com.mysql.cj.protocol.a

Class NativeAuthenticationProvider

java.lang.Object

com.mysql.cj.protocol.a.NativeAuthenticationProvider

All Implemented Interfaces:

AuthenticationProvider<NativePacketPayload>

public class NativeAuthenticationProvider
extends java.lang.Object
implements AuthenticationProvider<NativePacketPayload>

Field Summary

Fields

Modifier and Type	Field and Description
private static int	AUTH_411_OVERHEAD
private java.util.Map<java.lang.String,AuthenticationPlugin<NativePacketPayload>>	authenticationPlugins Contains instances of authentication plugins that implements AuthenticationPlugin interface.
private MysqlCallbackHandler	callbackHandler A callback for updating the username from the authentication plugin.
private boolean	clientDefaultAuthenticationPluginExplicitelySet Was the client default authentication plugin explicitly set?
private java.lang.String	clientDefaultAuthenticationPluginName Protocol name of default authentication plugin in client
private java.lang.String	database
private ExceptionInterceptor	exceptionInterceptor
private static java.lang.String	NONE
private java.lang.String	password
private PropertySet	propertySet
private Protocol<NativePacketPayload>	protocol
private java.lang.String	seed
private java.lang.String	serverDefaultAuthenticationPluginName Protocol name of default authentication plugin in server
private boolean	useConnectWithDb
private java.lang.String	username

Constructor Summary

Constructors

Constructor and Description
NativeAuthenticationProvider()

Method Summary

Modifier and Type	Method and Description
private void	appendConnectionAttributes(NativePacketPayload buf, java.lang.String attributes, java.lang.String enc)
void	changeUser(java.lang.String user, java.lang.String pass, java.lang.String db) Re-authenticates as the given user and password
private void	checkConfidentiality(AuthenticationPlugin<?> plugin) Check if given plugin requires confidentiality, but connection is without SSL
void	connect(java.lang.String user, java.lang.String pass, java.lang.String db) Initialize communications with the MySQL server.
private NativePacketPayload	createChangeUserPacket(ServerSession serverSession, java.lang.String pluginName, NativePacketPayload authData)
private NativePacketPayload	createHandshakeResponsePacket(ServerSession serverSession, java.lang.String pluginName, NativePacketPayload authData)
private AuthenticationPlugin<NativePacketPayload>	getAuthenticationPlugin(java.lang.String pluginName) Get an authentication plugin instance from the authentication plugins map by pluginName key.
private java.util.Map<java.lang.String,java.lang.String>	getConnectionAttributesMap(java.lang.String attStr)
ExceptionInterceptor	getExceptionInterceptor()
private java.lang.String	getNthFactorPassword(int nthFactor)
void	init(Protocol<NativePacketPayload> prot, PropertySet propSet, ExceptionInterceptor excInterceptor)
private void	loadAuthenticationPlugins() Fill the authentication plugins map.
private void	proceedHandshakeWithPluggableAuthentication(NativePacketPayload challenge) Performs an authentication handshake to authorize connection to a given database as a given MySQL user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AUTH_411_OVERHEAD

private static final int AUTH_411_OVERHEAD

See Also:

Constant Field Values

NONE

private static final java.lang.String NONE

See Also:

Constant Field Values

seed

private java.lang.String seed

username

private java.lang.String username

password

private java.lang.String password

database

private java.lang.String database

useConnectWithDb

private boolean useConnectWithDb

exceptionInterceptor

private ExceptionInterceptor exceptionInterceptor

propertySet

private PropertySet propertySet

protocol

private Protocol<NativePacketPayload> protocol

authenticationPlugins

private java.util.Map<java.lang.String,AuthenticationPlugin<NativePacketPayload>> authenticationPlugins

Contains instances of authentication plugins that implements AuthenticationPlugin interface. Key values are MySQL protocol plugin names, for example "mysql_native_password" and "mysql_old_password" for built-in plugins.

clientDefaultAuthenticationPluginName

private java.lang.String clientDefaultAuthenticationPluginName

Protocol name of default authentication plugin in client

clientDefaultAuthenticationPluginExplicitelySet

private boolean clientDefaultAuthenticationPluginExplicitelySet

Was the client default authentication plugin explicitly set?

serverDefaultAuthenticationPluginName

private java.lang.String serverDefaultAuthenticationPluginName

Protocol name of default authentication plugin in server

callbackHandler

private MysqlCallbackHandler callbackHandler

A callback for updating the username from the authentication plugin.

