Support web app and web api in the same application (Azure#22674)

Author: Moary Chen

sdk/spring/azure-spring-boot-starter-active-directory-b2c/README.md

@@ -249,7 +249,7 @@ This scenario is based on **Accessing a web application** scenario to allow appl
 1. Write your `Webapp` Java code.
 
    Controller code can refer to the following:
-    <!-- embedme ..azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/WebappAccessResourceController.java#L25-L43 -->
+    <!-- embedme ../azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/WebappAccessResourceController.java#L25-L43 -->
     ```java
     /**
      * Access to protected data from Webapp to WebApiA through client credential flow. The access token is obtained by webclient, or
@@ -273,7 +273,7 @@ This scenario is based on **Accessing a web application** scenario to allow appl
     ```
 
    Security configuration code is the same with **Accessing a web application** scenario, another bean `webClient`is added as follows:
-    <!-- embedme ..azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/WebappAccessResourceConfiguration.java#33-L40 -->
+    <!-- embedme ../azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/WebappAccessResourceConfiguration.java#33-L40 -->
     ```java
     @Bean
     public WebClient webClient(OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
@@ -328,7 +328,7 @@ This scenario not support login. Just protect the server by validating the acces
 1. Write your Java code.
 
    Controller code can refer to the following:
-    <!-- embedme ..azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/ResourceServerController.java#L25-L34 -->
+    <!-- embedme ../azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/ResourceServerController.java#L25-L34 -->
     ```java
     /**
      * webApiA resource api for web app
@@ -343,7 +343,7 @@ This scenario not support login. Just protect the server by validating the acces
     ```
 
    Security configuration code can refer to the following:
-    <!-- embedme ..azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/ResourceServerConfiguration.java#L11-L22 -->
+    <!-- embedme ../azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/ResourceServerConfiguration.java#L11-L22 -->
     ```java
     @EnableWebSecurity
     @EnableGlobalMethodSecurity(prePostEnabled = true)
@@ -416,7 +416,7 @@ This scenario is an upgrade of **Accessing a resource server**, supports access
 1. Write your Java code.
 
    WebApiA controller code can refer to the following:
-    <!-- embedme ..azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/ResourceServerController.java#L47-L66 -->
+    <!-- embedme ../azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/ResourceServerController.java#L47-L66 -->
     ```java
     /**
      * Access to protected data from WebApiA to WebApiB through client credential flow. The access token is obtained by webclient, or
@@ -441,7 +441,7 @@ This scenario is an upgrade of **Accessing a resource server**, supports access
     ```
 
    WebApiB controller code can refer to the following:
-    <!-- embedme ..azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/ResourceServerController.java#L36-L45 -->
+    <!-- embedme ../azure-spring-boot/src/samples/java/com/azure/spring/autoconfigure/b2c/ResourceServerController.java#L36-L45 -->
     ```java
     /**
      * webApiB resource api for other web application

sdk/spring/azure-spring-boot-starter-active-directory/CHANGELOG.md

@@ -1,11 +1,33 @@
 # Release History
 
 ## 3.7.0-beta.1 (Unreleased)
+### New Features
+- Add property `azure.activedirectory.application-type` to configure the application type.
+
+    Here are the 4 valid values:
+    - *web_application*: Web Application.
+    - *resource_server*: Resource Server.
+    - *resource_server_with_obo*: Resource Server with authorization grant type `on_behalf_of`.
+    - *web_application_and_resource_server*: Web Application and Resource Server in one application, it also supports `on_behalf_of`.
+
+    This property is optional, its value can be inferred by dependencies, only `web_application_and_resource_server` must be configured manually: `azure.activedirectory.application-type=web_application_and_resource_server`.
+    
+    Here is the table about how the AAD starter infers application type by dependencies:
+    
+    | Has dependency: spring-security-oauth2-client | Has dependency: spring-security-oauth2-resource-server |                  Valid values of application type                 | Default value               |
+    |-----------------------------------------------|--------------------------------------------------------|-------------------------------------------------------------------|-----------------------------|
+    |                      Yes                      |                          No                            |                       `web_application`                           |       `web_application`     |
+    |                      No                       |                          Yes                           |                       `resource_server`                           |       `resource_server`     |
+    |                      Yes                      |                          Yes                           | `resource_server_with_obo`, `web_application_and_resource_server` | `resource_server_with_obo`  |
+
+- Support new value `on_behalf_of` for OBO authorization grant type, originally we only support `on-behalf-of`.
+
 
 ## 3.6.1 (2021-07-02)
 ### New Features
 - Upgrade to [spring-boot-dependencies:2.5.2](https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-dependencies/2.5.2/spring-boot-dependencies-2.5.2.pom).
 - Upgrade to [spring-cloud-dependencies:2020.0.3](https://repo.maven.apache.org/maven2/org/springframework/cloud/spring-cloud-dependencies/2020.0.3/spring-cloud-dependencies-2020.0.3.pom).
+
 ### Key Bug Fixes
 - Fix [cve-2021-22119](https://tanzu.vmware.com/security/cve-2021-22119).