GSSCredential

[David Lloyd]

On Wed, Jun 12, 2019 at 8:01 AM Mark Rotteveel <mark at lawinegevaar.nl> wrote:
> On 2019-06-12 01:30, Douglas Surber wrote:
> > I have been discussing this with the Java team. We concluded that it
> > is appropriate for java.sql to include requires static
> > java.security.jgss to support the default method gssCredential. There
> > is no code in java.sql that uses java.security.jgss except that one
> > method. In order to invoke that method a calling module would have to
> > load GSSCredential. So while requires static has some pitfalls, this
> > particular use is one where it is appropriate.
> >
> > This does not address the proxy issue. The question there becomes how
> > much additional code would java.security.jgss drag in compared to
> > java.sql, some framework that proxies JDBC objects, and a driver
> > implementation. My guess is that the delta is very, very small.
> >
> > Based on the above I renew my proposal to add
> > gssCredential(GSSCredential credential) to all three ConnectionBuilder
> > interfaces.
>
> Declaring it as `requires static` brings us full circle again. It will
> work for simple usages, but it will break for any implementation out
> there that proxies instances of ConnectionBuilder.
>
> We might be able to accept this risk. I have never seen use of
> ConnectionBuilder in the wild, and I actually haven't implemented it
> myself in Jaybird yet (nor have I seen it implemented in other open
> source drivers yet). We should be prepared to change this to `requires`
> instead if it proves to be problematic though.

What about using the general-purpose authentication callback mechanism
used by JAAS and SASL instead of providing credentials?  That could
decouple JDBC from any particular authentication strategy altogether.

-- 
- DML