-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Managed Identity token acquisition thread will be blocked when the common pool ForkJoinPool exhausted #43631
Comments
Thank you for your feedback. Tagging and routing to the team member best able to assist. |
Just tested, please see the the proven workaround. |
Hi @g2vinay , I have following questions, could you please help explain them to us? CC @saragluna
|
@moarychan Hello! Thanks for investigation.
The API difference is something we can think about. With that said it is my expectation that the MI client being used is using the Lines 491 to 495 in 50af1d0
Caching of MI tokens is a recent feature and is handled entirely at the MSAL layer.
Good question. @g2vinay was there a reason we kept the async only API? |
@g2vinay helped me remember that using the |
Thanks for verifying @moarychan! |
Describe the bug
When using Managed Identity scenario, if you're using credential from
DefaultAzureCredentialBuilder
without a customExecutorService
or directly usingManagedIdentityCredentialBiulder
, you should be aware that the token acquisition thread may not execute in a timely manner.Due to Managed Identity credential does not support the custom
ExecutorService
, and it will run the methodCompletableFuture.supplyAsync(supplier)
, see from AbstractApplicationBase#executeRequestThen the token acquisition thread will use a static common pool
ForkJoinPool.commonPool()
, see from CompletableFuture#supplyAsyncA more specific case is using Spring Boot + Spring Cloud Azure Starter JDBC MySQL + JPA.
Lots of the user's business processing threads are executed in the common pool
java.util.concurrent.ForkJoinPool#common
, and they begin to need to connect to the MySQL database. At this time, because the JDBC authentication plugin is available, then it's called to get access token as password, it will use the Managed Identity Credential, each token request thread will not be executed immediately, and the business thread will be stagnant.Exception or Stack Trace
The token acquisition thread is not started, not found any stack trace within msal4j, stopped here:
and there are lots of threads named started with
ForkJoinPool.commonPool-worker-
, they occupy common pooljava.util.concurrent.ForkJoinPool#common
resources.To Reproduce
Run this reproducer under Azure Managed Identity enabled environment.
Code Snippet
N/A
Expected behavior
Managed Identity credential supports custom
ExecutorService
, better to use a custom thread pool by default when no executor service provided.Screenshots
N/A
Setup (please complete the following information):
Additional context
Related issues:
Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report
The text was updated successfully, but these errors were encountered: