Deploy Java Spring Boot apps to Azure Spring Apps

Article
03/19/2024

This article shows you how to deploy a Java Spring Boot app with sign-in by Microsoft Entra account to Azure Spring Apps.

This article assumes that you completed one of the following articles using only the Run locally tab, and you now want to deploy to Azure. These instructions are the same as the ones in the Deploy to Azure tab in these articles:

Prerequisites

If you're deploying an Azure Spring Apps Enterprise plan instance for the first time in the target subscription, see the Requirements section of Enterprise plan in Azure Marketplace.
Maven Plugin for Azure Spring Apps. If Maven isn't your preferred development tool, see the following similar tutorials that use other tools:
- IntelliJ IDEA
- Visual Studio Code

Prepare the Spring project

Use the following steps to prepare the project:

Use the following Maven command to build the project:
```
mvn clean package
```
Run the sample project locally by using the following command:
```
mvn spring-boot:run
```

Configure the Maven plugin

Run the following command in the root of the project to configure the app using the Maven plugin for Azure Spring Apps:

mvn com.microsoft.azure:azure-spring-apps-maven-plugin:1.19.0:config

The following list describes the command interactions:

OAuth2 login: You need to authorize the sign-in to Azure based on the OAuth2 protocol.
Select subscription: Select the subscription list number where you want to create your Azure Spring Apps instance, which defaults to the first subscription in the list. If you want to use the default number, press Enter.
Input the Azure Spring Apps name: Enter the name for the spring apps instance you want to create. If you want to use the default name, press Enter.
Input the resource group name: Enter the name for the resource group you want to create your spring apps instance in. If you want to use the default name, press Enter.
Skus: Select the SKU you want to use for your spring apps instance. If you want to use the default number, press Enter.
Input the app name (demo): Provide an app name. If you want to use the default project artifact ID, press Enter.
Runtimes: Select the runtime you want to use for your spring apps instance. In this case, you should use the default number, so press Enter.
Expose public access for this app (boot-for-azure): Press y.
Confirm to save all the above configurations: Press y. If you press n, the configuration isn't saved in the .pom file.

The following example shows the output of the deployment process:

Summary of properties:
Subscription id   : 12345678-1234-1234-1234-123456789101
Resource group name : rg-ms-identity-spring-boot-webapp
Azure Spring Apps name : cluster-ms-identity-spring-boot-webapp
Runtime Java version : Java 11
Region            : eastus
Sku               : Standard
App name          : ms-identity-spring-boot-webapp
Public access     : true
Instance count/max replicas : 1
CPU count         : 1
Memory size(GB)   : 2
Confirm to save all the above configurations (Y/n):
[INFO] Configurations are saved to: /home/user/ms-identity-msal-java-samples/4-spring-web-app/1-Authentication/sign-in/pom.    xml
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  01:57 min
[INFO] Finished at: 2024-02-14T13:50:44Z
[INFO] ------------------------------------------------------------------------

After you've confirmed your choices, the plugin adds the required plugin element and settings to your project's pom.xml file to configure your app to run in Azure Spring Apps.

The relevant portion of the pom.xml file should look similar to the following example:

<plugin>
    <groupId>com.microsoft.azure</groupId>
    <artifactId>azure-spring-apps-maven-plugin</artifactId>
    <version>1.19.0</version>
    <configuration>
        <subscriptionId>12345678-1234-1234-1234-123456789101</subscriptionId>
        <resourceGroup>rg-ms-identity-spring-boot-webapp</resourceGroup>
        <clusterName>cluster-ms-identity-spring-boot-webapp</clusterName>
        <region>eastus</region>
        <sku>Standard</sku>
        <appName>ms-identity-spring-boot-webapp</appName>
        <isPublic>true</isPublic>
        <deployment>
            <cpu>1</cpu>
            <memoryInGB>2</memoryInGB>
            <instanceCount>1</instanceCount>
            <runtimeVersion>Java 11</runtimeVersion>
            <resources>
                <resource>
                    <directory>${project.basedir}/target</directory>
                    <includes>
                        <include>*.jar</include>
                    </includes>
                </resource>
            </resources>
        </deployment>
    </configuration>
</plugin>

