Azure · chenrujun · Nov 27, 2020 · Nov 27, 2020 · Nov 27, 2020 · Nov 27, 2020
diff --git a/.../test/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfigurationTest.java b/.../test/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfigurationTest.java
diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/resources/application.properties b/sdk/spring/azure-spring-boot-test-aad/src/test/resources/application.properties
diff --git a/sdk/spring/azure-spring-boot-test-aad/src/test/resources/spring.factories b/sdk/spring/azure-spring-boot-test-aad/src/test/resources/spring.factories
diff --git a/.../src/main/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfiguration.java b/.../src/main/java/com/azure/spring/aad/implementation/AzureActiveDirectoryConfiguration.java
@@ -5,12 +5,14 @@
 
 import com.azure.spring.autoconfigure.aad.AADAuthenticationProperties;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
@@ -75,7 +77,6 @@ private Set<String> allScopes() {
     private Set<String> accessTokenScopes() {
         Set<String> result = openidScopes();
         if (properties.allowedGroupsConfigured()) {
-            result.add("https://graph.microsoft.com/Directory.AccessAsUser.All");
             result.add("https://graph.microsoft.com/User.Read");
         }
         addAzureConfiguredScopes(result);
@@ -137,6 +138,7 @@ private ClientRegistration.Builder createClientBuilder(String id) {
     }
 
     @Configuration
+    @ConditionalOnBean(ObjectPostProcessor.class)
     @ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
     public static class DefaultAzureOAuth2Configuration extends AzureOAuth2Configuration {
 

diff --git a/...lementation/AuthorizedClientRepoTest.java → ...lementation/AuthorizedClientRepoTest.java b/...lementation/AuthorizedClientRepoTest.java → ...lementation/AuthorizedClientRepoTest.java
@@ -1,14 +1,13 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
 package com.azure.spring.aad.implementation;
 
-import com.azure.test.utils.AppRunner;
-import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.AnnotationConfigApplicationContext;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -17,6 +16,7 @@
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
+import org.springframework.test.context.support.TestPropertySourceUtils;
 
 import java.time.Instant;
 import java.util.Optional;
@@ -27,53 +27,46 @@
 
 public class AuthorizedClientRepoTest {
 
-    private AppRunner runner;
-
     private ClientRegistration azure;
     private ClientRegistration graph;
 
-    private OAuth2AuthorizedClientRepository repo;
+    private OAuth2AuthorizedClientRepository authorizedRepo;
     private MockHttpServletRequest request;
     private MockHttpServletResponse response;
 
     @BeforeEach
     public void setup() {
-        runner = createApp();
-        runner.start();
+        AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
+        TestPropertySourceUtils.addInlinedPropertiesToEnvironment(
+            context,
+            "azure.activedirectory.user-group.allowed-groups = group1, group2",
+            "azure.activedirectory.authorization-server-uri = fake-uri",
+            "azure.activedirectory.tenant-id = fake-tenant-id",
+            "azure.activedirectory.client-id = fake-client-id",
+            "azure.activedirectory.client-secret = fake-client-secret",
+            "azure.activedirectory.authorization.graph.scopes = Calendars.Read"
+        );
+        context.register(AzureActiveDirectoryConfiguration.class);
+        context.refresh();
 
-        AzureClientRegistrationRepository clientRepo = runner.getBean(AzureClientRegistrationRepository.class);
+        AzureClientRegistrationRepository clientRepo = context.getBean(AzureClientRegistrationRepository.class);
         azure = clientRepo.findByRegistrationId("azure");
         graph = clientRepo.findByRegistrationId("graph");
 
-        repo = new AzureAuthorizedClientRepository(clientRepo);
+        authorizedRepo = new AzureAuthorizedClientRepository(clientRepo);
         request = new MockHttpServletRequest();
         response = new MockHttpServletResponse();
     }
 
-    private AppRunner createApp() {
-        AppRunner result = new AppRunner(AzureActiveDirectoryConfigurationTest.DumbApp.class);
-        result.property("azure.activedirectory.authorization-server-uri", "fake-uri");
-        result.property("azure.activedirectory.tenant-id", "fake-tenant-id");
-        result.property("azure.activedirectory.client-id", "fake-client-id");
-        result.property("azure.activedirectory.client-secret", "fake-client-secret");
-        result.property("azure.activedirectory.authorization.graph.scopes", "Calendars.Read");
-        return result;
-    }
-
-    @AfterEach
-    public void tearDown() {
-        runner.stop();
-    }
-
     @Test
     public void loadInitAzureAuthzClient() {
-        repo.saveAuthorizedClient(
+        authorizedRepo.saveAuthorizedClient(
             createAuthorizedClient(azure),
             createAuthentication(),
             request,
             response);
 
-        OAuth2AuthorizedClient client = repo.loadAuthorizedClient(
+        OAuth2AuthorizedClient client = authorizedRepo.loadAuthorizedClient(
             "graph",
             createAuthentication(),
             request);
@@ -88,13 +81,13 @@ public void loadInitAzureAuthzClient() {
 
     @Test
     public void saveAndLoadAzureAuthzClient() {
-        repo.saveAuthorizedClient(
+        authorizedRepo.saveAuthorizedClient(
             createAuthorizedClient(graph),
             createAuthentication(),
             request,
             response);
 
-        OAuth2AuthorizedClient client = repo.loadAuthorizedClient(
+        OAuth2AuthorizedClient client = authorizedRepo.loadAuthorizedClient(
             "graph",
             createAuthentication(),
             request);
@@ -138,10 +131,4 @@ private boolean isTokenExpired(OAuth2AccessToken token) {
                        .map(expiresAt -> expiresAt.isBefore(Instant.now()))
                        .orElse(false);
     }
-
-    @Configuration
-    @SpringBootApplication
-    @EnableWebSecurity
-    public static class DumbApp {
-    }
 }