You can use Spring Security to validate the token. There is an example here that shows this: https://github.com/Azure-Samples/ms-identity-java-webapi/tree/edbd399155341556e3871065d1b8b4be2e9cbce0
There is also an announcement here that goes through the basic steps: https://azure.microsoft.com/en-us/blog/use-azure-active-directory-with-spring-security-5-0-for-oauth-2-0/