Added tests for useDefaultJaasConfig

pom.xml

@@ -37,17 +37,18 @@
 			xSQLv11 - - - - - - For tests not compatible with SQL Server 2012 - - - - 
 			xSQLv12 - - - - - - For tests not compatible with SQL Server 2008 R2 - 2014 
 			xSQLv14 - - - - - - For tests not compatible with SQL Server 2016 - 2017 
-			xSQLv15 - - - - - - For tests not compatible with SQL Server 2019 - - - - 
+			xSQLv15 - - - - - - For tests not compatible with SQL Server 2019 - - - -
 			xAzureSQLDB - - - - For tests not compatible with Azure SQL Database - - 
 			xAzureSQLDW - - - - For tests not compatible with Azure Data Warehouse - 
 			xAzureSQLMI - - - - For tests not compatible with Azure SQL Managed Instance 
-			NTLM - - - - - - For tests using NTLM Authentication mode (excluded by default) 
-			reqExternalSetup - For tests requiring external setup (excluded by default) 
+			NTLM  - - - - - - - For tests using NTLM Authentication mode (excluded by default)
+			Kerberos -  - - - - For tests using Kerberos authentication (excluded by default)
+			reqExternalSetup - For tests requiring external setup (excluded by default)
 			clientCertAuth - - For tests requiring client certificate authentication 
 			setup (excluded by default) - - - - - - - - - - - - - - - - - - - - - - - 
 			- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 			Default testing enabled with SQL Server 2019 (SQLv15) -->
-		<excludedGroups>xSQLv12,xSQLv15,NTLM,MSI,reqExternalSetup,clientCertAuth,fedAuth</excludedGroups>
+		<excludedGroups>xSQLv12,xSQLv15,NTLM,MSI,reqExternalSetup,clientCertAuth,fedAuth,Kerberos</excludedGroups>
 		<!-- Use -preview for preview release, leave empty for official release. -->
 		<releaseExt>-preview</releaseExt>
 		<!-- Driver Dependencies -->

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/BulkCopySendTemporalDataTypesAsStringAETest.java

@@ -57,6 +57,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDB)
 @Tag(Constants.xAzureSQLDW)
+@Tag(Constants.reqExternalSetup)
 public class BulkCopySendTemporalDataTypesAsStringAETest extends AESetup {
     static String inputFile = "BulkCopyCSVSendTemporalDataTypesAsStringForBulkCopy.csv";
     static String encoding = "UTF-8";

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/CallableStatementTest.java

@@ -53,6 +53,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class CallableStatementTest extends AESetup {
 
     private static String multiStatementsProcedure = AbstractSQLGenerator

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/JDBCEncryptionDecryptionTest.java

@@ -64,6 +64,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class JDBCEncryptionDecryptionTest extends AESetup {
     private boolean nullable = false;
 

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/MultiUserAKVTest.java

@@ -58,6 +58,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class MultiUserAKVTest extends AESetup {
 
     private static Map<String, SQLServerColumnEncryptionKeyStoreProvider> requiredKeyStoreProvider = new HashMap<>();

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/ParameterMetaDataCacheTest.java

@@ -32,6 +32,7 @@
 @Tag(Constants.xSQLv11)
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xSQLv14)
+@Tag(Constants.reqExternalSetup)
 public class ParameterMetaDataCacheTest extends AESetup {
 
     @BeforeAll

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/PrecisionScaleTest.java

@@ -42,6 +42,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class PrecisionScaleTest extends AESetup {
     private static java.util.Date date = null;
     private static int offsetFromGMT = 0;

src/test/java/com/microsoft/sqlserver/jdbc/AlwaysEncrypted/RegressionAlwaysEncryptedTest.java

@@ -29,6 +29,7 @@
 @Tag(Constants.xSQLv12)
 @Tag(Constants.xAzureSQLDW)
 @Tag(Constants.xAzureSQLDB)
+@Tag(Constants.reqExternalSetup)
 public class RegressionAlwaysEncryptedTest extends AESetup {
     static String numericTable[][] = {{"Bit", "bit"}, {"Tinyint", "tinyint"}, {"Smallint", "smallint"},};
 

