Updated jaas config

microsoft · Jan 28, 2025 · ad2a067 · ad2a067
1 parent 5691df0
commit ad2a067
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 9 deletions.
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java b/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java
@@ -13,7 +13,6 @@
 import java.util.logging.Level;
 
 import javax.security.auth.Subject;
-import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
@@ -108,7 +107,7 @@ private void initAuthInit() throws SQLServerException {
 
                     if (null == currentSubject) {
                         if (useDefaultJaas) {
-                            lc = new LoginContext(configName, null, callback, new JaasConfiguration(null));
+                            lc = new LoginContext(configName, null, callback);
                         } else {
                             lc = new LoginContext(configName, callback);
                         }

diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/KerberosTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/KerberosTest.java
@@ -16,7 +16,6 @@
 import java.util.HashMap;
 import java.util.Map;
 
-
 @Tag(Constants.kerberos)
 @RunWith(JUnitPlatform.class)
 public class KerberosTest extends AbstractTest {
@@ -34,11 +33,16 @@ public static void setupTests() throws Exception {
      * Configures JAAS for the test environment.
      */
     private static void configureJaas() {
-        AppConfigurationEntry kafkaClientConfigurationEntry = new AppConfigurationEntry(
+        Map<String, String> options = new HashMap<>();
+        options.put("useTicketCache", "true");
+        options.put("renewTGT", "true");
+        options.put("doNotPrompt", "false"); // Allow prompting for credentials if necessary
+
+        AppConfigurationEntry kerberosConfigurationEntry = new AppConfigurationEntry(
                 "com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
-                new HashMap<>());
+                options);
         Map<String, AppConfigurationEntry[]> configurationEntries = new HashMap<>();
-        configurationEntries.put("SQLJDBCDriver", new AppConfigurationEntry[] {kafkaClientConfigurationEntry});
+        configurationEntries.put("SQLJDBCDriver", new AppConfigurationEntry[] {kerberosConfigurationEntry});
         Configuration.setConfiguration(new InternalConfiguration(configurationEntries));
     }
 
@@ -105,15 +109,42 @@ private static void createKerberosConnection(String connectionString) throws Exc
         }
     }
 
+    /**
+     * Test to verify the Kerberos module used 
+     */
+    @Test
+    public void testKerberosConnectionWithDefaultJaasConfig() {
+        try {
+            // Set a mock JAAS configuration using the existing method
+            overwriteJaasConfig();
+
+            String connectionString = connectionStringKerberos + ";useDefaultJaasConfig=true;";
+            createKerberosConnection(connectionString);
+
+            Configuration config = Configuration.getConfiguration();
+            AppConfigurationEntry[] entries = config.getAppConfigurationEntry("CLIENT_CONTEXT_NAME");
+            Assertions.assertNotNull(entries);
+            Assertions.assertTrue(entries.length > 0);
+            Assertions.assertEquals("com.sun.security.auth.module.Krb5LoginModule", entries[0].getLoginModuleName());
+        } catch (Exception e) {
+            Assertions.fail("Exception was thrown: " + e.getMessage());
+        }
+    }
+
     /**
      * Overwrites the default JAAS config. Call before making a connection.
      */
     private static void overwriteJaasConfig() {
-        AppConfigurationEntry kafkaClientConfigurationEntry = new AppConfigurationEntry(
+        Map<String, String> options = new HashMap<>();
+        options.put("useTicketCache", "true");
+        options.put("renewTGT", "true");
+        options.put("doNotPrompt", "false"); // Allow prompting for credentials if necessary
+
+        AppConfigurationEntry kerberosConfigurationEntry = new AppConfigurationEntry(
                 "com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
-                new HashMap<>());
+                options);
         Map<String, AppConfigurationEntry[]> configurationEntries = new HashMap<>();
-        configurationEntries.put("CLIENT_CONTEXT_NAME", new AppConfigurationEntry[] {kafkaClientConfigurationEntry});
+        configurationEntries.put("CLIENT_CONTEXT_NAME", new AppConfigurationEntry[] {kerberosConfigurationEntry});
         Configuration.setConfiguration(new InternalConfiguration(configurationEntries));
     }