From b13b41f84b6f79f3c2687a91844b023ba2a6cccd Mon Sep 17 00:00:00 2001 From: Ananya Garg Date: Wed, 17 Dec 2025 17:57:53 +0530 Subject: [PATCH 1/3] Remove ADAL dependency: Migrate Windows AAD Integrated Auth to MSQA APIs via mssql-auth.dll. --- .../sqlserver/jdbc/AuthenticationJNI.java | 10 ++++---- .../sqlserver/jdbc/SQLServerConnection.java | 24 +++++++++---------- .../sqlserver/jdbc/SQLServerResource.java | 2 +- 3 files changed, 17 insertions(+), 19 deletions(-) diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java b/src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java index c21c186383..7b4c6a1b6d 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java @@ -85,12 +85,11 @@ static boolean isDllLoaded() { } static FedAuthDllInfo getAccessTokenForWindowsIntegrated(String stsURL, String servicePrincipalName, - String clientConnectionId, String clientId, long expirationFileTime) throws DLLException { + String clientConnectionId, String clientId) throws DLLException { try { lock.lock(); - return ADALGetAccessTokenForWindowsIntegrated(stsURL, servicePrincipalName, clientConnectionId, clientId, - expirationFileTime, authLogger); + return MSQAGetAccessTokenForWindowsIntegrated(stsURL, servicePrincipalName, clientConnectionId, clientId, authLogger); } finally { lock.unlock(); } @@ -164,9 +163,8 @@ private static native int SNISecGenClientContext(byte[] psec, int[] secptrsize, private static native int GetDNSName(String address, String[] DNSName, java.util.logging.Logger log); - private static native FedAuthDllInfo ADALGetAccessTokenForWindowsIntegrated(String stsURL, - String servicePrincipalName, String clientConnectionId, String clientId, long expirationFileTime, - java.util.logging.Logger log); + private static native FedAuthDllInfo MSQAGetAccessTokenForWindowsIntegrated(String stsURL, + String servicePrincipalName, String clientConnectionId, String clientId, java.util.logging.Logger log); static native byte[] DecryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) throws DLLException; diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java index a6cbb5dca8..5c4af772ed 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java @@ -6798,7 +6798,7 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw try { FedAuthDllInfo dllInfo = AuthenticationJNI.getAccessTokenForWindowsIntegrated( fedAuthInfo.stsurl, fedAuthInfo.spn, clientConnectionId.toString(), - ActiveDirectoryAuthentication.JDBC_FEDAUTH_CLIENT_ID, 0); + ActiveDirectoryAuthentication.JDBC_FEDAUTH_CLIENT_ID); // AccessToken should not be null. assert null != dllInfo.accessTokenBytes; @@ -6811,15 +6811,15 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw // Break out of the retry loop in successful case. break; - } catch (DLLException adalException) { + } catch (DLLException dllException) { - // the mssql-jdbc_auth DLL return -1 for errorCategory, if unable to load the - // adalsql DLL - int errorCategory = adalException.getCategory(); + // The mssql-jdbc_auth DLL returns -1 for errorCategory if unable to load the + // mssql-auth.dll + int errorCategory = dllException.getCategory(); if (-1 == errorCategory) { MessageFormat form = new MessageFormat( - SQLServerException.getErrString("R_UnableLoadADALSqlDll")); - Object[] msgArgs = { Integer.toHexString(adalException.getState()) }; + SQLServerException.getErrString("R_UnableLoadMSSQLAuthDll")); + Object[] msgArgs = { Integer.toHexString(dllException.getState()) }; throw new SQLServerException(form.format(msgArgs), null); } @@ -6828,21 +6828,21 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw || timerHasExpired(timerExpire) || (fedauthSleepInterval >= millisecondsRemaining)) { - String errorStatus = Integer.toHexString(adalException.getStatus()); + String errorStatus = Integer.toHexString(dllException.getStatus()); if (connectionlogger.isLoggable(Level.FINER)) { connectionlogger.fine( toString() - + " SQLServerConnection.getFedAuthToken.AdalException category:" + + " SQLServerConnection.getFedAuthToken.DLLException category:" + errorCategory + " error: " + errorStatus); } MessageFormat form = new MessageFormat( SQLServerException.getErrString("R_ADALAuthenticationMiddleErrorMessage")); - String errorCode = Integer.toHexString(adalException.getStatus()).toUpperCase(); - Object[] msgArgs1 = { errorCode, adalException.getState() }; + String errorCode = Integer.toHexString(dllException.getStatus()).toUpperCase(); + Object[] msgArgs1 = { errorCode, dllException.getState() }; SQLServerException middleException = new SQLServerException(form.format(msgArgs1), - adalException); + dllException); form = new MessageFormat(SQLServerException.getErrString("R_MSALExecution")); Object[] msgArgs = { user, authenticationString }; diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java index 79bea50737..75d6ba80d7 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java @@ -404,7 +404,7 @@ protected Object[][] getContents() { {"R_GenerateSignature", "Unable to generate signature using a specified Azure Key Vault Key URL."}, {"R_SignedHashLengthError", "Signed hash length does not match the RSA key size."}, {"R_InvalidSignatureComputed", "Invalid signature of the encrypted column encryption key computed."