Re: Support waffle>1.7.4 - Mailing list pgsql-jdbc
From | Dave Cramer |
---|---|
Subject | Re: Support waffle>1.7.4 |
Date | |
Msg-id | CADK3HHKGOrj99n8XZ9nH15TVK5OHb8ZMkwuOkxKCjWuGAaZi_w@mail.gmail.com Whole thread Raw |
In response to | Re: Support waffle>1.7.4 (Christian Ullrich <chris@chrullrich.net>) |
Responses |
Re: Support waffle>1.7.4
(Christian Ullrich <chris@chrullrich.net>)
Re: Support waffle>1.7.4 (Christian Ullrich <chris@chrullrich.net>) |
List | pgsql-jdbc |
Ok, I just pushed pavel's PR,
Thanks for this Christian!
On 9 May 2016 at 19:49, Christian Ullrich <chris@chrullrich.net> wrote:
* Christian Ullrich wrote:I thought about writing a few [SSPI tests], and I may yet get around> to that,
Attached is a proposed patch; I cannot send it as a PR because it is dependent on Pavel Raiskup's as yet unmerged #546. The Waffle-free build option is clearly coming, and there is little point in having SSPI tests that then cannot be turned off.
Some explanations:
- Both successful and unsuccessful authentication is tested, the latter
to ensure that a configuration mistake (such as a "trust" line left
in pg_hba.conf) has not caused *both* tests to succeed when they
should have failed.
- Setting up to run these tests is not entirely (or at all) trivial; it
requires running the database server as an account that is capable of
SSPI authentication (such as a virtual service account, e.g.
"NT SERVICE\PostgreSQL") on both domain member and non-member
systems, or a domain user account.
- Additionally, both pg_hba.conf and, in most cases, pg_ident.conf must
be configured. In particular, the user account that runs the tests
must be permitted to authenticate as the database role configured in
build.properties.
- The tests are not run when Waffle is disabled. I would have preferred
to have a separate option to turn them off even when building with
Waffle because the setup is so difficult. I could not think of a way
to make Maven do this, mostly because profiles cannot be chained, and
profile activation cannot use two variables, for example
(!enableWaffle || disableSSPITests).
- There is an intermittent problem where testUnauthorized() fails
because it gets the wrong exception: It expects SQLSTATE 28000 from
the server, but sometimes it gets 08001 generated internally in the
driver. No idea what causes that. I did not want to blindly accept any
error as proof of failed authentication.
--
Christian
--
Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-jdbc
pgsql-jdbc by date: