com.mysql.cj.protocol

Interface AuthenticationPlugin<M extends Message>

Type Parameters:

M - Message type

All Known Implementing Classes:

AuthenticationLdapSaslClientPlugin, AwsIamAuthenticationPlugin, AwsIamClearAuthenticationPlugin, CachingSha2PasswordPlugin, MysqlClearPasswordPlugin, MysqlNativePasswordPlugin, MysqlOldPasswordPlugin, Sha256PasswordPlugin

public interface AuthenticationPlugin<M extends Message>

Implementors of this interface can be installed via the "authenticationPlugins" configuration property. The driver will create one instance of a given plugin per MysqlIO instance if it's reusable (see isReusable()) or a new instance in each MysqlIO#proceedHandshakeWithPluggableAuthentication(String, String, String, Buffer) call.

Method Summary

Modifier and Type	Method and Description
default void	destroy() Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.
java.lang.String	getProtocolPluginName() Returns the name that the MySQL server uses on the wire for this plugin
default void	init(Protocol<M> protocol) We need direct Protocol reference because it isn't available from Connection before authentication complete.
boolean	isReusable()
boolean	nextAuthenticationStep(M fromServer, java.util.List<M> toServer) Process authentication handshake data from server and optionally produce data to be sent back to the server.
boolean	requiresConfidentiality() Does this plugin require the connection itself to be confidential (i.e.
default void	reset() Resets the authentication steps sequence.
void	setAuthenticationParameters(java.lang.String user, java.lang.String password) This method called from cJ before first nextAuthenticationStep call.

Method Detail

init

default void init(Protocol<M> protocol)

We need direct Protocol reference because it isn't available from Connection before authentication complete.

Parameters:

protocol - protocol instance

reset

default void reset()

Resets the authentication steps sequence.

destroy

default void destroy()

Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.

getProtocolPluginName

java.lang.String getProtocolPluginName()

Returns the name that the MySQL server uses on the wire for this plugin

Returns:

plugin name

requiresConfidentiality

boolean requiresConfidentiality()

Does this plugin require the connection itself to be confidential (i.e. tls/ssl)...Highly recommended to return "true" for plugins that return the credentials in the clear.

Returns:

true if secure connection is required

isReusable

boolean isReusable()

Returns:

true if plugin instance may be reused, false otherwise

setAuthenticationParameters

void setAuthenticationParameters(java.lang.String user,
                                 java.lang.String password)

This method called from cJ before first nextAuthenticationStep call. Values of user and password parameters are passed from those in MysqlIO.changeUser(String userName, String password, String database) or MysqlIO.doHandshake(String user, String password, String database). Plugin should use these values instead of values from connection properties because parent method may be a changeUser call which saves user and password into connection only after successful handshake.

Parameters:

user - user name

password - user password

nextAuthenticationStep

boolean nextAuthenticationStep(M fromServer,
                               java.util.List<M> toServer)

Process authentication handshake data from server and optionally produce data to be sent back to the server. The driver will keep calling this method on each new server packet arrival until either an Exception is thrown (authentication failure, please use appropriate SQLStates) or the number of exchange iterations exceeded max limit or an OK packet is sent by server indicating that the connection has been approved. If, on return from this method, toServer is a non-empty list of buffers, then these buffers will be sent to the server in the same order and without any reads in between them. If toServer is an empty list, no data will be sent to server, driver immediately reads the next packet from server. In case of errors the method should throw Exception.

Parameters:

fromServer - a buffer containing handshake data payload from server (can be empty).

toServer - list of buffers with data to be sent to the server (the list can be empty, but buffers in the list should contain data).

Returns:

return value is ignored.