}, - {"R_UnableLoadADALSqlDll", "Unable to load adalsql.dll. Error code: 0x{0}. For details, see: http://go.microsoft.com/fwlink/?LinkID=513072"}, + {"R_UnableLoadMSSQLAuthDll", "Unable to load mssql-auth.dll. Error code: 0x{0}. For details, see: http://go.microsoft.com/fwlink/?LinkID=513072"}, {"R_ADALAuthenticationMiddleErrorMessage", "Error code 0x{0}; state {1}."}, {"R_unsupportedDataTypeTVP", "Data type {0} not supported in Table-Valued Parameter."}, {"R_moreDataInRowThanColumnInTVP", "Input array is longer than the number of columns in this table."}, From 9de1ec2cf93fc10ebe4cf4200cba4e6bfe692047 Mon Sep 17 00:00:00 2001 From: Ananya Garg Date: Thu, 18 Dec 2025 14:27:50 +0530 Subject: [PATCH 2/3] updated error message --- .../java/com/microsoft/sqlserver/jdbc/SQLServerResource.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java index 75d6ba80d7..5dcbacbe89 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java @@ -404,7 +404,7 @@ protected Object[][] getContents() { {"R_GenerateSignature", "Unable to generate signature using a specified Azure Key Vault Key URL."}, {"R_SignedHashLengthError", "Signed hash length does not match the RSA key size."}, {"R_InvalidSignatureComputed", "Invalid signature of the encrypted column encryption key computed."}, - {"R_UnableLoadMSSQLAuthDll", "Unable to load mssql-auth.dll. Error code: 0x{0}. For details, see: http://go.microsoft.com/fwlink/?LinkID=513072"}, + {"R_UnableLoadMSSQLAuthDll", "Unable to load mssql-auth.dll. Error code: 0x{0}."}, {"R_ADALAuthenticationMiddleErrorMessage", "Error code 0x{0}; state {1}."}, {"R_unsupportedDataTypeTVP", "Data type {0} not supported in Table-Valued Parameter."}, {"R_moreDataInRowThanColumnInTVP", "Input array is longer than the number of columns in this table."}, From c9071e7ac8cf4b17dc4644154d7e4b3e3bfbdf05 Mon Sep 17 00:00:00 2001 From: Ananya Garg Date: Wed, 7 Jan 2026 10:53:44 +0530 Subject: [PATCH 3/3] reverted jni wrapper changes --- .../microsoft/sqlserver/jdbc/AuthenticationJNI.java | 10 ++++++---- .../microsoft/sqlserver/jdbc/SQLServerConnection.java | 2 +- .../microsoft/sqlserver/jdbc/SQLServerResource.java | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java b/src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java index 7b4c6a1b6d..c21c186383 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java @@ -85,11 +85,12 @@ static boolean isDllLoaded() { } static FedAuthDllInfo getAccessTokenForWindowsIntegrated(String stsURL, String servicePrincipalName, - String clientConnectionId, String clientId) throws DLLException { + String clientConnectionId, String clientId, long expirationFileTime) throws DLLException { try { lock.lock(); - return MSQAGetAccessTokenForWindowsIntegrated(stsURL, servicePrincipalName, clientConnectionId, clientId, authLogger); + return ADALGetAccessTokenForWindowsIntegrated(stsURL, servicePrincipalName, clientConnectionId, clientId, + expirationFileTime, authLogger); } finally { lock.unlock(); } @@ -163,8 +164,9 @@ private static native int SNISecGenClientContext(byte[] psec, int[] secptrsize, private static native int GetDNSName(String address, String[] DNSName, java.util.logging.Logger log); - private static native FedAuthDllInfo MSQAGetAccessTokenForWindowsIntegrated(String stsURL, - String servicePrincipalName, String clientConnectionId, String clientId, java.util.logging.Logger log); + private static native FedAuthDllInfo ADALGetAccessTokenForWindowsIntegrated(String stsURL, + String servicePrincipalName, String clientConnectionId, String clientId, long expirationFileTime, + java.util.logging.Logger log); static native byte[] DecryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) throws DLLException; diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java index 5c4af772ed..e2663aa363 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java @@ -6798,7 +6798,7 @@ private SqlAuthenticationToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throw try { FedAuthDllInfo dllInfo = AuthenticationJNI.getAccessTokenForWindowsIntegrated( fedAuthInfo.stsurl, fedAuthInfo.spn, clientConnectionId.toString(), - ActiveDirectoryAuthentication.JDBC_FEDAUTH_CLIENT_ID); + ActiveDirectoryAuthentication.JDBC_FEDAUTH_CLIENT_ID, 0); // AccessToken should not be null. assert null != dllInfo.accessTokenBytes; diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java index 5dcbacbe89..75d6ba80d7 100644 --- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java +++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerResource.java @@ -404,7 +404,7 @@ protected Object[][] getContents() { {"R_GenerateSignature", "Unable to generate signature using a specified Azure Key Vault Key URL."}, {"R_SignedHashLengthError", "Signed hash length does not match the RSA key size."}, {"R_InvalidSignatureComputed", "Invalid signature of the encrypted column encryption key computed."}, - {"R_UnableLoadMSSQLAuthDll", "Unable to load mssql-auth.dll. Error code: 0x{0}."}, + {"R_UnableLoadMSSQLAuthDll", "Unable to load mssql-auth.dll. Error code: 0x{0}. For details, see: http://go.microsoft.com/fwlink/?LinkID=513072"}, {"R_ADALAuthenticationMiddleErrorMessage", "Error code 0x{0}; state {1}."}, {"R_unsupportedDataTypeTVP", "Data type {0} not supported in Table-Valued Parameter."}, {"R_moreDataInRowThanColumnInTVP", "Input array is longer than the number of columns in this table."},