src/test/java/com/microsoft/sqlserver/jdbc/KerberosTest.java

@@ -0,0 +1,105 @@
+package com.microsoft.sqlserver.jdbc;
+
+import com.microsoft.sqlserver.testframework.AbstractTest;
+import com.microsoft.sqlserver.testframework.Constants;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.junit.platform.runner.JUnitPlatform;
+import org.junit.runner.RunWith;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.util.HashMap;
+import java.util.Map;
+
+@RunWith(JUnitPlatform.class)
+public class KerberosTest extends AbstractTest {
+
+    private static String kerberosAuth = "KERBEROS";
+
+    @BeforeAll
+    public static void setupTests() throws Exception {
+        setConnection();
+    }
+
+    @Tag(Constants.Kerberos)
+    @Test
+    public void testUseDefaultJaasConfigConnectionStringPropertyTrue() throws Exception {
+        String connectionStringUseDefaultJaasConfig = connectionStringKerberos + ";useDefaultJaasConfig=true;";
+
+        // Initial connection should succeed with default JAAS config
+        try (SQLServerConnection conn = (SQLServerConnection) DriverManager.getConnection(connectionStringUseDefaultJaasConfig)) {
+            ResultSet rs = conn.createStatement().executeQuery("select auth_scheme from sys.dm_exec_connections where session_id=@@spid");
+            rs.next();
+            Assertions.assertEquals(kerberosAuth, rs.getString(1));
+        }
+
+        // Attempt to overwrite JAAS config. Since useDefaultJaasConfig=true, this should have no effect
+        // and subsequent connections should succeed.
+        overwriteJaasConfig();
+
+        // New connection should successfully connect and continue to use the default JAAS config.
+        try (SQLServerConnection conn = (SQLServerConnection) DriverManager.getConnection(connectionStringUseDefaultJaasConfig)) {
+            ResultSet rs = conn.createStatement().executeQuery("select auth_scheme from sys.dm_exec_connections where session_id=@@spid");
+            rs.next();
+            Assertions.assertEquals(kerberosAuth, rs.getString(1));
+        }
+    }
+
+    @Tag(Constants.Kerberos)
+    @Test
+    public void testUseDefaultJaasConfigConnectionStringPropertyFalse() throws Exception {
+
+        // useDefaultJaasConfig=false by default
+        // Initial connection should succeed with default JAAS config
+        try (SQLServerConnection conn = (SQLServerConnection) DriverManager.getConnection(connectionStringKerberos)) {
+            ResultSet rs = conn.createStatement().executeQuery("select auth_scheme from sys.dm_exec_connections where session_id=@@spid");
+            rs.next();
+            Assertions.assertEquals(kerberosAuth, rs.getString(1));
+        }
+
+        // Overwrite JAAS config. Since useDefaultJaasConfig=false, overwriting should succeed and have an effect.
+        // Subsequent connections will fail.
+        overwriteJaasConfig();
+
+        // New connection should fail as it is attempting to connect using an overwritten JAAS config.
+        try (SQLServerConnection conn = (SQLServerConnection) DriverManager.getConnection(connectionStringKerberos)) {
+            Assertions.fail(TestResource.getResource("R_expectedExceptionNotThrown"));
+        } catch (SQLServerException e) {
+            Assertions.assertTrue(e.getMessage()
+                    .contains(TestResource.getResource("R_noLoginModulesConfiguredForJdbcDriver")));
+        }
+    }
+
+    /**
+     * Overwrites the default JAAS config. Call before making a connection.
+     */
+    private static void overwriteJaasConfig() {
+        AppConfigurationEntry kafkaClientConfigurationEntry = new AppConfigurationEntry(
+                "com.sun.security.auth.module.Krb5LoginModule",
+                AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+                new HashMap<>());
+        Map<String, AppConfigurationEntry[]> configurationEntries = new HashMap<>();
+        configurationEntries.put("KAFKA_CLIENT_CONTEXT_NAME",
+                new AppConfigurationEntry[] { kafkaClientConfigurationEntry });
+        Configuration.setConfiguration(new InternalConfiguration(configurationEntries));
+    }
+
+    private static class InternalConfiguration extends Configuration {
+        private final Map<String, AppConfigurationEntry[]> configurationEntries;
+
+        InternalConfiguration(Map<String, AppConfigurationEntry[]> configurationEntries) {
+            this.configurationEntries = configurationEntries;
+        }
+
+        @Override
+        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+            return this.configurationEntries.get(name);
+        }
+
+    }
+}

src/test/java/com/microsoft/sqlserver/jdbc/TestResource.java

@@ -203,5 +203,6 @@ protected Object[][] getContents() {
             {"R_connectTimedOut", "connect timed out"},
             {"R_sessionKilled", "Cannot continue the execution because the session is in the kill state"},
             {"R_failedFedauth", "Failed to acquire fedauth token: "},
+            {"R_noLoginModulesConfiguredForJdbcDriver", "javax.security.auth.login.LoginException (No LoginModules configured for SQLJDBCDriver)"},
             {"R_unexpectedThreadCount", "Thread count is higher than expected."}};
 }

src/test/java/com/microsoft/sqlserver/testframework/AbstractTest.java

@@ -66,6 +66,10 @@ public abstract class AbstractTest {
     protected static String[] enclaveAttestationUrl = null;
     protected static String[] enclaveAttestationProtocol = null;
 
