Microsoft JDBC driver having strange behaviour with java code

0
votes

I have tried with java code to use Microsoft JDBC driver to get connection on SQL Instance enabled with SSL Protocal and SQL Server with NTLMV2 protocol.

I am using windows authentication to get connection which will take effect of both SSL and NTLMV2 protocols.

But the strange thing is we able to establish connection java JDBC client without setting java property for NTLMV2 and SSL as well.

Can some one help me out why this strange thing happened using Microsoft JDBC driver.

Please find my java code snippet which am using connection url to get connection with SQL Instance enabled with SSL and NTLMV2 protocols.

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Properties;


public class SqlJdbcConnection 
{
    String dbDriver = "com.microsoft.sqlserver.jdbc.SQLServerDriver";
    String connectionUrl = "";

    private void connect()
    {
        Connection conn=null;
        Statement stmt=null;
        ResultSet rset=null;
        try 
        {
            Class.forName(dbDriver);
        } 
        catch (ClassNotFoundException e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
            return;
        }  
        try
        {           
            connectionUrl = "jdbc:sqlserver://192.168.11.215:1433;databaseName=master;integratedSecurity=true";         
            Properties infoProperties=new Properties();
            infoProperties.put("UserName","administrator");
            infoProperties.put("Password","abc098ABC");
            infoProperties.put("domain","mas");
            infoProperties.put("authenticationScheme","NTLM");
            conn = DriverManager.getConnection(connectionUrl, infoProperties);
            if(conn==null)
            {
                System.out.println("Connection is null");
                return;
            }
            stmt=conn.createStatement();
            rset = stmt.executeQuery("select @@version");
            while(rset.next())
            {
                System.out.println(rset.getString(1));
            }

        }
        catch (Exception e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }  
        finally
        {
            if(rset!=null)
            {
                try 
                {
                    rset.close();
                } catch (Exception e2) {
                    // TODO: handle exception
                }
            }
            if(stmt!=null)
            {
                try 
                {
                    stmt.close();
                } catch (Exception e2) {
                    // TODO: handle exception
                }
            }
            if(conn!=null)
            {
                try 
                {
                    conn.close();
                } catch (Exception e2) {
                    // TODO: handle exception
                }
            }
        }

    }
    public static void main(String[] args)
    {
        // TODO Auto-generated method stub
        SqlJdbcConnection sqljdbc=new SqlJdbcConnection();
        sqljdbc.connect();      }
}
2
javasql-serverjdbcdriver
What exactly is the problem? The properties you specify configure it to use NTLMv2, and NTLMv2 has nothing to do with SSL.Mark Rotteveel

2 Answers

0
votes

Support for SSL/TLS is not mandated in the JDBC specification. So you cannot expect it in every driver.

The following properties are also used for NTLM V2 Authentication:

domain = domainName (optional)
user = userName
password = password
integratedSecurity = true

Unintentionally your are already using NTLM v2 Authentication

0
votes

You need to add sqljdbc_auth.dll to the runtime by java -Djava.library.path={path to sqljdbc_auth.dll} and with this, you do not need to provide any username, because it is the user you are running the Java VM.

You find this DLL within the Microsoft JDBC Driver package.

If your user is a SQL-Server User, then you do not need integratedSecurity.