Config Azure AD authentication on tomcat

Just made a simple demo project (not for production purposes) that shows you how you can use the Azure Active Directory as a REALM for your authentication. Nowadays you would use a framework that does 3rd party authentication for you…your custom authenticator will use a third party framework that federates the authentication to a (trusted) 3rd party like Facebook or Google.

Please note that this is NOT the way to use AAD in a production environment.
This is Demo code to show how you can (mis)use AAD as a LDAP solution.
In future I will create a federated authentication solution using AAD.

Here is the project: https://github.com/cvugrinec/microsoft/tree/master/java-webapp-tomcat-aad

Here you see the code in action: https://youtu.be/i61I3muADDA

How to enable basic security in Weblogic services

ADDENDUM:   Just noticed the following: the NAME of a ROLE should not longer be than 11 characters!!!!! I took me a while to figure that out

 

 

This is a note to myself in order to remember how to enable basic security authentication for webservices deployed in a weblogic container.

In your webapplication or webservices project you will have at least the following files:

web.xml,weblogic.xml

web.xml , should contain the following sections:

<security-constraint>

   <web-resource-collection>

   <web-resource-name>Protected</web-resource-name>

      <url-pattern>/NameOfYourWebService</url-pattern>

   </web-resource-collection>

   <auth-constraint>

      <role-name>NameOfApplicationRole</role-name>

   </auth-constraint>

</security-constraint>

 

<login-config>

   <auth-method>BASIC</auth-method>

</login-config>

<security-role>

   <role-name>NameOfApplicationRole</role-name>

</security-role>


 

weblogic.xml , should contain the following section:

<security-role-assignment>

   <role-name>NameOfApplicationRole</role-name>

   <externally-defined/>

</security-role-assignment>

 

 

In the weblogic console configure the following:

Create User(s) and link the user to a group (not needed, but will do this in this example)

–> Security Realms –> Select Realm –> Select TAB Users and Groups

–> Select TAB Users, create New User

–> Select TAB Groups, create New Group

, Now go back to the user and assign this user to the group you created earlier….

 

WL assigning group to user

 

–> Security Realms –> Select Realm –> Select TAB Roles and Policies –> Select Realm Roles –> Select Global Roles –> Select Role 

push the button NEW and create the ROLE with the NAME that corresponds with the name you have used in your weblogic.xml and web.xml

 

Scherm2

 


 

Finally select the created role and assign Rules to this role

WL assign group to ROLE 

In this example I have selected the ROLE and added the condition GROUP and thereby selected the name of the GROUP I created earlier.