tessl/maven-com-mysql--mysql-connector-j
JDBC Type 4 driver for MySQL with X DevAPI support for document store operations
authentication.mddocs/
Authentication and Security
Authentication callbacks and security mechanisms for various authentication methods including OpenID Connect, WebAuthn, and pluggable authentication.
Capabilities
Callback Interfaces
Core callback interfaces for authentication data exchange.
package com.mysql.cj.callback;
public interface MysqlCallback {
// Marker interface for all MySQL callbacks
}
public interface MysqlCallbackHandler {
// Handle callback
void handle(MysqlCallback callback);
}OpenID Connect Authentication
Callback and handler for OpenID Connect authentication.
package com.mysql.cj.callback;
public class OpenidConnectAuthenticationCallback implements MysqlCallback {
public OpenidConnectAuthenticationCallback();
// Set Identity Token
public void setIdToken(String idToken);
// Get Identity Token
public String getIdToken();
}
public class OpenidConnectIdTokenFromFileCallbackHandler implements MysqlCallbackHandler {
// Constructor takes path to file containing ID token
public OpenidConnectIdTokenFromFileCallbackHandler(String idTokenFile);
// Handle callback by reading token from file
public void handle(MysqlCallback callback);
}Usage:
// Configure OpenID Connect authentication
Properties props = new Properties();
props.setProperty("user", "myuser");
props.setProperty("defaultAuthenticationPlugin", "authentication_openid_connect_client");
// Set callback handler to read token from file
String idTokenFile = "/path/to/id_token.txt";
props.setProperty("authenticationOpenidConnectCallbackHandler",
"com.mysql.cj.callback.OpenidConnectIdTokenFromFileCallbackHandler");
props.setProperty("authenticationOpenidConnectClientIdTokenFile", idTokenFile);
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", props);
// Or use custom callback handler
MysqlCallbackHandler handler = new MysqlCallbackHandler() {
public void handle(MysqlCallback callback) {
if (callback instanceof OpenidConnectAuthenticationCallback) {
OpenidConnectAuthenticationCallback oidcCallback =
(OpenidConnectAuthenticationCallback) callback;
// Get token from your identity provider
String token = getTokenFromIdentityProvider();
oidcCallback.setIdToken(token);
}
}
};WebAuthn Authentication
Callback for WebAuthn (FIDO2) authentication.
package com.mysql.cj.callback;
public class WebAuthnAuthenticationCallback implements MysqlCallback {
public WebAuthnAuthenticationCallback();
// Set authenticator data
public void setAuthenticatorData(byte[] authenticatorData);
public byte[] getAuthenticatorData();
// Set signature
public void setSignature(byte[] signature);
public byte[] getSignature();
// Set relying party ID
public void setRelyingPartyId(String relyingPartyId);
public String getRelyingPartyId();
// Set challenge
public void setChallenge(byte[] challenge);
public byte[] getChallenge();
}Usage:
// Implement WebAuthn callback handler
MysqlCallbackHandler webAuthnHandler = new MysqlCallbackHandler() {
public void handle(MysqlCallback callback) {
if (callback instanceof WebAuthnAuthenticationCallback) {
WebAuthnAuthenticationCallback waCallback =
(WebAuthnAuthenticationCallback) callback;
// Get challenge from callback
byte[] challenge = waCallback.getChallenge();
String rpId = waCallback.getRelyingPartyId();
// Interact with FIDO2 authenticator
byte[] authenticatorData = getAuthenticatorData(challenge, rpId);
byte[] signature = getSignature(challenge, rpId);
// Set response
waCallback.setAuthenticatorData(authenticatorData);
waCallback.setSignature(signature);
}
}
};
Properties props = new Properties();
props.setProperty("defaultAuthenticationPlugin", "authentication_webauthn_client");
props.setProperty("authenticationWebAuthnCallbackHandler",
"com.mycompany.MyWebAuthnCallbackHandler");
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", props);Username Callback
Callback for username exchange.
package com.mysql.cj.callback;
public class UsernameCallback implements MysqlCallback {
// Constructor requires prompt message
public UsernameCallback(String promptMessage);
// Get username (no setter - username is provided via subclass or stored during construction)
public String getUsername();
}Authentication Plugin Interface
Interface for implementing custom authentication plugins.
package com.mysql.cj.protocol;
public interface AuthenticationPlugin<M extends Message> {
// Initialize plugin
void init(Protocol<M> prot, MysqlCallbackHandler cbh);
// Reset plugin state
void reset();
// Destroy plugin
void destroy();
// Get protocol plugin name
String getProtocolPluginName();
// Check if plugin requires confidentiality (SSL)
boolean requiresConfidentiality();
// Check if plugin is reusable
boolean isReusable();
// Set authentication parameters
void setAuthenticationParameters(String user, String password);
// Perform next authentication step
boolean nextAuthenticationStep(M fromServer, List<M> toServer);
}Authentication Provider
Interface for authentication providers.
package com.mysql.cj.protocol;
public interface AuthenticationProvider<M extends Message> {
// Initialize provider
void init(Protocol<M> prot, PropertySet propertySet, ExceptionInterceptor exceptionInterceptor);
// Connect with authentication
void connect(String userName, String password, String database);
// Change user (re-authenticate)
void changeUser(String userName, String password, String database);
}Usage:
// Configure authentication plugins
String url = "jdbc:mysql://localhost:3306/mydb" +
"?authenticationPlugins=com.mycompany.MyAuthPlugin" +
"&defaultAuthenticationPlugin=com.mycompany.MyAuthPlugin";
// Disable specific authentication plugins
String url2 = "jdbc:mysql://localhost:3306/mydb" +
"?disabledAuthenticationPlugins=mysql_native_password";
// Allow public key retrieval for caching_sha2_password
String url3 = "jdbc:mysql://localhost:3306/mydb" +
"?allowPublicKeyRetrieval=true";
Connection conn = DriverManager.getConnection(url, "user", "pass");Built-in Authentication Plugins
MySQL Connector/J includes several built-in authentication plugins:
- mysql_native_password: Traditional MySQL authentication
- caching_sha2_password: Default in MySQL 8.0+
- sha256_password: SHA-256 password authentication
- authentication_ldap_sasl_client: LDAP SASL authentication
- authentication_kerberos_client: Kerberos authentication
- authentication_openid_connect_client: OpenID Connect authentication
- authentication_webauthn_client: WebAuthn (FIDO2) authentication
- authentication_oci_client: Oracle Cloud Infrastructure IAM authentication
Configuration examples:
// Caching SHA-2 password (default in MySQL 8.0+)
String url = "jdbc:mysql://localhost:3306/mydb?allowPublicKeyRetrieval=true";
// LDAP SASL authentication
Properties props = new Properties();
props.setProperty("user", "ldapuser");
props.setProperty("defaultAuthenticationPlugin", "authentication_ldap_sasl_client");
props.setProperty("authenticationLdapSaslClientServerType", "openldap");
// Kerberos authentication
props.setProperty("defaultAuthenticationPlugin", "authentication_kerberos_client");
// OCI IAM authentication
props.setProperty("defaultAuthenticationPlugin", "authentication_oci_client");
props.setProperty("ociConfigFile", "/path/to/oci_config");
Connection conn = DriverManager.getConnection(url, props);Install with Tessl CLI
npx tessl i tessl/maven-com-mysql--mysql-connector-j