e) {
21 |             Config.logger.log(Level.WARNING, "Unable to process getting token by Auth Code: /auth_redirect endpoint");
22 |             Config.logger.log(Level.WARNING, e.getMessage());
23 |             Config.logger.log(Level.FINEST, Arrays.toString(e.getStackTrace()));
24 |             
25 |         }
26 |     }
27 | 
28 | }
29 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/java/com/microsoft/azuresamples/authenticationb2c/AuthenticationFilter.java:
--------------------------------------------------------------------------------
 1 | package com.microsoft.azuresamples.authenticationb2c;
 2 | 
 3 | import java.io.IOException;
 4 | import javax.servlet.Filter;
 5 | import javax.servlet.FilterChain;
 6 | import javax.servlet.FilterConfig;
 7 | import javax.servlet.RequestDispatcher;
 8 | import javax.servlet.ServletException;
 9 | import javax.servlet.ServletRequest;
10 | import javax.servlet.ServletResponse;
11 | import javax.servlet.annotation.WebFilter;
12 | import javax.servlet.http.HttpServletRequest;
13 | import javax.servlet.http.HttpServletResponse;
14 | 
15 | @WebFilter(filterName = "AuthenticationFilter", urlPatterns = "/*")
16 | public class AuthenticationFilter implements Filter {
17 | 
18 |     @Override
19 |     public void init(FilterConfig config) throws ServletException {
20 |         //
21 |     }
22 | 
23 |     @Override
24 |     public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
25 |         HttpServletRequest request = (HttpServletRequest) req;
26 |         HttpServletResponse response = (HttpServletResponse) res;
27 | 
28 |         MsalAuthSession msalAuth = MsalAuthSession.getMsalAuthSession(request.getSession());
29 | 
30 |         // send 401 for unauthorized access to auth_token_details endpoint
31 |         if (request.getRequestURI().contains("auth_token_details") && !msalAuth.getAuthenticated()) {
32 |             req.setAttribute("bodyContent", "auth/401.jsp");
33 |             final RequestDispatcher view = request.getRequestDispatcher("index.jsp");
34 |             view.forward(request, response);
35 |         } else {
36 |             chain.doFilter(req, res);
37 |         }
38 |     }
39 | 
40 |     @Override
41 |     public void destroy() {
42 |         //
43 |     }
44 | }
45 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/java/com/microsoft/azuresamples/authenticationb2c/Config.java:
--------------------------------------------------------------------------------
 1 | package com.microsoft.azuresamples.authenticationb2c;
 2 | 
 3 | import javax.servlet.ServletContextEvent;
 4 | import javax.servlet.ServletContextListener;
 5 | import javax.servlet.annotation.WebListener;
 6 | import java.io.IOException;
 7 | import java.util.Arrays;
 8 | import java.util.Properties;
 9 | import java.util.logging.Level;
10 | import java.util.logging.Logger;
11 | 
12 | @WebListener
13 | public class Config implements ServletContextListener {
14 |     public static Logger logger = Logger.getLogger("Logger");
15 |     private static Properties props = Config.instantiateProperties();
16 | 
17 |     @Override
18 |     public void contextInitialized(final ServletContextEvent event) {
19 |         Config.logger.setLevel(Level.FINEST);
20 |         Config.logger.log(Level.INFO, "APPLICATION IS RUNNING ON http://SERVER-IP:PORT{0}/index",
21 |                 event.getServletContext().getContextPath());
22 |     }
23 | 
24 |     @Override
25 |     public void contextDestroyed(final ServletContextEvent event) {
26 |         Config.logger.log(Level.INFO, "EXITING.");
27 |     }
28 | 
29 |     private static Properties instantiateProperties() {
30 |         final Properties props = new Properties();
31 |         try {
32 |             props.load(Config.class.getClassLoader().getResourceAsStream("authentication.properties"));
33 |         } catch (final IOException ex) {
34 |             ex.printStackTrace();
35 |             Config.logger.log(Level.SEVERE, "Could not load properties file. Exiting");
36 |             Config.logger.log(Level.SEVERE, Arrays.toString(ex.getStackTrace()));
37 |             System.exit(1);
38 |             return null;
39 |         }
40 |         return props;
41 |     }
42 | 
43 |     public static String getProperty(final String key) {
44 |         String prop = null;
45 |         if (props != null) {
46 |             prop = Config.props.getProperty(key);
47 |             if (prop != null) {
48 |                 Config.logger.log(Level.FINE, "{0} is {1}", new String[] { key, prop });
49 |                 return prop;
50 |             } else {
51 |                 Config.logger.log(Level.SEVERE, "Could not load {0}! EXITING!", key);
52 |                 System.exit(1);
53 |                 return null;
54 |             }
55 |         } else {
56 |             Config.logger.log(Level.SEVERE, "Could not load property reader! EXITING!");
57 |             System.exit(1);
58 |             return null;
59 |         }
60 |     }
61 | 
62 | }
63 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/java/com/microsoft/azuresamples/authenticationb2c/EditProfileServlet.java:
--------------------------------------------------------------------------------
 1 | package com.microsoft.azuresamples.authenticationb2c;
 2 | 
 3 | import java.io.IOException;
 4 | import java.util.Arrays;
 5 | import java.util.logging.Level;
 6 | 
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | 
13 | @WebServlet(name = "EditProfileServlet", urlPatterns = "/auth_edit_profile")
14 | public class EditProfileServlet extends HttpServlet {
15 | 
16 |     @Override
17 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
18 |         try {
19 |             AuthHelper.editProfile(req, resp);
20 |         } catch (Exception ex){
21 |             Config.logger.log(Level.WARNING, "Unable to redirect browser to edit profile endpoint");
22 |             Config.logger.log(Level.WARNING, ex.getMessage());
23 |             Config.logger.log(Level.FINEST, Arrays.toString(ex.getStackTrace()));
24 |         }
25 |     }
26 | }
27 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/java/com/microsoft/azuresamples/authenticationb2c/SignInServlet.java:
--------------------------------------------------------------------------------
 1 | package com.microsoft.azuresamples.authenticationb2c;
 2 | 
 3 | import java.io.IOException;
 4 | import java.util.Arrays;
 5 | import java.util.logging.Level;
 6 | 
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | 
13 | @WebServlet(name = "SignInServlet", urlPatterns = "/auth_sign_in")
14 | public class SignInServlet extends HttpServlet {
15 | 
16 |     @Override
17 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
18 |         try {
19 |             AuthHelper.signIn(req, resp);
20 |         } catch (Exception ex){
21 |             Config.logger.log(Level.WARNING, "Unable to redirect browser to sign in endpoint");
22 |             Config.logger.log(Level.WARNING, ex.getMessage());
23 |             Config.logger.log(Level.FINEST, Arrays.toString(ex.getStackTrace()));
24 |         }
25 |     }
26 | }
27 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/java/com/microsoft/azuresamples/authenticationb2c/SignInStatusServlet.java:
--------------------------------------------------------------------------------
 1 | 
 2 | package com.microsoft.azuresamples.authenticationb2c;
 3 | 
 4 | import javax.servlet.RequestDispatcher;
 5 | import javax.servlet.ServletException;
 6 | import javax.servlet.annotation.WebServlet;
 7 | import javax.servlet.http.HttpServlet;
 8 | import javax.servlet.http.HttpServletRequest;
 9 | import javax.servlet.http.HttpServletResponse;
10 | import java.io.IOException;
11 | 
12 | @WebServlet(name = "SignInStatusServlet", urlPatterns = {"", "/index", "/sign_in_status"})
13 | public class SignInStatusServlet extends HttpServlet {
14 | 
15 |     @Override
16 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
17 |         req.setAttribute("bodyContent", "auth/status.jsp");
18 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
19 |         view.forward(req, resp);
20 |     }
21 | }


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/java/com/microsoft/azuresamples/authenticationb2c/SignOutServlet.java:
--------------------------------------------------------------------------------
 1 | package com.microsoft.azuresamples.authenticationb2c;
 2 | 
 3 | import java.io.IOException;
 4 | import java.util.Arrays;
 5 | import java.util.logging.Level;
 6 | import javax.servlet.ServletException;
 7 | import javax.servlet.annotation.WebServlet;
 8 | import javax.servlet.http.HttpServlet;
 9 | import javax.servlet.http.HttpServletRequest;
10 | import javax.servlet.http.HttpServletResponse;
11 | 
12 | @WebServlet(name = "SignOutServlet", urlPatterns = "/auth_sign_out")
13 | public class SignOutServlet extends HttpServlet {
14 | 
15 |     @Override
16 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
17 |         try {
18 |             AuthHelper.signOut(req, resp);
19 |         } catch (Exception ex){
20 |             Config.logger.log(Level.WARNING, "Unable to sign out");
21 |             Config.logger.log(Level.WARNING, ex.getMessage());
22 |             Config.logger.log(Level.FINEST, Arrays.toString(ex.getStackTrace()));
23 |         }
24 |     }
25 | }


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/java/com/microsoft/azuresamples/authenticationb2c/TokenDetailsServlet.java:
--------------------------------------------------------------------------------
 1 | package com.microsoft.azuresamples.authenticationb2c;
 2 | 
 3 | import javax.servlet.RequestDispatcher;
 4 | import javax.servlet.ServletException;
 5 | import javax.servlet.annotation.WebServlet;
 6 | import javax.servlet.http.HttpServlet;
 7 | import javax.servlet.http.HttpServletRequest;
 8 | import javax.servlet.http.HttpServletResponse;
 9 | import java.io.IOException;
10 | import java.util.Arrays;
11 | import java.util.HashMap;
12 | import java.util.List;
13 | 
14 | @WebServlet(name = "TokenDetailsServlet", urlPatterns = "/auth_token_details")
15 | public class TokenDetailsServlet extends HttpServlet {
16 | 
17 |     @Override
18 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
19 |             throws ServletException, IOException {        
20 |         final HashMap<String,String> filteredClaims = filterClaims(req);
21 | 
22 |         req.setAttribute("claims", filteredClaims);
23 |         req.setAttribute("bodyContent", "auth/token.jsp");
24 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
25 |         view.forward(req, resp);
26 |     }
27 | 
28 |     private HashMap<String,String> filterClaims(HttpServletRequest request) {
29 |         MsalAuthSession msalAuth = MsalAuthSession.getMsalAuthSession(request.getSession());
30 | 
31 |         final String[] exClaims = {"iat", "exp", "nbf", "uti", "aio"};
32 |         final List<String> excludeClaims = Arrays.asList(exClaims);
33 | 
34 |         HashMap<String,String> filteredClaims = new HashMap<>();
35 |         msalAuth.getIdTokenClaims().forEach((k,v) -> {
36 |             if (!excludeClaims.contains(k))
37 |                 filteredClaims.put(k, v);
38 |         });
39 |         return filteredClaims;
40 |     }
41 | }
42 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/resources/authentication.properties:
--------------------------------------------------------------------------------
 1 | # b2c aad:
 2 | aad.clientId=373ac824-ac4f-4b35-a5a3-1547722fba77
 3 | aad.secret=7.18gt132wO-t.~Cf.mfZCy_C7rHmicnuO
 4 | aad.scopes=openid profile offline_access 373ac824-ac4f-4b35-a5a3-1547722fba77
 5 | aad.authority=https://fabrikamb2c.b2clogin.com/tfp/fabrikamb2c.onmicrosoft.com/
 6 | 
 7 | aad.signInPolicy=b2c_1_susi/
 8 | aad.passwordResetPolicy=b2c_1_reset/
 9 | aad.editProfilePolicy=b2c_1_edit_profile/
10 | 
11 | aad.signOutEndpoint=oauth2/v2.0/logout/
12 | aad.postSignOutFragment=?post_logout_redirect_uri=
13 | 
14 | aad.forgotPasswordErrCode=AADB2C90118
15 | aad.errorDescriptionKey=error_description
16 | 
17 | app.redirectUri=http://localhost:8080/ms-identity-b2c-java-servlet-webapp-authentication/auth_redirect
18 | #  in seconds:
19 | app.stateTTL=600
20 | app.homePage=http://localhost:8080/ms-identity-b2c-java-servlet-webapp-authentication/index


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/resources/log4j.properties:
--------------------------------------------------------------------------------
1 | log4j.rootLogger=ALL, stdout
2 | log4j.appender.stdout=org.apache.log4j.ConsoleAppender
3 | log4j.appender.stdout.Target=System.out
4 | log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
5 | log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/webapp/auth/401.jsp:
--------------------------------------------------------------------------------
 1 | <div class="card">
 2 |     <h5 class="card-header bg-primary">
 3 |         401: Unauthorized
 4 |     </h5>
 5 |     <div class="card-body">
 6 |         <!-- <h5 class="card-title"></h5> -->
 7 |         <p class="card-text">
 8 |             Visiting this page requires you to be <b>authenticated</b>. Use the button on the top right to sign in.
 9 |         </p>
10 |         <!-- <div class="card-footer"></div> -->
11 |     </div>
12 | </div>
13 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/webapp/auth/auth-bar.jsp:
--------------------------------------------------------------------------------
 1 | <c:if test = "${msalAuth.getAuthenticated()}">
 2 |     <li class="nav-item">
 3 |         <a class="nav-link" href="<c:url value="./auth_token_details"></c:url>">Hello <% out.print(msalAuth.getUsername()); %>!</a>
 4 |     </li>
 5 |     <li>
 6 |         <a class="btn btn-warning" href="<c:url value="./auth_sign_out"></c:url>">Sign Out</a>
 7 |     </li>
 8 | </c:if>
 9 | <c:if test = "${!msalAuth.getAuthenticated()}">
10 |     <li><a class="btn btn-success" href="<c:url value="./auth_sign_in"></c:url>">Sign In</a></li>
11 | </c:if>


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/webapp/auth/status.jsp:
--------------------------------------------------------------------------------
 1 | <jsp:useBean id="msalAuth" scope="session" class="com.microsoft.azuresamples.authenticationb2c.MsalAuthSession" />
 2 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 3 | 
 4 | <div class="card">
 5 |     <h5 class="card-header bg-primary">
 6 |         <% out.println(msalAuth.getAuthenticated()? "You're signed in!" : "You're not signed in."); %>
 7 |     </h5>
 8 |     <div class="card-body">
 9 |         <!-- <h5 class="card-title"></h5> -->
10 |         <p class="card-text">
11 |             <% if (msalAuth.getAuthenticated()) { %>
12 |                 Click here to get your <a class="btn btn-success" href="<c:url value="./auth_token_details"></c:url>">ID Token Details</a>
13 |                 or <a class="btn btn-success" href="<c:url value="./auth_edit_profile"></c:url>">Edit Your Profile</a>
14 |             <% } else { %>
15 |                 Use the button on the top right to sign in.
16 |                 <br>
17 |                 Note: You may have been signed out as a result of a password reset or edit profile.
18 |             <% } %>
19 |         </p>
20 |         <!-- <div class="card-footer"></div> -->
21 |     </div>
22 | </div>
23 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/webapp/auth/token.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | <div class="card">
 3 |     <h5 class="card-header bg-primary">
 4 |         ID Token Details
 5 |     </h5>
 6 |     <div class="card-body">
 7 |         <!-- <h5 class="card-title"></h5> -->
 8 |         <p class="card-text">
 9 |             <c:forEach items="${claims}" var="claim">
10 |                 <b> ${claim.key} :</b> ${claim.value} <br/>
11 |             </c:forEach>
12 |             Click here to see <a class="btn btn-success" href="<c:url value="./auth_sign_in_status"></c:url>">Sign-in Status</a>
13 |             or <a class="btn btn-success" href="<c:url value="./auth_edit_profile"></c:url>">Edit Your Profile</a>
14 |         </p>
15 |         <!-- <div class="card-footer"></div> -->
16 |     </div>
17 | </div>
18 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/webapp/index.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page import="com.microsoft.azuresamples.authenticationb2c.*" %>
 2 | <%@ page session="true" %>
 3 | <jsp:useBean id="msalAuth" scope="session" class="com.microsoft.azuresamples.authenticationb2c.MsalAuthSession" />
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | 
 6 | <!doctype html>
 7 | <html lang="en">
 8 | <head>
 9 |     <!-- Required meta tags -->
10 |     <meta charset="utf-8">
11 |     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
12 | 
13 |     <!-- Bootstrap CSS -->
14 |     <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
15 |     <link rel="stylesheet" href="./static/style.css">
16 |     <link rel="icon" type="image/x-icon" href="./static/favicon.ico">
17 |     <title>Authentication: Use MSAL Java to sign in B2C users</title>
18 | </head>
19 | <body>
20 | 
21 | <%@ include file="navbar.jsp" %>
22 | 
23 | <div class="container body-content">
24 |         <jsp:include page="${bodyContent}" ></jsp:include>
25 | </div>
26 | 
27 | <footer style="text-align: center;">
28 |     <p>&copy; 2020<p>
29 | </footer>
30 | <!-- jQuery first, then Popper.js, then Bootstrap JS -->
31 | <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
32 | <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
33 | <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>  </body>
34 | </html>


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/webapp/navbar.jsp:
--------------------------------------------------------------------------------
1 | <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
2 |     <a class="navbar-brand" href="<c:url value="./index"></c:url>">Microsoft Identity Platform</a>
3 |     <span class="navbar-text">Authentication: Use MSAL Java to sign in B2C users</span>
4 |     <div class="btn-group ml-auto dropleft">
5 |         <ul class="nav navbar-nav navbar-right">
6 |             <%@ include file="auth/auth-bar.jsp" %>
7 |         </ul>
8 |     </div>
9 | </nav>


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/webapp/static/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/1-Authentication/sign-in-b2c/src/main/webapp/static/favicon.ico


--------------------------------------------------------------------------------
/1-Authentication/sign-in-b2c/src/main/webapp/static/style.css:
--------------------------------------------------------------------------------
 1 | .body-content {
 2 |     padding-top: 15px;
 3 |     padding-bottom: 15px;
 4 |     padding-left: 15px;
 5 |     padding-right: 15px;
 6 | }
 7 | 
 8 | .dl-horizontal dt {
 9 |     white-space: normal;
10 | }
11 | 
12 | .flashToast {
13 |     position: fixed;
14 |     bottom: 0;
15 |     left: 0;
16 | }
17 | 
18 | 
19 | .card {
20 |     width: 50vw;
21 |     margin:auto;
22 |     background:#f0f0f0; 
23 |     border:1px solid black;
24 | }
25 | 
26 | .card-header {
27 |     /* background: darkseagreen; */
28 |     color: rgba(255,255,255,0.85);
29 |     background: #0078d4;
30 |     font-weight: 300;
31 | }
32 | 
33 | .card-text {
34 |     align-content: center
35 | }
36 | 
37 | #wrapper {
38 |     display: flex;
39 |   }
40 |   
41 | #left {
42 | flex: content;
43 | margin-right: 0.5em;
44 | 
45 | }
46 | 
47 | #right {
48 | flex: 1;
49 | }
50 | 
51 | #footer {
52 |     width: 50vw;
53 |     margin: auto;
54 |     text-align: left;
55 |     margin-top: 1em;
56 | }
57 | 
58 | #smiley, #frowny {
59 |     height: 1.5em;
60 |     width: 1.5em;
61 |     margin: auto;
62 |     fill: #0078d4
63 | }
64 | 
65 | #smiley:hover, #frowny:hover{
66 |     height: 1.5em;
67 |     width: 1.5em;
68 |     margin: auto;
69 |     fill: white;
70 |     border: 1px solid #0078d4;
71 |     background-color: #0078d4;
72 |     border-radius: 50%;
73 | }
74 | 
75 | #check-icon {
76 |     height: 1.25em;
77 |     width: 1.25em;
78 |     margin: auto;
79 |     fill: green;
80 | }
81 | 
82 | a.nostyle:link {
83 |     text-decoration: inherit;
84 |     color: inherit;
85 | }
86 | 
87 | a.nostyle:visited {
88 |     text-decoration: inherit;
89 |     color: inherit;
90 | }


--------------------------------------------------------------------------------
/1-Authentication/sign-in/.classpath:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <classpath>
 3 | 	<classpathentry kind="src" output="target/classes" path="src/main/java">
 4 | 		<attributes>
 5 | 			<attribute name="optional" value="true"/>
 6 | 			<attribute name="maven.pomderived" value="true"/>
 7 | 		</attributes>
 8 | 	</classpathentry>
 9 | 	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
10 | 		<attributes>
11 | 			<attribute name="maven.pomderived" value="true"/>
12 | 		</attributes>
13 | 	</classpathentry>
14 | 	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
15 | 		<attributes>
16 | 			<attribute name="optional" value="true"/>
17 | 			<attribute name="maven.pomderived" value="true"/>
18 | 			<attribute name="test" value="true"/>
19 | 		</attributes>
20 | 	</classpathentry>
21 | 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
22 | 		<attributes>
23 | 			<attribute name="maven.pomderived" value="true"/>
24 | 		</attributes>
25 | 	</classpathentry>
26 | 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
27 | 		<attributes>
28 | 			<attribute name="maven.pomderived" value="true"/>
29 | 			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
30 | 		</attributes>
31 | 	</classpathentry>
32 | 	<classpathentry kind="output" path="target/classes"/>
33 | </classpath>
34 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/.github/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Microsoft Open Source Code of Conduct
 2 | 
 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 4 | 
 5 | Resources:
 6 | 
 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
10 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!--
 2 | IF SUFFICIENT INFORMATION IS NOT PROVIDED VIA THE FOLLOWING TEMPLATE THE ISSUE MIGHT BE CLOSED WITHOUT FURTHER CONSIDERATION OR INVESTIGATION
 3 | -->
 4 | > Please provide us with the following information:
 5 | > ---------------------------------------------------------------
 6 | 
 7 | ### This issue is for a: (mark with an `x`)
 8 | ```
 9 | - [ ] bug report -> please search issues before submitting
10 | - [ ] feature request
11 | - [ ] documentation issue or request
12 | - [ ] regression (a behavior that used to work and stopped in a new release)
13 | ```
14 | 
15 | ### Minimal steps to reproduce
16 | >
17 | 
18 | ### Any log messages given by the failure
19 | >
20 | 
21 | ### Expected/desired behavior
22 | >
23 | 
24 | ### OS and Version?
25 | > Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
26 | 
27 | ### Versions
28 | >
29 | 
30 | ### Mention any other details that might be useful
31 | 
32 | > ---------------------------------------------------------------
33 | > Thanks! We'll be in touch soon.
34 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | ## Purpose
 2 | <!-- Describe the intention of the changes being proposed. What problem does it solve or functionality does it add? -->
 3 | * ...
 4 | 
 5 | ## Does this introduce a breaking change?
 6 | <!-- Mark one with an "x". -->
 7 | ```
 8 | [ ] Yes
 9 | [ ] No
10 | ```
11 | 
12 | ## Pull Request Type
13 | What kind of change does this Pull Request introduce?
14 | 
15 | <!-- Please check the one that applies to this PR using "x". -->
16 | ```
17 | [ ] Bugfix
18 | [ ] Feature
19 | [ ] Code style update (formatting, local variables)
20 | [ ] Refactoring (no functional changes, no api changes)
21 | [ ] Documentation content changes
22 | [ ] Other... Please describe:
23 | ```
24 | 
25 | ## How to Test
26 | *  Get the code
27 | 
28 | ```
29 | git clone [repo-address]
30 | cd [repo-name]
31 | git checkout [branch-name]
32 | npm install
33 | ```
34 | 
35 | * Test the code
36 | <!-- Add steps to run the tests suite and/or manually test -->
37 | ```
38 | ```
39 | 
40 | ## What to Check
41 | Verify that the following are valid
42 | * ...
43 | 
44 | ## Other Information
45 | <!-- Add any other helpful information that may be needed here. -->


