Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate and Rename Service principal connection properties #1693

Merged
merged 4 commits into from
Dec 1, 2021
Merged

Deprecate and Rename Service principal connection properties #1693

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3f6cd22
deprecate props
lilgreenbird Nov 19, 2021
04e7ad7
fixed typo
lilgreenbird Nov 19, 2021
4b14712
add check
lilgreenbird Nov 19, 2021
23af36e
fixed javadoc link
lilgreenbird Nov 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerDataSource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1053,33 +1053,33 @@ public interface ISQLServerDataSource extends javax.sql.CommonDataSource {

/**
* Returns the value for the connection property 'AADSecurePrincipalId'.
*
* @deprecated Use {@link ISQLServerDataSource#getUser()} instead
*
* @return 'AADSecurePrincipalId' property value.
*/
@Deprecated
String getAADSecurePrincipalId();

/**
* Sets the 'AADSecurePrincipalId' connection property used for Active Directory Service Principal authentication.
*
*
* @deprecated Use {@link ISQLServerDataSource#setUser(String password)} instead
* @param AADSecurePrincipalId
* Active Directory Service Principal Id.
*/
@Deprecated
void setAADSecurePrincipalId(String AADSecurePrincipalId);

/**
* Returns the value for the connection property 'AADSecurePrincipalSecret'.
*
* @return 'AADSecurePrincipalSecret' property value.
*/
String getAADSecurePrincipalSecret();

/**
* Sets the 'AADSecurePrincipalSecret' connection property used for Active Directory Service Principal
* authentication.
*
*
* @deprecated Use {@link ISQLServerDataSource#setPassword(String password)} instead
* @param AADSecurePrincipalSecret
* Active Directory Service Principal secret.
*/
@Deprecated
void setAADSecurePrincipalSecret(String AADSecurePrincipalSecret);

/**
Expand Down
100 changes: 42 additions & 58 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,9 +172,11 @@ public class SQLServerConnection implements ISQLServerConnection, java.io.Serial
private String clientKeyPassword = "";

/** AAD principal id */
@Deprecated
private String aadPrincipalID = "";

/** AAD principal secret */
@Deprecated
private String aadPrincipalSecret = "";

/** sendTemporalDataTypesAsStringForBulkCopy flag */
Expand Down Expand Up @@ -828,7 +830,7 @@ ColumnEncryptionVersion getServerColumnEncryptionVersion() {
return serverColumnEncryptionVersion;
}

/** whether server supports data classiciation */
/** whether server supports data classification */
private boolean serverSupportsDataClassification = false;

/** server supported data classification version */
Expand Down Expand Up @@ -2202,11 +2204,6 @@ Connection connectInternal(Properties propsIn,
if (activeConnectionProperties.getProperty(SQLServerDriverStringProperty.USER.toString()).isEmpty()
|| activeConnectionProperties.getProperty(SQLServerDriverStringProperty.PASSWORD.toString())
.isEmpty()) {

if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(
toString() + " " + SQLServerException.getErrString("R_NtlmNoUserPasswordDomain"));
}
throw new SQLServerException(SQLServerException.getErrString("R_NtlmNoUserPasswordDomain"),
null);
}
Expand All @@ -2222,10 +2219,6 @@ Connection connectInternal(Properties propsIn,

if (integratedSecurity
&& !authenticationString.equalsIgnoreCase(SqlAuthentication.NotSpecified.toString())) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(toString() + " "
+ SQLServerException.getErrString("R_SetAuthenticationWhenIntegratedSecurityTrue"));
}
throw new SQLServerException(
SQLServerException.getErrString("R_SetAuthenticationWhenIntegratedSecurityTrue"), null);
}
Expand All @@ -2235,10 +2228,6 @@ Connection connectInternal(Properties propsIn,
.isEmpty())
|| (!activeConnectionProperties
.getProperty(SQLServerDriverStringProperty.PASSWORD.toString()).isEmpty()))) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(toString() + " "
+ SQLServerException.getErrString("R_IntegratedAuthenticationWithUserPassword"));
}
throw new SQLServerException(
SQLServerException.getErrString("R_IntegratedAuthenticationWithUserPassword"), null);
}
Expand All @@ -2248,10 +2237,6 @@ Connection connectInternal(Properties propsIn,
.isEmpty())
|| (activeConnectionProperties
.getProperty(SQLServerDriverStringProperty.PASSWORD.toString()).isEmpty()))) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(toString() + " "
+ SQLServerException.getErrString("R_NoUserPasswordForActivePassword"));
}
throw new SQLServerException(SQLServerException.getErrString("R_NoUserPasswordForActivePassword"),
null);
}
Expand All @@ -2261,40 +2246,45 @@ Connection connectInternal(Properties propsIn,
.isEmpty())
|| (!activeConnectionProperties
.getProperty(SQLServerDriverStringProperty.PASSWORD.toString()).isEmpty()))) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(toString() + " "
+ SQLServerException.getErrString("R_MSIAuthenticationWithUserPassword"));
}
throw new SQLServerException(SQLServerException.getErrString("R_MSIAuthenticationWithUserPassword"),
null);
}

