From be9bd4a53beef80c0c509f4eb4ba0c2532d48552 Mon Sep 17 00:00:00 2001
From: Muskan Gupta <muskgupta@microsoft.com>
Date: Fri, 10 Jan 2025 17:25:50 +0530
Subject: [PATCH] IBM Semeru Runtime Certified Edition for z/OS, Kerberos and
 mssql-jdbc don't work together #2576

---
 .../sqlserver/jdbc/JaasConfiguration.java     | 40 +++++++++++--------
 .../sqlserver/jdbc/KerbAuthentication.java    |  6 ++-
 2 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/JaasConfiguration.java b/src/main/java/com/microsoft/sqlserver/jdbc/JaasConfiguration.java
index 2f8dda592..1fd8c1f92 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/JaasConfiguration.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/JaasConfiguration.java
@@ -19,26 +19,32 @@ public class JaasConfiguration extends Configuration {
     private final Configuration delegate;
     private AppConfigurationEntry[] defaultValue;
 
-    private static AppConfigurationEntry[] generateDefaultConfiguration() {
-        if (Util.isIBM()) {
-            Map<String, String> confDetailsWithoutPassword = new HashMap<>();
-            confDetailsWithoutPassword.put("useDefaultCcache", "true");
-            Map<String, String> confDetailsWithPassword = new HashMap<>();
-            // We generated a two configurations fallback that is suitable for password and password-less authentication
-            // See
-            // https://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jgssDocs/jaas_login_user.html
-            final String ibmLoginModule = "com.ibm.security.auth.module.Krb5LoginModule";
-            return new AppConfigurationEntry[] {
-                    new AppConfigurationEntry(ibmLoginModule, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
-                            confDetailsWithoutPassword),
-                    new AppConfigurationEntry(ibmLoginModule, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
-                            confDetailsWithPassword)};
-        } else {
+    private static AppConfigurationEntry[] generateDefaultConfiguration() throws SQLServerException {
+        try {
+            Class.forName("com.sun.security.auth.module.Krb5LoginModule");
             Map<String, String> confDetails = new HashMap<>();
             confDetails.put("useTicketCache", "true");
             return new AppConfigurationEntry[] {
                     new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
                             AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, confDetails)};
+        } catch (ClassNotFoundException e) {
+            try {
+                Class.forName("com.ibm.security.auth.module.Krb5LoginModule");
+                Map<String, String> confDetailsWithoutPassword = new HashMap<>();
+                confDetailsWithoutPassword.put("useDefaultCcache", "true");
+                Map<String, String> confDetailsWithPassword = new HashMap<>();
+                // We generated a two configurations fallback that is suitable for password and password-less authentication
+                // See
+                // https://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jgssDocs/jaas_login_user.html
+                final String ibmLoginModule = "com.ibm.security.auth.module.Krb5LoginModule";
+                return new AppConfigurationEntry[] {
+                        new AppConfigurationEntry(ibmLoginModule, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
+                                confDetailsWithoutPassword),
+                        new AppConfigurationEntry(ibmLoginModule, AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
+                                confDetailsWithPassword)};
+            } catch (ClassNotFoundException ex) {
+                throw new SQLServerException(SQLServerException.getErrString("R_moduleNotFound"), null);
+            }
         }
     }
 
@@ -47,8 +53,10 @@ private static AppConfigurationEntry[] generateDefaultConfiguration() {
      * 
      * @param delegate
      *        a possibly null delegate
+     * @throws SQLServerException
+     *         if neither Kerberos module is found: com.sun.security.auth.module.Krb5LoginModule or com.ibm.security.auth.module.Krb5LoginModule
      */
-    JaasConfiguration(Configuration delegate) {
+    JaasConfiguration(Configuration delegate) throws SQLServerException {
         this.delegate = delegate;
         this.defaultValue = generateDefaultConfiguration();
     }
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java b/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java
index d02238196..95462737e 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java
@@ -45,7 +45,11 @@ final class KerbAuthentication extends SSPIAuthentication {
     static {
         // Overrides the default JAAS configuration loader.
         // This one will forward to the default one in all cases but the default configuration is empty.
-        Configuration.setConfiguration(new JaasConfiguration(Configuration.getConfiguration()));
+        try {
+            Configuration.setConfiguration(new JaasConfiguration(Configuration.getConfiguration()));
+        } catch (SQLServerException e) {
+            e.printStackTrace();
+        }
     }
 
     /**