Add passwordless to Use Java and JDBC with Azure SQL Database #8829
Conversation
|
@bbenz : Thanks for your contribution! The author(s) have been notified to review your proposed change. |
prmerger-automator
bot
added
Change sent to author
sql-database/svc
development/subsvc
labels
|
Learn Build status updates of commit 9f01a70: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
| Create a *src/main/resources/application.properties* file, and add: | ||
|
|
||
| ```properties | ||
| String url = "jdbc:sqlserver://$AZ_DATABASE_SERVER_NAME.database.windows.net:1433;databaseName=$AZ_DATABASE_NAME;authentication=ActiveDirectoryMSI;" |
There was a problem hiding this comment.
Instead of ActiveDirectoryMSI, let's use the DefaultAzureCredential support that was added in this PR: microsoft/mssql-jdbc#1936. It should just involve replacing authentication=ActiveDirectoryMSI; with authentication=DefaultAzureCredential;. This will be important because managed identity isn't a thing in the local dev scenario. DefaultAzureCredential takes care of that local dev experience, while offering managed identity support when deployed to Azure.
@David-Engel Is the JDBC driver's DefaultAzureCredential support documented anywhere on learn.microsoft.com?
There was a problem hiding this comment.
Thanks, I based my approach on this doc, which will likely have to be updated as well: https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/migrate-sql-database-to-passwordless-connection?tabs=java%2Capp-service%2Cassign-role-service-connector
There was a problem hiding this comment.
Instead of ActiveDirectoryMSI, let's use the DefaultAzureCredential support that was added in this PR: microsoft/mssql-jdbc#1936. It should just involve replacing
authentication=ActiveDirectoryMSI;withauthentication=DefaultAzureCredential;. This will be important because managed identity isn't a thing in the local dev scenario.DefaultAzureCredentialtakes care of that local dev experience, while offering managed identity support when deployed to Azure.@David-Engel David Engel (Simba Technologies Inc) Vendor Is the JDBC driver's DefaultAzureCredential support documented anywhere on learn.microsoft.com?
@scottaddie Yes. The option is authentication=ActiveDirectoryDefault. The value was changed from DefaultAzureCredential before GA to be consistent with other drivers: microsoft/mssql-jdbc#2055
There was a problem hiding this comment.
Hi folks, this is going to take more time than I have to invest this week while on vacation, I'll have to pick it up when I'm back from vacation next week.
@David-Engel, I have created a POC repo with the code at https://github.com/bbenz/azure-sql-passwordless-poc. If you or anyone on your team could work with that code to figure out what the complete solution should be in this exact situation (dependencies to include and the correct connection string), it would be greatly appreciated, and your expertise with the latest options will likely result in many fewer iterations to get to the finish line. All that is needed is to add the correct connection string in the resources/application.properties file and work out what dependencies to include in the pom.xml, the rest of the code is assembled and verified to be able to build successfully. Once that's done I can update the docs with the final (likely small) changes, or feel free to submit an additional pr.
There was a problem hiding this comment.
Ping @David-Engel. Can you please take a look at this for Brian?
| </dependency> | ||
| <dependency> | ||
| <groupId>com.azure</groupId> | ||
| <artifactId>azure-identity</artifactId> |
There was a problem hiding this comment.
I don't think you'll need a dependency on azure-identity. The JDBC driver should give you what you need. See my other comment about using the DefaultAzureCredential support.
There was a problem hiding this comment.
The JDBC driver only has an optional dependency on azure-identity. If an application wants to use JDBC driver features that require it, they do have to add the dependency to their application. There is a long dependency chain we didn't want to bring in to all consumers who aren't using Azure.
|
Learn Build status updates of commit 057a5ef: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
IMPORTANT: When the changes are ready for publication, add a #label:"aq-pr-triaged" |
prmerger-automator
bot
added
the
aq-pr-triaged
|
OK, @scottaddie and @bbenz I see the review is OK but there are still pending comments, please ping me when this is OK on your side and I will sign off |
There was a problem hiding this comment.
My suggested changes should get your demo app running. With them, I was able to run the mvn command to the point that is was only erroring because I didn't have my DB/environment configured for any of the ActiveDirectoryDefault authentication options. (SQL auth worked fine.)
Not mentioned in this article, but understood by Java/Maven devs:
- mvn should be in your PATH
- JAVA_HOME should be defined
| Create a *src/main/resources/application.properties* file, and add: | ||
|
|
||
| ```properties | ||
| String url = "jdbc:sqlserver://$AZ_DATABASE_SERVER_NAME.database.windows.net:1433;databaseName=$AZ_DATABASE_NAME;authentication=ActiveDirectoryMSI;" |
There was a problem hiding this comment.
| String url = "jdbc:sqlserver://$AZ_DATABASE_SERVER_NAME.database.windows.net:1433;databaseName=$AZ_DATABASE_NAME;authentication=ActiveDirectoryMSI;" | |
| url=jdbc:sqlserver://$AZ_DATABASE_SERVER_NAME.database.windows.net:1433;databaseName=$AZ_DATABASE_NAME;authentication=ActiveDirectoryDefault; |
|
|
||
| ```properties | ||
| String url = "jdbc:sqlserver://$AZ_DATABASE_SERVER_NAME.database.windows.net:1433;databaseName=$AZ_DATABASE_NAME;authentication=ActiveDirectoryMSI;" | ||
| Connection con = DriverManager.getConnection(url); |
There was a problem hiding this comment.
| Connection con = DriverManager.getConnection(url); |
| @@ -174,7 +274,7 @@ CREATE TABLE todo (id INT PRIMARY KEY, description VARCHAR(255), details VARCHAR | |||
|
|
|||
| Next, add the Java code that will use JDBC to store and retrieve data from your Azure SQL database. | |||
|
|
|||
| Create a *src/main/java/DemoApplication.java* file, that contains: | |||
| Create a *src/main/java/com/example/demo/DemoApplication.java* file, that contains: | |||
There was a problem hiding this comment.
| Create a *src/main/java/com/example/demo/DemoApplication.java* file, that contains: | |
| Create a *src/main/com/example/demo/DemoApplication.java* file, that contains: |
|
A more general comment: This PR should be against the main branch of the private docs repo. If you don't have access, you can join here. |
|
Closing this PR and resubmitting via sql-docs-pr to comply with the publishing process. |
|
@bbenz Please link the new PR to this one after you open it. That way, we have a nice audit trail of feedback. |
No description provided.