You can modify the configurations for Azure Spring Apps directly in your pom.xml file. Some common configurations are listed in the following table:

Property	Required	Description
`subscriptionId`	false	The subscription ID.
`resourceGroup`	true	The Azure resource group for your Azure Spring Apps instance.
`clusterName`	true	The Azure Spring Apps cluster name. In case you're using a subscription and resource group that already have an Azure Spring Apps instance deployed, you can also use this existing cluster to deploy to.
`appName`	true	The name of your app in Azure Spring Apps.
`region`	false	The region in which to host your Azure Spring Apps instance. The default value is `eastus`. For valid regions, see Supported Regions.
`sku`	false	The pricing tier for your Azure Spring Apps instance. The default value is `Basic`, which is suited only for development and test environments.
`runtime`	false	The runtime environment configuration. For more information, see Configuration Details.
`deployment`	false	The deployment configuration. For more information, see Configuration Details.

For the complete list of configurations, see the plugin reference documentation. All the Azure Maven plugins share a common set of configurations. For these configurations, see Common Configurations. For configurations specific to Azure Spring Apps, see Azure Spring Apps: Configuration Details.

Be sure to save aside the clusterName and appName values for later use.

Prepare the app for deployment

When you deploy your application to Azure Spring Apps, your redirect URL changes to the redirect URL of your deployed app instance in Azure Spring Apps. Use the following steps to change these settings in your application.yml file:

Navigate to your app's src\main\resources\application.yml file and change the value of post-logout-redirect-uri to your deployed app's domain name, as shown in the following example. For example, if you chose cluster-ms-identity-spring-boot-webapp for your Azure Spring Apps instance in the previous step and ms-identity-spring-boot-webapp for your app name, you must now use https://cluster-ms-identity-spring-boot-webapp-ms-identity-spring-boot-webapp.azuremicroservices.io for the post-logout-redirect-uri value.
```
post-logout-redirect-uri: https://<cluster-name>-<app-name>.azuremicroservices.io
```
After saving this file, use the following command to rebuild your app:
```
mvn clean package
```

Important

The application.yml file of the application currently holds the value of your client secret in the client-secret parameter. It isn't good practice to keep this value in this file. You might also be taking a risk if you commit it to a Git repository.

As an extra security step, you can store this value in Azure Key Vault and load the secret from Key Vault to make it available in your application.

Update your Microsoft Entra ID app registration

Because the redirect URI changes to your deployed app on Azure Spring Apps, you also need to change the redirect URI in your Microsoft Entra ID app registration. Use the following steps to make this change:

Navigate to the Microsoft identity platform for developers App registrations page.
Use the search box to search for your app registration - for example, java-servlet-webapp-authentication.
Open your app registration by selecting its name.
Select Authentication from the menu.
In the Web - Redirect URIs section, select Add URI.
Fill out the URI of your app, appending /login/oauth2/code/ - for example, https://<cluster-name>-<app-name>.azuremicroservices.io/login/oauth2/code/.
Select Save.

Deploy the app

Use the following command to deploy the app:

mvn azure-spring-apps:deploy

The following list describes the command interaction:

OAuth2 login: You need to authorize the sign-in to Azure based on the OAuth2 protocol.

After the command is executed, you can see from the following log messages that the deployment was successful:

[INFO] Deployment(default) is successfully created
[INFO] Starting Spring App after deploying artifacts...
[INFO] Deployment Status: Running
[INFO]   InstanceName:demo-default-x-xxxxxxxxxx-xxxxx  Status:Running Reason:null       DiscoverStatus:UNREGISTERED
[INFO]   InstanceName:demo-default-x-xxxxxxxxx-xxxxx  Status:Terminating Reason:null       DiscoverStatus:UNREGISTERED
[INFO] Getting public url of app(demo)...
[INFO] Application url: https://<your-Azure-Spring-Apps-instance-name>-demo.azuremicroservices.io

Validate the app

After the deployment finishes, access the application with the output application URL. Use the following steps to check the app's logs to investigate any deployment issue:

Access the output application URL from the Outputs page of the Deployment section.
From the navigation pane of the Azure Spring Apps instance Overview page, select Logs to check the app's logs.

More information

Next steps

For more information and other deployment options, see the following articles:

Share via