JDBC

JDBC Kerberos Authentication Example

1. Introduction

In this post, we feature a comprehensive example of JDBC Kerberos Authentication. The Kerberos authentication method is very popular. It is not used for query encryption and provides secure authentication.

2. JDBC Kerberos Authentication

2.1 Prerequisites

Java 7 or 8 is required on the linux, windows or mac operating system. SqlServer database 2019 is required for testing JDBC Kerberos Authentication.  Microsoft JDBC Driver 6.0 is required for JDBC Connectivity.

2.2 Download

You can download Java 8 can be downloaded from the Oracle web site . SQLServer 2019 database is found at Microsoft SQLServer database site. Microsoft JDBC Driver 6.0 can be downloaded from this site.

2.3 Setup

You can set the environment variables for JAVA_HOME and PATH. They can be set as shown below:

Java Environment

JAVA_HOME="/desktop/jdk1.8.0_73"
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH

You can install SQL Server 2019 after clicking on the exe. Microsoft SQL JDBC driver can be downloaded and added to the classpath.

2.4 IDE

2.4.1 Eclipse Oxygen Setup

The ‘eclipse-java-oxygen-2-macosx-cocoa-x86_64.tar’ can be downloaded from the eclipse website. The tar file is opened by double click. The tar file is unzipped by using the archive utility. After unzipping, you will find the eclipse icon in the folder. You can move the eclipse icon from the folder to applications by dragging the icon.

2.4.2 Launching IDE

Eclipse has features related to language support, customization, and extension. You can click on the Eclipse icon to launch Eclipse. The Eclipse screen pops up as shown in the screenshot below:

kerberos authentication - Launching IDE
Launching IDE

You can select the workspace from the screen which pops up. The attached image shows how it can be selected.

kerberos authentication - Eclipse
Eclipse Workspace

You can see the eclipse workbench on the screen. The attached screenshot shows the Eclipse project screen.

kerberos authentication - Eclipse Workbench
Eclipse Workbench

Java Hello World class prints the greetings. The screenshot below is added to show the class and execution on the eclipse.

kerberos authentication - Java Hello
Java Hello

2.5 JDBC Authentication

You can look at the example for basic JDBC authentication using SQL Server.

You can start setting up kerberos on your windows machine.

  • You need to set allowTgtSessionKey to 1 in the registry for Windows.
  • You need to have Kerberos configuration points to the correct realm and KDC for your environment.
  • You need to initialize the TGT cache by using kinit. The other way is logging into the domain.
  • You can use standard account by using authenticationScheme=JavaKerberos on windows operating system

Kerberos configuration file (krb5.ini) will be as shown below

Kerberos Configuration

[libdefaults]  
default_realm = JAVACODEGEEKS.COM 
dns_lookup_realm = false  
dns_lookup_kdc = true  
ticket_lifetime = 24h  
forwardable = yes  

[domain_realm]  
.javacodegeeks.com = JAVACODEGEEKS.COM
 

[realms]  
        JAVACODEGEEKS.COM= {  
  kdc = krbtgt/kdc.JAVACODEGEEKS.COM@ kdc.JAVACODEGEEKS.COM 
  default_domain = kdc.JAVACODEGEEKS.COM 
}  

         

JAAS Configuration file (<code>SQLSERVER.conf</code>)can be created as shown below:

JAAS Configuration

SQLSERVER {  
   com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;  
};

You can create JDBC Kerberos Authentication for testDB using Java. The code used will be as shown below:

JDBC Kerberos Authentication

import java.sql.*;
import java.util.*;

public class KerberosJDBCClient {


public static void main(String[] args) 
{
    String connUrl = "jdbc:sqlserver://databaseName=testDB;integratedSecurity=true;authenticationScheme=JavaKerberos";



		try {
		  
		  Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
       
    Connection conn = DriverManager.getConnection(connUrl);
    Statement statement = conn.createStatement();
    ResultSet resultSet = statement.executeQuery("select auth_scheme from sys.dm_exec_connections where session_id=@@spid");   
    while (resultSet.next())
    {
        System.out.println("Authentication Scheme is " + resultSet.getString(1));
    }
  }
    catch (Exception exception) {
		  exception.printStackTrace();
		}
}
}

The command used for executing the code is as below:

Command

 java -Djava.security.auth.login.config=SQLSERVER.conf -Djava.security.krb5.conf=krb5.ini KerberosJDBCClient

The output for the code above when executed is shown below:

Output

Authentication Scheme is KERBEROS

3. Download the Source Code

Download
You can download the full source code of this example here: JDBC Kerberos Authentication Example

Bhagvan Kommadi

Bhagvan Kommadi is the Founder of Architect Corner & has around 20 years’ experience in the industry, ranging from large scale enterprise development to helping incubate software product start-ups. He has done Masters in Industrial Systems Engineering at Georgia Institute of Technology (1997) and Bachelors in Aerospace Engineering from Indian Institute of Technology, Madras (1993). He is member of IFX forum,Oracle JCP and participant in Java Community Process. He founded Quantica Computacao, the first quantum computing startup in India. Markets and Markets have positioned Quantica Computacao in ‘Emerging Companies’ section of Quantum Computing quadrants. Bhagvan has engineered and developed simulators and tools in the area of quantum technology using IBM Q, Microsoft Q# and Google QScript. He has reviewed the Manning book titled : "Machine Learning with TensorFlow”. He is also the author of Packt Publishing book - "Hands-On Data Structures and Algorithms with Go".He is member of IFX forum,Oracle JCP and participant in Java Community Process. He is member of the MIT Technology Review Global Panel.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
Back to top button