Update readme and throw exception for abnormal http status codes (Azure#44544)

Author: moarychan

sdk/keyvault/azure-security-keyvault-jca/CHANGELOG.md

@@ -7,6 +7,7 @@
 ### Breaking Changes
 
 ### Bugs Fixed
+- Fixed bug: Missing logging for abnormal http status codes when processing HTTP responses. [#42859](https://github.com/Azure/azure-sdk-for-java/issues/42859).
 
 ### Other Changes
 

sdk/keyvault/azure-security-keyvault-jca/README.md

@@ -10,6 +10,20 @@ Azure Key Vault. It is built on four principles:
 [Source code] | [API reference documentation] | [Product documentation] | [Samples]
 
 ## Getting started
+
+### Prerequisites
+- A [Java Development Kit (JDK)][jdk_link], version 8 or later.
+    - Here are details about [Java 8 client compatibility with Azure Certificate Authority](https://learn.microsoft.com/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list#client-compatibility-for-public-pkis).
+- [Azure Subscription][azure_subscription]
+- An existing [Azure Key Vault][azure_keyvault]. If you need to create a Key Vault, you can use the [Azure Cloud Shell][azure_cloud_shell] to create one with this Azure CLI command. Replace `<your-resource-group-name>` and `<your-key-vault-name>` with your own, unique names:
+
+  ```Bash
+  az keyvault create --resource-group <your-resource-group-name> --name <your-key-vault-name>
+  ```
+- Access configuration:
+    - If using [role-based](https://learn.microsoft.com/azure/key-vault/general/rbac-guide) access, assign the roles: `Key Vault Secrets User` and `Key Vault Certificate User`. If used for Jar signing, add role `Key Vault Crypto User`.
+    - If using [access policy](https://learn.microsoft.com/azure/key-vault/general/assign-access-policy), add the permissions: `get` and `list` Secret permissions, `get` and `list` Certificate permissions. If used for Jar signing, add `Sign` Cryptographic Operations.
+
 ### Include the package
 
 #### Include the BOM file
@@ -55,16 +69,6 @@ add the direct dependency to your project as follows.
 ```
 [//]: # ({x-version-update-end})
 
-### Prerequisites
-- A [Java Development Kit (JDK)][jdk_link], version 8 or later.
-  - Here are details about [Java 8 client compatibility with Azure Certificate Authority](https://learn.microsoft.com/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list#client-compatibility-for-public-pkis).
-- [Azure Subscription][azure_subscription]
-- An existing [Azure Key Vault][azure_keyvault]. If you need to create a Key Vault, you can use the [Azure Cloud Shell][azure_cloud_shell] to create one with this Azure CLI command. Replace `<your-resource-group-name>` and `<your-key-vault-name>` with your own, unique names:
-
-```Bash
-az keyvault create --resource-group <your-resource-group-name> --name <your-key-vault-name>
-```
-
 ## Key concepts
 ### SSL/TLS and mTLS
 The JCA library supports SSL/TLS and mTLS (Mutual TLS) to enhance security in secure communication channels. It enables applications to securely retrieve certificates from Azure Key Vault and use them for TLS-related operations.

sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/utils/HttpUtil.java

@@ -36,6 +36,7 @@
 import java.util.logging.Logger;
 import java.util.stream.Stream;
 
+import static java.util.logging.Level.SEVERE;
 import static java.util.logging.Level.WARNING;
 
 /**
@@ -139,11 +140,18 @@ public static HttpResponse getWithResponse(String uri, Map<String, String> heade
     private static ResponseHandler<String> createResponseHandler() {
         return (HttpResponse response) -> {
             int status = response.getStatusLine().getStatusCode();
-            String result = null;
+            String result;
 
             if (status >= 200 && status < 300) {
                 HttpEntity entity = response.getEntity();
                 result = entity != null ? EntityUtils.toString(entity) : null;
+            } else {
+                String errorMessage = "Fail to get response from Key Vault because return http status code is " + status
+                    + ". It "
+                    + "can be caused by missing permissions or roles. To know how to add permissions or roles, see "
+                    + "https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/keyvault/azure-security-keyvault-jca#prerequisites.";
+                LOGGER.log(SEVERE, errorMessage);
+                throw new RuntimeException(errorMessage);
             }
 
             return result;