Support setting redirect uri. (Azure#21249)

Author: han-gao

sdk/spring/azure-spring-boot-starter-active-directory/CHANGELOG.md

@@ -4,6 +4,7 @@
 ### New Features
 - Upgrade to [spring-boot-dependencies:2.4.5](https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-dependencies/2.4.5/spring-boot-dependencies-2.4.5.pom).
 - Upgrade to [spring-cloud-dependencies:2020.0.2](https://repo.maven.apache.org/maven2/org/springframework/cloud/spring-cloud-dependencies/2020.0.2/spring-cloud-dependencies-2020.0.2.pom).
+- Enable property azure.activedirectory.redirect-uri-template.([#21116](https://github.com/Azure/azure-sdk-for-java/issues/21116))
 
 
 

sdk/spring/azure-spring-boot-starter-active-directory/README.md

@@ -570,6 +570,49 @@ In [Resource server visiting other resource server] scenario(For better descript
         return "Response from WebApiB.";
     }
     ```  
+
+#### Support setting redirect-uri-template.
+
+Developers can customize the redirect-uri.
+
+![redirect-uri](resource/redirect-uri.png)
+
+* Step 1: Add `redirect-uri-template` properties in application.yml.
+    ```yaml
+        azure:
+          activedirectory:
+            redirect-uri-template: --your-redirect-uri-template--
+    ```
+
+* Step 2: Update the configuration of the azure cloud platform in the portal.
+
+    We need to configure the same redirect-uri as application.yml:
+
+    ![web-application-config-redirect-uri](resource/web-application-config-redirect-uri.png)
+
+* Step 3: Write your Java code:
+
+    After we set redirect-uri-template, we need to update `SecurityConfigurerAdapter`:
+
+```java
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class AADOAuth2LoginSecurityConfig extends AADWebSecurityConfigurerAdapter {
+    /**
+     * Add configuration logic as needed.
+     */
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        super.configure(http);
+        http.oauth2Login()
+                .loginProcessingUrl("/{your-redirect-uri}")
+                .and()
+            .authorizeRequests()
+                .anyRequest().authenticated();
+    }
+}
+```
+  
 ## Examples
 
 ### Web application visiting resource servers

sdk/spring/azure-spring-boot-starter-active-directory/resource/redirect-uri.png

@@ -3,6 +3,7 @@
 ## 3.5.0-beta.1 (Unreleased)
 ### New Features
 - Add `AADB2CTrustedIssuerRepository` to manage the trusted issuer in AAD B2C.
+- Enable property azure.activedirectory.redirect-uri-template. ([#21116](https://github.com/Azure/azure-sdk-for-java/issues/21116))
 
 ### Key Bug Fixes
 - Fix the issue [#21036](https://github.com/Azure/azure-sdk-for-java/issues/21036) where the AAD B2C starter cannot fetch the OpenID Connect metadata document via issuer.

sdk/spring/azure-spring-boot-starter-active-directory/resource/web-application-config-redirect-uri.png

@@ -182,7 +182,7 @@ private ClientRegistration.Builder createClientBuilder(String id, AADAuthorizati
             .orElse(AuthorizationGrantType.AUTHORIZATION_CODE);
         result.authorizationGrantType(authorizationGrantType);
 
-        result.redirectUri("{baseUrl}/login/oauth2/code/");
+        result.redirectUri(properties.getRedirectUriTemplate());
         result.userNameAttributeName(properties.getUserNameAttribute());
 
         result.clientId(properties.getClientId());

sdk/spring/azure-spring-boot/CHANGELOG.md

@@ -54,18 +54,9 @@ public class AADAuthenticationProperties implements InitializingBean {
     private String userNameAttribute;
 
     /**
-     * @deprecated Now the redirect-url-template is not configurable.
-     * <p>
-     * Redirect URI always equal to "{baseUrl}/login/oauth2/code/".
-     * </p>
-     * <p>
-     * User should set "Redirect URI" to "{baseUrl}/login/oauth2/code/" in Azure Portal.
-     * </p>
-     *
-     * @see <a href="https://github.com/Azure/azure-sdk-for-java/tree/c27ee4421309cec8598462b419e035cf091429da/sdk/spring/azure-spring-boot-starter-active-directory#accessing-a-web-application">aad-starter readme.</a>
-     * @see com.azure.spring.aad.webapp.AADWebAppConfiguration#clientRegistrationRepository()
+     * Redirection Endpoint: Used by the authorization server to return responses containing authorization credentials
+     * to the client via the resource owner user-agent.
      */
-    @Deprecated
     private String redirectUriTemplate;
 
     /**
@@ -236,12 +227,10 @@ public void setUserNameAttribute(String userNameAttribute) {
         this.userNameAttribute = userNameAttribute;
     }
 
-    @Deprecated
     public String getRedirectUriTemplate() {
         return redirectUriTemplate;
     }
 
-    @Deprecated
     public void setRedirectUriTemplate(String redirectUriTemplate) {
         this.redirectUriTemplate = redirectUriTemplate;
     }
@@ -383,6 +372,10 @@ public void afterPropertiesSet() throws Exception {
             baseUri = addSlash(baseUri);
         }
 
+        if (!StringUtils.hasText(redirectUriTemplate)) {
+            redirectUriTemplate = "{baseUrl}/login/oauth2/code/";
+        }
+
         if (!StringUtils.hasText(graphBaseUri)) {
             graphBaseUri = "https://graph.microsoft.com/";
         } else {