In this post, we explore the newest features, improvements, and bug fixes in Spring Cloud Azure and Java on Azure. We cover versions 5.16.0 to 5.19.0 of Spring Cloud Azure and provide troubleshooting tips for Java processes on Azure Kubernetes Service (AKS). This comprehensive overview shows you what’s new and how it can benefit your projects.<\/p>\n
Discover the latest features and enhancements in Spring Cloud Azure, designed to address common user scenarios and improve your development experience.<\/p>\n
Spring Cloud Azure 5.19.0 now fully supports Spring Boot 3.4.0 and later versions. This means you can apply the latest Spring Boot features in your applications. For more information, see the release notes<\/a>.<\/p>\n Spring Cloud Azure offers flexible configuration properties, prefixed with First, define a Next, add one property entry for it:<\/p>\n Not only can the Apart from configuring the token credential for Azure SDK clients, you could also configure it for other Azure services like Azure Database for MySQL – Flexible Server, Azure Database for PostgreSQL – Flexible Server, Azure Cache for Redis, and Service Bus. The following configuration is an example for the Redis passwordless connection:<\/p>\n And the following configuration is an example for a Service Bus JMS passwordless connection:<\/p>\n Since the Key Vault property source authenticates at an earlier initialization stage, the The Java Diagnostic Tool (diag4j) is a lightweight, nonintrusive monitoring and diagnostic solution for Java applications running on AKS.<\/p>\n Key features of the tool include:<\/p>\n For a detailed guide on getting started with diag4j, see Get started with Java Diagnostic Tool<\/a>. Here’s a video<\/a> about using diag4j.<\/p>\n You can provide feedback or create an issue in this GitHub repository<\/a>.<\/p>\n In the following sections, we iterate through several common scenarios.<\/p>\n Service Bus JMS provides a way to consume Dead Letter Queue (DLQ) messages from a Service Bus queue in the same way as consuming a queue using the First, use the following configuration:<\/p>\n Use the following sample code to consume messages from the Service Bus queue. If the message is invalid, move it to the DLQ of the queue:<\/p>\n Use the following sample code to consume DLQ messages from the Service Bus queue:<\/p>\n Key Vault property sources support automatic refresh. For example, use the following configuration to refresh the secret keys. Then each property source can use a different refresh internal:<\/p>\n Spring Data supports registering multiple data sources. As of Spring Cloud Azure JDBC Starter This configuration uses different authentication methods for each data source. The first data source uses the Azure Identity library’s Enhance your app’s security and performance with the latest updates in Key Vault JCA and Azure Identity Extensions. These updates include support for intermediate certificates and caching Since version 2.10.0, the Key Vault Java Cryptography Architecture (JCA) can read intermediate certificates in certificate chains<\/a>. With the new version of As of Azure Identity Extensions version 1.2.0, the library supports caching of In the following section, note the known issues to be resolved as soon as possible after upgrading the newer version.<\/p>\n As of Spring Cloud Azure version 5.18.0, a defect in merging the global credential properties bean to each SDK properties bean is fixed. If you upgrade from version 5.18.0 to 5.19.0 and use global managed identity credential, you should encounter regression test failures. For more information, see the following GitHub issues:<\/p>\n Your feedback and contributions are always welcome on StackOverflow<\/a> or GitHub<\/a>.<\/p>\n To learn more about Spring Cloud Azure, we invite you to visit the following links:<\/p>\n This post shows the latest Spring Cloud Azure updates.