Add new samples - ssl-bundles-server, ssl-bundles-rest-template and ssl-bundles-web-client (#774)

Co-authored-by: Xiaolu Dai <[email protected]>

Author: moarychan

README.md

@@ -79,14 +79,17 @@
 
 ### 2.7 Azure Key Vault
 
-| Sample Project                    | Spring Boot 3.x                                              | Spring Boot 2.x                                                                                                                                                                     | 
-|-----------------------------------|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| keyvault-certificates-client-side | ❌                                                                           | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/azure-spring-boot-starter-keyvault-certificates/keyvault-certificates-client-side) | 
-| keyvault-certificates-server-side | ❌                                                                           | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/azure-spring-boot-starter-keyvault-certificates/keyvault-certificates-server-side) | 
-| run-with-command-line-server-side | ✅ [link](keyvault/azure-securtiy-keyvault-jca/run-with-command-line-server-side) | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/azure-securtiy-keyvault-jca/run-with-command-line-server-side)                     | 
-| run-with-command-line-client-side | ✅ [link](keyvault/azure-securtiy-keyvault-jca/run-with-command-line-client-side) | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/azure-securtiy-keyvault-jca/run-with-command-line-client-side)                     | 
-| property-source                   | ✅ [link](keyvault/spring-cloud-azure-starter-keyvault-secrets/property-source)   | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/spring-cloud-azure-starter-keyvault-secrets/property-source)                       | 
-| secret-client                     | ✅ [link](keyvault/spring-cloud-azure-starter-keyvault-secrets/secret-client)     | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/spring-cloud-azure-starter-keyvault-secrets/secret-client)                         |
+| Sample Project                    | Spring Boot 3.x                                                                       | Spring Boot 2.x                                                                                                                                                                      | 
+|-----------------------------------|---------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| keyvault-certificates-client-side | ❌                                                                                     | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/azure-spring-boot-starter-keyvault-certificates/keyvault-certificates-client-side) | 
+| keyvault-certificates-server-side | ❌                                                                                     | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/azure-spring-boot-starter-keyvault-certificates/keyvault-certificates-server-side) | 
+| ssl-bundles-rest-template         | ✅ [link](keyvault/spring-cloud-azure-starter-keyvault-jca/ssl-bundles-rest-template)  | ❌                                                                                                                                                                                    | 
+| ssl-bundles-server                | ✅ [link](keyvault/spring-cloud-azure-starter-keyvault-jca/ssl-bundles-server)         | ❌                                                                                                                                                                                    | 
+| ssl-bundles-web-client            | ✅ [link](keyvault/spring-cloud-azure-starter-keyvault-jca/ssl-bundles-web-client)     | ❌                                                                                                                                                                                    | 
+| run-with-command-line-server-side | ✅ [link](keyvault/azure-securtiy-keyvault-jca/run-with-command-line-server-side)      | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/azure-securtiy-keyvault-jca/run-with-command-line-server-side)                     | 
+| run-with-command-line-client-side | ✅ [link](keyvault/azure-securtiy-keyvault-jca/run-with-command-line-client-side)      | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/azure-securtiy-keyvault-jca/run-with-command-line-client-side)                     | 
+| property-source                   | ✅ [link](keyvault/spring-cloud-azure-starter-keyvault-secrets/property-source)        | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/spring-cloud-azure-starter-keyvault-secrets/property-source)                       | 
+| secret-client                     | ✅ [link](keyvault/spring-cloud-azure-starter-keyvault-secrets/secret-client)          | ✅ [link](https://github.com/Azure-Samples/azure-spring-boot-samples/tree/spring-boot-2.x/keyvault/spring-cloud-azure-starter-keyvault-secrets/secret-client)                         |
 
 ### 2.8 Azure Database for MySQL
 

aad/spring-cloud-azure-starter-active-directory/web-client-access-resource-server/pom.xml

@@ -42,4 +42,4 @@
     <module>aad-web-application</module>
   </modules>
 
-</project>
+</project>

cosmos/azure-spring-data-cosmos/cosmos-multi-tenant-samples/multi-tenant-by-container/pom.xml

@@ -43,4 +43,4 @@
             <artifactId>azure-spring-data-cosmos</artifactId>
         </dependency>
     </dependencies>
-</project>
+</project>

cosmos/azure-spring-data-cosmos/cosmos-multi-tenant-samples/multi-tenant-by-database/pom.xml

