com.mysql.cj.protocol.a.authentication

Class AuthenticationKerberosClient

java.lang.Object

com.mysql.cj.protocol.a.authentication.AuthenticationKerberosClient

All Implemented Interfaces:

AuthenticationPlugin<NativePacketPayload>

public class AuthenticationKerberosClient
extends java.lang.Object
implements AuthenticationPlugin<NativePacketPayload>

MySQL 'authentication_kerberos_client' authentication plugin.

Field Summary

Fields

Modifier and Type	Field and Description
private static java.lang.String	AUTHENTICATION_MECHANISM
private java.lang.String	cachedPrincipalName
private javax.security.auth.callback.CallbackHandler	credentialsCallbackHandler
private static java.lang.String	LOGIN_CONFIG_ENTRY
private java.lang.String	password
static java.lang.String	PLUGIN_NAME
private javax.security.sasl.SaslClient	saslClient
private java.lang.String	sourceOfAuthData
private javax.security.auth.Subject	subject
private java.lang.String	user
private MysqlCallbackHandler	usernameCallbackHandler
private java.lang.String	userPrincipalName

Constructor Summary

Constructors

Constructor and Description
AuthenticationKerberosClient()

Method Summary

Modifier and Type	Method and Description
void	destroy() Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.
java.lang.String	getProtocolPluginName() Returns the client-side name that the MySQL server uses on the wire for this plugin.
void	init(Protocol<NativePacketPayload> prot, MysqlCallbackHandler cbh) Initializes this plugin with a direct Protocol reference and a generic MysqlCallbackHandler that can be used to pass over information back to the authentication provider.
private void	initializeAuthentication()
boolean	isReusable()
boolean	nextAuthenticationStep(NativePacketPayload fromServer, java.util.List<NativePacketPayload> toServer) Process authentication handshake data from server and optionally produce data to be sent back to the server.
boolean	requiresConfidentiality() Does this plugin require the connection itself to be confidential (i.e.
void	reset() Resets the authentication steps sequence.
void	setAuthenticationParameters(java.lang.String user, java.lang.String password) This method called from Connector/J before first nextAuthenticationStep call.
void	setSourceOfAuthData(java.lang.String sourceOfAuthData) Connector/J uses this method to identify the source of the authentication data, as an authentication plugin name, that will be available to the next authentication step(s).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.mysql.cj.protocol.AuthenticationPlugin

init

Field Detail

PLUGIN_NAME

public static java.lang.String PLUGIN_NAME

LOGIN_CONFIG_ENTRY

private static final java.lang.String LOGIN_CONFIG_ENTRY

See Also:

Constant Field Values

AUTHENTICATION_MECHANISM

private static final java.lang.String AUTHENTICATION_MECHANISM

See Also:

Constant Field Values

sourceOfAuthData

private java.lang.String sourceOfAuthData

usernameCallbackHandler

private MysqlCallbackHandler usernameCallbackHandler

user

private java.lang.String user

password

private java.lang.String password

userPrincipalName

private java.lang.String userPrincipalName

subject

private javax.security.auth.Subject subject

cachedPrincipalName

private java.lang.String cachedPrincipalName

credentialsCallbackHandler

private javax.security.auth.callback.CallbackHandler credentialsCallbackHandler

saslClient

private javax.security.sasl.SaslClient saslClient

Constructor Detail

AuthenticationKerberosClient

public AuthenticationKerberosClient()

Method Detail

init

public void init(Protocol<NativePacketPayload> prot,
                 MysqlCallbackHandler cbh)

Description copied from interface: AuthenticationPlugin

Initializes this plugin with a direct Protocol reference and a generic MysqlCallbackHandler that can be used to pass over information back to the authentication provider. For example an authentication plugin may accept null usernames and use that information to obtain them from some external source, such as the system login.

Specified by:

init in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

prot - the protocol instance

cbh - a callback handler to provide additional information to the authentication provider

reset

public void reset()

Description copied from interface: AuthenticationPlugin

Resets the authentication steps sequence.

Specified by:

reset in interface AuthenticationPlugin<NativePacketPayload>

destroy

public void destroy()

Description copied from interface: AuthenticationPlugin

Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.

Specified by:

destroy in interface AuthenticationPlugin<NativePacketPayload>

getProtocolPluginName

public java.lang.String getProtocolPluginName()

Description copied from interface: AuthenticationPlugin

Returns the client-side name that the MySQL server uses on the wire for this plugin.

Specified by:

getProtocolPluginName in interface AuthenticationPlugin<NativePacketPayload>

Returns:

plugin name

requiresConfidentiality

public boolean requiresConfidentiality()

Description copied from interface: AuthenticationPlugin

Does this plugin require the connection itself to be confidential (i.e. tls/ssl)...Highly recommended to return "true" for plugins that return the credentials in the clear.

Specified by:

requiresConfidentiality in interface AuthenticationPlugin<NativePacketPayload>

Returns:

true if secure connection is required

isReusable

public boolean isReusable()

Specified by:

isReusable in interface AuthenticationPlugin<NativePacketPayload>

Returns:

true if plugin instance may be reused, false otherwise

setAuthenticationParameters

public void setAuthenticationParameters(java.lang.String user,
                                        java.lang.String password)

Description copied from interface: AuthenticationPlugin

This method called from Connector/J before first nextAuthenticationStep call. Values of user and password parameters are passed from those in NativeAuthenticationProvider#changeUser() or NativeAuthenticationProvider#connect(). Plugin should use these values instead of values from connection properties because parent method may be a changeUser call which saves user and password into connection only after successful handshake.

Specified by:

setAuthenticationParameters in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

user - user name

password - user password

setSourceOfAuthData

public void setSourceOfAuthData(java.lang.String sourceOfAuthData)

Description copied from interface: AuthenticationPlugin

Connector/J uses this method to identify the source of the authentication data, as an authentication plugin name, that will be available to the next authentication step(s). The source of the authentication data in the first iteration will always be the sever-side default authentication plugin name. In the following iterations this depends on the client-side default authentication plugin or on the successive Protocol::AuthSwitchRequest that may have been received in the meantime. Authentication plugin implementation can use this information to decide if the data coming from the server is useful to them or not.

Specified by:

setSourceOfAuthData in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

sourceOfAuthData - the authentication plugin that is source of the authentication data

nextAuthenticationStep

public boolean nextAuthenticationStep(NativePacketPayload fromServer,
                                      java.util.List<NativePacketPayload> toServer)

Description copied from interface: AuthenticationPlugin

Process authentication handshake data from server and optionally produce data to be sent back to the server. The driver will keep calling this method on each new server packet arrival until either an Exception is thrown (authentication failure, please use appropriate SQLStates) or the number of exchange iterations exceeded max limit or an OK packet is sent by server indicating that the connection has been approved. If, on return from this method, toServer is a non-empty list of buffers, then these buffers will be sent to the server in the same order and without any reads in between them. If toServer is an empty list, no data will be sent to server, driver immediately reads the next packet from server. In case of errors the method should throw Exception.

Specified by:

nextAuthenticationStep in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

fromServer - a buffer containing handshake data payload from server (can be empty).

toServer - list of buffers with data to be sent to the server (the list can be empty, but buffers in the list should contain data).

Returns:

return value is ignored.

initializeAuthentication

private void initializeAuthentication()