if (authenticationString.equalsIgnoreCase(SqlAuthentication.ActiveDirectoryServicePrincipal.toString())
&& ((activeConnectionProperties
.getProperty(SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString())
.isEmpty())
|| (activeConnectionProperties
.getProperty(
SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString())
.isEmpty()))) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(toString() + " "
+ SQLServerException.getErrString("R_NoUserPasswordForActiveServicePrincipal"));
if (authenticationString
.equalsIgnoreCase(SqlAuthentication.ActiveDirectoryServicePrincipal.toString())) {
if ((activeConnectionProperties.getProperty(SQLServerDriverStringProperty.USER.toString()).isEmpty()
|| activeConnectionProperties.getProperty(SQLServerDriverStringProperty.PASSWORD.toString())
.isEmpty())
&& (activeConnectionProperties
.getProperty(SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString())
.isEmpty()
|| activeConnectionProperties.getProperty(
SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString())
.isEmpty())) {
throw new SQLServerException(
SQLServerException.getErrString("R_NoUserPasswordForActiveServicePrincipal"), null);
}

if ((!activeConnectionProperties.getProperty(SQLServerDriverStringProperty.USER.toString())
.isEmpty()
|| !activeConnectionProperties
.getProperty(SQLServerDriverStringProperty.PASSWORD.toString()).isEmpty())
&& (!activeConnectionProperties
.getProperty(SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString())
.isEmpty()
|| !activeConnectionProperties.getProperty(
SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString())
.isEmpty())) {
throw new SQLServerException(SQLServerException.getErrString("R_BothUserPasswordandDeprecated"),
null);
}
throw new SQLServerException(
SQLServerException.getErrString("R_NoUserPasswordForActiveServicePrincipal"), null);
}

if (authenticationString.equalsIgnoreCase(SqlAuthentication.SqlPassword.toString())
&& ((activeConnectionProperties.getProperty(SQLServerDriverStringProperty.USER.toString())
.isEmpty())
|| (activeConnectionProperties
.getProperty(SQLServerDriverStringProperty.PASSWORD.toString()).isEmpty()))) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(
toString() + " " + SQLServerException.getErrString("R_NoUserPasswordForSqlPassword"));
}

throw new SQLServerException(SQLServerException.getErrString("R_NoUserPasswordForSqlPassword"),
null);
}
Expand All @@ -2306,28 +2296,16 @@ Connection connectInternal(Properties propsIn,
}

if ((null != accessTokenInByte) && 0 == accessTokenInByte.length) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(
toString() + " " + SQLServerException.getErrString("R_AccessTokenCannotBeEmpty"));
}
throw new SQLServerException(SQLServerException.getErrString("R_AccessTokenCannotBeEmpty"), null);
}

if (integratedSecurity && (null != accessTokenInByte)) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(toString() + " "
+ SQLServerException.getErrString("R_SetAccesstokenWhenIntegratedSecurityTrue"));
}
throw new SQLServerException(
SQLServerException.getErrString("R_SetAccesstokenWhenIntegratedSecurityTrue"), null);
}

if ((!authenticationString.equalsIgnoreCase(SqlAuthentication.NotSpecified.toString()))
&& (null != accessTokenInByte)) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(toString() + " "
+ SQLServerException.getErrString("R_SetBothAuthenticationAndAccessToken"));
}
throw new SQLServerException(
SQLServerException.getErrString("R_SetBothAuthenticationAndAccessToken"), null);
}
Expand All @@ -2336,10 +2314,6 @@ Connection connectInternal(Properties propsIn,
.getProperty(SQLServerDriverStringProperty.USER.toString()).isEmpty())
|| (!activeConnectionProperties.getProperty(SQLServerDriverStringProperty.PASSWORD.toString())
.isEmpty()))) {
if (connectionlogger.isLoggable(Level.SEVERE)) {
connectionlogger.severe(
toString() + " " + SQLServerException.getErrString("R_AccessTokenWithUserPassword"));
}
throw new SQLServerException(SQLServerException.getErrString("R_AccessTokenWithUserPassword"),
null);
}
Expand Down Expand Up @@ -5348,8 +5322,18 @@ private SqlFedAuthToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throws SQLSe
break;
} else if (authenticationString
.equalsIgnoreCase(SqlAuthentication.ActiveDirectoryServicePrincipal.toString())) {
fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthTokenPrincipal(fedAuthInfo, aadPrincipalID,
aadPrincipalSecret, authenticationString);

// aadPrincipalID and aadPrincipalSecret is deprecated replaced by username and password
if (aadPrincipalID != null && !aadPrincipalID.isEmpty() && aadPrincipalSecret != null
&& !aadPrincipalSecret.isEmpty()) {
fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthTokenPrincipal(fedAuthInfo, aadPrincipalID,
aadPrincipalSecret, authenticationString);
} else {
fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthTokenPrincipal(fedAuthInfo,
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.USER.toString()),
activeConnectionProperties.getProperty(SQLServerDriverStringProperty.PASSWORD.toString()),
authenticationString);
}

