Skip to content

Commit

Permalink
Introduced timeouts for MSAL calls. (#2562)
Browse files Browse the repository at this point in the history 
* Introduced timeouts for MSAL calls.

* Fixed indentation issues.

* Added unit tests

* Added a max wait duration of 20 seconds to MSAL calls

- Added more tests
- Improved test to check for specific error message

* Added Timeout Exception catch clause for one of the auth methods

* Replaced lock with tryLock.

- Replaced lock with tryLock to avoid potential long waiting for other
  threads while one thread is taking long to complete.

* Replaced lock with semaphore for beter readablility.

- Added detailed comment for the usage of semaphore.

* Renamed semAcquired to isSemAcquired

* Fixed indentation for an existing code line

* Change to use Mono::timeout method

* Updated TOKEN_WAIT_DURATION_MS to correct value.

* Improved error messages
  • Loading branch information
@machavan
machavan authored Jan 15, 2025
1 parent 5bb3353 commit 2a3d372
Show file tree
Hide file tree
Showing 4 changed files with 166 additions and 44 deletions.
23 changes: 12 additions & 11 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6110,10 +6110,11 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw
}

while (true) {
int millisecondsRemaining = timerRemaining(timerExpire);
if (authenticationString.equalsIgnoreCase(SqlAuthentication.ACTIVE_DIRECTORY_PASSWORD.toString())) {
fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthToken(fedAuthInfo, user,
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.PASSWORD.toString()),
authenticationString);
authenticationString, millisecondsRemaining);

// Break out of the retry loop in successful case.
break;
Expand All @@ -6125,12 +6126,12 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw

if (null != managedIdentityClientId && !managedIdentityClientId.isEmpty()) {
fedAuthToken = SQLServerSecurityUtility.getManagedIdentityCredAuthToken(fedAuthInfo.spn,
managedIdentityClientId);
managedIdentityClientId, millisecondsRemaining);
break;
}

fedAuthToken = SQLServerSecurityUtility.getManagedIdentityCredAuthToken(fedAuthInfo.spn,
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.MSI_CLIENT_ID.toString()));
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.MSI_CLIENT_ID.toString()), millisecondsRemaining);

// Break out of the retry loop in successful case.
break;
Expand All @@ -6141,12 +6142,12 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw
if (aadPrincipalID != null && !aadPrincipalID.isEmpty() && aadPrincipalSecret != null
&& !aadPrincipalSecret.isEmpty()) {
fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthTokenPrincipal(fedAuthInfo, aadPrincipalID,
aadPrincipalSecret, authenticationString);
aadPrincipalSecret, authenticationString, millisecondsRemaining);
} else {
fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthTokenPrincipal(fedAuthInfo,
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.USER.toString()),
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.PASSWORD.toString()),
authenticationString);
authenticationString, millisecondsRemaining);
}

// Break out of the retry loop in successful case.
Expand All @@ -6159,7 +6160,7 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.USER.toString()),
servicePrincipalCertificate,
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.PASSWORD.toString()),
servicePrincipalCertificateKey, servicePrincipalCertificatePassword, authenticationString);
servicePrincipalCertificateKey, servicePrincipalCertificatePassword, authenticationString, millisecondsRemaining);

// Break out of the retry loop in successful case.
break;
Expand Down Expand Up @@ -6194,7 +6195,7 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw
throw new SQLServerException(form.format(msgArgs), null);
}

int millisecondsRemaining = timerRemaining(timerExpire);
millisecondsRemaining = timerRemaining(timerExpire);
if (ActiveDirectoryAuthentication.GET_ACCESS_TOKEN_TRANSIENT_ERROR != errorCategory
|| timerHasExpired(timerExpire) || (fedauthSleepInterval >= millisecondsRemaining)) {

Expand Down Expand Up @@ -6240,15 +6241,15 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw
Object[] msgArgs = {SQLServerDriver.AUTH_DLL_NAME, authenticationString};
throw new SQLServerException(form.format(msgArgs), null, 0, null);
}
fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthTokenIntegrated(fedAuthInfo, authenticationString);
fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthTokenIntegrated(fedAuthInfo, authenticationString, millisecondsRemaining);
}
// Break out of the retry loop in successful case.
break;
} else if (authenticationString
.equalsIgnoreCase(SqlAuthentication.ACTIVE_DIRECTORY_INTERACTIVE.toString())) {
// interactive flow
fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthTokenInteractive(fedAuthInfo, user,
authenticationString);
authenticationString, millisecondsRemaining);

// Break out of the retry loop in successful case.
break;
Expand All @@ -6258,12 +6259,12 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw

if (null != managedIdentityClientId && !managedIdentityClientId.isEmpty()) {
fedAuthToken = SQLServerSecurityUtility.getDefaultAzureCredAuthToken(fedAuthInfo.spn,
managedIdentityClientId);
managedIdentityClientId, millisecondsRemaining);
break;
}

fedAuthToken = SQLServerSecurityUtility.getDefaultAzureCredAuthToken(fedAuthInfo.spn,
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.MSI_CLIENT_ID.toString()));
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.MSI_CLIENT_ID.toString()), millisecondsRemaining);

break;
}
Expand Down
Loading

0 comments on commit 2a3d372

Please sign in to comment.