--------------------------------------------------------------------------------
/1-Authentication/sign-in/.gitignore:
--------------------------------------------------------------------------------
 1 | .project
 2 | .settings/
 3 | .vscode/
 4 | target/
 5 | 
 6 | # Compiled class file
 7 | *.class
 8 | 
 9 | # Log file
10 | *.log
11 | 
12 | # BlueJ files
13 | *.ctxt
14 | 
15 | # Mobile Tools for Java (J2ME)
16 | .mtj.tmp/
17 | 
18 | # Package Files #
19 | *.jar
20 | *.war
21 | *.nar
22 | *.ear
23 | *.zip
24 | *.tar.gz
25 | *.rar
26 | 
27 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
28 | hs_err_pid*
29 | .vs/msal4j-servlet-auth/v16/.suo
30 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/AppCreationScripts/Cleanup.ps1:
--------------------------------------------------------------------------------
 1 | [CmdletBinding()]
 2 | param(    
 3 |     [PSCredential] $Credential,
 4 |     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
 5 |     [string] $tenantId,
 6 |     [Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script (it defaults to AzureCloud)')]
 7 |     [string] $azureEnvironmentName
 8 | )
 9 | 
10 | #Requires -Modules AzureAD -RunAsAdministrator
11 | 
12 | 
13 | if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) { 
14 |     Install-Module "AzureAD" -Scope CurrentUser 
15 | } 
16 | Import-Module AzureAD
17 | $ErrorActionPreference = "Stop"
18 | 
19 | Function Cleanup
20 | {
21 |     if (!$azureEnvironmentName)
22 |     {
23 |         $azureEnvironmentName = "AzureCloud"
24 |     }
25 | 
26 |     <#
27 |     .Description
28 |     This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
29 |     #>
30 | 
31 |     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
32 |     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
33 | 
34 |     # Login to Azure PowerShell (interactive if credentials are not already provided:
35 |     # you'll need to sign-in with creds enabling your to create apps in the tenant)
36 |     if (!$Credential -and $TenantId)
37 |     {
38 |         $creds = Connect-AzureAD -TenantId $tenantId -AzureEnvironmentName $azureEnvironmentName
39 |     }
40 |     else
41 |     {
42 |         if (!$TenantId)
43 |         {
44 |             $creds = Connect-AzureAD -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
45 |         }
46 |         else
47 |         {
48 |             $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
49 |         }
50 |     }
51 | 
52 |     if (!$tenantId)
53 |     {
54 |         $tenantId = $creds.Tenant.Id
55 |     }
56 |     $tenant = Get-AzureADTenantDetail
57 |     $tenantName =  ($tenant.VerifiedDomains | Where-Object { $_._Default -eq $True }).Name
58 |     
59 |     # Removes the applications
60 |     Write-Host "Cleaning-up applications from tenant '$tenantName'"
61 | 
62 |     Write-Host "Removing 'webApp' (java-servlet-webapp-auth-my-tenant) if needed"
63 |     Get-AzureADApplication -Filter "DisplayName eq 'java-servlet-webapp-auth-my-tenant'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
64 |     $apps = Get-AzureADApplication -Filter "DisplayName eq 'java-servlet-webapp-auth-my-tenant'"
65 |     if ($apps)
66 |     {
67 |         Remove-AzureADApplication -ObjectId $apps.ObjectId
68 |     }
69 | 
70 |     foreach ($app in $apps) 
71 |     {
72 |         Remove-AzureADApplication -ObjectId $app.ObjectId
73 |         Write-Host "Removed java-servlet-webapp-auth-my-tenant.."
74 |     }
75 |     # also remove service principals of this app
76 |     Get-AzureADServicePrincipal -filter "DisplayName eq 'java-servlet-webapp-auth-my-tenant'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
77 |     
78 | }
79 | 
80 | Cleanup -Credential $Credential -tenantId $TenantId


--------------------------------------------------------------------------------
/1-Authentication/sign-in/AppCreationScripts/sample.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "Sample": {
 3 |       "Title": "Enable your Java Servlet web app to sign in users to your Azure Active Directory tenant with the Microsoft identity platform",
 4 |       "Level": 100,
 5 |       "Client": "Java Servlet web app",
 6 |       "RepositoryUrl": "ms-identity-java-servlet-webapp-authentication",
 7 |       "Endpoint": "AAD v2.0"
 8 |     },
 9 |     "AADApps": [
10 |       {
11 |         "Id": "webApp",
12 |         "Name": "java-servlet-webapp-auth-my-tenant",
13 |         "Kind": "WebApp",
14 |         "Audience": "AzureADMyOrg",
15 |         "PasswordCredentials": "Auto",
16 |         "AllowImplicitFlow": false,
17 |         "HomePage": "http://localhost:8080/msal4j-servlet-auth/index",
18 |         "ReplyUrls": "http://localhost:8080/msal4j-servlet-auth/auth/redirect",
19 |         "RequiredResourcesAccess": []
20 |       }
21 |     ],
22 |     "CodeConfiguration": [
23 |       {
24 |         "App": "webApp",
25 |         "SettingKind": "Replace",
26 |         "SettingFile": "\\..\\src\\main\\resources\\authentication.properties",
27 |         "Mappings": [
28 |           {
29 |             "key": "{enter-your-tenant-id-here}",
30 |             "value": "$tenantId"
31 |           },
32 |           {
33 |             "key": "{enter-your-client-id-here}",
34 |             "value": "webApp.AppId"
35 |           },
36 |           {
37 |             "key": "{enter-your-client-secret-here}",
38 |             "value": ".AppKey"
39 |           }
40 |         ]
41 |       }
42 |     ]
43 |   }


--------------------------------------------------------------------------------
/1-Authentication/sign-in/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | ## [project-title] Changelog
 2 | 
 3 | <a name="x.y.z"></a>
 4 | # x.y.z (yyyy-mm-dd)
 5 | 
 6 | *Features*
 7 | * ...
 8 | 
 9 | *Bug Fixes*
10 | * ...
11 | 
12 | *Breaking Changes*
13 | * ...
14 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/LICENSE.md:
--------------------------------------------------------------------------------
 1 |     MIT License
 2 | 
 3 |     Copyright (c) Microsoft Corporation.
 4 | 
 5 |     Permission is hereby granted, free of charge, to any person obtaining a copy
 6 |     of this software and associated documentation files (the "Software"), to deal
 7 |     in the Software without restriction, including without limitation the rights
 8 |     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 |     copies of the Software, and to permit persons to whom the Software is
10 |     furnished to do so, subject to the following conditions:
11 | 
12 |     The above copyright notice and this permission notice shall be included in all
13 |     copies or substantial portions of the Software.
14 | 
15 |     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 |     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 |     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 |     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 |     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 |     SOFTWARE


--------------------------------------------------------------------------------
/1-Authentication/sign-in/ReadmeFiles/app.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/1-Authentication/sign-in/ReadmeFiles/app.png


--------------------------------------------------------------------------------
/1-Authentication/sign-in/ReadmeFiles/topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/1-Authentication/sign-in/ReadmeFiles/topology.png


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/AADRedirectServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import javax.servlet.ServletException;
 7 | import javax.servlet.annotation.WebServlet;
 8 | import javax.servlet.http.HttpServlet;
 9 | import javax.servlet.http.HttpServletRequest;
10 | import javax.servlet.http.HttpServletResponse;
11 | 
12 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
13 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
14 | import com.microsoft.azuresamples.msal4j.helpers.Config;
15 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
16 | 
17 | import java.io.IOException;
18 | import java.util.Arrays;
19 | import java.util.logging.Level;
20 | import java.util.logging.Logger;
21 | 
22 | /**
23 |  * This class defines the endpoint for processing the redirect from AAD MSAL
24 |  * Java apps using this sample's paradigm will require this.
25 |  */
26 | @WebServlet(name = "AADRedirectServlet", urlPatterns = "/auth/redirect")
27 | public class AADRedirectServlet extends HttpServlet {
28 |     private static Logger logger = Logger.getLogger(AADRedirectServlet.class.getName());
29 | 
30 |     @Override
31 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
32 |             throws ServletException, IOException {
33 |         logger.log(Level.FINE, "Request has come with params {0}", req.getQueryString());
34 |         try {
35 |             AuthHelper.processAADCallback(new IdentityContextAdapterServlet(req, resp));
36 |             logger.log(Level.INFO, "redirecting to home page.");
37 |             resp.sendRedirect(Config.HOME_PAGE);
38 |         } catch (AuthException ex) {
39 |             logger.log(Level.WARNING, ex.getMessage());
40 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
41 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
42 |             resp.sendRedirect(resp.encodeRedirectURL(String.format(req.getContextPath() + "/auth_error_details?details=%s", ex.getMessage())));
43 |         }
44 |     }
45 | 
46 | }
47 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/SignInServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import java.io.IOException;
 7 | import java.util.Arrays;
 8 | import java.util.logging.Level;
 9 | import java.util.logging.Logger;
10 | 
11 | import javax.servlet.ServletException;
12 | import javax.servlet.annotation.WebServlet;
13 | import javax.servlet.http.HttpServlet;
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
18 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
19 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
20 | 
21 | /**
22 |  * This class defines the endpoint for processing sign in
23 |  * MSAL Java apps using this sample's paradigm will require this.
24 |  */
25 | @WebServlet(name = "SignInServlet", urlPatterns = "/auth/sign_in")
26 | public class SignInServlet extends HttpServlet {
27 |     private static Logger logger = Logger.getLogger(SignInServlet.class.getName());
28 | 
29 |     @Override
30 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
31 |         try {
32 |             AuthHelper.signIn(new IdentityContextAdapterServlet(req, resp));
33 |         } catch (AuthException ex) {
34 |             logger.log(Level.WARNING, ex.getMessage());
35 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
36 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
37 |             resp.sendRedirect(resp.encodeRedirectURL(String.format(req.getContextPath() + "/auth_error_details?details=%s", ex.getMessage())));
38 |         }
39 |     }
40 | }
41 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/SignOutServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import java.io.IOException;
 7 | import java.util.Arrays;
 8 | import java.util.logging.Level;
 9 | import java.util.logging.Logger;
10 | 
11 | import javax.servlet.ServletException;
12 | import javax.servlet.annotation.WebServlet;
13 | import javax.servlet.http.HttpServlet;
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
18 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
19 | 
20 | /**
21 |  * This class defines the endpoint for processing sign out
22 |  * MSAL Java apps using this sample's paradigm will require this.
23 |  */
24 | @WebServlet(name = "SignOutServlet", urlPatterns = "/auth/sign_out")
25 | public class SignOutServlet extends HttpServlet {
26 |     private static Logger logger = Logger.getLogger(SignOutServlet.class.getName());
27 | 
28 |     @Override
29 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
30 |         try {
31 |             AuthHelper.signOut(new IdentityContextAdapterServlet(req, resp));
32 |         } catch (Exception ex){
33 |             logger.log(Level.WARNING, "Unable to sign out");
34 |             logger.log(Level.WARNING, ex.getMessage());
35 |             logger.log(Level.FINEST, Arrays.toString(ex.getStackTrace()));
36 |             resp.sendRedirect(resp.encodeRedirectURL(String.format(req.getContextPath() + "/auth_error_details?details=%s", ex.getMessage())));
37 | 
38 |         }
39 |     }
40 | }


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/authwebapp/AuthErrorDetailsServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authwebapp;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import java.io.IOException;
13 | 
14 | /**
15 |  * This class defines a page for showing the user AAD error details
16 |  *  In a real world app, you should likely NOT want to give out error details to your users.
17 |  */
18 | @WebServlet(name = "AuthErrorDetailsServlet", urlPatterns = "/auth_error_details")
19 | public class AuthErrorDetailsServlet extends HttpServlet {
20 | 
21 |     @Override
22 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
23 |             throws ServletException, IOException {
24 |         final String details = req.getParameter("details");
25 | 
26 |         req.setAttribute("details", details);
27 |         req.setAttribute("bodyContent", "content/500.jsp");
28 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
29 |         view.forward(req, resp);
30 |     }
31 | }


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/authwebapp/SignInStatusServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authwebapp;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import java.io.IOException;
13 | 
14 | /**
15 |  * This class defines a page for showing the user their sign in status
16 |  * This is also the home page.
17 |  * This is here only for sample demonstration purposes.
18 |  */
19 | @WebServlet(name = "SignInStatusServlet", urlPatterns = {"", "/index", "/sign_in_status"})
20 | public class SignInStatusServlet extends HttpServlet {
21 | 
22 |     @Override
23 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
24 |         req.setAttribute("bodyContent", "content/status.jsp");
25 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
26 |         view.forward(req, resp);
27 |     }
28 | }


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/authwebapp/TokenDetailsServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authwebapp;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | 
13 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextData;
14 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
15 | 
16 | import java.io.IOException;
17 | import java.util.Arrays;
18 | import java.util.HashMap;
19 | import java.util.List;
20 | 
21 | /**
22 |  * This class defines a page for showing the user their token details
23 |  * This is here only for sample demonstration purposes.
24 |  */
25 | @WebServlet(name = "TokenDetailsServlet", urlPatterns = {"/token_details"})
26 | public class TokenDetailsServlet extends HttpServlet {
27 | 
28 |     @Override
29 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
30 |             throws ServletException, IOException {        
31 |         IdentityContextData context = new IdentityContextAdapterServlet(req, resp).getContext();
32 |         final HashMap<String,String> filteredClaims = filterClaims(context);
33 | 
34 |         req.setAttribute("claims", filteredClaims);
35 |         req.setAttribute("bodyContent", "content/token.jsp");
36 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
37 |         view.forward(req, resp);
38 |     }
39 | 
40 |     private HashMap<String,String> filterClaims(IdentityContextData context) {
41 |         final String[] claimKeys = {"sub", "aud", "ver", "iss", "name", "oid", "preferred_username", "nonce", "tid", "roles", "groups", "_claim_names", "_claim_sources"};
42 |         final List<String> includeClaims = Arrays.asList(claimKeys);
43 | 
44 |         HashMap<String,String> filteredClaims = new HashMap<>();
45 |         context.getIdTokenClaims().forEach((k,v) -> {
46 |             if (includeClaims.contains(k))
47 |                     filteredClaims.put(k, v.toString());
48 |         });
49 |         return filteredClaims;
50 |     }
51 | }
52 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/feedback/SurveyServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.feedback;
 5 | 
 6 | import java.io.IOException;
 7 | import javax.servlet.RequestDispatcher;
 8 | import javax.servlet.ServletException;
 9 | import javax.servlet.annotation.WebServlet;
10 | import javax.servlet.http.HttpServlet;
11 | import javax.servlet.http.HttpServletRequest;
12 | import javax.servlet.http.HttpServletResponse;
13 | 
14 | /**
15 |  * This class defines the endpoint for feedback
16 |  * It is NOT necessary for your application
17 |  */
18 | @WebServlet(name = "SurveyServlet", urlPatterns = "/survey")
19 | public class SurveyServlet extends HttpServlet {
20 | 
21 |     @Override
22 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
23 |         req.setAttribute("bodyContent", "content/survey.jsp");
24 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
25 |         view.forward(req, resp);
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/helpers/AuthException.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | 
 5 | package com.microsoft.azuresamples.msal4j.helpers;
 6 | 
 7 | /*
 8 | Required exception class for using AuthHelper.java
 9 | */
10 | 
11 | public class AuthException extends Exception {
12 |     public AuthException(String message) {
13 |         super(message);
14 |     }
15 | }
16 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/helpers/IdentityContextAdapter.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.helpers;
 5 | 
 6 | import java.io.IOException;
 7 | 
 8 | /**
 9 |  * Implement this so that AuthHelper can be customized to your needs!
10 |  * This Sample project implements this in IdentityContextAdapterServlet.java
11 |  * MUST BE INSTANTIATED ONCE PER REQUEST IN WEB APPS / WEB APIs before passing to AuthHelper
12 |  */
13 | public interface IdentityContextAdapter {
14 |     public void setContext(IdentityContextData context);
15 |     public IdentityContextData getContext();
16 |     public void redirectUser(String location) throws IOException;
17 |     public String getParameter(String parameterName);
18 | }
19 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/java/com/microsoft/azuresamples/msal4j/helpers/IdentityContextAdapterServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.helpers;
 5 | 
 6 | import javax.servlet.http.HttpSession;
 7 | import javax.servlet.http.HttpSessionActivationListener;
 8 | import javax.servlet.http.HttpSessionEvent;
 9 | 
10 | import java.io.IOException;
11 | import java.util.logging.Level;
12 | import java.util.logging.Logger;
13 | 
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | /**
18 |  * Implementation of IdentityContextAdapter for AuthHelper for use with Java
19 |  * HttpServletRequests/Responses MUST BE INSTANTIATED ONCE PER REQUEST IN WEB
20 |  * APPS / WEB APIs before passing to AuthHelper
21 |  */
22 | 
23 | public class IdentityContextAdapterServlet implements IdentityContextAdapter, HttpSessionActivationListener {
24 |     private static Logger logger = Logger.getLogger(IdentityContextAdapterServlet.class.getName());
25 |     private HttpSession session = null;
26 |     private IdentityContextData context = null;
27 |     private HttpServletRequest request = null;
28 |     private HttpServletResponse response = null;
29 | 
30 |     public IdentityContextAdapterServlet(HttpServletRequest request, HttpServletResponse response) {
31 |         this.request = request;
32 |         this.session = request.getSession();
33 |         this.response = response;
34 |     }
35 | 
36 |     // load from session on session activation
37 |     @Override
38 |     public void sessionDidActivate(HttpSessionEvent se) {
39 |         this.session = se.getSession();
40 |         loadContext();
41 |     }
42 | 
43 |     // save to session on session passivation
44 |     @Override
45 |     public void sessionWillPassivate(HttpSessionEvent se) {
46 |         this.session = se.getSession();
47 |         saveContext();
48 |     }
49 | 
50 |     public void saveContext() {
51 |         if (this.context == null)
52 |             this.context = new IdentityContextData();
53 | 
54 |         this.session.setAttribute(Config.SESSION_PARAM, context);
55 |     }
56 | 
57 |     public void loadContext() {
58 |         this.context = (IdentityContextData) session.getAttribute(Config.SESSION_PARAM);
59 |         if (this.context == null) {
60 |             this.context = new IdentityContextData();
61 |         }
62 |     }
63 | 
64 |     @Override
65 |     public IdentityContextData getContext() {
66 |         loadContext();
67 |         return this.context;
68 |     }
69 | 
70 |     @Override
71 |     public void setContext(IdentityContextData context) {
72 |         this.context = context;
73 |         saveContext();
74 |     }
75 | 
76 |     @Override
77 |     public void redirectUser(String location) throws IOException {
78 |         logger.log(Level.INFO, "Redirecting user to {0}", location);
79 |         this.response.sendRedirect(location);
80 |     }
81 | 
82 |     @Override
83 |     public String getParameter(String parameterName) {
84 |         return this.request.getParameter(parameterName);
85 |     }
86 | 
87 | }
88 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/resources/authentication.properties:
--------------------------------------------------------------------------------
 1 | aad.clientId={enter-your-client-id-here}
 2 | aad.secret={enter-your-client-secret-here}
 3 | aad.authority=https://login.microsoftonline.com/{enter-your-tenant-id-here}
 4 | aad.scopes=openid profile offline_access
 5 | 
 6 | aad.signOutEndpoint=/oauth2/v2.0/logout/
 7 | aad.postSignOutFragment=?post_logout_redirect_uri=
 8 | 
 9 | # app.homePage is by default set to dev server address and app context path on the server
10 | # for apps deployed to azure, use https://your-sub-domain.azurewebsites.net
11 | app.homePage=http://localhost:8080/msal4j-servlet-auth
12 | # endpoint for AAD redirect. Configured this to be the same as the URL pattern for AADRedirectServlet.java
13 | app.redirectEndpoint=/auth/redirect
14 | 
15 | # app's state value validity in seconds (TODO: not yet implemented):
16 | app.stateTTL=600
17 | app.sessionParam=msalAuth
18 | app.protect.authenticated=/token_details
19 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/resources/log4j.properties:
--------------------------------------------------------------------------------
1 | log4j.rootLogger=ALL, stdout
2 | log4j.appender.stdout=org.apache.log4j.ConsoleAppender
3 | log4j.appender.stdout.Target=System.out
4 | log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
5 | log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/webapp/content/401.jsp:
--------------------------------------------------------------------------------
 1 | <div class="card">
 2 |     <h5 class="card-header bg-primary">
 3 |         401: Unauthorized
 4 |     </h5>
 5 |     <div class="card-body">
 6 |         <p class="card-text">
 7 |             Visiting this page requires you to be <strong>authenticated</strong>. Use the button on the top right to sign in.
 8 |         </p>
 9 |     </div>
10 | </div>
11 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/webapp/content/500.jsp:
--------------------------------------------------------------------------------
 1 | <div class="card">
 2 |     <h5 class="card-header bg-primary">
 3 |         500: Auth Error
 4 |     </h5>
 5 |     <div class="card-body">
 6 |         <p class="card-text">
 7 |             ${details}<br/>
 8 |         </p>
 9 |     </div>
10 | </div>
11 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/webapp/content/status.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | 
 3 | <div class="card">
 4 |     <h5 class="card-header bg-primary">
 5 |         <c:if test = "${isAuthenticated}">You're signed in!</c:if>
 6 |         <c:if test = "${!isAuthenticated}">You're not signed in.</c:if>
 7 |     </h5>
 8 |     <div class="card-body">
 9 |         <p class="card-text">
10 |             <c:if test = "${isAuthenticated}">
11 |                 Click here to get your <a class="btn btn-success" href="token_details">ID Token Details</a>
12 |             </c:if>
13 |             <c:if test = "${!isAuthenticated}">
14 |                 Use the button on the top right to sign in.
15 |                 Attempts to get your <a href="token_details">ID Token Details</a> will result in a 401 error.
16 |             </c:if>
17 |         </p>
18 |     </div>
19 | </div>


