Added error string and useIbmModule boolean flag

microsoft · Jan 24, 2025 · ab0181a · ab0181a
1 parent b698940
commit ab0181a
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 27 deletions.
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/JaasConfiguration.java b/src/main/java/com/microsoft/sqlserver/jdbc/JaasConfiguration.java
@@ -19,32 +19,39 @@ public class JaasConfiguration extends Configuration {
     private final Configuration delegate;
     private AppConfigurationEntry[] defaultValue;
 
+    private static boolean useIbmModule = false;
+
     private static AppConfigurationEntry[] generateDefaultConfiguration() throws SQLServerException {
         try {
+            if (useIbmModule) {
+                return loadIbmModule();
+            }
             Class.forName("com.sun.security.auth.module.Krb5LoginModule");
             Map<String, String> confDetails = new HashMap<>();
             confDetails.put("useTicketCache", "true");
             return new AppConfigurationEntry[] {
                     new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
                             AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, confDetails)};
         } catch (ClassNotFoundException e) {
-            try {
-                Class.forName("com.ibm.security.auth.module.Krb5LoginModule");
-                Map<String, String> confDetailsWithoutPassword = new HashMap<>();
-                confDetailsWithoutPassword.put("useDefaultCcache", "true");
-                Map<String, String> confDetailsWithPassword = new HashMap<>();
-                // We generated a two configurations fallback that is suitable for password and password-less authentication
-                // See
-                // https://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jgssDocs/jaas_login_user.html
-                final String ibmLoginModule = "com.ibm.security.auth.module.Krb5LoginModule";
-                return new AppConfigurationEntry[] {
-                        new AppConfigurationEntry(ibmLoginModule, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
-                                confDetailsWithoutPassword),
-                        new AppConfigurationEntry(ibmLoginModule, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
-                                confDetailsWithPassword)};
-            } catch (ClassNotFoundException ex) {
-                throw new SQLServerException(SQLServerException.getErrString("R_moduleNotFound"), null);
-            }
+            return loadIbmModule();
+        }
+    }
+
+    private static AppConfigurationEntry[] loadIbmModule() throws SQLServerException {
+        try {
+            Class.forName("com.ibm.security.auth.module.Krb5LoginModule");
+            useIbmModule = true;
+            Map<String, String> confDetailsWithoutPassword = new HashMap<>();
+            confDetailsWithoutPassword.put("useDefaultCcache", "true");
+            Map<String, String> confDetailsWithPassword = new HashMap<>();
+            final String ibmLoginModule = "com.ibm.security.auth.module.Krb5LoginModule";
+            return new AppConfigurationEntry[] {
+                    new AppConfigurationEntry(ibmLoginModule, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
+                            confDetailsWithoutPassword),
+                    new AppConfigurationEntry(ibmLoginModule, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
+                            confDetailsWithPassword)};
+        } catch (ClassNotFoundException ex) {
+            throw new SQLServerException(SQLServerException.getErrString("R_moduleNotFound"), null);
         }
     }
 

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java b/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java
@@ -13,7 +13,7 @@
 import java.util.logging.Level;
 
 import javax.security.auth.Subject;
-//import javax.security.auth.login.Configuration;
+import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
@@ -42,15 +42,15 @@ final class KerbAuthentication extends SSPIAuthentication {
     private boolean useDefaultNativeGSSCredential = false;
     private GSSContext peerContext = null;
 
-    // static {
-    //     // Overrides the default JAAS configuration loader.
-    //     // This one will forward to the default one in all cases but the default configuration is empty.
-    //     try {
-    //         Configuration.setConfiguration(new JaasConfiguration(Configuration.getConfiguration()));
-    //     } catch (SQLServerException e) {
-    //         e.printStackTrace();
-    //     }
-    // }
+    static {
+        // Overrides the default JAAS configuration loader.
+        // This one will forward to the default one in all cases but the default configuration is empty.
+        try {
+            Configuration.setConfiguration(new JaasConfiguration(Configuration.getConfiguration()));
+        } catch (SQLServerException e) {
+            e.printStackTrace();
+        }
+    }
 
     /**
      * Initializes the Kerberos client security context

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java
@@ -550,6 +550,7 @@ protected Object[][] getContents() {
         {"R_InvalidRuleFormat", "Wrong number of parameters supplied to rule. Number of parameters: {0}, expected: 2 or 3."},
         {"R_InvalidRetryInterval", "Current retry interval: {0}, is longer than queryTimeout: {1}."},
         {"R_UnableToFindClass", "Unable to locate specified class: {0}"},
+        {"R_moduleNotFound", "Neither com.sun.security.auth.module.Krb5LoginModule nor com.ibm.security.auth.module.Krb5LoginModule was found."},
     };
 }
 // @formatter:on