This is the third consecutive post about using Azure AD as the authentication source for Open Source based web applications. The previous two delt with Python and Node.js and this post will cover Java and Tomcat.
Azure AD Application Library – ADAL
There is a lengthy article in the Azure documentation series (see refs) that goes through in great detail in showing how you can use ADAL for Java (Azure AD Application Library) to get OAuth authentication working for a Java-based Tomcat webapp. If you just want to see it in action, clone the github repo and make your changes to the web.xml file and deploy it. It is really that simple and you don’t need to do all 8 steps in the article.
I did just that on a Ubuntu Linux server in Azure, where I cloned the git repo, installed Maven as the build engine and installed the Java JDK
$ git clone --branch complete https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect.git
$ sudo apt-get install maven
$ sudo apt-get install default-jdk
$ ...edit web.xml ...
$ mvn package
Before editing the web.xml file you have to first register yet another Azure AD application. Since I planned to deploy this solution as a webapp in Azure AppServices and give it’s java/tomcat support a spin, I registered my app with the following details.
Name is just internal in the Azure portal. Sign-on url must match the url you are at in the application when you request authentication so that Azure AD knows that it is a legitimate request. You also need to create a key that should be inserted in the web.xml config file. The App ID uri is just a name the app will be know to inside the AAD and is nothing that will break this sample code if you change it. I set the Reply Url to go back to the index page of the webapp instead of the page the github sample redirects to.
With this you can update the web.xml config file in the solution.
Enable Java and Tomcat in Azure AppServices
Azure AppServices is has Java runtime and Tomcat preinstalled and all you need to do is to enable them in the Application settings. Once enabled they kick in as soon as you save the settings.
Build and Deploy
After the Maven build process is completed you have a Tomcat WAR-file ready to be deployed. It should be upload to the D:\home\site\wwwroot\webapps. Since Azure AppServices comes with a ftp server, I choose to deploy the WAR-file using ftp. You’ll find the hostame of the ftp server in the Settings page in the Azure portal. You need to create a userid/password under Deployment Credentials to login and the userid is prepended with the app name of the Azure webapp. That is how it knows what webapp you are targeting.
Once the WAR-file is uploaded, the Tomcat server will pick it up in a few seconds and unzip it. How many seconds vary, but once it is done you can see the directory in the Azure portal console.
The webapp in action
Once you press the “Login with Azure AD” you will be redirected to Azure ADs login page.
When returning to the index.jsp page, the code behind outputs some details from the claims Azure AD emits.
With these three posts my ambition was to show you that Azure AD is really platform and language agnostic. I’ve used webapps hosted on Ubuntu Linux and Azure AppServices using Python, Node.js and Java, each using Azure AD as its authentication source. If you have Active Directory today and expand into the public or Cloud, Azure AD will be your identity companion and will support the applications you have regardless of platform or language. Azure AD is really a key differentiator in Microsoft’s Cloud offering.
Azure documentation – Java Web App Sign-in and Sign-Out using Azure AD
Github repo – sample java code for the above documentation
Github repo – ADAL for Java (Azure AD Application Library)
Azure documentation – Add a Java Application to Azure AppServices