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/webapp/content/survey.jsp:
--------------------------------------------------------------------------------
 1 | 
 2 | <div class="card" style="width:fit-content">
 3 |     <h5 class="card-header bg-primary">
 4 |         Tell us how we did!
 5 |     </h5>
 6 |     <div class="card-body">
 7 |         Click <a target="_blank"  href="https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpURDQwVUxQWENUMlpLUlA0QzdJNVE3TUJRSyQlQCN0PWcu">here</a> if the survey question does not load automatically.
 8 |         <p class="card-text">
 9 |             <iframe width="640px" height= "1400px" src= "https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpURDQwVUxQWENUMlpLUlA0QzdJNVE3TUJRSyQlQCN0PWcu&embed=true" frameborder= "0" marginwidth= "0" marginheight= "0" style= "border: none; max-width:100%; max-height:100vh; alignment:center;" allowfullscreen webkitallowfullscreen mozallowfullscreen msallowfullscreen> </iframe>
10 |         </p>
11 |     </div>
12 | </div>
13 | 
14 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/webapp/content/token.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | <div class="card">
 3 |     <h5 class="card-header bg-primary">
 4 |         ID Token Details
 5 |     </h5>
 6 |     <div class="card-body">
 7 |         <p class="card-text">
 8 |             <c:forEach items="${claims}" var="claim">
 9 |                 <strong>${claim.key}:</strong> ${claim.value}
10 |                 <br>
11 |             </c:forEach>
12 |             <br>
13 |             Click here to see your <a class="btn btn-success" href="sign_in_status">Sign-in Status</a>
14 |         </p>
15 |     </div>
16 | </div>
17 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/webapp/navbar.jsp:
--------------------------------------------------------------------------------
 1 | <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
 2 |     <a class="navbar-brand" href="index">Microsoft Identity Platform</a>
 3 |     <span class="navbar-text">Authentication: Use MSAL Java to sign in users in your Azure Active Directory tenant</span>
 4 |     <div class="btn-group ml-auto dropleft">
 5 |         <ul class="nav navbar-nav navbar-right">
 6 |             <c:if test = "${isAuthenticated}">
 7 |             <li class="nav-item">
 8 |                 <a class="nav-link" href="token_details">Hello ${username}!</a>
 9 |             </li>
10 |             <li>
11 |                 <a class="btn btn-warning" href="auth/sign_out">Sign Out</a>
12 |             </li>
13 |         </c:if>
14 |         <c:if test = "${!isAuthenticated}">
15 |             <li><a class="btn btn-success" href="auth/sign_in">Sign In</a></li>
16 |         </c:if>
17 |         </ul>
18 |     </div>
19 | </nav>
20 | 


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/webapp/static/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/1-Authentication/sign-in/src/main/webapp/static/favicon.ico


--------------------------------------------------------------------------------
/1-Authentication/sign-in/src/main/webapp/static/style.css:
--------------------------------------------------------------------------------
 1 | .body-content {
 2 |     padding-top: 15px;
 3 |     padding-bottom: 15px;
 4 |     padding-left: 15px;
 5 |     padding-right: 15px;
 6 | }
 7 | 
 8 | .dl-horizontal dt {
 9 |     white-space: normal;
10 | }
11 | 
12 | .flashToast {
13 |     position: fixed;
14 |     bottom: 0;
15 |     left: 0;
16 | }
17 | 
18 | 
19 | .card {
20 |     width: 50vw;
21 |     margin:auto;
22 |     background:#f0f0f0; 
23 |     border:1px solid black;
24 | }
25 | 
26 | .card-header {
27 |     /* background: darkseagreen; */
28 |     color: rgba(255,255,255,0.85);
29 |     background: #0078d4;
30 |     font-weight: 300;
31 | }
32 | 
33 | .card-text {
34 |     align-content: center
35 | }
36 | 
37 | #wrapper {
38 |     display: flex;
39 |   }
40 |   
41 | #left {
42 | flex: content;
43 | margin-right: 0.5em;
44 | 
45 | }
46 | 
47 | #right {
48 | flex: 1;
49 | }
50 | 
51 | #footer {
52 |     width: 50vw;
53 |     margin: auto;
54 |     text-align: left;
55 |     margin-top: 1em;
56 | }
57 | 
58 | #smiley, #frowny {
59 |     height: 1.5em;
60 |     width: 1.5em;
61 |     margin: auto;
62 |     fill: #0078d4
63 | }
64 | 
65 | #smiley:hover, #frowny:hover{
66 |     height: 1.5em;
67 |     width: 1.5em;
68 |     margin: auto;
69 |     fill: white;
70 |     border: 1px solid #0078d4;
71 |     background-color: #0078d4;
72 |     border-radius: 50%;
73 | }
74 | 
75 | #check-icon {
76 |     height: 1.25em;
77 |     width: 1.25em;
78 |     margin: auto;
79 |     fill: green;
80 | }
81 | 
82 | a.nostyle:link {
83 |     text-decoration: inherit;
84 |     color: inherit;
85 | }
86 | 
87 | a.nostyle:visited {
88 |     text-decoration: inherit;
89 |     color: inherit;
90 | }


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/.classpath:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <classpath>
 3 | 	<classpathentry kind="src" output="target/classes" path="src/main/java">
 4 | 		<attributes>
 5 | 			<attribute name="optional" value="true"/>
 6 | 			<attribute name="maven.pomderived" value="true"/>
 7 | 		</attributes>
 8 | 	</classpathentry>
 9 | 	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
10 | 		<attributes>
11 | 			<attribute name="maven.pomderived" value="true"/>
12 | 		</attributes>
13 | 	</classpathentry>
14 | 	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
15 | 		<attributes>
16 | 			<attribute name="optional" value="true"/>
17 | 			<attribute name="maven.pomderived" value="true"/>
18 | 			<attribute name="test" value="true"/>
19 | 		</attributes>
20 | 	</classpathentry>
21 | 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
22 | 		<attributes>
23 | 			<attribute name="maven.pomderived" value="true"/>
24 | 		</attributes>
25 | 	</classpathentry>
26 | 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
27 | 		<attributes>
28 | 			<attribute name="maven.pomderived" value="true"/>
29 | 		</attributes>
30 | 	</classpathentry>
31 | 	<classpathentry kind="src" path="target/generated-sources/annotations">
32 | 		<attributes>
33 | 			<attribute name="optional" value="true"/>
34 | 			<attribute name="maven.pomderived" value="true"/>
35 | 			<attribute name="ignore_optional_problems" value="true"/>
36 | 			<attribute name="m2e-apt" value="true"/>
37 | 		</attributes>
38 | 	</classpathentry>
39 | 	<classpathentry kind="src" output="target/test-classes" path="target/generated-test-sources/test-annotations">
40 | 		<attributes>
41 | 			<attribute name="optional" value="true"/>
42 | 			<attribute name="maven.pomderived" value="true"/>
43 | 			<attribute name="ignore_optional_problems" value="true"/>
44 | 			<attribute name="m2e-apt" value="true"/>
45 | 			<attribute name="test" value="true"/>
46 | 		</attributes>
47 | 	</classpathentry>
48 | 	<classpathentry kind="output" path="target/classes"/>
49 | </classpath>
50 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/.github/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Microsoft Open Source Code of Conduct
 2 | 
 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 4 | 
 5 | Resources:
 6 | 
 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
10 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!--
 2 | IF SUFFICIENT INFORMATION IS NOT PROVIDED VIA THE FOLLOWING TEMPLATE THE ISSUE MIGHT BE CLOSED WITHOUT FURTHER CONSIDERATION OR INVESTIGATION
 3 | -->
 4 | > Please provide us with the following information:
 5 | > ---------------------------------------------------------------
 6 | 
 7 | ### This issue is for a: (mark with an `x`)
 8 | ```
 9 | - [ ] bug report -> please search issues before submitting
10 | - [ ] feature request
11 | - [ ] documentation issue or request
12 | - [ ] regression (a behavior that used to work and stopped in a new release)
13 | ```
14 | 
15 | ### Minimal steps to reproduce
16 | >
17 | 
18 | ### Any log messages given by the failure
19 | >
20 | 
21 | ### Expected/desired behavior
22 | >
23 | 
24 | ### OS and Version?
25 | > Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
26 | 
27 | ### Versions
28 | >
29 | 
30 | ### Mention any other details that might be useful
31 | 
32 | > ---------------------------------------------------------------
33 | > Thanks! We'll be in touch soon.
34 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | ## Purpose
 2 | <!-- Describe the intention of the changes being proposed. What problem does it solve or functionality does it add? -->
 3 | * ...
 4 | 
 5 | ## Does this introduce a breaking change?
 6 | <!-- Mark one with an "x". -->
 7 | ```
 8 | [ ] Yes
 9 | [ ] No
10 | ```
11 | 
12 | ## Pull Request Type
13 | What kind of change does this Pull Request introduce?
14 | 
15 | <!-- Please check the one that applies to this PR using "x". -->
16 | ```
17 | [ ] Bugfix
18 | [ ] Feature
19 | [ ] Code style update (formatting, local variables)
20 | [ ] Refactoring (no functional changes, no api changes)
21 | [ ] Documentation content changes
22 | [ ] Other... Please describe:
23 | ```
24 | 
25 | ## How to Test
26 | *  Get the code
27 | 
28 | ```
29 | git clone [repo-address]
30 | cd [repo-name]
31 | git checkout [branch-name]
32 | npm install
33 | ```
34 | 
35 | * Test the code
36 | <!-- Add steps to run the tests suite and/or manually test -->
37 | ```
38 | ```
39 | 
40 | ## What to Check
41 | Verify that the following are valid
42 | * ...
43 | 
44 | ## Other Information
45 | <!-- Add any other helpful information that may be needed here. -->


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/.gitignore:
--------------------------------------------------------------------------------
 1 | .project
 2 | .settings/
 3 | .vscode/
 4 | target/
 5 | 
 6 | # Compiled class file
 7 | *.class
 8 | 
 9 | # Log file
10 | *.log
11 | 
12 | # BlueJ files
13 | *.ctxt
14 | 
15 | # Mobile Tools for Java (J2ME)
16 | .mtj.tmp/
17 | 
18 | # Package Files #
19 | *.jar
20 | *.war
21 | *.nar
22 | *.ear
23 | *.zip
24 | *.tar.gz
25 | *.rar
26 | 
27 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
28 | hs_err_pid*
29 | .vs/ms-identity-java-servlet-webapp-call-graph/v16/.suo
30 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/AppCreationScripts/Cleanup.ps1:
--------------------------------------------------------------------------------
 1 | [CmdletBinding()]
 2 | param(    
 3 |     [PSCredential] $Credential,
 4 |     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
 5 |     [string] $tenantId,
 6 |     [Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script (it defaults to AzureCloud)')]
 7 |     [string] $azureEnvironmentName
 8 | )
 9 | 
10 | #Requires -Modules AzureAD -RunAsAdministrator
11 | 
12 | 
13 | if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) { 
14 |     Install-Module "AzureAD" -Scope CurrentUser 
15 | } 
16 | Import-Module AzureAD
17 | $ErrorActionPreference = "Stop"
18 | 
19 | Function Cleanup
20 | {
21 |     if (!$azureEnvironmentName)
22 |     {
23 |         $azureEnvironmentName = "AzureCloud"
24 |     }
25 | 
26 |     <#
27 |     .Description
28 |     This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
29 |     #>
30 | 
31 |     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
32 |     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
33 | 
34 |     # Login to Azure PowerShell (interactive if credentials are not already provided:
35 |     # you'll need to sign-in with creds enabling your to create apps in the tenant)
36 |     if (!$Credential -and $TenantId)
37 |     {
38 |         $creds = Connect-AzureAD -TenantId $tenantId -AzureEnvironmentName $azureEnvironmentName
39 |     }
40 |     else
41 |     {
42 |         if (!$TenantId)
43 |         {
44 |             $creds = Connect-AzureAD -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
45 |         }
46 |         else
47 |         {
48 |             $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
49 |         }
50 |     }
51 | 
52 |     if (!$tenantId)
53 |     {
54 |         $tenantId = $creds.Tenant.Id
55 |     }
56 |     $tenant = Get-AzureADTenantDetail
57 |     $tenantName =  ($tenant.VerifiedDomains | Where-Object { $_._Default -eq $True }).Name
58 |     
59 |     # Removes the applications
60 |     Write-Host "Cleaning-up applications from tenant '$tenantName'"
61 | 
62 |     Write-Host "Removing 'webApp' (java-servlet-webapp-call-graph) if needed"
63 |     Get-AzureADApplication -Filter "DisplayName eq 'java-servlet-webapp-call-graph'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
64 |     $apps = Get-AzureADApplication -Filter "DisplayName eq 'java-servlet-webapp-call-graph'"
65 |     if ($apps)
66 |     {
67 |         Remove-AzureADApplication -ObjectId $apps.ObjectId
68 |     }
69 | 
70 |     foreach ($app in $apps) 
71 |     {
72 |         Remove-AzureADApplication -ObjectId $app.ObjectId
73 |         Write-Host "Removed java-servlet-webapp-call-graph.."
74 |     }
75 |     # also remove service principals of this app
76 |     Get-AzureADServicePrincipal -filter "DisplayName eq 'java-servlet-webapp-call-graph'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
77 |     
78 | }
79 | 
80 | Cleanup -Credential $Credential -tenantId $TenantId


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/AppCreationScripts/sample.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "Sample": {
 3 |       "Title": "Enable your Java Servlet web app to sign in users to your Azure Active Directory tenant with the Microsoft identity platform",
 4 |       "Level": 100,
 5 |       "Client": "Java Servlet web app",
 6 |       "RepositoryUrl": "ms-identity-java-servlet-webapp-call-graph",
 7 |       "Endpoint": "AAD v2.0"
 8 |     },
 9 |     "AADApps": [
10 |       {
11 |         "Id": "webApp",
12 |         "Name": "java-servlet-webapp-call-graph",
13 |         "Kind": "WebApp",
14 |         "Audience": "AzureADMyOrg",
15 |         "PasswordCredentials": "Auto",
16 |         "AllowImplicitFlow": false,
17 |         "HomePage": "http://localhost:8080/msal4j-servlet-graph/index",
18 |         "ReplyUrls": "http://localhost:8080/msal4j-servlet-graph/auth/redirect",
19 |         "RequiredResourcesAccess": [
20 |           {
21 |             "Resource": "Microsoft Graph",
22 |             "DelegatedPermissions": ["User.Read" ]
23 |           }
24 |         ],
25 |       }
26 |     ],
27 |     "CodeConfiguration": [
28 |       {
29 |         "App": "webApp",
30 |         "SettingKind": "Replace",
31 |         "SettingFile": "\\..\\src\\main\\resources\\authentication.properties",
32 |         "Mappings": [
33 |           {
34 |             "key": "{enter-your-tenant-id-here}",
35 |             "value": "$tenantId"
36 |           },
37 |           {
38 |             "key": "{enter-your-client-id-here}",
39 |             "value": "webApp.AppId"
40 |           },
41 |           {
42 |             "key": "{enter-your-client-secret-here}",
43 |             "value": ".AppKey"
44 |           }
45 |         ]
46 |       }
47 |     ]
48 |   }


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | ## [project-title] Changelog
 2 | 
 3 | <a name="x.y.z"></a>
 4 | # x.y.z (yyyy-mm-dd)
 5 | 
 6 | *Features*
 7 | * ...
 8 | 
 9 | *Bug Fixes*
10 | * ...
11 | 
12 | *Breaking Changes*
13 | * ...
14 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/LICENSE.md:
--------------------------------------------------------------------------------
 1 |     MIT License
 2 | 
 3 |     Copyright (c) Microsoft Corporation.
 4 | 
 5 |     Permission is hereby granted, free of charge, to any person obtaining a copy
 6 |     of this software and associated documentation files (the "Software"), to deal
 7 |     in the Software without restriction, including without limitation the rights
 8 |     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 |     copies of the Software, and to permit persons to whom the Software is
10 |     furnished to do so, subject to the following conditions:
11 | 
12 |     The above copyright notice and this permission notice shall be included in all
13 |     copies or substantial portions of the Software.
14 | 
15 |     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 |     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 |     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 |     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 |     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 |     SOFTWARE


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/ReadmeFiles/app.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/2-Authorization-I/call-graph/ReadmeFiles/app.png


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/ReadmeFiles/topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/2-Authorization-I/call-graph/ReadmeFiles/topology.png


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/AADRedirectServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import javax.servlet.ServletException;
 7 | import javax.servlet.annotation.WebServlet;
 8 | import javax.servlet.http.HttpServlet;
 9 | import javax.servlet.http.HttpServletRequest;
10 | import javax.servlet.http.HttpServletResponse;
11 | 
12 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
13 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
14 | import com.microsoft.azuresamples.msal4j.helpers.Config;
15 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
16 | 
17 | import java.io.IOException;
18 | import java.util.Arrays;
19 | import java.util.logging.Level;
20 | import java.util.logging.Logger;
21 | 
22 | /**
23 |  * This class defines the endpoint for processing the redirect from AAD MSAL
24 |  * Java apps using this sample's paradigm will require this.
25 |  */
26 | @WebServlet(name = "AADRedirectServlet", urlPatterns = "/auth/redirect")
27 | public class AADRedirectServlet extends HttpServlet {
28 |     private static Logger logger = Logger.getLogger(AADRedirectServlet.class.getName());
29 | 
30 |     @Override
31 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
32 |             throws ServletException, IOException {
33 |         logger.log(Level.FINE, "Request has come with params {0}", req.getQueryString());
34 |         try {
35 |             AuthHelper.processAADCallback(new IdentityContextAdapterServlet(req, resp));
36 |             logger.log(Level.INFO, "redirecting to home page.");
37 |             resp.sendRedirect(Config.HOME_PAGE);
38 |         } catch (AuthException ex) {
39 |             logger.log(Level.WARNING, ex.getMessage());
40 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
41 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
42 |             resp.sendRedirect(resp.encodeRedirectURL(String.format(req.getContextPath() + "/auth_error_details?details=%s", ex.getMessage())));
43 |         }
44 |     }
45 | 
46 | }
47 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/SignInServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import java.io.IOException;
 7 | import java.util.Arrays;
 8 | import java.util.logging.Level;
 9 | import java.util.logging.Logger;
10 | 
11 | import javax.servlet.ServletException;
12 | import javax.servlet.annotation.WebServlet;
13 | import javax.servlet.http.HttpServlet;
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
18 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
19 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
20 | 
21 | /**
22 |  * This class defines the endpoint for processing sign in
23 |  * MSAL Java apps using this sample's paradigm will require this.
24 |  */
25 | @WebServlet(name = "SignInServlet", urlPatterns = "/auth/sign_in")
26 | public class SignInServlet extends HttpServlet {
27 |     private static Logger logger = Logger.getLogger(SignInServlet.class.getName());
28 | 
29 |     @Override
30 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
31 |         try {
32 |             AuthHelper.signIn(new IdentityContextAdapterServlet(req, resp));
33 |         } catch (AuthException ex) {
34 |             logger.log(Level.WARNING, ex.getMessage());
35 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
36 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
37 |             resp.sendRedirect(resp.encodeRedirectURL(String.format(req.getContextPath() + "/auth_error_details?details=%s", ex.getMessage())));
38 |         }
39 |     }
40 | }
41 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/SignOutServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import java.io.IOException;
 7 | import java.util.Arrays;
 8 | import java.util.logging.Level;
 9 | import java.util.logging.Logger;
10 | 
11 | import javax.servlet.ServletException;
12 | import javax.servlet.annotation.WebServlet;
13 | import javax.servlet.http.HttpServlet;
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
18 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
19 | 
20 | /**
21 |  * This class defines the endpoint for processing sign out
22 |  * MSAL Java apps using this sample's paradigm will require this.
23 |  */
24 | @WebServlet(name = "SignOutServlet", urlPatterns = "/auth/sign_out")
25 | public class SignOutServlet extends HttpServlet {
26 |     private static Logger logger = Logger.getLogger(SignOutServlet.class.getName());
27 | 
28 |     @Override
29 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
30 |         try {
31 |             AuthHelper.signOut(new IdentityContextAdapterServlet(req, resp));
32 |         } catch (Exception ex){
33 |             logger.log(Level.WARNING, "Unable to sign out");
34 |             logger.log(Level.WARNING, ex.getMessage());
35 |             logger.log(Level.FINEST, Arrays.toString(ex.getStackTrace()));
36 |             resp.sendRedirect(resp.encodeRedirectURL(String.format(req.getContextPath() + "/auth_error_details?details=%s", ex.getMessage())));
37 | 
38 |         }
39 |     }
40 | }


