What’s New in MariaDB Connector/J 2.5

We are pleased to announce the RC release of MariaDB Connector/J 2.5, the newest version of the MariaDB Connector/J for Java 8+. For this release, we enhanced the Java connector with a new framework that makes it easier to support multiple authentication services. This allows anyone to quickly add new authentication services as they become popular or useful for your application.

Extendable

MariaDB Connector/J 2.5 now supports a service implementation for authentication, providing credentials, and custom SSL implementation.

New services can be added by implementing the corresponding interface and registering this service in the META-INF/services files.

Authentication service

The authentication service is the client side implementation of the server authentication plugin that determines whether the connection is from a legitimate user.

List of authentication services in java connector:

  • mysql_clear_password
  • auth_gssapi_client
  • client_ed25519
  • mysql_native_password
  • mysql_old_password
  • dialog (PAM)
  • sha256_password
  • caching_sha2_password

New authentication plugins can be created by implementing the interface org.mariadb.jdbc.authentication.AuthenticationPlugin, and listing the new plugin in a META-INF/services/org.mariadb.jdbc.authentication.AuthenticationPlugin file.

`sha256_password` and `Caching_sha2_password` have been added for compatibility, the ed25519 plugin can be used with MariaDB Server for a state of the art password encryption.

Credential service

Authentication is usually achieved by providing credentials in a connection string or by using DriverManager.getConnection(String url, String user, String password). New services provide credentials in a different way.

Credential plugins are used to provide this credential information. Those plugins have to be activated by setting the option `credentialType` to the designated plugin.

A well known problem is that pool implementations usually have issues with changing passwords, like timeout token. The credential service implements a solution that generates / caches the token at the driver level.

The driver has 3 default plugins :

  • AWS IAM: use a token limited in time for authentication
  • Environment: use user and password from environment
  • Properties : use user and password from java properties

SSL factory service

The driver provides a default SSL implementation that will solve most use-cases. But a custom implementation can be activated by using option `tlsSocketType`. An example would be using a custom HostnameVerifier implementation to ensure a SAN value. A custom implementation needs to implement org.mariadb.jdbc.tls.TlsSocketPlugin and register the service META-INF/services/org.mariadb.jdbc.tls.TlsSocketPlugin.

Download the MariaDB Connector now to try the newest evolution of MariaDB Connector/J 2.5. The connector is a release candidate and is great for testing and development environments but is not recommended for production.