diff --git a/pom.xml b/pom.xml
index 2696fc391..c9a7bb3ef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -261,7 +261,7 @@
org.apache.felix
maven-bundle-plugin
- 3.4.0
+ 3.5.0
true
@@ -279,7 +279,7 @@
-
+
org.apache.maven.plugins
maven-javadoc-plugin
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java b/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java
index 01ace7365..d3707c2fe 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/KerbAuthentication.java
@@ -49,6 +49,7 @@ final class KerbAuthentication extends SSPIAuthentication {
private final GSSManager manager = GSSManager.getInstance();
private LoginContext lc = null;
+ private boolean isUserCreatedCredential = false;
private GSSCredential peerCredentials = null;
private GSSContext peerContext = null;
@@ -388,9 +389,10 @@ interface RealmValidator {
KerbAuthentication(SQLServerConnection con,
String address,
int port,
- GSSCredential ImpersonatedUserCred) throws SQLServerException {
+ GSSCredential ImpersonatedUserCred, Boolean isUserCreated) throws SQLServerException {
this(con, address, port);
peerCredentials = ImpersonatedUserCred;
+ this.isUserCreatedCredential = (isUserCreated == null ? false : isUserCreated);
}
byte[] GenerateClientContext(byte[] pin,
@@ -403,8 +405,11 @@ byte[] GenerateClientContext(byte[] pin,
int ReleaseClientContext() throws SQLServerException {
try {
- if (null != peerCredentials)
+ if (null != peerCredentials && !isUserCreatedCredential) {
peerCredentials.dispose();
+ } else if (null != peerCredentials && isUserCreatedCredential) {
+ peerCredentials = null;
+ }
if (null != peerContext)
peerContext.dispose();
if (null != lc)
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
index 8d99f652d..ab7a758aa 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
@@ -753,7 +753,8 @@ static synchronized List getColumnEncryptionTrustedMasterKeyPaths(String
Properties activeConnectionProperties; // the active set of connection properties
private boolean integratedSecurity = SQLServerDriverBooleanProperty.INTEGRATED_SECURITY.getDefaultValue();
private AuthenticationScheme intAuthScheme = AuthenticationScheme.nativeAuthentication;
- private GSSCredential ImpersonatedUserCred ;
+ private GSSCredential ImpersonatedUserCred;
+ private Boolean isUserCreatedCredential;
// This is the current connect place holder this should point one of the primary or failover place holder
ServerPortPlaceHolder currentConnectPlaceHolder = null;
@@ -1483,8 +1484,10 @@ Connection connectInternal(Properties propsIn,
if(intAuthScheme == AuthenticationScheme.javaKerberos){
sPropKey = SQLServerDriverObjectProperty.GSS_CREDENTIAL.toString();
- if(activeConnectionProperties.containsKey(sPropKey))
+ if(activeConnectionProperties.containsKey(sPropKey)) {
ImpersonatedUserCred = (GSSCredential) activeConnectionProperties.get(sPropKey);
+ isUserCreatedCredential = true;
+ }
}
sPropKey = SQLServerDriverStringProperty.AUTHENTICATION.toString();
@@ -3435,9 +3438,10 @@ final boolean doExecute() throws SQLServerException {
if (integratedSecurity && AuthenticationScheme.nativeAuthentication == intAuthScheme)
authentication = new AuthenticationJNI(this, currentConnectPlaceHolder.getServerName(), currentConnectPlaceHolder.getPortNumber());
if (integratedSecurity && AuthenticationScheme.javaKerberos == intAuthScheme) {
- if (null != ImpersonatedUserCred)
+ if (null != ImpersonatedUserCred) {
authentication = new KerbAuthentication(this, currentConnectPlaceHolder.getServerName(), currentConnectPlaceHolder.getPortNumber(),
- ImpersonatedUserCred);
+ ImpersonatedUserCred, isUserCreatedCredential);
+ }
else
authentication = new KerbAuthentication(this, currentConnectPlaceHolder.getServerName(), currentConnectPlaceHolder.getPortNumber());
}
@@ -3459,7 +3463,6 @@ final boolean doExecute() throws SQLServerException {
// No need any further info from the server for token based authentication. So set _federatedAuthenticationRequested to true
federatedAuthenticationRequested = true;
}
-
try {
sendLogon(command, authentication, fedAuthFeatureExtensionData);
@@ -3473,21 +3476,14 @@ final boolean doExecute() throws SQLServerException {
connectionCommand(sqlStmt, "Change Settings");
}
}
- }
- finally {
+ } finally {
if (integratedSecurity) {
- if (null != authentication)
+ if (null != authentication) {
authentication.ReleaseClientContext();
- authentication = null;
-
+ authentication = null;
+ }
if (null != ImpersonatedUserCred) {
- try {
- ImpersonatedUserCred.dispose();
- }
- catch (GSSException e) {
- if (connectionlogger.isLoggable(Level.FINER))
- connectionlogger.finer(toString() + " Release of the credentials failed GSSException: " + e);
- }
+ ImpersonatedUserCred = null;
}
}
}