1. Introduction
In this post, we feature a comprehensive example of JDBC Kerberos Authentication. The Kerberos authentication method is very popular. It is not used for query encryption and provides secure authentication.
2. JDBC Kerberos Authentication
2.1 Prerequisites
Java 7 or 8 is required on the linux, windows or mac operating system. SqlServer database 2019 is required for testing JDBC Kerberos Authentication. Microsoft JDBC Driver 6.0 is required for JDBC Connectivity.
2.2 Download
You can download Java 8 can be downloaded from the Oracle web site . SQLServer 2019 database is found at Microsoft SQLServer database site. Microsoft JDBC Driver 6.0 can be downloaded from this site.
2.3 Setup
You can set the environment variables for JAVA_HOME and PATH. They can be set as shown below:
Java Environment
JAVA_HOME="/desktop/jdk1.8.0_73" export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH
You can install SQL Server 2019 after clicking on the exe. Microsoft SQL JDBC driver can be downloaded and added to the classpath.
2.4 IDE
2.4.1 Eclipse Oxygen Setup
The ‘eclipse-java-oxygen-2-macosx-cocoa-x86_64.tar’ can be downloaded from the eclipse website. The tar file is opened by double click. The tar file is unzipped by using the archive utility. After unzipping, you will find the eclipse icon in the folder. You can move the eclipse icon from the folder to applications by dragging the icon.
2.4.2 Launching IDE
Eclipse has features related to language support, customization, and extension. You can click on the Eclipse icon to launch Eclipse. The Eclipse screen pops up as shown in the screenshot below:
You can select the workspace from the screen which pops up. The attached image shows how it can be selected.
You can see the eclipse workbench on the screen. The attached screenshot shows the Eclipse project screen.
Java Hello World class prints the greetings. The screenshot below is added to show the class and execution on the eclipse.
2.5 JDBC Authentication
You can look at the example for basic JDBC authentication using SQL Server.
You can start setting up kerberos on your windows machine.
- You need to set allowTgtSessionKey to 1 in the registry for Windows.
- You need to have Kerberos configuration points to the correct realm and KDC for your environment.
- You need to initialize the TGT cache by using kinit. The other way is logging into the domain.
- You can use standard account by using authenticationScheme=JavaKerberos on windows operating system
Kerberos configuration file (krb5.ini) will be as shown below
Kerberos Configuration
[libdefaults]
default_realm = JAVACODEGEEKS.COM
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[domain_realm]
.javacodegeeks.com = JAVACODEGEEKS.COM
[realms]
JAVACODEGEEKS.COM= {
kdc = krbtgt/kdc.JAVACODEGEEKS.COM@ kdc.JAVACODEGEEKS.COM
default_domain = kdc.JAVACODEGEEKS.COM
}
JAAS Configuration file (<code>SQLSERVER.conf</code>)can be created as shown below:
JAAS Configuration
SQLSERVER {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
You can create JDBC Kerberos Authentication for testDB using Java. The code used will be as shown below:
JDBC Kerberos Authentication
import java.sql.*;
import java.util.*;
public class KerberosJDBCClient {
public static void main(String[] args)
{
String connUrl = "jdbc:sqlserver://databaseName=testDB;integratedSecurity=true;authenticationScheme=JavaKerberos";
try {
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
Connection conn = DriverManager.getConnection(connUrl);
Statement statement = conn.createStatement();
ResultSet resultSet = statement.executeQuery("select auth_scheme from sys.dm_exec_connections where session_id=@@spid");
while (resultSet.next())
{
System.out.println("Authentication Scheme is " + resultSet.getString(1));
}
}
catch (Exception exception) {
exception.printStackTrace();
}
}
}
The command used for executing the code is as below:
Command
java -Djava.security.auth.login.config=SQLSERVER.conf -Djava.security.krb5.conf=krb5.ini KerberosJDBCClient
The output for the code above when executed is shown below:
Output
Authentication Scheme is KERBEROS
3. Download the Source Code
You can download the full source code of this example here: JDBC Kerberos Authentication Example
