Get started with securing Java application with the Microsoft identity platform

This series of articles provides an overview of recommended strategies for securing Java applications with the Microsoft identity platform.

The Microsoft identity platform, along with Microsoft Entra ID (Entra ID) and Azure Azure Active Directory B2C (Azure AD B2C) are central to the Azure cloud ecosystem. This guidance takes you through the fundamentals of modern authentication using the Microsoft Authentication Library (MSAL) for Java.

The guidance is available for the following server platforms: Java Spring Boot, Tomcat, JBoss EAP, WebLogic, and WebSphere.

We recommend that you follow the articles in order for your platform of choice. However, the articles and code samples are self-contained, so you can use whichever article you need.

Each platform has guidance on the following tasks:

• Enable sign-in for your users with Microsoft Entra ID and learn to work with ID tokens.
• Enable sign-in for your customers with Azure AD B2C. Learn how to integrate with external social identity providers. Learn how to use user flows and custom policies.
• Enable your app to acquire an access token to authorize it to call the Microsoft Graph API. You can use the Microsoft Graph API to access extra user details.
• Enable your app to acquire an ID token with the roles claim. You can use this token to filter access to routes based on role membership.
• Enable your app to acquire an ID token with a groups claim. You can use this token to filter access to routes based on group membership. You also learn how to call Microsoft Graph to handle edge cases where the user is a member of too many groups to fit into an ID token.
• Deploy your app to the Azure platform.

Next steps

To read all the guidance for a particular platform, start with one of the following articles:

• Secure your Java Spring Boot app
• Secure your Java Tomcat app
• Secure your Java JBoss EAP app
• Secure your Java WebLogic app
• Secure your Java WebSphere app
• Secure your Java WebSphere Liberty/Open Liberty app
• Secure your Java Quarkus app

More information

To learn more about the Microsoft identity platform, see the following articles:

• Microsoft identity platform
• Azure Active Directory B2C
• Overview of Microsoft Authentication Library (MSAL)
• Application types for the Microsoft identity platform
• Consent experience for applications in Microsoft Entra ID
• Understand user and admin consent
• Application and service principal objects in Microsoft Entra ID
• Microsoft identity platform best practices and recommendations

For more code samples, see the following articles:

• Microsoft identity platform code samples - Java
• Azure Active Directory B2C code samples