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/callgraphwebapp/AuthErrorDetailsServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.callgraphwebapp;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import java.io.IOException;
13 | 
14 | /**
15 |  * This class defines a page for showing the user AAD error details
16 |  *  In a real world app, you should likely NOT want to give out error details to your users.
17 |  */
18 | @WebServlet(name = "AuthErrorDetailsServlet", urlPatterns = "/auth_error_details")
19 | public class AuthErrorDetailsServlet extends HttpServlet {
20 | 
21 |     @Override
22 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
23 |             throws ServletException, IOException {        
24 |         final String details = req.getParameter("details");
25 | 
26 |         req.setAttribute("details", details);
27 |         req.setAttribute("bodyContent", "content/500.jsp");
28 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
29 |         view.forward(req, resp);
30 |     }
31 | }


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/callgraphwebapp/SignInStatusServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.callgraphwebapp;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import java.io.IOException;
13 | 
14 | /**
15 |  * This class defines a page for showing the user their sign in status
16 |  * This is also the home page.
17 |  * This is here only for sample demonstration purposes.
18 |  */
19 | @WebServlet(name = "SignInStatusServlet", urlPatterns = {"", "/index", "/sign_in_status"})
20 | public class SignInStatusServlet extends HttpServlet {
21 | 
22 |     @Override
23 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
24 |         req.setAttribute("bodyContent", "content/status.jsp");
25 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
26 |         view.forward(req, resp);
27 |     }
28 | }


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/callgraphwebapp/TokenDetailsServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.callgraphwebapp;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | 
13 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextData;
14 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
15 | 
16 | import java.io.IOException;
17 | import java.util.Arrays;
18 | import java.util.HashMap;
19 | import java.util.List;
20 | 
21 | /**
22 |  * This class defines a page for showing the user their token details
23 |  * This is here only for sample demonstration purposes.
24 |  */
25 | @WebServlet(name = "TokenDetailsServlet", urlPatterns = "/token_details")
26 | public class TokenDetailsServlet extends HttpServlet {
27 | 
28 |     @Override
29 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
30 |             throws ServletException, IOException {        
31 |         IdentityContextData context = new IdentityContextAdapterServlet(req, resp).getContext();
32 |         final HashMap<String,String> filteredClaims = filterClaims(context);
33 | 
34 |         req.setAttribute("claims", filteredClaims);
35 |         req.setAttribute("bodyContent", "content/token.jsp");
36 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
37 |         view.forward(req, resp);
38 |     }
39 | 
40 |     private HashMap<String,String> filterClaims(IdentityContextData context) {
41 |         final String[] claimKeys = {"sub", "aud", "ver", "iss", "name", "oid", "preferred_username", "nonce", "tid"};
42 |         final List<String> includeClaims = Arrays.asList(claimKeys);
43 | 
44 |         HashMap<String,String> filteredClaims = new HashMap<>();
45 |         context.getIdTokenClaims().forEach((k,v) -> {
46 |             if (includeClaims.contains(k))
47 |                 filteredClaims.put(k, v.toString());
48 |         });
49 |         return filteredClaims;
50 |     }
51 | }
52 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/feedback/SurveyServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.feedback;
 5 | 
 6 | import java.io.IOException;
 7 | import javax.servlet.RequestDispatcher;
 8 | import javax.servlet.ServletException;
 9 | import javax.servlet.annotation.WebServlet;
10 | import javax.servlet.http.HttpServlet;
11 | import javax.servlet.http.HttpServletRequest;
12 | import javax.servlet.http.HttpServletResponse;
13 | 
14 | /**
15 |  * This class defines the endpoint for feedback
16 |  * It is NOT necessary for your application
17 |  */
18 | @WebServlet(name = "SurveyServlet", urlPatterns = "/survey")
19 | public class SurveyServlet extends HttpServlet {
20 | 
21 |     @Override
22 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
23 |         req.setAttribute("bodyContent", "content/survey.jsp");
24 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
25 |         view.forward(req, resp);
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/helpers/AuthException.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | 
 5 | package com.microsoft.azuresamples.msal4j.helpers;
 6 | 
 7 | /*
 8 | Required exception class for using AuthHelper.java
 9 | */
10 | 
11 | public class AuthException extends Exception {
12 |     public AuthException(String message) {
13 |         super(message);
14 |     }
15 | }
16 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/helpers/IdentityContextAdapter.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.helpers;
 5 | 
 6 | import java.io.IOException;
 7 | 
 8 | /**
 9 |  * Implement this so that AuthHelper can be customized to your needs!
10 |  * This Sample project implements this in IdentityContextAdapterServlet.java
11 |  * MUST BE INSTANTIATED ONCE PER REQUEST IN WEB APPS / WEB APIs before passing to AuthHelper
12 |  */
13 | public interface IdentityContextAdapter {
14 |     public void setContext(IdentityContextData context);
15 |     public IdentityContextData getContext();
16 |     public void redirectUser(String location) throws IOException;
17 |     public String getParameter(String parameterName);
18 | }
19 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/java/com/microsoft/azuresamples/msal4j/helpers/IdentityContextAdapterServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.helpers;
 5 | 
 6 | import javax.servlet.http.HttpSession;
 7 | import javax.servlet.http.HttpSessionActivationListener;
 8 | import javax.servlet.http.HttpSessionEvent;
 9 | 
10 | import java.io.IOException;
11 | import java.util.logging.Level;
12 | import java.util.logging.Logger;
13 | 
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | /**
18 |  * Implementation of IdentityContextAdapter for AuthHelper for use with Java
19 |  * HttpServletRequests/Responses MUST BE INSTANTIATED ONCE PER REQUEST IN WEB
20 |  * APPS / WEB APIs before passing to AuthHelper
21 |  */
22 | 
23 | public class IdentityContextAdapterServlet implements IdentityContextAdapter, HttpSessionActivationListener {
24 |     private static Logger logger = Logger.getLogger(IdentityContextAdapterServlet.class.getName());
25 |     private HttpSession session = null;
26 |     private IdentityContextData context = null;
27 |     private HttpServletRequest request = null;
28 |     private HttpServletResponse response = null;
29 | 
30 |     public IdentityContextAdapterServlet(HttpServletRequest request, HttpServletResponse response) {
31 |         this.request = request;
32 |         this.session = request.getSession();
33 |         this.response = response;
34 |     }
35 | 
36 |     // load from session on session activation
37 |     @Override
38 |     public void sessionDidActivate(HttpSessionEvent se) {
39 |         this.session = se.getSession();
40 |         loadContext();
41 |     }
42 | 
43 |     // save to session on session passivation
44 |     @Override
45 |     public void sessionWillPassivate(HttpSessionEvent se) {
46 |         this.session = se.getSession();
47 |         saveContext();
48 |     }
49 | 
50 |     public void saveContext() {
51 |         if (this.context == null)
52 |             this.context = new IdentityContextData();
53 | 
54 |         this.session.setAttribute(Config.SESSION_PARAM, context);
55 |     }
56 | 
57 |     public void loadContext() {
58 |         this.context = (IdentityContextData) session.getAttribute(Config.SESSION_PARAM);
59 |         if (this.context == null) {
60 |             this.context = new IdentityContextData();
61 |         }
62 |     }
63 | 
64 |     @Override
65 |     public IdentityContextData getContext() {
66 |         loadContext();
67 |         return this.context;
68 |     }
69 | 
70 |     @Override
71 |     public void setContext(IdentityContextData context) {
72 |         this.context = context;
73 |         saveContext();
74 |     }
75 | 
76 |     @Override
77 |     public void redirectUser(String location) throws IOException {
78 |         logger.log(Level.INFO, "Redirecting user to {0}", location);
79 |         this.response.sendRedirect(location);
80 |     }
81 | 
82 |     @Override
83 |     public String getParameter(String parameterName) {
84 |         return this.request.getParameter(parameterName);
85 |     }
86 | 
87 | }
88 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/resources/authentication.properties:
--------------------------------------------------------------------------------
 1 | aad.clientId={enter-your-client-id-here}
 2 | aad.secret={enter-your-client-secret-here}
 3 | aad.authority=https://login.microsoftonline.com/{enter-your-tenant-id-here}
 4 | aad.scopes=User.Read
 5 | 
 6 | aad.signOutEndpoint=/oauth2/v2.0/logout/
 7 | aad.postSignOutFragment=?post_logout_redirect_uri=
 8 | 
 9 | # app.homePage is by default set to dev server address and app context path on the server
10 | # for apps deployed to azure, use https://your-sub-domain.azurewebsites.net
11 | app.homePage=http://localhost:8080/msal4j-servlet-graph
12 | 
13 | # endpoint for AAD redirect. Configured this to be the same as the URL pattern for AADRedirectServlet.java
14 | app.redirectEndpoint=/auth/redirect
15 | 
16 | # app's state value validity in seconds
17 | app.stateTTL=600
18 | app.sessionParam=msalAuth
19 | app.protect.authenticated=/token_details, /call_graph
20 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/resources/log4j.properties:
--------------------------------------------------------------------------------
1 | log4j.rootLogger=ALL, stdout
2 | log4j.appender.stdout=org.apache.log4j.ConsoleAppender
3 | log4j.appender.stdout.Target=System.out
4 | log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
5 | log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/webapp/content/401.jsp:
--------------------------------------------------------------------------------
 1 | <div class="card">
 2 |     <h5 class="card-header bg-primary">
 3 |         401: Unauthorized
 4 |     </h5>
 5 |     <div class="card-body">
 6 |         <p class="card-text">
 7 |             Visiting this page requires you to be <strong>authenticated</strong>. Use the button on the top right to sign in.
 8 |         </p>
 9 |     </div>
10 | </div>
11 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/webapp/content/500.jsp:
--------------------------------------------------------------------------------
 1 | <div class="card">
 2 |     <h5 class="card-header bg-primary">
 3 |         500: Auth Error
 4 |     </h5>
 5 |     <div class="card-body">
 6 |         <p class="card-text">
 7 |             ${details}<br/>
 8 |         </p>
 9 |     </div>
10 | </div>
11 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/webapp/content/graph.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | <div class="card">
 3 |     <h5 class="card-header bg-primary">
 4 |         Call Graph /me Endpoint
 5 |     </h5>
 6 |     <div class="card-body">
 7 |         <p class="card-text">
 8 |             <c:forEach items="${user}" var="user">
 9 |                 <strong>${user.key}:</strong> ${user.value}
10 |                 <br>
11 |             </c:forEach>
12 |             <br>
13 |             Click here to see your <a class="btn btn-success" href="sign_in_status">Sign-in Status</a>
14 |             or <a class="btn btn-success" href="token_details">Token Details</a>
15 |         </p>
16 |     </div>
17 | </div>
18 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/webapp/content/status.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | 
 3 | <div class="card">
 4 |     <h5 class="card-header bg-primary">
 5 |         <c:if test = "${isAuthenticated}">You're signed in!</c:if>
 6 |         <c:if test = "${!isAuthenticated}">You're not signed in.</c:if>
 7 |     </h5>
 8 |     <div class="card-body">
 9 |         <p class="card-text">
10 |             <c:if test = "${isAuthenticated}">
11 |                 Click here to get your <a class="btn btn-success" href="token_details">ID Token Details</a>
12 |                 or <a class="btn btn-success" href="call_graph">Call Graph</a>
13 |             </c:if>
14 |             <c:if test = "${!isAuthenticated}">
15 |                 Use the button on the top right to sign in.
16 |                 Attempts to get your <a href="token_details">ID Token Details</a>
17 |                 or <a href="call_graph">Call Graph</a> will result in a 401 error.
18 |             </c:if>
19 |         </p>
20 |     </div>
21 | </div>
22 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/webapp/content/survey.jsp:
--------------------------------------------------------------------------------
 1 | 
 2 | <div class="card" style="width:fit-content">
 3 |     <h5 class="card-header bg-primary">
 4 |         Tell us how we did!
 5 |     </h5>
 6 |     <div class="card-body">
 7 |         Click <a target="_blank"  href="https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpURDQwVUxQWENUMlpLUlA0QzdJNVE3TUJRSyQlQCN0PWcu">here</a> if the survey question does not load automatically.
 8 |         <p class="card-text">
 9 |             <iframe width="640px" height= "1400px" src= "https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpURDQwVUxQWENUMlpLUlA0QzdJNVE3TUJRSyQlQCN0PWcu&embed=true" frameborder= "0" marginwidth= "0" marginheight= "0" style= "border: none; max-width:100%; max-height:100vh; alignment:center;" allowfullscreen webkitallowfullscreen mozallowfullscreen msallowfullscreen> </iframe>
10 |         </p>
11 |     </div>
12 | </div>
13 | 
14 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/webapp/content/token.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | <div class="card">
 3 |     <h5 class="card-header bg-primary">
 4 |         ID Token Details
 5 |     </h5>
 6 |     <div class="card-body">
 7 |         <p class="card-text">
 8 |             <c:forEach items="${claims}" var="claim">
 9 |                 <strong>${claim.key}:</strong> ${claim.value}
10 |                 <br>
11 |             </c:forEach>
12 |             <br>
13 |             Click here to see your <a class="btn btn-success" href="sign_in_status">Sign-in Status</a>
14 |             or <a class="btn btn-success" href="call_graph">Call Graph</a>
15 |         </p>
16 |     </div>
17 | </div>
18 | 


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/webapp/navbar.jsp:
--------------------------------------------------------------------------------
 1 | <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
 2 |     <a class="navbar-brand" href="index">Microsoft Identity Platform</a>
 3 |     <span class="navbar-text">Authorization I: Use MSAL Java to get an access token and call MS Graph</span>
 4 |     <div class="btn-group ml-auto dropleft">
 5 |         <ul class="nav navbar-nav navbar-right">
 6 |             <c:if test = "${isAuthenticated}">
 7 |             <li class="nav-item">
 8 |                 <a class="nav-link" href="token_details">Hello ${username}!</a>
 9 |             </li>
10 |             <li>
11 |                 <a class="btn btn-warning" href="auth/sign_out">Sign Out</a>
12 |             </li>
13 |         </c:if>
14 |         <c:if test = "${!isAuthenticated}">
15 |             <li><a class="btn btn-success" href="auth/sign_in">Sign In</a></li>
16 |         </c:if>
17 |         </ul>
18 |     </div>
19 | </nav>


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/webapp/static/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/2-Authorization-I/call-graph/src/main/webapp/static/favicon.ico


--------------------------------------------------------------------------------
/2-Authorization-I/call-graph/src/main/webapp/static/style.css:
--------------------------------------------------------------------------------
 1 | .body-content {
 2 |     padding-top: 15px;
 3 |     padding-bottom: 15px;
 4 |     padding-left: 15px;
 5 |     padding-right: 15px;
 6 | }
 7 | 
 8 | .dl-horizontal dt {
 9 |     white-space: normal;
10 | }
11 | 
12 | .flashToast {
13 |     position: fixed;
14 |     bottom: 0;
15 |     left: 0;
16 | }
17 | 
18 | 
19 | .card {
20 |     width: 50vw;
21 |     margin:auto;
22 |     background:#f0f0f0; 
23 |     border:1px solid black;
24 | }
25 | 
26 | .card-header {
27 |     /* background: darkseagreen; */
28 |     color: rgba(255,255,255,0.85);
29 |     background: #0078d4;
30 |     font-weight: 300;
31 | }
32 | 
33 | .card-text {
34 |     align-content: center
35 | }
36 | 
37 | #wrapper {
38 |     display: flex;
39 |   }
40 |   
41 | #left {
42 | flex: content;
43 | margin-right: 0.5em;
44 | 
45 | }
46 | 
47 | #right {
48 | flex: 1;
49 | }
50 | 
51 | #footer {
52 |     width: 50vw;
53 |     margin: auto;
54 |     text-align: left;
55 |     margin-top: 1em;
56 | }
57 | 
58 | #smiley, #frowny {
59 |     height: 1.5em;
60 |     width: 1.5em;
61 |     margin: auto;
62 |     fill: #0078d4
63 | }
64 | 
65 | #smiley:hover, #frowny:hover{
66 |     height: 1.5em;
67 |     width: 1.5em;
68 |     margin: auto;
69 |     fill: white;
70 |     border: 1px solid #0078d4;
71 |     background-color: #0078d4;
72 |     border-radius: 50%;
73 | }
74 | 
75 | #check-icon {
76 |     height: 1.25em;
77 |     width: 1.25em;
78 |     margin: auto;
79 |     fill: green;
80 | }
81 | 
82 | a.nostyle:link {
83 |     text-decoration: inherit;
84 |     color: inherit;
85 | }
86 | 
87 | a.nostyle:visited {
88 |     text-decoration: inherit;
89 |     color: inherit;
90 | }


--------------------------------------------------------------------------------
/3-Authorization-II/groups/.classpath:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <classpath>
 3 | 	<classpathentry kind="src" output="target/classes" path="src/main/java">
 4 | 		<attributes>
 5 | 			<attribute name="optional" value="true"/>
 6 | 			<attribute name="maven.pomderived" value="true"/>
 7 | 		</attributes>
 8 | 	</classpathentry>
 9 | 	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
10 | 		<attributes>
11 | 			<attribute name="maven.pomderived" value="true"/>
12 | 		</attributes>
13 | 	</classpathentry>
14 | 	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
15 | 		<attributes>
16 | 			<attribute name="optional" value="true"/>
17 | 			<attribute name="maven.pomderived" value="true"/>
18 | 			<attribute name="test" value="true"/>
19 | 		</attributes>
20 | 	</classpathentry>
21 | 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
22 | 		<attributes>
23 | 			<attribute name="maven.pomderived" value="true"/>
24 | 		</attributes>
25 | 	</classpathentry>
26 | 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
27 | 		<attributes>
28 | 			<attribute name="maven.pomderived" value="true"/>
29 | 		</attributes>
30 | 	</classpathentry>
31 | 	<classpathentry kind="src" path="target/generated-sources/annotations">
32 | 		<attributes>
33 | 			<attribute name="optional" value="true"/>
34 | 			<attribute name="maven.pomderived" value="true"/>
35 | 			<attribute name="ignore_optional_problems" value="true"/>
36 | 			<attribute name="m2e-apt" value="true"/>
37 | 		</attributes>
38 | 	</classpathentry>
39 | 	<classpathentry kind="src" output="target/test-classes" path="target/generated-test-sources/test-annotations">
40 | 		<attributes>
41 | 			<attribute name="optional" value="true"/>
42 | 			<attribute name="maven.pomderived" value="true"/>
43 | 			<attribute name="ignore_optional_problems" value="true"/>
44 | 			<attribute name="m2e-apt" value="true"/>
45 | 			<attribute name="test" value="true"/>
46 | 		</attributes>
47 | 	</classpathentry>
48 | 	<classpathentry kind="output" path="target/classes"/>
49 | </classpath>
50 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/.github/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Microsoft Open Source Code of Conduct
 2 | 
 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 4 | 
 5 | Resources:
 6 | 
 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
10 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!--
 2 | IF SUFFICIENT INFORMATION IS NOT PROVIDED VIA THE FOLLOWING TEMPLATE THE ISSUE MIGHT BE CLOSED WITHOUT FURTHER CONSIDERATION OR INVESTIGATION
 3 | -->
 4 | > Please provide us with the following information:
 5 | > ---------------------------------------------------------------
 6 | 
 7 | ### This issue is for a: (mark with an `x`)
 8 | ```
 9 | - [ ] bug report -> please search issues before submitting
10 | - [ ] feature request
11 | - [ ] documentation issue or request
12 | - [ ] regression (a behavior that used to work and stopped in a new release)
13 | ```
14 | 
15 | ### Minimal steps to reproduce
16 | >
17 | 
18 | ### Any log messages given by the failure
19 | >
20 | 
21 | ### Expected/desired behavior
22 | >
23 | 
24 | ### OS and Version?
25 | > Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
26 | 
27 | ### Versions
28 | >
29 | 
30 | ### Mention any other details that might be useful
31 | 
32 | > ---------------------------------------------------------------
33 | > Thanks! We'll be in touch soon.
34 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | ## Purpose
 2 | <!-- Describe the intention of the changes being proposed. What problem does it solve or functionality does it add? -->
 3 | * ...
 4 | 
 5 | ## Does this introduce a breaking change?
 6 | <!-- Mark one with an "x". -->
 7 | ```
 8 | [ ] Yes
 9 | [ ] No
10 | ```
11 | 
12 | ## Pull Request Type
13 | What kind of change does this Pull Request introduce?
14 | 
15 | <!-- Please check the one that applies to this PR using "x". -->
16 | ```
17 | [ ] Bugfix
18 | [ ] Feature
19 | [ ] Code style update (formatting, local variables)
20 | [ ] Refactoring (no functional changes, no api changes)
21 | [ ] Documentation content changes
22 | [ ] Other... Please describe:
23 | ```
24 | 
25 | ## How to Test
26 | *  Get the code
27 | 
28 | ```
29 | git clone [repo-address]
30 | cd [repo-name]
31 | git checkout [branch-name]
32 | npm install
33 | ```
34 | 
35 | * Test the code
36 | <!-- Add steps to run the tests suite and/or manually test -->
37 | ```
38 | ```
39 | 
40 | ## What to Check
41 | Verify that the following are valid
42 | * ...
43 | 
44 | ## Other Information
45 | <!-- Add any other helpful information that may be needed here. -->