@@ -43,4 +43,4 @@
         <artifactId>azure-spring-data-cosmos</artifactId>
     </dependency>
   </dependencies>
-</project>
+</project>

cosmos/azure-spring-data-cosmos/cosmos-quickstart-samples/pom.xml

@@ -44,4 +44,4 @@
     </dependency>
   </dependencies>
 
-</project>
+</project>

keyvault/spring-cloud-azure-starter-keyvault-jca/README.md

@@ -0,0 +1,64 @@
+# Spring Boot application with Azure Key Vault JCA
+
+This repo demonstrates how to use [Java Crypto Architecture (JCA) Provider] for Azure Key Vault in [Spring Boot] application by Spring Boot [SSL Bundles](https://docs.spring.io/spring-boot/reference/features/ssl.html). We support using Key Vault SSL Bundles to enable embedded Web Server SSL, RestTemplate SSL, and WebClient SSL. There are three specific scenarios.
+
+[Java Crypto Architecture (JCA) Provider]: https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/keyvault/azure-security-keyvault-jca
+[Spring Boot]: https://spring.io/projects/spring-boot
+
+## Server SSL and RestTemplate SSL
+
+This is the scenario to enable server SSL and `RestTemplate` SSL in a web application. It only requires running `ssl-bundles-server` standalone. You can verify it by following [ssl-bundles-server/README.md](ssl-bundles-server/README.md).
+
+## mTLS for Server SSL and RestTemplate SSL
+
+This mTLS scenario uses a web app as Server that enabled server SSL and needs client auth, and another web app with `RestTemplate` SSL enabled. You need to use the `ssl-bundles-server` and `ssl-bundles-rest-template` samples together. Azure resources created by either of these two sample projects can be shared with each other, so you don't need to create both.
+
+### Server side mTLS:
+
+Please refer to the [ssl-bundles-server/README.md](ssl-bundles-server/README.md) to configure Azure Key Vault resources, and setup environment variables.
+
+Then run the following command to run Server side app locally:
+
+```shell
+mvn clean spring-boot:run -Dspring-boot.run.profiles=client-auth
+```
+
+### Client side mTLS
+
+Use the following steps to set environment variables for `ssl-bundles-rest-template`:
+
+1. Open a new terminal and navigate to the `spring-cloud-azure-starter-keyvault-jca/ssl-bundles-server` directory.
+2. Run the following command to set the `ssl-bundles-server` environment variables to the current terminal:
+   
+   ```shell
+   source ./terraform/setup_env.sh
+   ```
+
+3. Change directory to `ssl-bundles-rest-template` project and follow [Run Locally](ssl-bundles-rest-template/README.md/#run-locally) to run and verify.
+
+## mTLS for Server SSL and WebClient SSL
+
+This mTLS scenario uses a web app as Server that enabled server SSL and needs client auth, and another reactive web app with `WebClient` SSL enabled. You need to use the `ssl-bundles-server` and `ssl-bundles-web-client` samples together. Azure resources created by either of these two sample projects can be shared with each other, so you don't need to create both.
+
+### Server side mTLS:
+
+Please refer to the [ssl-bundles-server/README.md](ssl-bundles-server/README.md) to configure Azure Key Vault resources, and setup environment variables.
+
+Then run the following command to run Server side app locally:
+
+```shell
+mvn clean spring-boot:run -Dspring-boot.run.profiles=client-auth
+```
+
+### Client side mTLS
+
+Use the following steps to set environment variables for `ssl-bundles-web-client`:
+
+1. Open a new terminal and navigate to the `spring-cloud-azure-starter-keyvault-jca/ssl-bundles-server` directory.
+2. Run the following command to set the `ssl-bundles-server` environment variables to the current terminal:
+
+   ```shell
+   source ./terraform/setup_env.sh
+   ```
+
+3. Change directory to `ssl-bundles-web-client` project and follow [Run Locally](ssl-bundles-web-client/README.md/#run-locally) to run and verify.

keyvault/spring-cloud-azure-starter-keyvault-jca/ssl-bundles-rest-template/README.md

