microsoft · lilgreenbird · Oct 20, 2021 · Oct 19, 2021 · Oct 19, 2021
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SSPIAuthentication.java b/src/main/java/com/microsoft/sqlserver/jdbc/SSPIAuthentication.java
@@ -33,7 +33,7 @@ abstract class SSPIAuthentication {
      */
     private static final Pattern SPN_PATTERN = Pattern.compile("MSSQLSvc/(.*):([^:@]+)(@.+)?",
             Pattern.CASE_INSENSITIVE);
-    
+
     private static final Logger logger = Logger.getLogger("com.microsoft.sqlserver.jdbc.SSPIAuthentication");
 
     /**
@@ -141,9 +141,14 @@ String enrichSpnWithRealm(SQLServerConnection con, String spn, boolean allowHost
             // Realm is already present, no need to enrich, the job has already been done
             return spn;
         }
+
+        // Try to derive realm if not specified in the connection. This might take some time if DNS lookup is slow
+        if (logger.isLoggable(Level.FINER)) {
+            logger.finer("Deriving realm");
+        }
+
         String dnsName = m.group(1);
         String portOrInstance = m.group(2);
-        // If realm is not specified in the connection, try to derive it.
         if (null == realm || realm.trim().isEmpty()) {
             RealmValidator realmValidator = getRealmValidator();
             realm = findRealmFromHostname(realmValidator, dnsName);
@@ -152,7 +157,7 @@ String enrichSpnWithRealm(SQLServerConnection con, String spn, boolean allowHost
                 try {
                     String canonicalHostName = InetAddress.getByName(dnsName).getCanonicalHostName();
                     realm = findRealmFromHostname(realmValidator, canonicalHostName);
-                    // match means hostname is correct (for instance if server name was an IP) so override dnsName as well
+                    // match means hostname is correct (eg if server name was an IP) so override dnsName as well
                     dnsName = canonicalHostName;
                 } catch (UnknownHostException e) {
                     // ignored, cannot canonicalize
@@ -162,9 +167,16 @@ String enrichSpnWithRealm(SQLServerConnection con, String spn, boolean allowHost
                 }
             }
         }
+
         if (null == realm) {
+            if (logger.isLoggable(Level.FINER)) {
+                logger.finer("Could not derive realm.");
+            }
             return spn;
         } else {
+            if (logger.isLoggable(Level.FINER)) {
+                logger.finer("Derived realm: " + realm);
+            }
             StringBuilder sb = new StringBuilder("MSSQLSvc/");
             sb.append(dnsName).append(":").append(portOrInstance).append("@").append(realm.toUpperCase(Locale.ENGLISH));
             return sb.toString();