--------------------------------------------------------------------------------
/3-Authorization-II/groups/.gitignore:
--------------------------------------------------------------------------------
 1 | .project
 2 | .settings/
 3 | .vscode/
 4 | target/
 5 | 
 6 | # Compiled class file
 7 | *.class
 8 | 
 9 | # Log file
10 | *.log
11 | 
12 | # BlueJ files
13 | *.ctxt
14 | 
15 | # Mobile Tools for Java (J2ME)
16 | .mtj.tmp/
17 | 
18 | # Package Files #
19 | *.jar
20 | *.war
21 | *.nar
22 | *.ear
23 | *.zip
24 | *.tar.gz
25 | *.rar
26 | 
27 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
28 | hs_err_pid*
29 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/AppCreationScripts/BulkCreateGroups.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 |  Use this script to create 200+ groups in your Azure AD tenant and assign a user to it.
 3 | 
 4 |  Use the companion script BulkRemoveGroups.ps1 to remove these security groups from your tenant.
 5 | #>
 6 | 
 7 | $ErrorActionPreference = "Stop"
 8 | 
 9 |  # ObjectId of the user to be assigned to these security groups. The ObjectId can be obtained via Graph Explorer or in the "Users" blade on the portal.
10 | $usersobjectId = "695a3e1d-2e9f-4d24-aa3c-ac795c16f25c"
11 | 
12 | Get-AzureADUser -ObjectId $usersobjectId
13 | 
14 | $groupNamePrefix = "TestGroup"
15 | $numberOfGroupsToCreate = 222;
16 | 
17 | for($i = 1; $i -le $numberOfGroupsToCreate; $i++)
18 | {
19 |   $groupName = $groupNamePrefix + $i
20 | 
21 |   # create a new group
22 |   $newsg = New-AzureADGroup -Description $groupName -DisplayName $groupName -MailEnabled $false -SecurityEnabled $true -MailNickName $groupName
23 |   Add-AzureADGroupMember -ObjectId $newsg.ObjectId -RefObjectId $usersobjectId
24 |   Write-Host "Successfully created $($newsg.DisplayName)"
25 | }


--------------------------------------------------------------------------------
/3-Authorization-II/groups/AppCreationScripts/BulkRemoveGroups.ps1:
--------------------------------------------------------------------------------
 1 | <#
 2 |  Use this script to remove the 200+ groups created in your Azure AD tenant by BulkCreateGroups.ps1
 3 | #>
 4 | 
 5 | $ErrorActionPreference = "Stop"
 6 | 
 7 | $groupNamePrefix = "TestGroup"
 8 | $numberOfGroupsToDelete = 222;
 9 | 
10 | for($i = 1; $i -le $numberOfGroupsToDelete; $i++)
11 | {
12 |   $groupName = $groupNamePrefix + $i
13 |   $groups = Get-AzureADGroup -SearchString $groupName
14 | 
15 |   Foreach ($group in $groups)
16 |   {
17 |     Write-Host "Trying to delete group $($group.DisplayName)"
18 |     Remove-AzureADGroup -ObjectId $group.ObjectId
19 |     Write-Host "Successfully deleted $($group.DisplayName)"
20 |   }
21 | }


--------------------------------------------------------------------------------
/3-Authorization-II/groups/AppCreationScripts/Cleanup.ps1:
--------------------------------------------------------------------------------
 1 | [CmdletBinding()]
 2 | param(    
 3 |     [PSCredential] $Credential,
 4 |     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
 5 |     [string] $tenantId,
 6 |     [Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script (it defaults to AzureCloud)')]
 7 |     [string] $azureEnvironmentName
 8 | )
 9 | 
10 | #Requires -Modules AzureAD -RunAsAdministrator
11 | 
12 | 
13 | if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) { 
14 |     Install-Module "AzureAD" -Scope CurrentUser 
15 | } 
16 | Import-Module AzureAD
17 | $ErrorActionPreference = "Stop"
18 | 
19 | Function Cleanup
20 | {
21 |     if (!$azureEnvironmentName)
22 |     {
23 |         $azureEnvironmentName = "AzureCloud"
24 |     }
25 | 
26 |     <#
27 |     .Description
28 |     This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
29 |     #>
30 | 
31 |     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
32 |     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
33 | 
34 |     # Login to Azure PowerShell (interactive if credentials are not already provided:
35 |     # you'll need to sign-in with creds enabling your to create apps in the tenant)
36 |     if (!$Credential -and $TenantId)
37 |     {
38 |         $creds = Connect-AzureAD -TenantId $tenantId -AzureEnvironmentName $azureEnvironmentName
39 |     }
40 |     else
41 |     {
42 |         if (!$TenantId)
43 |         {
44 |             $creds = Connect-AzureAD -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
45 |         }
46 |         else
47 |         {
48 |             $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
49 |         }
50 |     }
51 | 
52 |     if (!$tenantId)
53 |     {
54 |         $tenantId = $creds.Tenant.Id
55 |     }
56 |     $tenant = Get-AzureADTenantDetail
57 |     $tenantName =  ($tenant.VerifiedDomains | Where-Object { $_._Default -eq $True }).Name
58 |     
59 |     # Removes the applications
60 |     Write-Host "Cleaning-up applications from tenant '$tenantName'"
61 | 
62 |     Write-Host "Removing 'webApp' (java-servlet-webapp-groups) if needed"
63 |     Get-AzureADApplication -Filter "DisplayName eq 'java-servlet-webapp-groups'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
64 |     $apps = Get-AzureADApplication -Filter "DisplayName eq 'java-servlet-webapp-groups'"
65 |     if ($apps)
66 |     {
67 |         Remove-AzureADApplication -ObjectId $apps.ObjectId
68 |     }
69 | 
70 |     foreach ($app in $apps) 
71 |     {
72 |         Remove-AzureADApplication -ObjectId $app.ObjectId
73 |         Write-Host "Removed java-servlet-webapp-groups.."
74 |     }
75 |     # also remove service principals of this app
76 |     Get-AzureADServicePrincipal -filter "DisplayName eq 'java-servlet-webapp-groups'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
77 |     
78 | }
79 | 
80 | Cleanup -Credential $Credential -tenantId $TenantId


--------------------------------------------------------------------------------
/3-Authorization-II/groups/AppCreationScripts/sample.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "Sample": {
 3 |       "Title": "Enable your Java Servlet web app to sign in users to your Azure Active Directory tenant with the Microsoft identity platform",
 4 |       "Level": 100,
 5 |       "Client": "Java Servlet web app",
 6 |       "RepositoryUrl": "ms-identity-java-servlet-webapp-authentication",
 7 |       "Endpoint": "AAD v2.0"
 8 |     },
 9 |     "AADApps": [
10 |       {
11 |         "Id": "webApp",
12 |         "Name": "java-servlet-webapp-groups",
13 |         "Kind": "WebApp",
14 |         "Audience": "AzureADMyOrg",
15 |         "PasswordCredentials": "Auto",
16 |         "AllowImplicitFlow": false,
17 |         "HomePage": "http://localhost:8080/msal4j-servlet-groups/auth/redirect/index",
18 |         "ReplyUrls": "http://localhost:8080/msal4j-servlet-groups/auth/redirect",
19 |         "RequiredResourcesAccess": [
20 |           {
21 |             "Resource": "Microsoft Graph",
22 |             "DelegatedPermissions": ["GroupMember.Read.All" ]
23 |           }
24 |         ],
25 |         "ManualSteps": [
26 |           { "Comment": "On Azure Portal, create a security group named GroupAdmin, assign some users to it, and configure your ID and Access token to emit GroupID in your app registration." },
27 |           { "Comment": "On Azure Portal, create a security group named GroupMember, assign some users to it, and configure your ID and Access token to emit GroupID in your app registration." }
28 |         ]
29 |       }
30 |     ],
31 |     "CodeConfiguration": [
32 |       {
33 |         "App": "webApp",
34 |         "SettingKind": "Replace",
35 |         "SettingFile": "\\..\\src\\main\\resources\\authentication.properties",
36 |         "Mappings": [
37 |           {
38 |             "key": "{enter-your-tenant-id-here}",
39 |             "value": "$tenantId"
40 |           },
41 |           {
42 |             "key": "{enter-your-client-id-here}",
43 |             "value": "webApp.AppId"
44 |           },
45 |           {
46 |             "key": "{enter-your-client-secret-here}",
47 |             "value": ".AppKey"
48 |           }
49 |         ]
50 |       }
51 |     ]
52 |   }


--------------------------------------------------------------------------------
/3-Authorization-II/groups/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | ## [project-title] Changelog
 2 | 
 3 | <a name="x.y.z"></a>
 4 | # x.y.z (yyyy-mm-dd)
 5 | 
 6 | *Features*
 7 | * ...
 8 | 
 9 | *Bug Fixes*
10 | * ...
11 | 
12 | *Breaking Changes*
13 | * ...
14 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/LICENSE.md:
--------------------------------------------------------------------------------
 1 |     MIT License
 2 | 
 3 |     Copyright (c) Microsoft Corporation.
 4 | 
 5 |     Permission is hereby granted, free of charge, to any person obtaining a copy
 6 |     of this software and associated documentation files (the "Software"), to deal
 7 |     in the Software without restriction, including without limitation the rights
 8 |     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 |     copies of the Software, and to permit persons to whom the Software is
10 |     furnished to do so, subject to the following conditions:
11 | 
12 |     The above copyright notice and this permission notice shall be included in all
13 |     copies or substantial portions of the Software.
14 | 
15 |     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 |     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 |     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 |     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 |     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 |     SOFTWARE


--------------------------------------------------------------------------------
/3-Authorization-II/groups/ReadmeFiles/app.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/3-Authorization-II/groups/ReadmeFiles/app.png


--------------------------------------------------------------------------------
/3-Authorization-II/groups/ReadmeFiles/topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/3-Authorization-II/groups/ReadmeFiles/topology.png


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/AADRedirectServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | 
13 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
14 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
15 | import com.microsoft.azuresamples.msal4j.helpers.Config;
16 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
17 | 
18 | import java.io.IOException;
19 | import java.net.URLEncoder;
20 | import java.util.Arrays;
21 | import java.util.logging.Level;
22 | import java.util.logging.Logger;
23 | 
24 | /**
25 |  * This class defines the endpoint for processing the redirect from AAD MSAL
26 |  * Java apps using this sample's paradigm will require this.
27 |  */
28 | @WebServlet(name = "AADRedirectServlet", urlPatterns = "/auth/redirect")
29 | public class AADRedirectServlet extends HttpServlet {
30 |     private static Logger logger = Logger.getLogger(AADRedirectServlet.class.getName());
31 | 
32 |     @Override
33 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
34 |             throws ServletException, IOException {
35 |         logger.log(Level.FINE, "Request has come with params {0}", req.getQueryString());
36 |         try {
37 |             AuthHelper.processAADCallback(new IdentityContextAdapterServlet(req, resp));
38 |             logger.log(Level.INFO, "redirecting to home page.");
39 |             resp.sendRedirect(Config.HOME_PAGE);
40 |         } catch (AuthException ex) {
41 |             logger.log(Level.WARNING, ex.getMessage());
42 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
43 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
44 |             try {
45 |                 RequestDispatcher rd = req.getRequestDispatcher(String.format("/auth_error_details?details=%s", URLEncoder.encode(ex.getMessage(), "UTF-8")));
46 |                 rd.forward(req, resp);
47 |             } catch (Exception except) {
48 |                 except.printStackTrace();
49 |             }
50 |         }
51 |     }
52 | 
53 | }
54 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/SignInServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import java.io.IOException;
 7 | import java.net.URLEncoder;
 8 | import java.util.Arrays;
 9 | import java.util.logging.Level;
10 | import java.util.logging.Logger;
11 | 
12 | import javax.servlet.RequestDispatcher;
13 | import javax.servlet.ServletException;
14 | import javax.servlet.annotation.WebServlet;
15 | import javax.servlet.http.HttpServlet;
16 | import javax.servlet.http.HttpServletRequest;
17 | import javax.servlet.http.HttpServletResponse;
18 | 
19 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
20 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
21 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
22 | 
23 | /**
24 |  * This class defines the endpoint for processing sign in
25 |  * MSAL Java apps using this sample's paradigm will require this.
26 |  */
27 | @WebServlet(name = "SignInServlet", urlPatterns = "/auth/sign_in")
28 | public class SignInServlet extends HttpServlet {
29 |     private static Logger logger = Logger.getLogger(SignInServlet.class.getName());
30 | 
31 |     @Override
32 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
33 |         try {
34 |             AuthHelper.signIn(new IdentityContextAdapterServlet(req, resp));
35 |         } catch (AuthException ex) {
36 |             logger.log(Level.WARNING, ex.getMessage());
37 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
38 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
39 |             try {
40 |                 RequestDispatcher rd = req.getRequestDispatcher(String.format("/auth_error_details?details=%s", URLEncoder.encode(ex.getMessage(), "UTF-8")));
41 |                 rd.forward(req, resp);
42 |             } catch (Exception except) {
43 |                 except.printStackTrace();
44 |             }
45 |         }
46 |     }
47 | }
48 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/SignOutServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import java.io.IOException;
 7 | import java.util.Arrays;
 8 | import java.util.logging.Level;
 9 | import java.util.logging.Logger;
10 | 
11 | import javax.servlet.ServletException;
12 | import javax.servlet.annotation.WebServlet;
13 | import javax.servlet.http.HttpServlet;
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
18 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
19 | 
20 | /**
21 |  * This class defines the endpoint for processing sign out
22 |  * MSAL Java apps using this sample's paradigm will require this.
23 |  */
24 | @WebServlet(name = "SignOutServlet", urlPatterns = "/auth/sign_out")
25 | public class SignOutServlet extends HttpServlet {
26 |     private static Logger logger = Logger.getLogger(SignOutServlet.class.getName());
27 | 
28 |     @Override
29 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
30 |         try {
31 |             AuthHelper.signOut(new IdentityContextAdapterServlet(req, resp));
32 |         } catch (Exception ex){
33 |             logger.log(Level.WARNING, "Unable to sign out");
34 |             logger.log(Level.WARNING, ex.getMessage());
35 |             logger.log(Level.FINEST, Arrays.toString(ex.getStackTrace()));
36 |         }
37 |     }
38 | }


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/feedback/SurveyServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.feedback;
 5 | 
 6 | import java.io.IOException;
 7 | import javax.servlet.RequestDispatcher;
 8 | import javax.servlet.ServletException;
 9 | import javax.servlet.annotation.WebServlet;
10 | import javax.servlet.http.HttpServlet;
11 | import javax.servlet.http.HttpServletRequest;
12 | import javax.servlet.http.HttpServletResponse;
13 | 
14 | /**
15 |  * This class defines the endpoint for feedback
16 |  * It is NOT necessary for your application
17 |  */
18 | @WebServlet(name = "SurveyServlet", urlPatterns = "/survey")
19 | public class SurveyServlet extends HttpServlet {
20 | 
21 |     @Override
22 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
23 |         req.setAttribute("bodyContent", "content/survey.jsp");
24 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
25 |         view.forward(req, resp);
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/groupswebapp/AuthErrorDetailsServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.groupswebapp;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import java.io.IOException;
13 | 
14 | /**
15 |  * This class defines a page for showing the user AAD error details
16 |  *  In a real world app, you should likely NOT want to give out error details to your users.
17 |  */
18 | @WebServlet(name = "AuthErrorDetailsServlet", urlPatterns = "/auth_error_details")
19 | public class AuthErrorDetailsServlet extends HttpServlet {
20 | 
21 |     @Override
22 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
23 |             throws ServletException, IOException {
24 |         final String details = req.getParameter("details");
25 | 
26 |         req.setAttribute("details", details);
27 |         req.setAttribute("bodyContent", "content/500.jsp");
28 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
29 |         view.forward(req, resp);
30 |     }
31 | }


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/groupswebapp/GroupProtectedPageServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.groupswebapp;
 5 | 
 6 | import java.io.IOException;
 7 | import java.net.URLEncoder;
 8 | import java.util.Arrays;
 9 | import java.util.logging.Level;
10 | import java.util.logging.Logger;
11 | 
12 | import javax.servlet.RequestDispatcher;
13 | import javax.servlet.ServletException;
14 | import javax.servlet.annotation.WebServlet;
15 | import javax.servlet.http.HttpServlet;
16 | import javax.servlet.http.HttpServletRequest;
17 | import javax.servlet.http.HttpServletResponse;
18 | 
19 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
20 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
21 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
22 | import com.microsoft.graph.core.ClientException;
23 | 
24 | /**
25 |  * This class defines the endpoint for showing the graph /me endpoint
26 |  * This is here simply to demonstrate the graph call.
27 |  */
28 | @WebServlet(name = "GroupProtectedPageServlet", urlPatterns = {"/admin_only", "/regular_user"})
29 | public class GroupProtectedPageServlet extends HttpServlet {
30 |     private static Logger logger = Logger.getLogger(GroupProtectedPageServlet.class.getName());
31 | 
32 |     @Override
33 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
34 |         try {
35 |             // re-auth (prefer silently) in case the access token is not valid anymore. this gets latest groups claims.
36 |             IdentityContextAdapterServlet contextAdapter = new IdentityContextAdapterServlet(req, resp);
37 |             AuthHelper.acquireTokenSilently(contextAdapter);
38 |             req.setAttribute("bodyContent", "content/200.jsp");
39 |             final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
40 |             view.forward(req, resp);
41 | 
42 |         } catch (AuthException|ClientException ex) {
43 |             logger.log(Level.WARNING, ex.getMessage());
44 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
45 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
46 |             try {
47 |                 RequestDispatcher rd = req.getRequestDispatcher(String.format("/auth_error_details?details=%s", URLEncoder.encode(ex.getMessage(), "UTF-8")));
48 |                 rd.forward(req, resp);
49 |             } catch (Exception except) {
50 |                 except.printStackTrace();
51 |             }
52 |         }
53 |     }
54 | }
55 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/groupswebapp/GroupsServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.groupswebapp;
 5 | 
 6 | import java.io.IOException;
 7 | import java.net.URLEncoder;
 8 | import java.util.Arrays;
 9 | import java.util.Iterator;
10 | import java.util.List;
11 | import java.util.logging.Level;
12 | import java.util.logging.Logger;
13 | 
14 | import javax.servlet.RequestDispatcher;
15 | import javax.servlet.ServletException;
16 | import javax.servlet.annotation.WebServlet;
17 | import javax.servlet.http.HttpServlet;
18 | import javax.servlet.http.HttpServletRequest;
19 | import javax.servlet.http.HttpServletResponse;
20 | 
21 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextData;
22 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
23 | import com.microsoft.graph.core.ClientException;
24 | 
25 | /**
26 |  * This class defines the endpoint for showing the user's groups
27 |  * This is here simply to demonstrate the graph call.
28 |  */
29 | @WebServlet(name = "GroupsServlet", urlPatterns = "/groups")
30 | public class GroupsServlet extends HttpServlet {
31 |     private static Logger logger = Logger.getLogger(GroupsServlet.class.getName());
32 | 
33 |     @Override
34 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
35 |         try {
36 |             IdentityContextAdapterServlet contextAdapter = new IdentityContextAdapterServlet(req, resp);
37 |             IdentityContextData context = contextAdapter.getContext();
38 | 
39 |             List<String> groups = context.getGroups();
40 |             boolean groupsOverage = context.getGroupsOverage(); // for signalling to the user that an overage has happened.
41 |             StringBuilder groupsStringBuilder = new StringBuilder();
42 | 
43 |             // get 10 of the groups if they exist (for showing the user in UI)
44 |             if (!groups.isEmpty()) {
45 |                 Iterator<String> it = groups.iterator();
46 |                 for (int i=0; it.hasNext() && i < 10; i++){
47 |                     groupsStringBuilder = groupsStringBuilder.append(it.next()).append(", <br>");
48 |                 }
49 |                 groupsStringBuilder = groupsStringBuilder.append("...");
50 |             } else {
51 |                 groupsStringBuilder = groupsStringBuilder.append("User is not a member of any groups. <br>");
52 |             }
53 | 
54 |             req.setAttribute("groups", groupsStringBuilder.toString());
55 |             req.setAttribute("groupsNum", context.getGroups().size());
56 |             req.setAttribute("groupsOverage", groupsOverage);
57 |             req.setAttribute("bodyContent", "content/groups.jsp");
58 |             final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
59 |             view.forward(req, resp);
60 | 
61 |         } catch (ClientException ex) {
62 |             logger.log(Level.WARNING, ex.getMessage());
63 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
64 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
65 |             try {
66 |                 RequestDispatcher rd = req.getRequestDispatcher(String.format("/auth_error_details?details=%s", URLEncoder.encode(ex.getMessage(), "UTF-8")));
67 |                 rd.forward(req, resp);
68 |             } catch (Exception except) {
69 |                 except.printStackTrace();
70 |             }
71 |         }
72 |     }
73 | }
74 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/groupswebapp/SignInStatusServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.groupswebapp;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import java.io.IOException;
13 | 
14 | /**
15 |  * This class defines a page for showing the user their sign in status
16 |  * This is also the home page.
17 |  * This is here only for sample demonstration purposes.
18 |  */
19 | @WebServlet(name = "SignInStatusServlet", urlPatterns = {"", "/index", "/sign_in_status"})
20 | public class SignInStatusServlet extends HttpServlet {
21 | 
22 |     @Override
23 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
24 |         req.setAttribute("bodyContent", "content/status.jsp");
25 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
26 |         view.forward(req, resp);
27 |     }
28 | }