<\/p>\n","protected":false},"author":109450,"featured_media":3332,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[160,871,872],"class_list":["post-3331","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure-sdk","tag-java","tag-spring","tag-spring-cloud-azure"],"acf":[],"blog_post_summary":" This post shows the latest Spring Cloud Azure updates.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/posts\/3331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/users\/109450"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/comments?post=3331"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/posts\/3331\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/media\/3332"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/media?parent=3331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/categories?post=3331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azure-sdk\/wp-json\/wp\/v2\/tags?post=3331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Enhanced configuration of authentication mechanism<\/h3>\n
spring.cloud.azure.credential.<\/code>, to manage several types of credentials, such as service principals and managed identities. With the latest enhancement, you can now use spring.cloud.azure.credential.token-credential-bean-name<\/code> to further customize your authentication beans, providing even greater control over your application’s security.<\/p>\nTokenCredential<\/code> bean in your application:<\/p>\n@Bean\r\nTokenCredential myTokenCredential() {\r\n \/\/ Your concrete TokenCredential instance\r\n}<\/code><\/pre>\nspring:\r\n cloud:\r\n azure:\r\n credential:\r\n token-credential-bean-name: myTokenCredential<\/code><\/pre>\nConfiguration for Azure SDK clients<\/h4>\n
token-credential-bean-name<\/code> property be configured at the spring.cloud.azure<\/code> level, but it can also be configured for each service client. For example, you could configure it for the Azure Storage blob client:<\/p>\nspring:\r\n cloud:\r\n azure:\r\n storage:\r\n blob:\r\n account-name: <your-azure-storage-account-name>\r\n container-name: <your-blob-container-name>\r\n credential:\r\n token-credential-bean-name: myTokenCredential<\/code><\/pre>\nConfiguration for passwordless connections<\/h4>\n
spring:\r\n data:\r\n redis:\r\n host: <your-azure-redis-name>.redis.cache.windows.net\r\n port: 6380\r\n ssl:\r\n enabled: true\r\n azure:\r\n passwordless-enabled: true\r\n credential:\r\n token-credential-bean-name: myTokenCredential<\/code><\/pre>\nspring:\r\n jms:\r\n servicebus:\r\n pricing-tier: <your-service-bus-pricing-tier>\r\n namespace: <your-service-bus-namespace>\r\n topic-client-id: <topic-client-id>\r\n passwordless-enabled: true\r\n credential:\r\n token-credential-bean-name: myTokenCredential<\/code><\/pre>\nConfiguration for Key Vault property source<\/h4>\n
token-credential-bean-name<\/code> property doesn’t take effect on it. But you can still configure a customized TokenCredential<\/code> for it. For example, before the Spring Boot application runs, register a token credential object for authentication to Key Vault:<\/p>\npublic static void main(String[] args) {\r\n SpringApplication application = new SpringApplication(YourSpringApplication.class);\r\n application.addBootstrapRegistryInitializer(registry -> \r\n registry.register(TokenCredential.class, context -> {\r\n \/\/ Your concrete TokenCredential instance \r\n }));\r\n application.run(args);\r\n}<\/code><\/pre>\nNew Java Diagnostic Tool on AKS<\/h3>\n
\n
\n
Common scenarios<\/h2>\n
Dead-lettering a message using Service Bus JMS<\/h3>\n
