some improvements during usage in a project

[bkiselka]

Purpose

• pom.xml use msal4j > 1.8.0 because IAccount is serializable then, see https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/dev/changelog.txt and Serialization failed for IAuthenticationResult AzureAD/microsoft-authentication-library-for-java#292

• AuthHelper.java and authentication.properties: add a configuration property app.prompt: the value might be login, select_account (was/is the default), consent, admin_consent or not set/empty (none), see https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-prompt-behavior

• AuthHelper.java: remove one unnecessary variable initialization (line 35/36) and check (line 228/238) causing a warning

• AuthHelper.java: improve exception, if state is null or doesn't match or TTL expired
  (this will happen, if different session e.g. caused by different domains used as URL (used in the browser), app.redirectUri and app.homePage do not match!)

• index.jsp: enable call / (e.g. http://localhost:8080/ms-identity-b2c-java-servlet-webapp-authentication/ - no need to call /index )

Does this introduce a breaking change?

[ ] Yes
[x ] No

Pull Request Type

What kind of change does this Pull Request introduce?

[ x] Bugfix
[ x] Feature
[ x] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

How to Test

• Get the code

• Test the code
  Change app.prompt to empty ("") and compile a new causing the authorize-call to set no prompt-parameter.
  Change app.prompt to login and compile a new causing the authorize-call to use prompt=login.

What to Check

Verify that the following are valid

• http://localhost:8080/ms-identity-b2c-java-servlet-webapp-authentication/ can now be called
• no errors about serialization is written into localhost.YYYY-MM-DD.log if the war is used in tomcat
• the configured app.prompt is used

[ghost]

All CLA requirements met.

[idg-sam]

Great stuff. I think the sample should demonstrate the prompt options.

I made some comments and suggestions. If you want to update and commit based on the suggestions I'll merge them.

[idg-sam]

Already resolved by adding extra route matchers to the servlet that match empty ("/"), /sign_in_status, and /index

[bkiselka]

Hm, could be but I did not succeed in finding/adding these extra route matchers in the servlet.
What I did: I tried to change line 10 of HomePageServlet.java from
@WebServlet(name = "HomePageServlet", urlPatterns = "/index")
to
@WebServlet(name = "HomePageServlet", urlPatterns = {"/index", "/"})
but still calling http://localhost:8080/ms-identity-b2c-java-servlet-webapp-authentication/ on a tomcat brought a NullPointerException because the bodyContent is null and thus cannot be included in index.jsp
It works, if I call it with http://localhost:8080/ms-identity-b2c-java-servlet-webapp-authentication/index tought!

[idg-sam]

Great stuff. Nice demonstration of the available options.
Is it more correct for us to call this aad.prompt, since we are changing the behaviour of the AAD sign in page?

[idg-sam]

Suggested change

	} else {
	parameters = AuthorizationRequestUrlParameters.builder(REDIRECT_URI, Collections.singleton(SCOPES))
	.responseMode(ResponseMode.QUERY).prompt(Prompt.SELECT_ACCOUNT).state(state).nonce(nonce).build();

Maybe these lines are no longer necessary if we make the app require aad.prompt config.

[idg-sam]

Suggested change

	} else if (Config.getProperty("app.prompt") != null) {
	if (!PROMPT.trim().equals("")) {
	} else if (!PROMPT.trim().equals("")) {

Maybe we can just delete the null check and require the aad.prompt config. the config loader causes the program to exit if there is a null param anyhow.

[idg-sam]

Azure-Samples/ms-identity-java-servlet-webapp-authentication#10