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/groupswebapp/TokenDetailsServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.groupswebapp;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | 
13 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextData;
14 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
15 | 
16 | import java.io.IOException;
17 | import java.util.Arrays;
18 | import java.util.HashMap;
19 | import java.util.List;
20 | 
21 | /**
22 |  * This class defines a page for showing the user their token details
23 |  * This is here only for sample demonstration purposes.
24 |  */
25 | @WebServlet(name = "TokenDetailsServlet", urlPatterns = {"/token_details"})
26 | public class TokenDetailsServlet extends HttpServlet {
27 | 
28 |     @Override
29 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
30 |             throws ServletException, IOException {        
31 |         IdentityContextData context = new IdentityContextAdapterServlet(req, resp).getContext();
32 |         final HashMap<String,String> filteredClaims = filterClaims(context);
33 | 
34 |         req.setAttribute("claims", filteredClaims);
35 |         req.setAttribute("bodyContent", "content/token.jsp");
36 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
37 |         view.forward(req, resp);
38 |     }
39 | 
40 |     private HashMap<String,String> filterClaims(IdentityContextData context) {
41 |         final String[] claimKeys = {"sub", "aud", "ver", "iss", "name", "oid", "preferred_username", "nonce", "tid", "roles", "groups", "_claim_names", "_claim_sources"};
42 |         final List<String> includeClaims = Arrays.asList(claimKeys);
43 | 
44 |         HashMap<String,String> filteredClaims = new HashMap<>();
45 |         context.getIdTokenClaims().forEach((k,v) -> {
46 |             if (includeClaims.contains(k))
47 |                     filteredClaims.put(k, v.toString());
48 |         });
49 |         return filteredClaims;
50 |     }
51 | }
52 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/helpers/AuthException.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | 
 5 | package com.microsoft.azuresamples.msal4j.helpers;
 6 | 
 7 | /*
 8 | Required exception class for using AuthHelper.java
 9 | */
10 | 
11 | public class AuthException extends Exception {
12 |     public AuthException(String message) {
13 |         super(message);
14 |     }
15 | }
16 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/helpers/IdentityContextAdapter.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.helpers;
 5 | 
 6 | /**
 7 |  * Implement this so that AuthHelper can be customized to your needs!
 8 |  * This Sample project implements this in IdentityContextAdapterServlet.java
 9 |  * MUST BE INSTANTIATED ONCE PER REQUEST IN WEB APPS / WEB APIs before passing to AuthHelper
10 |  */
11 | public interface IdentityContextAdapter {
12 |     public void setContext(IdentityContextData context);
13 |     public IdentityContextData getContext();
14 |     public void redirectUser(String location);
15 |     public String getParameter(String parameterName);
16 | }
17 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/java/com/microsoft/azuresamples/msal4j/helpers/IdentityContextAdapterServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.helpers;
 5 | 
 6 | import javax.servlet.http.HttpSession;
 7 | import javax.servlet.http.HttpSessionActivationListener;
 8 | import javax.servlet.http.HttpSessionEvent;
 9 | 
10 | import java.io.IOException;
11 | import java.util.logging.Level;
12 | import java.util.logging.Logger;
13 | 
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | /**
18 |  * Implementation of IdentityContextAdapter for AuthHelper for use with Java
19 |  * HttpServletRequests/Responses MUST BE INSTANTIATED ONCE PER REQUEST IN WEB
20 |  * APPS / WEB APIs before passing to AuthHelper
21 |  */
22 | 
23 | public class IdentityContextAdapterServlet implements IdentityContextAdapter, HttpSessionActivationListener {
24 |     private static Logger logger = Logger.getLogger(IdentityContextAdapterServlet.class.getName());
25 |     private HttpSession session = null;
26 |     private IdentityContextData context = null;
27 |     private HttpServletRequest request = null;
28 |     private HttpServletResponse response = null;
29 | 
30 |     public IdentityContextAdapterServlet(HttpServletRequest request, HttpServletResponse response) {
31 |         this.request = request;
32 |         this.session = request.getSession();
33 |         this.response = response;
34 |     }
35 | 
36 |     // load from session on session activation
37 |     @Override
38 |     public void sessionDidActivate(HttpSessionEvent se) {
39 |         this.session = se.getSession();
40 |         loadContext();
41 |     }
42 | 
43 |     // save to session on session passivation
44 |     @Override
45 |     public void sessionWillPassivate(HttpSessionEvent se) {
46 |         this.session = se.getSession();
47 |         saveContext();
48 |     }
49 | 
50 |     public void saveContext() {
51 |         if (this.context == null)
52 |             this.context = new IdentityContextData();
53 | 
54 |         if (this.context.hasChanged())
55 |             this.session.setAttribute(Config.SESSION_PARAM, context);
56 |     }
57 | 
58 |     public void loadContext() {
59 |         this.context = (IdentityContextData) session.getAttribute(Config.SESSION_PARAM);
60 |         if (this.context == null) {
61 |             this.context = new IdentityContextData();
62 |         }
63 |     }
64 | 
65 |     @Override
66 |     public IdentityContextData getContext() {
67 |         loadContext();
68 |         return this.context;
69 |     }
70 | 
71 |     @Override
72 |     public void setContext(IdentityContextData context) {
73 |         this.context = context;
74 |         saveContext();
75 |     }
76 | 
77 |     @Override
78 |     public void redirectUser(String location) {
79 |         logger.log(Level.INFO, "Redirecting user to {0}", location);
80 |         try {
81 |             this.response.sendRedirect(location);
82 |         } catch (IOException ex) {
83 |             logger.log(Level.WARNING, ex.getMessage());
84 |         }
85 |     }
86 | 
87 |     @Override
88 |     public String getParameter(String parameterName) {
89 |         return this.request.getParameter(parameterName);
90 |     }
91 | 
92 | }
93 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/resources/authentication.properties:
--------------------------------------------------------------------------------
 1 | aad.clientId={enter-your-client-id-here}
 2 | aad.secret={enter-your-client-secret-here}
 3 | aad.authority=https://login.microsoftonline.com/{enter-your-tenant-id-here}
 4 | aad.scopes=GroupMember.Read.All
 5 | 
 6 | ## TODO: use aad.instance instead of authority
 7 | ## TODO: build authority from instance+tenant
 8 | ## TODO: also baseURL for graph should be configurable (graph.us, graph.cn, etc.)
 9 | 
10 | aad.signOutEndpoint=/oauth2/v2.0/logout/
11 | aad.postSignOutFragment=?post_logout_redirect_uri=
12 | 
13 | # app.homePage is by default set to dev server address and app context path on the server
14 | # for apps deployed to azure, use https://your-sub-domain.azurewebsites.net
15 | app.homePage=http://localhost:8080/msal4j-servlet-groups
16 | 
17 | # endpoint for AAD redirect. Configure this to be the same as the URL pattern for AADRedirectServlet.java
18 | app.redirectEndpoint=/auth/redirect
19 | 
20 | # app's state value validity in seconds:
21 | app.stateTTL=600
22 | # where to store session variables related to MSAL
23 | app.sessionParam=msalAuth
24 | # protect these endpoints by checking authenticated 
25 | app.protect.authenticated=/token_details, /groups
26 | 
27 | # define short names for group IDs here for the app. This will be useful in the next key (app.protect.groups).
28 | # EXCLUDE the curly braces, they are in this file only as delimiters.
29 | # example:
30 | # app.groups=groupA abcdef-qrstuvw-xyz groupB abcdef-qrstuv-wxyz
31 | app.groups=admin {enter-your-admins-group-id-here}, user {enter-your-users-group-id-here}
32 | 
33 | # A route and its corresponding group(s) that can view it, <space-separated>; the start of the next route & its group(s) is delimited by a <comma-and-space-separator>
34 | # this says: /admins_only can be accessed by admin group, /regular_user can be accessed by admin group and user group
35 | app.protect.groups=/admin_only admin, /regular_user admin user
36 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/resources/log4j.properties:
--------------------------------------------------------------------------------
1 | log4j.rootLogger=ALL, stdout
2 | log4j.appender.stdout=org.apache.log4j.ConsoleAppender
3 | log4j.appender.stdout.Target=System.out
4 | log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
5 | log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/content/200.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | 
 3 | <div class="card">
 4 |     <h5 class="card-header bg-primary">
 5 |         200: OK!
 6 |     </h5>
 7 |     <div class="card-body">
 8 |         <p class="card-text">
 9 |             Excellent! You are a member of the group(s) that are allowed to visit this page!
10 |             <br>
11 |             <a class="btn btn-success" href="<c:url value="/groups"></c:url>">Groups</a>
12 |             <a class="btn btn-success" href="<c:url value="/admin_only"></c:url>">Admins Only</a>
13 |             <a class="btn btn-success" href="<c:url value="/regular_user"></c:url>">Regular Users</a>
14 |         </p>
15 |     </div>
16 | </div>
17 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/content/401.jsp:
--------------------------------------------------------------------------------
 1 | <div class="card">
 2 |     <h5 class="card-header bg-primary">
 3 |         401: Unauthorized
 4 |     </h5>
 5 |     <div class="card-body">
 6 |         <p class="card-text">
 7 |             Visiting this page requires you to be <strong>authenticated</strong>. Use the button on the top right to sign in.
 8 |         </p>
 9 |     </div>
10 | </div>
11 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/content/403.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | 
 3 |     <div class="card">
 4 |         <h5 class="card-header bg-primary">
 5 |             403: Forbidden
 6 |         </h5>
 7 |         <div class="card-body">
 8 |             <p class="card-text">
 9 |                 Visiting this page requires the signed in user to be assigned to <strong>the correct group(s)</strong>
10 |                 as defined in the authentication.properties file.
11 |                 <br><br>
12 |                 Click the Groups button to check if you are a member of any security groups that have been emitted in
13 |                 the ID token or obtained via Microsoft Graph. If you you do not see any groups, use the Readme
14 |                 instructions to add your user to one or more security
15 |                 groups. Follow the guidance in the Readme to make sure that the groups will be emitted in the ID token.
16 |                 <br><br>
17 |                 If you do see group memberships, copy some values and enter them into the relevant fields in the
18 |                 authentication.properties file.
19 |                 Use "mvn clean package" and then restart the app.
20 |                 <br><br>
21 |                 <a class="btn btn-success" href="<c:url value="/groups"></c:url>">Groups</a>
22 |                 <a class="btn btn-success" href="<c:url value="/admin_only"></c:url>">Admins Only</a>
23 |                 <a class="btn btn-success" href="<c:url value="/regular_user"></c:url>">Regular Users</a>
24 |             </p>
25 |         </div>
26 |     </div>


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/content/500.jsp:
--------------------------------------------------------------------------------
 1 | <div class="card">
 2 |     <h5 class="card-header bg-primary">
 3 |         500: Auth Error
 4 |     </h5>
 5 |     <div class="card-body">
 6 |         <p class="card-text">
 7 |             ${details}<br/>
 8 |         </p>
 9 |     </div>
10 | </div>
11 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/content/groups.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 |     <div class="card">
 3 |         <h5 class="card-header bg-primary">
 4 |             See Group Memberships
 5 |         </h5>
 6 |         <div class="card-body">
 7 |             <p class="card-text">
 8 |                 <c:if test="${!groupsOverage}">
 9 |                     Your security groups memberships are fewer than the emittable group membership limits for ID tokens
10 |                     (>200). If you have
11 |                     any group memberships, you'll see them here and in the token details page, under the <strong>groups</strong> claim.
12 |                     <br>
13 |                 </c:if>
14 |                 <c:if test="${groupsOverage}">
15 |                     Your security groups memberships have exceeded the maximum number of groups allowed in the ID token
16 |                     (>200). You will not
17 |                     see your group memberships in the token details page. Note the <strong>_claim_names</strong> and
18 |                     <strong>_claim_sources</strong> claims on the token details page.
19 |                     <br><br>
20 |                     Using the information in the token, the app has called Microsoft Graph to get your group
21 |                     memberships.
22 |                     <br>
23 |                 </c:if>
24 | 
25 |                 The app found ${groupsNum} total groups. Displaying up to <strong>10</strong> of them below:
26 |                 <br><br>
27 |                 ${groups}
28 |                 <br>
29 | 
30 |                 <a class="btn btn-success" href="<c:url value="/token_details"></c:url>">Token Details</a>
31 |                 <a class="btn btn-success" href="<c:url value="/admin_only"></c:url>">Admins Only</a>
32 |                 <a class="btn btn-success" href="<c:url value="/regular_user"></c:url>">Regular Users</a>
33 |             </p>
34 |         </div>
35 |     </div>


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/content/status.jsp:
--------------------------------------------------------------------------------
 1 | <jsp:useBean id="msalAuth" scope="session" class="com.microsoft.azuresamples.msal4j.helpers.IdentityContextData" />
 2 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 3 | 
 4 | <div class="card">
 5 |     <h5 class="card-header bg-primary">
 6 |         <% out.println(msalAuth.getAuthenticated()? "You're signed in!" : "You're not signed in."); %>
 7 |     </h5>
 8 |     <div class="card-body">
 9 |         <p class="card-text">
10 |             <% if (msalAuth.getAuthenticated()) { %>
11 |                 <a class="btn btn-success" href="<c:url value="/token_details"></c:url>">ID Token Details</a>
12 |                 <a class="btn btn-success" href="<c:url value="/groups"></c:url>">Groups</a>
13 |                 <a class="btn btn-success" href="<c:url value="/admin_only"></c:url>">Admins Only</a>
14 |                 <a class="btn btn-success" href="<c:url value="/regular_user"></c:url>">Regular Users</a>
15 |             <% } else { %>
16 |                 Use the button on the top right to sign in.
17 |                 Attempts to visit <a href="<c:url value="/token_details"></c:url>">ID Token Details</a>,
18 |                 <a href="<c:url value="/groups"></c:url>">Groups</a>,
19 |                 <a href="<c:url value="/admin_only"></c:url>">Admins Only</a>, 
20 |                 or <a href="<c:url value="/regular_user"></c:url>">Regular Users</a>
21 |                 will result in a 401 error.
22 |             <% } %>
23 |         </p>
24 |     </div>
25 | </div>
26 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/content/survey.jsp:
--------------------------------------------------------------------------------
 1 | 
 2 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 3 | <div class="card" style="width:fit-content">
 4 |     <h5 class="card-header bg-primary">
 5 |         Tell us how we did!
 6 |     </h5>
 7 |     <div class="card-body">
 8 |         Click <a target="_blank"  href="https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpURDQwVUxQWENUMlpLUlA0QzdJNVE3TUJRSyQlQCN0PWcu">here</a> if the survey question does not load automatically.
 9 |         <p class="card-text">
10 |             <iframe width="640px" height= "1400px" src= "https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpURDQwVUxQWENUMlpLUlA0QzdJNVE3TUJRSyQlQCN0PWcu&embed=true" frameborder= "0" marginwidth= "0" marginheight= "0" style= "border: none; max-width:100%; max-height:100vh; alignment:center;" allowfullscreen webkitallowfullscreen mozallowfullscreen msallowfullscreen> </iframe>
11 |         </p>
12 |     </div>
13 | </div>
14 | 
15 | 


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/content/token.jsp:
--------------------------------------------------------------------------------
 1 | <jsp:useBean id="msalAuth" scope="session" class="com.microsoft.azuresamples.msal4j.helpers.IdentityContextData"/>
 2 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 3 | <div class="card">
 4 |     <h5 class="card-header bg-primary">
 5 |         ID Token Details
 6 |     </h5>
 7 |     <div class="card-body">
 8 |         <p class="card-text">
 9 |             <c:forEach items="${claims}" var="claim">
10 |                 <strong>${claim.key}:</strong> ${claim.value}
11 |                 <br>
12 |             </c:forEach>
13 |             <br>
14 |             <a class="btn btn-success" href="<c:url value="/groups"></c:url>">Groups</a>
15 |             <a class="btn btn-success" href="<c:url value="/admin_only"></c:url>">Admins Only</a>
16 |             <a class="btn btn-success" href="<c:url value="/regular_user"></c:url>">Regular Users</a>
17 |         </p>
18 |     </div>
19 | </div>


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/navbar.jsp:
--------------------------------------------------------------------------------
 1 | <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
 2 |     <a class="navbar-brand" href="<c:url value="/index"></c:url>">Microsoft Identity Platform</a>
 3 |     <span class="navbar-text">Authorization II: Use MSAL Java to sign users in and restrict access to routes based on Security Group membership</span>
 4 |     <div class="btn-group ml-auto dropleft">
 5 |         <ul class="nav navbar-nav navbar-right">
 6 |             <c:if test = "${msalAuth.getAuthenticated()}">
 7 |             <li class="nav-item">
 8 |                 <a class="nav-link" href="<c:url value="/token_details"></c:url>">Hello <% out.print(msalAuth.getUsername()); %>!</a>
 9 |             </li>
10 |             <li>
11 |                 <a class="btn btn-warning" href="<c:url value="/auth/sign_out"></c:url>">Sign Out</a>
12 |             </li>
13 |         </c:if>
14 |         <c:if test = "${!msalAuth.getAuthenticated()}">
15 |             <li><a class="btn btn-success" href="<c:url value="/auth/sign_in"></c:url>">Sign In</a></li>
16 |         </c:if>
17 |         </ul>
18 |     </div>
19 | </nav>


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/static/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/3-Authorization-II/groups/src/main/webapp/static/favicon.ico


--------------------------------------------------------------------------------
/3-Authorization-II/groups/src/main/webapp/static/style.css:
--------------------------------------------------------------------------------
 1 | .body-content {
 2 |     padding-top: 15px;
 3 |     padding-bottom: 15px;
 4 |     padding-left: 15px;
 5 |     padding-right: 15px;
 6 | }
 7 | 
 8 | .dl-horizontal dt {
 9 |     white-space: normal;
10 | }
11 | 
12 | .flashToast {
13 |     position: fixed;
14 |     bottom: 0;
15 |     left: 0;
16 | }
17 | 
18 | 
19 | .card {
20 |     width: 50vw;
21 |     margin:auto;
22 |     background:#f0f0f0; 
23 |     border:1px solid black;
24 | }
25 | 
26 | .card-header {
27 |     /* background: darkseagreen; */
28 |     color: rgba(255,255,255,0.85);
29 |     background: #0078d4;
30 |     font-weight: 300;
31 | }
32 | 
33 | .card-text {
34 |     align-content: center
35 | }
36 | 
37 | #wrapper {
38 |     display: flex;
39 |   }
40 |   
41 | #left {
42 | flex: content;
43 | margin-right: 0.5em;
44 | 
45 | }
46 | 
47 | #right {
48 | flex: 1;
49 | }
50 | 
51 | #footer {
52 |     width: 50vw;
53 |     margin: auto;
54 |     text-align: left;
55 |     margin-top: 1em;
56 | }
57 | 
58 | #smiley, #frowny {
59 |     height: 1.5em;
60 |     width: 1.5em;
61 |     margin: auto;
62 |     fill: #0078d4
63 | }
64 | 
65 | #smiley:hover, #frowny:hover{
66 |     height: 1.5em;
67 |     width: 1.5em;
68 |     margin: auto;
69 |     fill: white;
70 |     border: 1px solid #0078d4;
71 |     background-color: #0078d4;
72 |     border-radius: 50%;
73 | }
74 | 
75 | #check-icon {
76 |     height: 1.25em;
77 |     width: 1.25em;
78 |     margin: auto;
79 |     fill: green;
80 | }
81 | 
82 | a.nostyle:link {
83 |     text-decoration: inherit;
84 |     color: inherit;
85 | }
86 | 
87 | a.nostyle:visited {
88 |     text-decoration: inherit;
89 |     color: inherit;
90 | }


--------------------------------------------------------------------------------
/3-Authorization-II/roles/.classpath:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <classpath>
 3 | 	<classpathentry kind="src" output="target/classes" path="src/main/java">
 4 | 		<attributes>
 5 | 			<attribute name="optional" value="true"/>
 6 | 			<attribute name="maven.pomderived" value="true"/>
 7 | 		</attributes>
 8 | 	</classpathentry>
 9 | 	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
10 | 		<attributes>
11 | 			<attribute name="maven.pomderived" value="true"/>
12 | 		</attributes>
13 | 	</classpathentry>
14 | 	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
15 | 		<attributes>
16 | 			<attribute name="optional" value="true"/>
17 | 			<attribute name="maven.pomderived" value="true"/>
18 | 			<attribute name="test" value="true"/>
19 | 		</attributes>
20 | 	</classpathentry>
21 | 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
22 | 		<attributes>
23 | 			<attribute name="maven.pomderived" value="true"/>
24 | 		</attributes>
25 | 	</classpathentry>
26 | 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
27 | 		<attributes>
28 | 			<attribute name="maven.pomderived" value="true"/>
29 | 			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
30 | 		</attributes>
31 | 	</classpathentry>
32 | 	<classpathentry kind="output" path="target/classes"/>
33 | </classpath>
34 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/.github/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Microsoft Open Source Code of Conduct
 2 | 
 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 4 | 
 5 | Resources:
 6 | 
 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
10 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!--
 2 | IF SUFFICIENT INFORMATION IS NOT PROVIDED VIA THE FOLLOWING TEMPLATE THE ISSUE MIGHT BE CLOSED WITHOUT FURTHER CONSIDERATION OR INVESTIGATION
 3 | -->
 4 | > Please provide us with the following information:
 5 | > ---------------------------------------------------------------
 6 | 
 7 | ### This issue is for a: (mark with an `x`)
 8 | ```
 9 | - [ ] bug report -> please search issues before submitting
10 | - [ ] feature request
11 | - [ ] documentation issue or request
12 | - [ ] regression (a behavior that used to work and stopped in a new release)
13 | ```
14 | 
15 | ### Minimal steps to reproduce
16 | >
17 | 
18 | ### Any log messages given by the failure
19 | >
20 | 
21 | ### Expected/desired behavior
22 | >
23 | 
24 | ### OS and Version?
25 | > Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
26 | 
27 | ### Versions
28 | >
29 | 
30 | ### Mention any other details that might be useful
31 | 
32 | > ---------------------------------------------------------------
33 | > Thanks! We'll be in touch soon.
34 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | ## Purpose
 2 | <!-- Describe the intention of the changes being proposed. What problem does it solve or functionality does it add? -->
 3 | * ...
 4 | 
 5 | ## Does this introduce a breaking change?
 6 | <!-- Mark one with an "x". -->
 7 | ```
 8 | [ ] Yes
 9 | [ ] No
10 | ```
11 | 
12 | ## Pull Request Type
13 | What kind of change does this Pull Request introduce?
14 | 
15 | <!-- Please check the one that applies to this PR using "x". -->
16 | ```
17 | [ ] Bugfix
18 | [ ] Feature
19 | [ ] Code style update (formatting, local variables)
20 | [ ] Refactoring (no functional changes, no api changes)
21 | [ ] Documentation content changes
22 | [ ] Other... Please describe:
23 | ```
24 | 
25 | ## How to Test
26 | *  Get the code
27 | 
28 | ```
29 | git clone [repo-address]
30 | cd [repo-name]
31 | git checkout [branch-name]
32 | npm install
33 | ```
34 | 
35 | * Test the code
36 | <!-- Add steps to run the tests suite and/or manually test -->
37 | ```
38 | ```
39 | 
40 | ## What to Check
41 | Verify that the following are valid
42 | * ...
43 | 
44 | ## Other Information
45 | <!-- Add any other helpful information that may be needed here. -->