@JmsListener<\/code> annotation.<\/p>\nspring:\r\n jms:\r\n listener:\r\n session:\r\n acknowledge-mode: CLIENT\r\n transacted: false\r\n servicebus:\r\n pricing-tier: <your-service-bus-pricing-tier>\r\n namespace: <your-service-bus-namespace>\r\n passwordless-enabled: true<\/code><\/pre>\n@Component\r\npublic class QueueReceiveService {\r\n private final Logger LOGGER = LoggerFactory.getLogger(QueueReceiveService.class);\r\n private static final String QUEUE_NAME = \"<your-queue-name>\";\r\n\r\n @JmsListener(destination = QUEUE_NAME, containerFactory = \"jmsListenerContainerFactory\")\r\n public void receiveMessage(JmsObjectMessage message) throws JMSException {\r\n User user = (User) message.getObject();\r\n LOGGER.info(\"Received message from queue: {}.\", user);\r\n if (user.getName().toLowerCase().contains(\"invalid\")) {\r\n message.setIntProperty(JmsMessageSupport.JMS_AMQP_ACK_TYPE, REJECTED);\r\n message.acknowledge();\r\n LOGGER.info(\"Move message into dead letter queue: {}.\", user);\r\n }\r\n }\r\n}<\/code><\/pre>\n@Component\r\npublic class DeadLetterQueueReceiveService {\r\n private final Logger LOGGER = LoggerFactory.getLogger(DeadLetterQueueReceiveService.class);\r\n private static final String QUEUE_NAME = \"<your-queue-name>\";\r\n private static final String DEAD_LETTER_QUEUE_NAME_SUFFIX = \"\/$deadletterqueue\";\r\n private static final String DEAD_LETTER_QUEUE_NAME = QUEUE_NAME + DEAD_LETTER_QUEUE_NAME_SUFFIX;\r\n\r\n @JmsListener(destination = DEAD_LETTER_QUEUE_NAME, containerFactory = \"jmsListenerContainerFactory\")\r\n public void receiveDeadLetterMessage(JmsObjectMessage message) throws JMSException {\r\n User user = (User) message.getObject();\r\n LOGGER.info(\"Received message from dead letter queue: {}.\", user);\r\n }\r\n}<\/code><\/pre>\nRefresh Key Vault property sources<\/h3>\n
spring:\r\n cloud:\r\n azure:\r\n keyvault:\r\n secret:\r\n property-source-enabled: true\r\n property-sources:\r\n - endpoint: ${KEY_VAULT_ENDPOINT_1}\r\n name: KeyVault1\r\n refresh-interval: 10s\r\n secret-keys:\r\n - one-minutes-available-username\r\n - one-minutes-available-password\r\n - endpoint: ${KEY_VAULT_ENDPOINT_2}\r\n name: KeyVault2\r\n refresh-interval: 30s\r\n secret-keys: game-rules<\/code><\/pre>\nConfigure passwordless connections with multiple data sources<\/h3>\n
5.18.0<\/code>, it also supports multiple data sources with passwordless connections. For example, use the following configuration to define two database sources for different operation permissions. One source is for read operations and the other is for write operations:<\/p>\nspring:\r\n datasource:\r\n read:\r\n url: <your-azure-database-jdbc-url>\r\n username: <your-database-user-name-for-read>\r\n azure:\r\n passwordless-enabled: true\r\n write:\r\n url: <your-azure-database-jdbc-url>\r\n username: <your-database-user-name-for-write>\r\n azure:\r\n passwordless-enabled: true\r\n credential:\r\n token-credential-bean-name: myTokenCredential<\/code><\/pre>\nDefaultAzureCredential<\/code> to authenticate with Microsoft Entra ID. The second data source uses the customized token credential bean.<\/p>\nProtect your applications with efficiency<\/h2>\n
TokenCredential<\/code> instances.<\/p>\nKey Vault JCA supports loading of intermediate certificates<\/h3>\n
azure-security-keyvault-jca<\/code>, such kinds of certificates can be used too:<\/p>\n\n
Azure Identity Extensions now supports caching of token credential instances<\/h3>\n
TokenCredential<\/code> objects across multiple authentication invocations by default via the property azure.tokenCredentialCacheEnabled<\/code>. This capability reduces the number of Microsoft Entra access token requests. For example, when using the Azure Identity library’s WorkloadIdentityCredential<\/code>, more pressure is placed on the internal authorization server for access token acquisition if the token credential caching disabled. To disable token credential caching and to customize the access token acquisition timeout, use the following code:<\/p>\nProperties properties = new Properties();\r\nproperties.setProperty(\"user\", \"<your-database-username>\");\r\nproperties.setProperty(\"authenticationPluginClassName\", \r\n \"com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin\");\r\nproperties.setProperty(\"azure.tokenCredentialCacheEnabled\", \"false\");\r\nString url = \"<your-database-jdbc-url>\";\r\nConnection connection = DriverManager.getConnection(url, properties);\r\n\/\/ use connection to execute SQL<\/code><\/pre>\nKnown issues<\/h2>\n
Use global managed identity credential<\/h3>\n
\n
Feedback<\/h2>\n
Resources<\/h2>\n
\n