Package com.mysql.cj.protocol

Interface AuthenticationPlugin<M extends Message>

Type Parameters:
M - Message type
All Known Implementing Classes:
AuthenticationLdapSaslClientPlugin, CachingSha2PasswordPlugin, MysqlClearPasswordPlugin, MysqlNativePasswordPlugin, MysqlOldPasswordPlugin, Sha256PasswordPlugin
public interface AuthenticationPlugin<M extends Message>
Implementors of this interface can be installed via the "authenticationPlugins" configuration property. The driver will create one instance of a given plugin per MysqlIO instance if it's reusable (see isReusable()) or a new instance in each MysqlIO#proceedHandshakeWithPluggableAuthentication(String, String, String, Buffer) call.

  • Method Summary

    Modifier and Type Method Description
    default void destroy()
    Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.
    java.lang.String getProtocolPluginName()
    Returns the name that the MySQL server uses on the wire for this plugin
    default void init​(Protocol<M> protocol)
    We need direct Protocol reference because it isn't available from Connection before authentication complete.
    boolean isReusable()  
    boolean nextAuthenticationStep​(M fromServer, java.util.List<M> toServer)
    Process authentication handshake data from server and optionally produce data to be sent back to the server.
    boolean requiresConfidentiality()
    Does this plugin require the connection itself to be confidential (i.e.
    default void reset()
    Resets the authentication steps sequence.
    void setAuthenticationParameters​(java.lang.String user, java.lang.String password)
    This method called from cJ before first nextAuthenticationStep call.

  • Method Details

    • init

      default void init​(Protocol<M> protocol)
      We need direct Protocol reference because it isn't available from Connection before authentication complete.
      Parameters:
      protocol - protocol instance

    • reset

      default void reset()
      Resets the authentication steps sequence.

    • destroy

      default void destroy()
      Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.

    • getProtocolPluginName

      java.lang.String getProtocolPluginName()
      Returns the name that the MySQL server uses on the wire for this plugin
      Returns:
      plugin name

    • requiresConfidentiality

      boolean requiresConfidentiality()
      Does this plugin require the connection itself to be confidential (i.e. tls/ssl)...Highly recommended to return "true" for plugins that return the credentials in the clear.
      Returns:
      true if secure connection is required

    • isReusable

      boolean isReusable()
      Returns:
      true if plugin instance may be reused, false otherwise

    • setAuthenticationParameters

      void setAuthenticationParameters​(java.lang.String user, java.lang.String password)
      This method called from cJ before first nextAuthenticationStep call. Values of user and password parameters are passed from those in MysqlIO.changeUser(String userName, String password, String database) or MysqlIO.doHandshake(String user, String password, String database). Plugin should use these values instead of values from connection properties because parent method may be a changeUser call which saves user and password into connection only after successful handshake.
      Parameters:
      user - user name
      password - user password

    • nextAuthenticationStep

      boolean nextAuthenticationStep​(M fromServer, java.util.List<M> toServer)
      Process authentication handshake data from server and optionally produce data to be sent back to the server. The driver will keep calling this method on each new server packet arrival until either an Exception is thrown (authentication failure, please use appropriate SQLStates) or the number of exchange iterations exceeded max limit or an OK packet is sent by server indicating that the connection has been approved. If, on return from this method, toServer is a non-empty list of buffers, then these buffers will be sent to the server in the same order and without any reads in between them. If toServer is an empty list, no data will be sent to server, driver immediately reads the next packet from server. In case of errors the method should throw Exception.
      Parameters:
      fromServer - a buffer containing handshake data payload from server (can be empty).
      toServer - list of buffers with data to be sent to the server (the list can be empty, but buffers in the list should contain data).
      Returns:
      return value is ignored.