--------------------------------------------------------------------------------
/3-Authorization-II/roles/.gitignore:
--------------------------------------------------------------------------------
 1 | .project
 2 | .settings/
 3 | .vscode/
 4 | target/
 5 | 
 6 | # Compiled class file
 7 | *.class
 8 | 
 9 | # Log file
10 | *.log
11 | 
12 | # BlueJ files
13 | *.ctxt
14 | 
15 | # Mobile Tools for Java (J2ME)
16 | .mtj.tmp/
17 | 
18 | # Package Files #
19 | *.jar
20 | *.war
21 | *.nar
22 | *.ear
23 | *.zip
24 | *.tar.gz
25 | *.rar
26 | 
27 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
28 | hs_err_pid*
29 | .vs/ms-identity-java-servlet-webapp-authentication/v16/.suo
30 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/AppCreationScripts/Cleanup.ps1:
--------------------------------------------------------------------------------
 1 | [CmdletBinding()]
 2 | param(    
 3 |     [PSCredential] $Credential,
 4 |     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
 5 |     [string] $tenantId,
 6 |     [Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script (it defaults to AzureCloud)')]
 7 |     [string] $azureEnvironmentName
 8 | )
 9 | 
10 | #Requires -Modules AzureAD -RunAsAdministrator
11 | 
12 | 
13 | if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) { 
14 |     Install-Module "AzureAD" -Scope CurrentUser 
15 | } 
16 | Import-Module AzureAD
17 | $ErrorActionPreference = "Stop"
18 | 
19 | Function Cleanup
20 | {
21 |     if (!$azureEnvironmentName)
22 |     {
23 |         $azureEnvironmentName = "AzureCloud"
24 |     }
25 | 
26 |     <#
27 |     .Description
28 |     This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
29 |     #>
30 | 
31 |     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
32 |     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
33 | 
34 |     # Login to Azure PowerShell (interactive if credentials are not already provided:
35 |     # you'll need to sign-in with creds enabling your to create apps in the tenant)
36 |     if (!$Credential -and $TenantId)
37 |     {
38 |         $creds = Connect-AzureAD -TenantId $tenantId -AzureEnvironmentName $azureEnvironmentName
39 |     }
40 |     else
41 |     {
42 |         if (!$TenantId)
43 |         {
44 |             $creds = Connect-AzureAD -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
45 |         }
46 |         else
47 |         {
48 |             $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
49 |         }
50 |     }
51 | 
52 |     if (!$tenantId)
53 |     {
54 |         $tenantId = $creds.Tenant.Id
55 |     }
56 |     $tenant = Get-AzureADTenantDetail
57 |     $tenantName =  ($tenant.VerifiedDomains | Where-Object { $_._Default -eq $True }).Name
58 |     
59 |     # Removes the applications
60 |     Write-Host "Cleaning-up applications from tenant '$tenantName'"
61 | 
62 |     Write-Host "Removing 'webApp' (java-servlet-webapp-roles) if needed"
63 |     Get-AzureADApplication -Filter "DisplayName eq 'java-servlet-webapp-roles'"  | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
64 |     $apps = Get-AzureADApplication -Filter "DisplayName eq 'java-servlet-webapp-roles'"
65 |     if ($apps)
66 |     {
67 |         Remove-AzureADApplication -ObjectId $apps.ObjectId
68 |     }
69 | 
70 |     foreach ($app in $apps) 
71 |     {
72 |         Remove-AzureADApplication -ObjectId $app.ObjectId
73 |         Write-Host "Removed java-servlet-webapp-roles.."
74 |     }
75 |     # also remove service principals of this app
76 |     Get-AzureADServicePrincipal -filter "DisplayName eq 'java-servlet-webapp-roles'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
77 |     
78 | }
79 | 
80 | Cleanup -Credential $Credential -tenantId $TenantId


--------------------------------------------------------------------------------
/3-Authorization-II/roles/AppCreationScripts/CleanupUsersAndRoles.ps1:
--------------------------------------------------------------------------------
 1 | [CmdletBinding()]
 2 | param(    
 3 |     [PSCredential] $Credential,
 4 |     [Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
 5 |     [string] $tenantId
 6 | )
 7 | 
 8 | Import-Module AzureAD
 9 | $ErrorActionPreference = 'Stop'
10 | 
11 | Function RemoveUser([string]$userPrincipal)
12 | {
13 |     $user = Get-AzureADUser -Filter "UserPrincipalName eq '$userPrincipal'"
14 |     if ($user)
15 |     {
16 |         Write-Host "Removing User '($userPrincipal)'"
17 |         Remove-AzureADUser -ObjectId $user.ObjectId
18 |     }
19 |     else {
20 |         Write-Host "Failed to remove user '($userPrincipal)'"
21 |     }
22 | }
23 | 
24 | Function CleanupUsers
25 | {
26 |     <#
27 |     .Description
28 |     This function removes the users created in the Azure AD tenant by the CreateUsersAndRoles.ps1 script.
29 |     #>
30 | 
31 |     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant 
32 |     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD. 
33 | 
34 |     # Login to Azure PowerShell (interactive if credentials are not already provided:
35 |     # you'll need to sign-in with creds enabling your to create apps in the tenant)
36 |     if (!$Credential -and $TenantId)
37 |     {
38 |         $creds = Connect-AzureAD -TenantId $tenantId
39 |     }
40 |     else
41 |     {
42 |         if (!$TenantId)
43 |         {
44 |             $creds = Connect-AzureAD -Credential $Credential
45 |         }
46 |         else
47 |         {
48 |             $creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential
49 |         }
50 |     }
51 | 
52 |     if (!$tenantId)
53 |     {
54 |         $tenantId = $creds.Tenant.Id
55 |     }
56 | 
57 |     $tenant = Get-AzureADTenantDetail
58 | 
59 |     $tenantName =  ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
60 | 
61 |     $appName = "java-servlet-webapp-roles"
62 | 
63 |     # Removes the users created for the application
64 |     Write-Host "Removing Users"
65 |     RemoveUser -userPrincipal "$appName-PrivilegedAdmin@$tenantName"
66 |     RemoveUser -userPrincipal "$appName-RegularUser@$tenantName"
67 | 
68 |     Write-Host "finished removing  users created for this app." 
69 | }
70 | 
71 | # Pre-requisites
72 | if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) { 
73 |     Install-Module "AzureAD" -Scope CurrentUser 
74 | } 
75 | Import-Module AzureAD
76 | $ErrorActionPreference = 'Stop'
77 | 
78 | CleanupUsers -Credential $Credential -tenantId $TenantId
79 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/AppCreationScripts/sample.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "Sample": {
 3 |       "Title": "Add authorization using app roles & roles claims to Java servlet Web app that signs-in users with the Microsoft identity platform",
 4 |       "Level": 100,
 5 |       "Client": "Java Servlet web app",
 6 |       "RepositoryUrl": "ms-identity-java-servlet-webapp-roles",
 7 |       "Endpoint": "AAD v2.0"
 8 |     },
 9 |     "AADApps": [
10 |       {
11 |         "Id": "webApp",
12 |         "Name": "java-servlet-webapp-authentication",
13 |         "Kind": "WebApp",
14 |         "Audience": "AzureADMyOrg",
15 |         "PasswordCredentials": "Auto",
16 |         "AllowImplicitFlow": false,
17 |         "HomePage": "http://localhost:8080/msal4j-servlet-roles/index",
18 |         "ReplyUrls": "http://localhost:8080/msal4j-servlet-roles/auth/redirect",
19 |         "RequiredResourcesAccess": [],
20 |         "ManualSteps": [
21 |           {
22 |             "Comment": " You can run the ..\\CreateUsersAndAssignRoles.ps1 command to automatically create a number of users, and assign users to these roles or assign users to this application app roles using the portal."
23 |           },
24 |           {
25 |             "Comment": "To receive the `roles` claim with the name of the app roles this user is assigned to, make sure that the user accounts you plan to sign-in to this app is assigned to the app roles of this app. The guide, https://docs.microsoft.com/azure/active-directory/manage-apps/assign-user-or-group-access-portal#assign-a-user-to-an-app---portal provides step by step instructions."
26 |           }
27 |         ]
28 |       }
29 |     ],
30 |     "CodeConfiguration": [
31 |       {
32 |         "App": "webApp",
33 |         "SettingKind": "Replace",
34 |         "SettingFile": "\\..\\src\\main\\resources\\authentication.properties",
35 |         "Mappings": [
36 |           {
37 |             "key": "{enter-your-tenant-id-here}",
38 |             "value": "$tenantId"
39 |           },
40 |           {
41 |             "key": "{enter-your-client-id-here}",
42 |             "value": "webApp.AppId"
43 |           },
44 |           {
45 |             "key": "{enter-your-client-secret-here}",
46 |             "value": ".AppKey"
47 |           }
48 |         ]
49 |       }
50 |     ]
51 |   }


--------------------------------------------------------------------------------
/3-Authorization-II/roles/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | ## [project-title] Changelog
 2 | 
 3 | <a name="x.y.z"></a>
 4 | # x.y.z (yyyy-mm-dd)
 5 | 
 6 | *Features*
 7 | * ...
 8 | 
 9 | *Bug Fixes*
10 | * ...
11 | 
12 | *Breaking Changes*
13 | * ...
14 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/LICENSE.md:
--------------------------------------------------------------------------------
 1 |     MIT License
 2 | 
 3 |     Copyright (c) Microsoft Corporation.
 4 | 
 5 |     Permission is hereby granted, free of charge, to any person obtaining a copy
 6 |     of this software and associated documentation files (the "Software"), to deal
 7 |     in the Software without restriction, including without limitation the rights
 8 |     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 |     copies of the Software, and to permit persons to whom the Software is
10 |     furnished to do so, subject to the following conditions:
11 | 
12 |     The above copyright notice and this permission notice shall be included in all
13 |     copies or substantial portions of the Software.
14 | 
15 |     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 |     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 |     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 |     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 |     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 |     SOFTWARE


--------------------------------------------------------------------------------
/3-Authorization-II/roles/ReadmeFiles/app.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/3-Authorization-II/roles/ReadmeFiles/app.png


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/AADRedirectServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | 
13 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
14 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
15 | import com.microsoft.azuresamples.msal4j.helpers.Config;
16 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
17 | 
18 | import java.io.IOException;
19 | import java.net.URLEncoder;
20 | import java.util.Arrays;
21 | import java.util.logging.Level;
22 | import java.util.logging.Logger;
23 | 
24 | /**
25 |  * This class defines the endpoint for processing the redirect from AAD MSAL
26 |  * Java apps using this sample's paradigm will require this.
27 |  */
28 | @WebServlet(name = "AADRedirectServlet", urlPatterns = "/auth/redirect")
29 | public class AADRedirectServlet extends HttpServlet {
30 |     private static Logger logger = Logger.getLogger(AADRedirectServlet.class.getName());
31 | 
32 |     @Override
33 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
34 |             throws ServletException, IOException {
35 |         logger.log(Level.FINE, "Request has come with params {0}", req.getQueryString());
36 |         try {
37 |             AuthHelper.processAADCallback(new IdentityContextAdapterServlet(req, resp));
38 |             logger.log(Level.INFO, "redirecting to home page.");
39 |             resp.sendRedirect(Config.HOME_PAGE);
40 |         } catch (AuthException ex) {
41 |             logger.log(Level.WARNING, ex.getMessage());
42 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
43 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
44 |             try {
45 |                 RequestDispatcher rd = req.getRequestDispatcher(String.format("/auth_error_details?details=%s", URLEncoder.encode(ex.getMessage(), "UTF-8")));
46 |                 rd.forward(req, resp);
47 |             } catch (Exception except) {
48 |                 except.printStackTrace();
49 |             }
50 |         }
51 |     }
52 | 
53 | }
54 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/SignInServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import java.io.IOException;
 7 | import java.net.URLEncoder;
 8 | import java.util.Arrays;
 9 | import java.util.logging.Level;
10 | import java.util.logging.Logger;
11 | 
12 | import javax.servlet.RequestDispatcher;
13 | import javax.servlet.ServletException;
14 | import javax.servlet.annotation.WebServlet;
15 | import javax.servlet.http.HttpServlet;
16 | import javax.servlet.http.HttpServletRequest;
17 | import javax.servlet.http.HttpServletResponse;
18 | 
19 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
20 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
21 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
22 | 
23 | /**
24 |  * This class defines the endpoint for processing sign in
25 |  * MSAL Java apps using this sample's paradigm will require this.
26 |  */
27 | @WebServlet(name = "SignInServlet", urlPatterns = "/auth/sign_in")
28 | public class SignInServlet extends HttpServlet {
29 |     private static Logger logger = Logger.getLogger(SignInServlet.class.getName());
30 | 
31 |     @Override
32 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
33 |         try {
34 |             AuthHelper.signIn(new IdentityContextAdapterServlet(req, resp));
35 |         } catch (AuthException ex) {
36 |             logger.log(Level.WARNING, ex.getMessage());
37 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
38 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
39 |             try {
40 |                 RequestDispatcher rd = req.getRequestDispatcher(String.format("/auth_error_details?details=%s", URLEncoder.encode(ex.getMessage(), "UTF-8")));
41 |                 rd.forward(req, resp);
42 |             } catch (Exception except) {
43 |                 except.printStackTrace();
44 |             }
45 |         }
46 |     }
47 | }
48 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/authservlets/SignOutServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.authservlets;
 5 | 
 6 | import java.io.IOException;
 7 | import java.util.Arrays;
 8 | import java.util.logging.Level;
 9 | import java.util.logging.Logger;
10 | 
11 | import javax.servlet.ServletException;
12 | import javax.servlet.annotation.WebServlet;
13 | import javax.servlet.http.HttpServlet;
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
18 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
19 | 
20 | /**
21 |  * This class defines the endpoint for processing sign out
22 |  * MSAL Java apps using this sample's paradigm will require this.
23 |  */
24 | @WebServlet(name = "SignOutServlet", urlPatterns = "/auth/sign_out")
25 | public class SignOutServlet extends HttpServlet {
26 |     private static Logger logger = Logger.getLogger(SignOutServlet.class.getName());
27 | 
28 |     @Override
29 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
30 |         try {
31 |             AuthHelper.signOut(new IdentityContextAdapterServlet(req, resp));
32 |         } catch (Exception ex){
33 |             logger.log(Level.WARNING, "Unable to sign out");
34 |             logger.log(Level.WARNING, ex.getMessage());
35 |             logger.log(Level.FINEST, Arrays.toString(ex.getStackTrace()));
36 |         }
37 |     }
38 | }


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/feedback/SurveyServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.feedback;
 5 | 
 6 | import java.io.IOException;
 7 | import javax.servlet.RequestDispatcher;
 8 | import javax.servlet.ServletException;
 9 | import javax.servlet.annotation.WebServlet;
10 | import javax.servlet.http.HttpServlet;
11 | import javax.servlet.http.HttpServletRequest;
12 | import javax.servlet.http.HttpServletResponse;
13 | 
14 | /**
15 |  * This class defines the endpoint for feedback
16 |  * It is NOT necessary for your application
17 |  */
18 | @WebServlet(name = "SurveyServlet", urlPatterns = "/survey")
19 | public class SurveyServlet extends HttpServlet {
20 | 
21 |     @Override
22 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
23 |         req.setAttribute("bodyContent", "content/survey.jsp");
24 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
25 |         view.forward(req, resp);
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/helpers/AuthException.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | 
 5 | package com.microsoft.azuresamples.msal4j.helpers;
 6 | 
 7 | /*
 8 | Required exception class for using AuthHelper.java
 9 | */
10 | 
11 | public class AuthException extends Exception {
12 |     public AuthException(String message) {
13 |         super(message);
14 |     }
15 | }
16 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/helpers/IdentityContextAdapter.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.helpers;
 5 | 
 6 | /**
 7 |  * Implement this so that AuthHelper can be customized to your needs!
 8 |  * This Sample project implements this in IdentityContextAdapterServlet.java
 9 |  * MUST BE INSTANTIATED ONCE PER REQUEST IN WEB APPS / WEB APIs before passing to AuthHelper
10 |  */
11 | public interface IdentityContextAdapter {
12 |     public void setContext(IdentityContextData context);
13 |     public IdentityContextData getContext();
14 |     public void redirectUser(String location);
15 |     public String getParameter(String parameterName);
16 | }
17 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/helpers/IdentityContextAdapterServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.helpers;
 5 | 
 6 | import javax.servlet.http.HttpSession;
 7 | import javax.servlet.http.HttpSessionActivationListener;
 8 | import javax.servlet.http.HttpSessionEvent;
 9 | 
10 | import java.io.IOException;
11 | import java.util.logging.Level;
12 | import java.util.logging.Logger;
13 | 
14 | import javax.servlet.http.HttpServletRequest;
15 | import javax.servlet.http.HttpServletResponse;
16 | 
17 | /**
18 |  * Implementation of IdentityContextAdapter for AuthHelper for use with Java
19 |  * HttpServletRequests/Responses MUST BE INSTANTIATED ONCE PER REQUEST IN WEB
20 |  * APPS / WEB APIs before passing to AuthHelper
21 |  */
22 | 
23 | public class IdentityContextAdapterServlet implements IdentityContextAdapter, HttpSessionActivationListener {
24 |     private static Logger logger = Logger.getLogger(IdentityContextAdapterServlet.class.getName());
25 |     private HttpSession session = null;
26 |     private IdentityContextData context = null;
27 |     private HttpServletRequest request = null;
28 |     private HttpServletResponse response = null;
29 | 
30 |     public IdentityContextAdapterServlet(HttpServletRequest request, HttpServletResponse response) {
31 |         this.request = request;
32 |         this.session = request.getSession();
33 |         this.response = response;
34 |     }
35 | 
36 |     // load from session on session activation
37 |     @Override
38 |     public void sessionDidActivate(HttpSessionEvent se) {
39 |         this.session = se.getSession();
40 |         loadContext();
41 |     }
42 | 
43 |     // save to session on session passivation
44 |     @Override
45 |     public void sessionWillPassivate(HttpSessionEvent se) {
46 |         this.session = se.getSession();
47 |         saveContext();
48 |     }
49 | 
50 |     public void saveContext() {
51 |         if (this.context == null)
52 |             this.context = new IdentityContextData();
53 | 
54 |         if (this.context.hasChanged())
55 |             this.session.setAttribute(Config.SESSION_PARAM, context);
56 |     }
57 | 
58 |     public void loadContext() {
59 |         this.context = (IdentityContextData) session.getAttribute(Config.SESSION_PARAM);
60 |         if (this.context == null) {
61 |             this.context = new IdentityContextData();
62 |         }
63 |     }
64 | 
65 |     @Override
66 |     public IdentityContextData getContext() {
67 |         loadContext();
68 |         return this.context;
69 |     }
70 | 
71 |     @Override
72 |     public void setContext(IdentityContextData context) {
73 |         this.context = context;
74 |         saveContext();
75 |     }
76 | 
77 |     @Override
78 |     public void redirectUser(String location) {
79 |         logger.log(Level.INFO, "Redirecting user to {0}", location);
80 |         try {
81 |             this.response.sendRedirect(location);
82 |         } catch (IOException ex) {
83 |             logger.log(Level.WARNING, ex.getMessage());
84 |         }
85 |     }
86 | 
87 |     @Override
88 |     public String getParameter(String parameterName) {
89 |         return this.request.getParameter(parameterName);
90 |     }
91 | 
92 | }
93 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/roles/AuthErrorDetailsServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.roles;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import java.io.IOException;
13 | 
14 | /**
15 |  * This class defines a page for showing the user AAD error details
16 |  *  In a real world app, you should likely NOT want to give out error details to your users.
17 |  */
18 | @WebServlet(name = "AuthErrorDetailsServlet", urlPatterns = "/auth_error_details")
19 | public class AuthErrorDetailsServlet extends HttpServlet {
20 | 
21 |     @Override
22 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
23 |             throws ServletException, IOException {
24 |         final String details = req.getParameter("details");
25 | 
26 |         req.setAttribute("details", details);
27 |         req.setAttribute("bodyContent", "content/500.jsp");
28 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
29 |         view.forward(req, resp);
30 |     }
31 | }


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/roles/RoleProtectedPageServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.roles;
 5 | 
 6 | import java.io.IOException;
 7 | import java.net.URLEncoder;
 8 | import java.util.Arrays;
 9 | import java.util.logging.Level;
10 | import java.util.logging.Logger;
11 | 
12 | import javax.servlet.RequestDispatcher;
13 | import javax.servlet.ServletException;
14 | import javax.servlet.annotation.WebServlet;
15 | import javax.servlet.http.HttpServlet;
16 | import javax.servlet.http.HttpServletRequest;
17 | import javax.servlet.http.HttpServletResponse;
18 | 
19 | import com.microsoft.azuresamples.msal4j.helpers.AuthException;
20 | import com.microsoft.azuresamples.msal4j.helpers.AuthHelper;
21 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
22 | import com.microsoft.graph.core.ClientException;
23 | 
24 | /**
25 |  * This class defines the endpoint for showing the graph /me endpoint
26 |  * This is here simply to demonstrate the graph call.
27 |  */
28 | @WebServlet(name = "GroupProtectedPageServlet", urlPatterns = {"/admin_only", "/regular_user"})
29 | public class RoleProtectedPageServlet extends HttpServlet {
30 |     private static Logger logger = Logger.getLogger(RoleProtectedPageServlet.class.getName());
31 | 
32 |     @Override
33 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
34 |         try {
35 |             // re-auth (prefer silently) in case the access token is not valid anymore.
36 |             IdentityContextAdapterServlet contextAdapter = new IdentityContextAdapterServlet(req, resp);
37 |             AuthHelper.authorize(contextAdapter);
38 |             req.setAttribute("bodyContent", "content/200.jsp");
39 |             final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
40 |             view.forward(req, resp);
41 | 
42 |         } catch (AuthException|ClientException ex) {
43 |             logger.log(Level.WARNING, ex.getMessage());
44 |             logger.log(Level.WARNING, Arrays.toString(ex.getStackTrace()));
45 |             logger.log(Level.INFO, "redirecting to error page to display auth error to user.");
46 |             try {
47 |                 RequestDispatcher rd = req.getRequestDispatcher(String.format("/auth_error_details?details=%s", URLEncoder.encode(ex.getMessage(), "UTF-8")));
48 |                 rd.forward(req, resp);
49 |             } catch (Exception except) {
50 |                 except.printStackTrace();
51 |             }
52 |         }
53 |     }
54 | }
55 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/roles/SignInStatusServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.roles;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | import java.io.IOException;
13 | 
14 | /**
15 |  * This class defines a page for showing the user their sign in status
16 |  * This is also the home page.
17 |  * This is here only for sample demonstration purposes.
18 |  */
19 | @WebServlet(name = "SignInStatusServlet", urlPatterns = {"", "/index", "/sign_in_status"})
20 | public class SignInStatusServlet extends HttpServlet {
21 | 
22 |     @Override
23 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
24 |         req.setAttribute("bodyContent", "content/status.jsp");
25 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
26 |         view.forward(req, resp);
27 |     }
28 | }


