Java EE 7 Multi-Factor Authentication with Azure
Java HTML JavaScript
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.


This project is an Azure AD Authentication sample application for Java EE 7 which uses ADAL4J and the Graph API.

Overview and Project Structure

Web App Module (AzureAD-Login-WebApp-OAuth)

The project uses JASPIC

  • Configured by a WebListener (com.yoshio3.jaspic.common.AzureADSAMRegistrationListener), which registers
    • an authentication provider (com.yoshio3.jaspic.common.AzureADAuthConfigProvider), which in turn provides on request
    • a new instance of the authentication config (com.yoshio3.jaspic.common.AzureADServerAuthConfig), including
      • the singleton-like instance of the authentication module (com.yoshio3.jaspic.AzureADServerAuthModule)
      • a new instance of the callback handler (com.yoshio3.jaspic.AzureADCallbackHandler)

At each secured HTTP request, the config provider returns an instance of com.yoshio3.jaspic.common.AzureADServerAuthContext, which calls the the validateRequest method on com.yoshio3.jaspic.AzureADServerAuthModule. This implements the OAuth2 logic, with a set of domain objects that are specific to the Azure AD domain.

Configure the login module in your app server

Once authentication via OAuth2 is done, the system will hand over to the login module (com.yoshio3.jaspic.AzureADLoginModule), which must be configured under Glassfish. You must add

AzureAD-Login {
    com.yoshio3.jaspic.AzureADLoginModule required;

to the login.conf file inside the config directory of your Glassfish domain.

Although there is a security filter in the web app, this is not needed with JASPIC.

SAM Module (AzureADSAMModule)

This project only contains the code necessary to configure a SAM module for authenticating users via Azure AD.

The web project above is an example of application of the SAM module contained here.

Setting up the Azure AD client application

Select and open the Active Directory service you want to access with your client

Enable Azure AD Premium on your directory (30 day trial available)

Create a new client application for your Active Directory service

Enter the URLs associated to your web application

The client application configuration will be created and added to the Active Directory

Get the client application parameters for the web.xml configuration

Copy the Client ID and paste in your web.xml file

Generate a secret key (valid for either one or two years), save it then copy it into your web.xml file

This is where your parameters should go in your code

Open the endpoints view

You can get the tenant ID and OAuth 2 URLs for your web.xml from here

Set the permissions for the application on the Configure page

Remember to save!

Add the Microsoft Graph application

Add permissions to it as per the picture

And save!

Here is the application in action