Constructor Detail

NativeAuthenticationProvider

public NativeAuthenticationProvider()

Method Detail

init

public void init(Protocol<NativePacketPayload> prot,
                 PropertySet propSet,
                 ExceptionInterceptor excInterceptor)

Specified by:

init in interface AuthenticationProvider<NativePacketPayload>

connect

public void connect(java.lang.String user,
                    java.lang.String pass,
                    java.lang.String db)

Initialize communications with the MySQL server. Handles logging on, and handling initial connection errors.

Specified by:

connect in interface AuthenticationProvider<NativePacketPayload>

Parameters:

user - user name

pass - password

db - database name

loadAuthenticationPlugins

private void loadAuthenticationPlugins()

Fill the authentication plugins map. Starts by filling the map with instances of the built-in authentication plugins. Then creates instances of plugins listed in the "authenticationPlugins" connection property and adds them to the map too. The key for the map entry is got by AuthenticationPlugin.getProtocolPluginName() thus it is possible to replace built-in plugins with custom implementations. To do it, the custom plugin should return one of the values "mysql_native_password", "mysql_clear_password", "sha256_password", "caching_sha2_password", "mysql_old_password", "authentication_ldap_sasl_client" or "authentication_kerberos_client" from its own getProtocolPluginName() method.

getAuthenticationPlugin

private AuthenticationPlugin<NativePacketPayload> getAuthenticationPlugin(java.lang.String pluginName)

Get an authentication plugin instance from the authentication plugins map by pluginName key. If such plugin is found, its method AuthenticationPlugin.isReusable() is called and if the value returned is false then a new instance of the plugin is returned otherwise the instance that already exists is returned. If plugin is not found method returns null, in such case the subsequent behavior of handshake process depends on type of last packet received from server: if it was Auth Challenge Packet then handshake will proceed with default plugin, if it was Auth Method Switch Request Packet then handshake will be interrupted with exception.

Parameters:

pluginName - mysql protocol plugin names, for example "mysql_native_password" and "mysql_old_password" for built-in plugins

Returns:

null if plugin is not found or authentication plugin instance initialized with current connection properties

checkConfidentiality

private void checkConfidentiality(AuthenticationPlugin<?> plugin)

Check if given plugin requires confidentiality, but connection is without SSL

Parameters:

plugin - AuthenticationPlugin

proceedHandshakeWithPluggableAuthentication

private void proceedHandshakeWithPluggableAuthentication(NativePacketPayload challenge)

Performs an authentication handshake to authorize connection to a given database as a given MySQL user. This can happen upon initial connection to the server, after receiving Auth Challenge Packet, or at any moment during the connection life-time via a Change User request. This method will use registered authentication plugins as requested by the server.

Parameters:

challenge - the Auth Challenge Packet received from server if this method is used during the initial connection. Otherwise null.

getNthFactorPassword

private java.lang.String getNthFactorPassword(int nthFactor)

getConnectionAttributesMap

private java.util.Map<java.lang.String,java.lang.String> getConnectionAttributesMap(java.lang.String attStr)

appendConnectionAttributes

private void appendConnectionAttributes(NativePacketPayload buf,
                                        java.lang.String attributes,
                                        java.lang.String enc)

getExceptionInterceptor

public ExceptionInterceptor getExceptionInterceptor()

changeUser

public void changeUser(java.lang.String user,
                       java.lang.String pass,
                       java.lang.String db)

Re-authenticates as the given user and password

Specified by:

changeUser in interface AuthenticationProvider<NativePacketPayload>

Parameters:

user - user name

pass - password

db - database name

createHandshakeResponsePacket

private NativePacketPayload createHandshakeResponsePacket(ServerSession serverSession,
                                                          java.lang.String pluginName,
                                                          NativePacketPayload authData)

createChangeUserPacket

private NativePacketPayload createChangeUserPacket(ServerSession serverSession,
                                                   java.lang.String pluginName,
                                                   NativePacketPayload authData)