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/java/com/microsoft/azuresamples/msal4j/roles/TokenDetailsServlet.java:
--------------------------------------------------------------------------------
 1 | // Copyright (c) Microsoft Corporation. All rights reserved.
 2 | // Licensed under the MIT License.
 3 | 
 4 | package com.microsoft.azuresamples.msal4j.roles;
 5 | 
 6 | import javax.servlet.RequestDispatcher;
 7 | import javax.servlet.ServletException;
 8 | import javax.servlet.annotation.WebServlet;
 9 | import javax.servlet.http.HttpServlet;
10 | import javax.servlet.http.HttpServletRequest;
11 | import javax.servlet.http.HttpServletResponse;
12 | 
13 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextData;
14 | import com.microsoft.azuresamples.msal4j.helpers.IdentityContextAdapterServlet;
15 | 
16 | import java.io.IOException;
17 | import java.util.Arrays;
18 | import java.util.HashMap;
19 | import java.util.List;
20 | 
21 | /**
22 |  * This class defines a page for showing the user their token details
23 |  * This is here only for sample demonstration purposes.
24 |  */
25 | @WebServlet(name = "TokenDetailsServlet", urlPatterns = {"/token_details"})
26 | public class TokenDetailsServlet extends HttpServlet {
27 | 
28 |     @Override
29 |     protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
30 |             throws ServletException, IOException {        
31 |         IdentityContextData context = new IdentityContextAdapterServlet(req, resp).getContext();
32 |         final HashMap<String,String> filteredClaims = filterClaims(context);
33 | 
34 |         req.setAttribute("claims", filteredClaims);
35 |         req.setAttribute("bodyContent", "content/token.jsp");
36 |         final RequestDispatcher view = req.getRequestDispatcher("index.jsp");
37 |         view.forward(req, resp);
38 |     }
39 | 
40 |     private HashMap<String,String> filterClaims(IdentityContextData context) {
41 |         final String[] claimKeys = {"sub", "aud", "ver", "iss", "name", "oid", "preferred_username", "nonce", "tid", "roles"};
42 |         final List<String> includeClaims = Arrays.asList(claimKeys);
43 | 
44 |         HashMap<String,String> filteredClaims = new HashMap<>();
45 |         context.getIdTokenClaims().forEach((k,v) -> {
46 |             if (includeClaims.contains(k))
47 |                     filteredClaims.put(k, v.toString());
48 |         });
49 |         return filteredClaims;
50 |     }
51 | }
52 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/resources/authentication.properties:
--------------------------------------------------------------------------------
 1 | aad.clientId={enter-your-client-id-here}
 2 | aad.secret={enter-your-client-secret-here}
 3 | aad.authority=https://login.microsoftonline.com/{enter-your-tenant-id-here}
 4 | aad.scopes=openid profile offline_access
 5 | 
 6 | ## TODO: use aad.instance instead of authority
 7 | ## TODO: build authority from instance+tenant
 8 | ## TODO: also baseURL for graph should be configurable (graph.us, graph.cn, etc.)
 9 | 
10 | aad.signOutEndpoint=/oauth2/v2.0/logout/
11 | aad.postSignOutFragment=?post_logout_redirect_uri=
12 | 
13 | # app.homePage is by default set to dev server address and app context path on the server
14 | # for apps deployed to azure, use https://your-sub-domain.azurewebsites.net
15 | app.homePage=http://localhost:8080/msal4j-servlet-roles
16 | 
17 | # endpoint for AAD redirect. Configure this to be the same as the URL pattern for AADRedirectServlet.java
18 | app.redirectEndpoint=/auth/redirect
19 | 
20 | # app's state value validity in seconds
21 | app.stateTTL=600
22 | 
23 | # where to store session variables related to MSAL
24 | app.sessionParam=msalAuth
25 | # protect these endpoints by checking authenticated
26 | app.protect.authenticated=/token_details
27 | 
28 | #local short names for app roles - e.g., sets admin to mean PrivilegedAdmin (useful for long rule sets defined in the next key, app.protect.roles)
29 | app.roles=admin PrivilegedAdmin, user RegularUser
30 | 
31 | # A list of protected routes and its corresponding <space-separated> role(s) that can view it; the start of the next route & its role(s) is delimited by a <comma-and-space-separator>
32 | # # this says: /admins_only can be accessed by PrivilegedAdmin, /regular_user can be accessed by PrivilegedAdmin role and the RegularUser role
33 | app.protect.roles=/admin_only admin, /regular_user admin user
34 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/resources/log4j.properties:
--------------------------------------------------------------------------------
1 | log4j.rootLogger=ALL, stdout
2 | log4j.appender.stdout=org.apache.log4j.ConsoleAppender
3 | log4j.appender.stdout.Target=System.out
4 | log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
5 | log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/content/200.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | 
 3 | <div class="card">
 4 |     <h5 class="card-header bg-primary">
 5 |         200: OK!
 6 |     </h5>
 7 |     <div class="card-body">
 8 |         <p class="card-text">
 9 |             Excellent! You are a member of the role(s) that are allowed to visit this page!
10 |             <br>
11 |             <a class="btn btn-success" href="<c:url value="/token_details"></c:url>">ID Token Details</a>
12 |             <a class="btn btn-success" href="<c:url value="/admin_only"></c:url>">Admins Only</a>
13 |             <a class="btn btn-success" href="<c:url value="/regular_user"></c:url>">Regular Users</a>
14 |         </p>
15 |     </div>
16 | </div>
17 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/content/401.jsp:
--------------------------------------------------------------------------------
 1 | <div class="card">
 2 |     <h5 class="card-header bg-primary">
 3 |         401: Unauthorized
 4 |     </h5>
 5 |     <div class="card-body">
 6 |         <p class="card-text">
 7 |             Visiting this page requires you to be <strong>authenticated</strong>. Use the button on the top right to sign in.
 8 |         </p>
 9 |     </div>
10 | </div>
11 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/content/403.jsp:
--------------------------------------------------------------------------------
 1 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 2 | 
 3 | <div class="card">
 4 |     <h5 class="card-header bg-primary">
 5 |         403: Forbidden
 6 |     </h5>
 7 |     <div class="card-body">
 8 |         <p class="card-text">
 9 |             Visiting this page requires the signed in user to be assigned to <strong>the correct role(s)</strong> as defined in the authentication.properties file.
10 |             <br>
11 |             <br>
12 |             <a class="btn btn-success" href="<c:url value="/token_details"></c:url>">ID Token Details</a>
13 |             <a class="btn btn-success" href="<c:url value="/admin_only"></c:url>">Admins Only</a>
14 |             <a class="btn btn-success" href="<c:url value="/regular_user"></c:url>">Regular Users</a>
15 |         </p>
16 |     </div>
17 | </div>
18 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/content/500.jsp:
--------------------------------------------------------------------------------
 1 | <div class="card">
 2 |     <h5 class="card-header bg-primary">
 3 |         500: Auth Error
 4 |     </h5>
 5 |     <div class="card-body">
 6 |         <p class="card-text">
 7 |             ${details}<br/>
 8 |         </p>
 9 |     </div>
10 | </div>
11 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/content/auth-bar.jsp:
--------------------------------------------------------------------------------
 1 | <c:if test = "${msalAuth.getAuthenticated()}">
 2 |     <li class="nav-item">
 3 |         <a class="nav-link" href="<c:url value="/token_details"></c:url>">Hello <% out.print(msalAuth.getUsername()); %>!</a>
 4 |     </li>
 5 |     <li>
 6 |         <a class="btn btn-warning" href="<c:url value="/auth/sign_out"></c:url>">Sign Out</a>
 7 |     </li>
 8 | </c:if>
 9 | <c:if test = "${!msalAuth.getAuthenticated()}">
10 |     <li><a class="btn btn-success" href="<c:url value="/auth/sign_in"></c:url>">Sign In</a></li>
11 | </c:if>


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/content/status.jsp:
--------------------------------------------------------------------------------
 1 | <jsp:useBean id="msalAuth" scope="session" class="com.microsoft.azuresamples.msal4j.helpers.IdentityContextData" />
 2 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 3 | 
 4 | <div class="card">
 5 |     <h5 class="card-header bg-primary">
 6 |         <% out.println(msalAuth.getAuthenticated()? "You're signed in!" : "You're not signed in."); %>
 7 |     </h5>
 8 |     <div class="card-body">
 9 |         <p class="card-text">
10 |             <% if (msalAuth.getAuthenticated()) { %>
11 |                 <a class="btn btn-success" href="<c:url value="/token_details"></c:url>">ID Token Details</a>
12 |                 <a class="btn btn-success" href="<c:url value="/admin_only"></c:url>">Admins Only</a>
13 |                 <a class="btn btn-success" href="<c:url value="/regular_user"></c:url>">Regular Users</a>
14 |             <% } else { %>
15 |                 Use the button on the top right to sign in.
16 |                 Attempts to visit <a href="<c:url value="/token_details"></c:url>">ID Token Details</a>,
17 |                 <a href="<c:url value="/admin_only"></c:url>">Admins Only</a>, 
18 |                 or <a href="<c:url value="/regular_user"></c:url>">Regular Users</a>
19 |                 will result in a 401 error.
20 |             <% } %>
21 |         </p>
22 |     </div>
23 | </div>
24 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/content/survey.jsp:
--------------------------------------------------------------------------------
 1 | 
 2 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 3 | <div class="card" style="width:fit-content">
 4 |     <h5 class="card-header bg-primary">
 5 |         Tell us how we did!
 6 |     </h5>
 7 |     <div class="card-body">
 8 |         Click <a target="_blank"  href="https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpURDQwVUxQWENUMlpLUlA0QzdJNVE3TUJRSyQlQCN0PWcu">here</a> if the survey question does not load automatically.
 9 |         <p class="card-text">
10 |             <iframe width="640px" height= "1400px" src= "https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpURDQwVUxQWENUMlpLUlA0QzdJNVE3TUJRSyQlQCN0PWcu&embed=true" frameborder= "0" marginwidth= "0" marginheight= "0" style= "border: none; max-width:100%; max-height:100vh; alignment:center;" allowfullscreen webkitallowfullscreen mozallowfullscreen msallowfullscreen> </iframe>
11 |         </p>
12 |     </div>
13 | </div>
14 | 
15 | 


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/content/token.jsp:
--------------------------------------------------------------------------------
 1 | <jsp:useBean id="msalAuth" scope="session" class="com.microsoft.azuresamples.msal4j.helpers.IdentityContextData"/>
 2 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 3 | <div class="card">
 4 |     <h5 class="card-header bg-primary">
 5 |         ID Token Details
 6 |     </h5>
 7 |     <div class="card-body">
 8 |         <p class="card-text">
 9 |             <c:forEach items="${claims}" var="claim">
10 |                 <strong>${claim.key}:</strong> ${claim.value}
11 |                 <br>
12 |             </c:forEach>
13 |             <br>
14 |             <a class="btn btn-success" href="<c:url value="/admin_only"></c:url>">Admins Only</a>
15 |             <a class="btn btn-success" href="<c:url value="/regular_user"></c:url>">Regular Users</a>
16 |         </p>
17 |     </div>
18 | </div>


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/navbar.jsp:
--------------------------------------------------------------------------------
 1 | <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
 2 |     <a class="navbar-brand" href="<c:url value="/index"></c:url>">Microsoft Identity Platform</a>
 3 |     <span class="navbar-text">Authorization II: Use MSAL Java to sign users in and restrict access to routes based on App Role claim</span>
 4 |     <div class="btn-group ml-auto dropleft">
 5 |         <ul class="nav navbar-nav navbar-right">
 6 |             <c:if test = "${msalAuth.getAuthenticated()}">
 7 |             <li class="nav-item">
 8 |                 <a class="nav-link" href="<c:url value="/token_details"></c:url>">Hello <% out.print(msalAuth.getUsername()); %>!</a>
 9 |             </li>
10 |             <li>
11 |                 <a class="btn btn-warning" href="<c:url value="/auth/sign_out"></c:url>">Sign Out</a>
12 |             </li>
13 |         </c:if>
14 |         <c:if test = "${!msalAuth.getAuthenticated()}">
15 |             <li><a class="btn btn-success" href="<c:url value="/auth/sign_in"></c:url>">Sign In</a></li>
16 |         </c:if>
17 |         </ul>
18 |     </div>
19 | </nav>


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/static/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/3-Authorization-II/roles/src/main/webapp/static/favicon.ico


--------------------------------------------------------------------------------
/3-Authorization-II/roles/src/main/webapp/static/style.css:
--------------------------------------------------------------------------------
 1 | .body-content {
 2 |     padding-top: 15px;
 3 |     padding-bottom: 15px;
 4 |     padding-left: 15px;
 5 |     padding-right: 15px;
 6 | }
 7 | 
 8 | .dl-horizontal dt {
 9 |     white-space: normal;
10 | }
11 | 
12 | .flashToast {
13 |     position: fixed;
14 |     bottom: 0;
15 |     left: 0;
16 | }
17 | 
18 | 
19 | .card {
20 |     width: 50vw;
21 |     margin:auto;
22 |     background:#f0f0f0; 
23 |     border:1px solid black;
24 | }
25 | 
26 | .card-header {
27 |     /* background: darkseagreen; */
28 |     color: rgba(255,255,255,0.85);
29 |     background: #0078d4;
30 |     font-weight: 300;
31 | }
32 | 
33 | .card-text {
34 |     align-content: center
35 | }
36 | 
37 | #wrapper {
38 |     display: flex;
39 |   }
40 |   
41 | #left {
42 | flex: content;
43 | margin-right: 0.5em;
44 | 
45 | }
46 | 
47 | #right {
48 | flex: 1;
49 | }
50 | 
51 | #footer {
52 |     width: 50vw;
53 |     margin: auto;
54 |     text-align: left;
55 |     margin-top: 1em;
56 | }
57 | 
58 | #smiley, #frowny {
59 |     height: 1.5em;
60 |     width: 1.5em;
61 |     margin: auto;
62 |     fill: #0078d4
63 | }
64 | 
65 | #smiley:hover, #frowny:hover{
66 |     height: 1.5em;
67 |     width: 1.5em;
68 |     margin: auto;
69 |     fill: white;
70 |     border: 1px solid #0078d4;
71 |     background-color: #0078d4;
72 |     border-radius: 50%;
73 | }
74 | 
75 | #check-icon {
76 |     height: 1.25em;
77 |     width: 1.25em;
78 |     margin: auto;
79 |     fill: green;
80 | }
81 | 
82 | a.nostyle:link {
83 |     text-decoration: inherit;
84 |     color: inherit;
85 | }
86 | 
87 | a.nostyle:visited {
88 |     text-decoration: inherit;
89 |     color: inherit;
90 | }


--------------------------------------------------------------------------------
/4-Deployment/deploy-to-azure-app-service/.github/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Microsoft Open Source Code of Conduct
 2 | 
 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 4 | 
 5 | Resources:
 6 | 
 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
10 | 


--------------------------------------------------------------------------------
/4-Deployment/deploy-to-azure-app-service/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!--
 2 | IF SUFFICIENT INFORMATION IS NOT PROVIDED VIA THE FOLLOWING TEMPLATE THE ISSUE MIGHT BE CLOSED WITHOUT FURTHER CONSIDERATION OR INVESTIGATION
 3 | -->
 4 | > Please provide us with the following information:
 5 | > ---------------------------------------------------------------
 6 | 
 7 | ### This issue is for a: (mark with an `x`)
 8 | ```
 9 | - [ ] bug report -> please search issues before submitting
10 | - [ ] feature request
11 | - [ ] documentation issue or request
12 | - [ ] regression (a behavior that used to work and stopped in a new release)
13 | ```
14 | 
15 | ### Minimal steps to reproduce
16 | >
17 | 
18 | ### Any log messages given by the failure
19 | >
20 | 
21 | ### Expected/desired behavior
22 | >
23 | 
24 | ### OS and Version?
25 | > Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
26 | 
27 | ### Versions
28 | >
29 | 
30 | ### Mention any other details that might be useful
31 | 
32 | > ---------------------------------------------------------------
33 | > Thanks! We'll be in touch soon.
34 | 


--------------------------------------------------------------------------------
/4-Deployment/deploy-to-azure-app-service/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | ## Purpose
 2 | <!-- Describe the intention of the changes being proposed. What problem does it solve or functionality does it add? -->
 3 | * ...
 4 | 
 5 | ## Does this introduce a breaking change?
 6 | <!-- Mark one with an "x". -->
 7 | ```
 8 | [ ] Yes
 9 | [ ] No
10 | ```
11 | 
12 | ## Pull Request Type
13 | What kind of change does this Pull Request introduce?
14 | 
15 | <!-- Please check the one that applies to this PR using "x". -->
16 | ```
17 | [ ] Bugfix
18 | [ ] Feature
19 | [ ] Code style update (formatting, local variables)
20 | [ ] Refactoring (no functional changes, no api changes)
21 | [ ] Documentation content changes
22 | [ ] Other... Please describe:
23 | ```
24 | 
25 | ## How to Test
26 | *  Get the code
27 | 
28 | ```
29 | git clone [repo-address]
30 | cd [repo-name]
31 | git checkout [branch-name]
32 | npm install
33 | ```
34 | 
35 | * Test the code
36 | <!-- Add steps to run the tests suite and/or manually test -->
37 | ```
38 | ```
39 | 
40 | ## What to Check
41 | Verify that the following are valid
42 | * ...
43 | 
44 | ## Other Information
45 | <!-- Add any other helpful information that may be needed here. -->


--------------------------------------------------------------------------------
/4-Deployment/deploy-to-azure-app-service/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | 


--------------------------------------------------------------------------------
/4-Deployment/deploy-to-azure-app-service/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | ## [project-title] Changelog
 2 | 
 3 | <a name="x.y.z"></a>
 4 | # x.y.z (yyyy-mm-dd)
 5 | 
 6 | *Features*
 7 | * ...
 8 | 
 9 | *Bug Fixes*
10 | * ...
11 | 
12 | *Breaking Changes*
13 | * ...
14 | 


--------------------------------------------------------------------------------
/4-Deployment/deploy-to-azure-app-service/LICENSE.md:
--------------------------------------------------------------------------------
 1 |     MIT License
 2 | 
 3 |     Copyright (c) Microsoft Corporation.
 4 | 
 5 |     Permission is hereby granted, free of charge, to any person obtaining a copy
 6 |     of this software and associated documentation files (the "Software"), to deal
 7 |     in the Software without restriction, including without limitation the rights
 8 |     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 |     copies of the Software, and to permit persons to whom the Software is
10 |     furnished to do so, subject to the following conditions:
11 | 
12 |     The above copyright notice and this permission notice shall be included in all
13 |     copies or substantial portions of the Software.
14 | 
15 |     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 |     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 |     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 |     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 |     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 |     SOFTWARE


--------------------------------------------------------------------------------
/4-Deployment/deploy-to-azure-app-service/ReadmeFiles/disable_easy_auth.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/4-Deployment/deploy-to-azure-app-service/ReadmeFiles/disable_easy_auth.png


--------------------------------------------------------------------------------
/4-Deployment/deploy-to-azure-app-service/ReadmeFiles/topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/4-Deployment/deploy-to-azure-app-service/ReadmeFiles/topology.png


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | ## [project-title] Changelog
 2 | 
 3 | <a name="x.y.z"></a>
 4 | # x.y.z (yyyy-mm-dd)
 5 | 
 6 | *Features*
 7 | * ...
 8 | 
 9 | *Bug Fixes*
10 | * ...
11 | 
12 | *Breaking Changes*
13 | * ...
14 | 


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
 1 |     MIT License
 2 | 
 3 |     Copyright (c) Microsoft Corporation.
 4 | 
 5 |     Permission is hereby granted, free of charge, to any person obtaining a copy
 6 |     of this software and associated documentation files (the "Software"), to deal
 7 |     in the Software without restriction, including without limitation the rights
 8 |     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 |     copies of the Software, and to permit persons to whom the Software is
10 |     furnished to do so, subject to the following conditions:
11 | 
12 |     The above copyright notice and this permission notice shall be included in all
13 |     copies or substantial portions of the Software.
14 | 
15 |     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 |     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 |     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 |     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 |     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 |     SOFTWARE


--------------------------------------------------------------------------------
/ReadmeFiles/sign-in-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/ReadmeFiles/sign-in-2.png


--------------------------------------------------------------------------------
/ReadmeFiles/sign-in.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/ReadmeFiles/sign-in.png


--------------------------------------------------------------------------------
/ReadmeFiles/topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/2a8745fcf66c3e8e8dc00a04db8d392e733a7074/ReadmeFiles/topology.png


--------------------------------------------------------------------------------