SQL Server Azure WebApp SystemAssignedIdentiy not working with JDBC driver above 10.1.x, MSI Token failure

kqlmhetl  于 2023-04-19  发布在  其他
关注(0)|答案(1)|浏览(97)

When upgrading our Java WebApp (SpringBoot) to a newer than 10.1 (>= 10.2 or 11.x or 12.x) version of the JDBC connection driver, it is now failing with the following Exception:

SQLServerException: MSI Token failure: Failed to acquire token from MSI Endpoint

With Version 12.2 we get a slightly different Exception:

IOException: Server returned HTTP response code: 401 for URL: http://169.254.132.2:8081/msi/token?resource=https%3A%2F%2Fdatabase.windows.net%2F&api-version=2017-09-01

We are using an Azure WebApp with SystemAssigned Identity:

The mentioned user has access to the database (with JDBC driver version 10.1 it works perfect).

I then tried to reproduce it with a freshly set up web app and with a demo application that contains only this code (with correct server and db names):

public class Application {
  public static void main(String[] args) throws Exception {
    SQLServerDataSource ds = new SQLServerDataSource();
    ds.setServerName("server-name");
    ds.setDatabaseName("database-name");
    ds.setAuthentication("ActiveDirectoryMSI");

    try (Connection connection = ds.getConnection();
        Statement stmt = connection.createStatement();
        ResultSet rs = stmt.executeQuery("SELECT * FROM exampledata")) {
      if (rs.next()) {
        System.out.println("Data can be read: " + rs.getString(1));
      } else {
        System.out.println("No Data could be fetched...");
      }
    }
  }
}

This results in the same exception: SQLServerException: MSI Token failure: Failed to acquire token from MSI Endpoint

Then I tried the same using Username/Password authentication ( ds.setAuthentication("SqlPassword") ). With that everything works fine. But this is not an option for us.

Reading through the internet, previous posts mentioned that it is an issue with the JDBC driver. But that's long ago and there would be 3 Major versions affected. So I assume something different is wrong. Any ideas?

monwx1rj

monwx1rj1#

As mentioned in this github issue ( https://github.com/microsoft/mssql-jdbc/issues/2103 ), it was really a driver version incompatibility (azure-msal, azure-identity). Choosing the correct transitive dependencies solved the issue, at least for JDBC version 12.x. Fixes for versions 10.x + 11.x should be ready soon.

相关问题