// Break out of the retry loop in successful case.
break;
Expand Down
9 changes: 3 additions & 6 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1061,24 +1061,21 @@ public void setClientKeyPassword(String password) {
}

@Override
@Deprecated
public String getAADSecurePrincipalId() {
return getStringProperty(connectionProps, SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString(),
SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.getDefaultValue());
}

@Override
@Deprecated
public void setAADSecurePrincipalId(String AADSecurePrincipalId) {
setStringProperty(connectionProps, SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString(),
AADSecurePrincipalId);
}

@Override
public String getAADSecurePrincipalSecret() {
return getStringProperty(connectionProps, SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString(),
SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.getDefaultValue());
}

@Override
@Deprecated
public void setAADSecurePrincipalSecret(String AADSecurePrincipalSecret) {
setStringProperty(connectionProps, SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString(),
AADSecurePrincipalSecret);
Expand Down
2 changes: 2 additions & 0 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -376,7 +376,9 @@ enum SQLServerDriverStringProperty {
CLIENT_CERTIFICATE("clientCertificate", ""),
CLIENT_KEY("clientKey", ""),
CLIENT_KEY_PASSWORD("clientKeyPassword", ""),
@Deprecated
AAD_SECURE_PRINCIPAL_ID("AADSecurePrincipalId", ""),
@Deprecated
AAD_SECURE_PRINCIPAL_SECRET("AADSecurePrincipalSecret", ""),
MAX_RESULT_BUFFER("maxResultBuffer", "-1");

Expand Down
6 changes: 3 additions & 3 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -334,8 +334,9 @@ protected Object[][] getContents() {
{"R_AccessTokenCannotBeEmpty", "AccesToken cannot be empty."},
{"R_SetBothAuthenticationAndAccessToken", "Cannot set the AccessToken property if \"Authentication\" has been specified in the connection string."},
{"R_NoUserPasswordForActivePassword", "Both \"User\" (or \"UserName\") and \"Password\" connection string keywords must be specified, if \"Authentication=ActiveDirectoryPassword\"."},
{"R_NoUserPasswordForActiveServicePrincipal", "Both \"AADSecurePrincipalId\" and \"AADSecurePrincipalSecret\" connection string keywords must be specified, if \"Authentication=ActiveDirectoryServicePrincipal\"."},
{"R_NoUserPasswordForActiveServicePrincipal", "Both \"UserName\" and \"Password\" connection string keywords must be specified, if \"Authentication=ActiveDirectoryServicePrincipal\"."},
{"R_NoUserPasswordForSqlPassword", "Both \"User\" (or \"UserName\") and \"Password\" connection string keywords must be specified, if \"Authentication=SqlPassword\"."},
{"R_BothUserPasswordandDeprecated", "Both \"User\" (or \"UserName\"), \"Password\" and \"AADSecurePrincipalId\", \"AADSecurePrincipalSecret\" connection string keywords are specified, please use \"User\" (or \"UserName\"), \"Password\" only."},
{"R_ForceEncryptionTrue_HonorAEFalse", "Cannot set Force Encryption to true for parameter {0} because enryption is not enabled for the statement or procedure {1}."},
{"R_ForceEncryptionTrue_HonorAETrue_UnencryptedColumn", "Cannot execute statement or procedure {0} because Force Encryption was set as true for parameter {1} and the database expects this parameter to be sent as plaintext. This may be due to a configuration error."},
{"R_ForceEncryptionTrue_HonorAEFalseRS", "Cannot set Force Encryption to true for parameter {0} because encryption is not enabled for the statement or procedure."},
Expand Down Expand Up @@ -408,8 +409,7 @@ protected Object[][] getContents() {
{"R_certificateStoreInvalidKeyword", "Cannot set \"keyStoreSecret\", if \"keyStoreAuthentication=CertificateStore\" has been specified in the connection string."},
{"R_certificateStoreLocationNotSet", "\"keyStoreLocation\" must be specified, if \"keyStoreAuthentication=CertificateStore\" has been specified in the connection string."},
{"R_certificateStorePlatformInvalid", "Cannot set \"keyStoreAuthentication=CertificateStore\" on a Windows operating system."},
{"R_invalidKeyStoreFile", "Cannot parse \"{0}\". Either the file format is not valid or the password is not correct."}, // for
// JKS/PKCS
{"R_invalidKeyStoreFile", "Cannot parse \"{0}\". Either the file format is not valid or the password is not correct."}, // for JKS/PKCS
{"R_invalidCEKCacheTtl", "Invalid column encryption key cache time-to-live specified. The columnEncryptionKeyCacheTtl value cannot be negative and timeUnit can only be DAYS, HOURS, MINUTES or SECONDS."},
{"R_sendTimeAsDateTimeForAE", "Use sendTimeAsDateTime=false with Always Encrypted."},
{"R_TVPnotWorkWithSetObjectResultSet", "setObject() with ResultSet is not supported for Table-Valued Parameter. Please use setStructured()."},
Expand Down
Loading