Azure · moarychan · Mar 7, 2025 · Mar 7, 2025
@@ -7,6 +7,7 @@
 ### Breaking Changes
 
 ### Bugs Fixed
+- Add logging for abnormal http status codes when processing HTTP responses. [#42859](https://github.com/Azure/azure-sdk-for-java/issues/42859).
 
 ### Other Changes
 

@@ -10,6 +10,20 @@ Azure Key Vault. It is built on four principles:
 [Source code] | [API reference documentation] | [Product documentation] | [Samples]
 
 ## Getting started
+
+### Prerequisites
+- A [Java Development Kit (JDK)][jdk_link], version 8 or later.
+    - Here are details about [Java 8 client compatibility with Azure Certificate Authority](https://learn.microsoft.com/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list#client-compatibility-for-public-pkis).
+- [Azure Subscription][azure_subscription]
+- An existing [Azure Key Vault][azure_keyvault]. If you need to create a Key Vault, you can use the [Azure Cloud Shell][azure_cloud_shell] to create one with this Azure CLI command. Replace `<your-resource-group-name>` and `<your-key-vault-name>` with your own, unique names:
+
+  ```Bash
+  az keyvault create --resource-group <your-resource-group-name> --name <your-key-vault-name>
+  ```
+- Access configuration:
+    - If using [role-based](https://learn.microsoft.com/azure/key-vault/general/rbac-guide) access, assign the roles: `Key Vault Secrets User` and `Key Vault Certificate User`. If used for Jar signing, add role `Key Vault Crypto User`.
+    - If using [access policy](https://learn.microsoft.com/azure/key-vault/general/assign-access-policy), add the permissions: `get` and `list` Secret permissions, `get` and `list` Certificate permissions. If used for Jar signing, add `Sign` Cryptographic Operations.
+
 ### Include the package
 
 #### Include the BOM file
@@ -55,16 +69,6 @@ add the direct dependency to your project as follows.
 ```
 [//]: # ({x-version-update-end})
 
-### Prerequisites
-- A [Java Development Kit (JDK)][jdk_link], version 8 or later.
-  - Here are details about [Java 8 client compatibility with Azure Certificate Authority](https://learn.microsoft.com/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list#client-compatibility-for-public-pkis).
-- [Azure Subscription][azure_subscription]
-- An existing [Azure Key Vault][azure_keyvault]. If you need to create a Key Vault, you can use the [Azure Cloud Shell][azure_cloud_shell] to create one with this Azure CLI command. Replace `<your-resource-group-name>` and `<your-key-vault-name>` with your own, unique names:
-
-```Bash
-az keyvault create --resource-group <your-resource-group-name> --name <your-key-vault-name>
-```
-
 ## Key concepts
 ### SSL/TLS and mTLS
 The JCA library supports SSL/TLS and mTLS (Mutual TLS) to enhance security in secure communication channels. It enables applications to securely retrieve certificates from Azure Key Vault and use them for TLS-related operations.

@@ -144,6 +144,11 @@ private static ResponseHandler<String> createResponseHandler() {
             if (status >= 200 && status < 300) {
                 HttpEntity entity = response.getEntity();
                 result = entity != null ? EntityUtils.toString(entity) : null;
+            } else {
+                LOGGER.log(WARNING, "Can not get response successfully because return http status code is " + status
+                    + ". "
+                    + "It can be caused by missing permissions or roles. To know how to add permissions or roles, "
+                    + "see https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/keyvault/azure-security-keyvault-jca#prerequisites.");
             }
 
             return result;