@@ -0,0 +1,209 @@
+---
+page_type: sample
+languages:
+- java
+products:
+- azure-key-vault
+name: Enable RestTemplate SSL from Azure Key Vault SSL Bundles in Spring Boot web Application
+description: This sample demonstrates how to enable RestTemplate SSL via Azure KeyVault SSL bundles in Spring Boot web application.
+---
+
+# Enable RestTemplate SSL from Azure Key Vault SSL Bundles in Spring Boot Web Application
+
+This sample demonstrates how to enable RestTemplate SSL via Azure KeyVault SSL bundles in Spring Boot web application.
+
+## What You Will Build
+
+You will build an application that use `spring-cloud-azure-starter-keyvault-jca` to retrieve certificates from multiple [Azure Key Vault](https://azure.microsoft.com/services/key-vault/).
+
+## What You Need
+
+- [An Azure subscription](https://azure.microsoft.com/free/)
+- [Terraform](https://www.terraform.io/)
+- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli)
+- [JDK 17](https://www.oracle.com/java/technologies/downloads/) or later
+- [Maven](https://maven.apache.org/download.cgi)
+- You can also import the code straight into your IDE:
+    - [IntelliJ IDEA](https://www.jetbrains.com/idea/download)
+
+## Provision Azure Resources Required to Run This Sample
+
+### Authenticate Using the Azure CLI
+Terraform must authenticate to Azure to create infrastructure.
+
+In your terminal, use the Azure CLI tool to setup your account permissions locally.
+
+```shell
+az login
+```
+
+Your browser window will open and you will be prompted to enter your Azure login credentials. After successful authentication, your terminal will display your subscription information. You do not need to save this output as it is saved in your system for Terraform to use.
+
+```shell
+You have logged in. Now let us find all the subscriptions to which you have access...
+
+[
+  {
+    "cloudName": "AzureCloud",
+    "homeTenantId": "home-Tenant-Id",
+    "id": "subscription-id",
+    "isDefault": true,
+    "managedByTenants": [],
+    "name": "Subscription-Name",
+    "state": "Enabled",
+    "tenantId": "0envbwi39-TenantId",
+    "user": {
+      "name": "[email protected]",
+      "type": "user"
+    }
+  }
+]
+```
+
+If you have more than one subscription, specify the subscription-id you want to use with command below: 
+```shell
+az account set --subscription <your-subscription-id>
+```
+
+### Provision the Resources
+After login Azure CLI with your account, now you can use the terraform script to create Azure Resources.
+
+#### Run with Bash
+
+```shell
+# In the root directory of the sample
+# Initialize your Terraform configuration
+terraform -chdir=./terraform init
+
+# Apply your Terraform Configuration
+terraform -chdir=./terraform apply -auto-approve
+
+```
+
+#### Run with Powershell
+
+```shell
+# In the root directory of the sample
+# Initialize your Terraform configuration
+terraform -chdir=terraform init
+
+# Apply your Terraform Configuration
+terraform -chdir=terraform apply -auto-approve
+
+```
+
+It may take a few minutes to run the script. After successful running, you will see prompt information like below:
+
+```shell
+...
+azurecaf_name.azurecaf_name_kv_01: Creating...
+azurecaf_name.azurecaf_name_kv_02: Creating...
+azurecaf_name.resource_group: Creating...
+azurecaf_name.azurecaf_name_kv_01: Creation complete after 0s [id=tsnjmjbuwvumasse]
+azurecaf_name.resource_group: Creation complete after 0s [id=ddeodontheybkwgm]
+azurecaf_name.azurecaf_name_kv_02: Creation complete after 0s [id=tsnjmjbuwvumasse]
+azuread_application.app: Creating...
+azuread_application.app: Creation complete after 3s [id=37a44efb-1cd2-44e4-a149-d9bb9c315d6f]
+azuread_application_password.service_principal_password: Creating...
+azuread_service_principal.service_principal: Creating...
+
+
+Apply complete! Resources: 11 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+...
+
+```
+
+You can go to [Azure portal](https://ms.portal.azure.com/) in your web browser to check the resources you created.
+
+### Export Output to Your Local Environment
+Running the command below to export environment values:
+
+#### Run with Bash
+
+```shell
+source ./terraform/setup_env.sh
+```
+
+#### Run with Powershell
+
+```shell
+terraform\setup_env.ps1
+```
+
+If you want to run the sample in debug mode, you can save the output value.
+
+```shell
+KEY_VAULT_SSL_BUNDLES_CLIENT_ID=
+KEY_VAULT_SSL_BUNDLES_CLIENT_SECRET=
+KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_01=
+KEY_VAULT_SSL_BUNDLES_KEYVAULT_URI_02=
+KEY_VAULT_SSL_BUNDLES_RESOURCE_GROUP_NAME=
+KEY_VAULT_SSL_BUNDLES_TENANT_ID=
+```
+
+## Run Locally
+
+### Run the sample with Maven
+
+In your terminal, run `mvn clean spring-boot:run`.
+
+```shell
+mvn clean spring-boot:run
+```
+
+### Run the sample in IDEs
+
+You can debug your sample by adding the saved output values to the tool's environment variables or the sample's `application.yaml` file.
+
+* If your tool is `IDEA`, please refer to [Debug your first Java application](https://www.jetbrains.com/help/idea/debugging-your-first-java-application.html) and [add environment variables](https://www.jetbrains.com/help/objc/add-environment-variables-and-program-arguments.html#add-environment-variables).
+
+* If your tool is `ECLIPSE`, please refer to [Debugging the Eclipse IDE for Java Developers](https://www.eclipse.org/community/eclipse_newsletter/2017/june/article1.php) and [Eclipse Environment Variable Setup](https://examples.javacodegeeks.com/desktop-java/ide/eclipse/eclipse-environment-variable-setup-example/).
+
+## Verify This Sample
+
+This sample requires an SSL server, you can use sample `spring-cloud-azure-starter-keyvault-jca/ssl-bundles-server` as the target server, which means the https://localhost:8444/ssl-test is available. For Azure resource usage, you can share the output environment variable of `spring-cloud-azure-starter-keyvault-jca/ssl-bundles-server` or create the new resources and shared to `spring-cloud-azure-starter-keyvault-jca/ssl-bundles-rest-template` as they use the same environment variables.
+
+1. Send below request to acquire a resource with TLS connection, the server side should not enable client-auth via property `server.ssl.client-auth=NEED`:
+
+   ```bash
+   curl http://localhost:8080/resttemplate/tls
+   ```
+   
+   You will see the following in the console:
+   
+   ```console
+   Response from restTemplate tls "https://localhost:8443/ssl-test": Inbound TLS is working!
+   ```
+
+2. Send below request to acquire a resource with mTLS connection, the server side should enable client-auth via property `server.ssl.client-auth=NEED`:
+
+   ```bash
+   curl http://localhost:8080/resttemplate/mtls
+   ```
+   
+   you will see console like this:
+   
+   ```console
+   Response from restTemplate mtls "https://localhost:8443/ssl-test": Inbound TLS is working!
+   ```
+
+## Clean Up Resources
+After running the sample, if you don't want to run the sample, remember to destroy the Azure resources you created to avoid unnecessary billing.
+
+The terraform destroy command terminates resources managed by your Terraform project.   
+To destroy the resources you created.
+
+#### Run with Bash
+
+```shell
+terraform -chdir=./terraform destroy -auto-approve
+```
+
+#### Run with Powershell
+
+```shell
+terraform -chdir=terraform destroy -auto-approve
+```

keyvault/spring-cloud-azure-starter-keyvault-jca/ssl-bundles-rest-template/pom.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-parent</artifactId>
+    <version>3.4.2</version>
+    <relativePath/> <!-- lookup parent from repository -->
+  </parent>
+  <groupId>com.azure.spring</groupId>
+  <artifactId>ssl-bundles-rest-template</artifactId>
+  <version>1.0.0</version>
+  <packaging>jar</packaging>
+  <name>keyvault-ssl-bundles-rest-template</name>
+  <description>Spring Cloud Azure Starter Key Vault JCA: Enable RestTemplate SSL in Spring Boot Web application</description>
+  <properties>
+    <java.version>17</java.version>
+    <spring-cloud-azure.version>5.21.0</spring-cloud-azure.version>
+  </properties>
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.azure.spring</groupId>
+      <artifactId>spring-cloud-azure-starter-keyvault-jca</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>com.azure.spring</groupId>
+        <artifactId>spring-cloud-azure-dependencies</artifactId>
+        <version>${spring-cloud-azure.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+      </plugin>
+    </plugins>
+  </build>
+</project>