+
+    protected static String kerberosServer = null;
+    protected static String kerberosServerPort = null;
+
     protected static String clientCertificate = null;
     protected static String clientKey = null;
     protected static String clientKeyPassword = "";
@@ -101,6 +105,7 @@ public abstract class AbstractTest {
     protected static Connection connectionAzure = null;
     protected static String connectionString = null;
     protected static String connectionStringNTLM;
+    protected static String connectionStringKerberos;
 
     protected static ConfidentialClientApplication fedauthClientApp = null;
 
@@ -191,6 +196,9 @@ public static void setup() throws Exception {
 
         clientKeyPassword = getConfiguredProperty("clientKeyPassword", "");
 
+        kerberosServer = getConfiguredProperty("kerberosServer", null);
+        kerberosServerPort = getConfiguredProperty("kerberosServerPort", null);
+
         trustStore = getConfiguredProperty("trustStore", "");
         if (!trustStore.trim().isEmpty()) {
             connectionString = TestUtils.addOrOverrideProperty(connectionString, "trustStore", trustStore);
@@ -242,7 +250,7 @@ public static void setup() throws Exception {
     protected static void setupConnectionString() {
         connectionStringNTLM = connectionString;
 
-        // if these properties are defined then NTLM is desired, modify connection string accordingly
+        // If these properties are defined then NTLM is desired, modify connection string accordingly
         String domain = getConfiguredProperty("domainNTLM");
         String user = getConfiguredProperty("userNTLM");
         String password = getConfiguredProperty("passwordNTLM");
@@ -265,6 +273,14 @@ protected static void setupConnectionString() {
             connectionStringNTLM = TestUtils.addOrOverrideProperty(connectionStringNTLM, "integratedSecurity", "true");
         }
 
+        if (null != kerberosServer && null != kerberosServerPort) {
+            connectionStringKerberos = "jdbc:sqlserver://" + kerberosServer + ":" + kerberosServerPort + ";";
+            connectionStringKerberos = TestUtils.addOrOverrideProperty(connectionStringKerberos, "authenticationScheme", "JavaKerberos");
+            connectionStringKerberos = TestUtils.addOrOverrideProperty(connectionStringKerberos, "integratedSecurity", "true");
+            connectionStringKerberos = TestUtils.addOrOverrideProperty(connectionStringKerberos, "trustServerCertificate", "true");
+            connectionStringKerberos = TestUtils.addOrOverrideProperty(connectionStringKerberos, "encrypt", "false");
+        }
+
         ds = updateDataSource(connectionString, new SQLServerDataSource());
         dsXA = updateDataSource(connectionString, new SQLServerXADataSource());
         dsPool = updateDataSource(connectionString, new SQLServerConnectionPoolDataSource());

src/test/java/com/microsoft/sqlserver/testframework/Constants.java

@@ -24,6 +24,7 @@ private Constants() {}
      * xAzureSQLDW - - - - For tests not compatible with Azure Data Warehouse
      * xAzureSQLMI - - - - For tests not compatible with Azure SQL Managed Instance
      * NTLM  - - - - - - - For NTLM tests
+     * Kerberos  - - - - - For Kerberos tests
      * reqExternalSetup  - For tests requiring external setup
      * clientCertAuth  - - For tests requiring client certificate authentication setup
      * Fedauth - - - - - - For Fedauth tests
@@ -39,6 +40,7 @@ private Constants() {}
     public static final String xAzureSQLDW = "xAzureSQLDW";
     public static final String xAzureSQLMI = "xAzureSQLMI";
     public static final String NTLM = "NTLM";
+    public static final String Kerberos = "Kerberos";
     public static final String MSI = "MSI";
     public static final String reqExternalSetup = "reqExternalSetup";
     public static final String clientCertAuth = "clientCertAuth";