Potential fix for pull request finding

rujche · Copilot · web-flow · commit cbaa20bd5766 · 2026-05-06T18:36:31.000+08:00
Co-authored-by: Copilot Autofix powered by AI &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java b/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadResourceServerConfiguration.java
@@ -92,8 +92,8 @@ private static void validateTenantId(String tenantId) {
             || "consumers".equalsIgnoreCase(tenantId)) {
             throw new IllegalArgumentException(
                 "For resource server, 'spring.cloud.azure.active-directory.profile.tenant-id' cannot be null, empty, or set to 'common', 'organizations', or 'consumers'. "
-                + "This configuration would accept tokens from any Azure AD tenant, creating a security vulnerability. "
-                + "Please configure a specific tenant ID to restrict token validation to your organization's tenant only.");
+                + "These values are not supported for resource server token validation because a specific tenant ID is required to validate the token 'tid' claim and issuer against a single Azure AD tenant. "
+                + "Please configure an explicit tenant ID for your organization's tenant.");
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -92,8 +92,8 @@ private static void validateTenantId(String tenantId) {`
`92`	`92`	`\|\| "consumers".equalsIgnoreCase(tenantId)) {`
`93`	`93`	`throw new IllegalArgumentException(`
`94`	`94`	`"For resource server, 'spring.cloud.azure.active-directory.profile.tenant-id' cannot be null, empty, or set to 'common', 'organizations', or 'consumers'. "`
`95`		`- + "This configuration would accept tokens from any Azure AD tenant, creating a security vulnerability. "`
`96`		`- + "Please configure a specific tenant ID to restrict token validation to your organization's tenant only.");`
	`95`	`+ + "These values are not supported for resource server token validation because a specific tenant ID is required to validate the token 'tid' claim and issuer against a single Azure AD tenant. "`
	`96`	`+ + "Please configure an explicit tenant ID for your organization's tenant.");`
`97`	`97`	`}`
`98`	`98`	`}`
`99`	`99`