search

Azure / azure-sdk-for-java

This repository is for active development of the Azure SDK for Java. For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/java/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-java.
MIT License
2.3k stars 1.96k forks source link

[BUG] The JWK set cache configuration is not applied for beans AadAppRoleStatelessAuthenticationFilter and JwtDecoderFactory #41349

Open moarychan opened 1 month ago

moarychan commented 1 month ago

Describe the bug

When user configures the below properties:

spring.cloud.azure.active-directory.jwk-set-cache-lifespan: xxx
spring.cloud.azure.active-directory.jwk-set-cache-refresh-time: xxx

The configured JWK set cache is not applied for below beans:

https://github.com/Azure/azure-sdk-for-java/blob/8c9ea1a6a8b4f4fc5b0ad848baf9ecea31d40c9b/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadAuthenticationFilterAutoConfiguration.java#L74-L87

https://github.com/Azure/azure-sdk-for-java/blob/8c9ea1a6a8b4f4fc5b0ad848baf9ecea31d40c9b/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/filter/UserPrincipalManager.java#L97

https://github.com/spring-projects/spring-security/blob/2cc6cbdb77d761cdfc7d792bb2d772c2b9186e93/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java#L379-L397

Exception or Stack Trace Will always use the default cache value. Check the url access frequency. image

To Reproduce Use sample aad-resource-server-by-filter-stateless and aad-web-application-and-resource-server.

Code Snippet N/A

Expected behavior Apply the user configured jwk set cache.

Screenshots If applicable, add screenshots to help explain your problem.

Setup (please complete the following information):

If you suspect a dependency version mismatch (e.g. you see NoClassDefFoundError, NoSuchMethodError or similar), please check out Troubleshoot dependency version conflict article first. If it doesn't provide solution for the problem, please provide:

Additional context N/A

Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

github-actions[bot] commented 1 month ago

@moarychan @netyyyy @rujche @saragluna

github-actions[bot] commented 1 month ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.