From 7ca25b3873479ce1fbddc448d5c95ca4c19880f8 Mon Sep 17 00:00:00 2001 From: Michael Berry Date: Fri, 29 May 2026 15:47:29 +0100 Subject: [PATCH 1/2] Add timeouts for JWT decoder in AadResourceServerConfiguration Set connection and read timeouts for JWT decoder. --- .../configuration/AadResourceServerConfiguration.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java b/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java index 8eaa7a62d71e..5e6452db178f 100644 --- a/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java +++ b/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java @@ -32,6 +32,7 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.util.StringUtils; +import java.time.Duration; import java.util.ArrayList; import java.util.List; import java.util.Locale; @@ -43,6 +44,9 @@ @Conditional(ResourceServerCondition.class) class AadResourceServerConfiguration { + private Duration JWT_DECODER_CONNECT_TIMEOUT = Duration.ofMillis(500); + private Duration JWT_DECODER_READ_TIMEOUT = Duration.ofMillis(500); + private final RestTemplateBuilder restTemplateBuilder; AadResourceServerConfiguration(RestTemplateBuilder restTemplateBuilder) { @@ -57,8 +61,10 @@ JwtDecoder jwtDecoder(AadAuthenticationProperties aadAuthenticationProperties) { aadAuthenticationProperties.getProfile().getEnvironment().getActiveDirectoryEndpoint(), tenantId); NimbusJwtDecoder nimbusJwtDecoder = NimbusJwtDecoder .withJwkSetUri(identityEndpoints.getJwkSetEndpoint()) - .restOperations(createRestTemplate(restTemplateBuilder)) - .build(); + .restOperations(createRestTemplate(restTemplateBuilder + .connectTimeout(JWT_DECODER_CONNECT_TIMEOUT) + .readTimeout(JWT_DECODER_READ_TIMEOUT))) + .build(); List> validators = createDefaultValidator(aadAuthenticationProperties); nimbusJwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator<>(validators)); return nimbusJwtDecoder; From c8ab2d16faec39275ebd5f200adc15c380dc6a31 Mon Sep 17 00:00:00 2001 From: Michael Berry Date: Fri, 29 May 2026 16:31:50 +0100 Subject: [PATCH 2/2] Change JWT decoder timeouts to static final --- .../aad/configuration/AadResourceServerConfiguration.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java b/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java index 5e6452db178f..c5d32f0c476a 100644 --- a/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java +++ b/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java @@ -44,8 +44,8 @@ @Conditional(ResourceServerCondition.class) class AadResourceServerConfiguration { - private Duration JWT_DECODER_CONNECT_TIMEOUT = Duration.ofMillis(500); - private Duration JWT_DECODER_READ_TIMEOUT = Duration.ofMillis(500); + private static final Duration JWT_DECODER_CONNECT_TIMEOUT = Duration.ofMillis(500); + private static final Duration JWT_DECODER_READ_TIMEOUT = Duration.ofMillis(500); private final RestTemplateBuilder restTemplateBuilder;