You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by zh...@apache.org on 2022/02/17 15:25:21 UTC
[shardingsphere] branch master updated: Decouple MySQLAuthenticationEngine and MySQLAuthenticationMethod (#15444)
This is an automated email from the ASF dual-hosted git repository.
zhangliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 1ea72bc Decouple MySQLAuthenticationEngine and MySQLAuthenticationMethod (#15444)
1ea72bc is described below
commit 1ea72bc1f1e24125b70a6d86e02ca553a5184b77
Author: Raigor <ra...@gmail.com>
AuthorDate: Thu Feb 17 23:24:29 2022 +0800
Decouple MySQLAuthenticationEngine and MySQLAuthenticationMethod (#15444)
* Decouple MySQLAuthenticationEngine and MySQLAuthenticationMethod, support different authentication methods.
* remove unused import.
* fix.
---
.../authentication/MySQLAuthenticationEngine.java | 7 +--
.../authentication/MySQLAuthenticationHandler.java | 40 ++++++----------
.../authenticator/MySQLAuthenticator.java | 36 +++++++++++++++
.../MySQLClearPasswordAuthenticator.java | 42 +++++++++++++++++
.../MySQLNativePasswordAuthenticator.java} | 54 ++++++++--------------
.../MySQLAuthenticationEngineTest.java | 5 +-
.../MySQLAuthenticationHandlerTest.java | 11 +++++
.../frontend/authentication/Authenticator.java | 31 +++++++++++++
8 files changed, 160 insertions(+), 66 deletions(-)
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngine.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngine.java
index b57cdd1..43b4626 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngine.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngine.java
@@ -20,7 +20,6 @@ package org.apache.shardingsphere.proxy.frontend.mysql.authentication;
import com.google.common.base.Strings;
import io.netty.channel.ChannelHandlerContext;
import org.apache.shardingsphere.db.protocol.CommonConstants;
-import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLAuthenticationMethod;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLCapabilityFlag;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLCharacterSet;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLConnectionPhase;
@@ -40,6 +39,7 @@ import org.apache.shardingsphere.proxy.frontend.authentication.AuthenticationEng
import org.apache.shardingsphere.proxy.frontend.authentication.AuthenticationResult;
import org.apache.shardingsphere.proxy.frontend.authentication.AuthenticationResultBuilder;
import org.apache.shardingsphere.proxy.frontend.connection.ConnectionIdGenerator;
+import org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator.MySQLAuthenticator;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
@@ -95,9 +95,10 @@ public final class MySQLAuthenticationEngine implements AuthenticationEngine {
context.writeAndFlush(new MySQLErrPacket(++sequenceId, MySQLServerErrorCode.ER_BAD_DB_ERROR, packet.getDatabase()));
return AuthenticationResultBuilder.continued();
}
- if (isClientPluginAuth(packet) && !MySQLAuthenticationMethod.SECURE_PASSWORD_AUTHENTICATION.getMethodName().equals(packet.getAuthPluginName())) {
+ MySQLAuthenticator authenticator = authenticationHandler.getAuthenticator(packet.getUsername(), getHostAddress(context));
+ if (isClientPluginAuth(packet) && !authenticator.getAuthenticationMethodName().equals(packet.getAuthPluginName())) {
connectionPhase = MySQLConnectionPhase.AUTHENTICATION_METHOD_MISMATCH;
- context.writeAndFlush(new MySQLAuthSwitchRequestPacket(++sequenceId, MySQLAuthenticationMethod.SECURE_PASSWORD_AUTHENTICATION.getMethodName(), authenticationHandler.getAuthPluginData()));
+ context.writeAndFlush(new MySQLAuthSwitchRequestPacket(++sequenceId, authenticator.getAuthenticationMethodName(), authenticationHandler.getAuthPluginData()));
return AuthenticationResultBuilder.continued(packet.getUsername(), getHostAddress(context), packet.getDatabase());
}
return AuthenticationResultBuilder.finished(packet.getUsername(), getHostAddress(context), packet.getDatabase());
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java
index 73056d7..0f7945a 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java
@@ -17,9 +17,7 @@
package org.apache.shardingsphere.proxy.frontend.mysql.authentication;
-import com.google.common.base.Strings;
import lombok.Getter;
-import org.apache.commons.codec.digest.DigestUtils;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLServerErrorCode;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
import org.apache.shardingsphere.infra.executor.check.SQLCheckEngine;
@@ -27,8 +25,9 @@ import org.apache.shardingsphere.infra.metadata.user.Grantee;
import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.rule.ShardingSphereRule;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
+import org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator.MySQLAuthenticator;
+import org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator.MySQLNativePasswordAuthenticator;
-import java.util.Arrays;
import java.util.Collection;
import java.util.Optional;
@@ -38,8 +37,6 @@ import java.util.Optional;
@Getter
public final class MySQLAuthenticationHandler {
- private static final ProxyContext PROXY_SCHEMA_CONTEXTS = ProxyContext.getInstance();
-
private final MySQLAuthPluginData authPluginData = new MySQLAuthPluginData();
/**
@@ -54,31 +51,22 @@ public final class MySQLAuthenticationHandler {
public Optional<MySQLServerErrorCode> login(final String username, final String hostname, final byte[] authenticationResponse, final String databaseName) {
Grantee grantee = new Grantee(username, hostname);
Collection<ShardingSphereRule> rules = ProxyContext.getInstance().getRules(databaseName);
- if (!SQLCheckEngine.check(grantee, (a, b) -> isPasswordRight((ShardingSphereUser) a, (byte[]) b), authenticationResponse, rules)) {
+ MySQLAuthenticator authenticator = getAuthenticator(username, hostname);
+ if (!SQLCheckEngine.check(grantee, (a, b) -> authenticator.authenticate((ShardingSphereUser) a, (byte[]) b), authenticationResponse, rules)) {
return Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR);
}
return null == databaseName || SQLCheckEngine.check(databaseName, rules, grantee) ? Optional.empty() : Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
}
- private boolean isPasswordRight(final ShardingSphereUser user, final byte[] authentication) {
- return Strings.isNullOrEmpty(user.getPassword()) || Arrays.equals(getAuthCipherBytes(user.getPassword()), authentication);
- }
-
- private byte[] getAuthCipherBytes(final String password) {
- byte[] sha1Password = DigestUtils.sha1(password);
- byte[] doubleSha1Password = DigestUtils.sha1(sha1Password);
- byte[] concatBytes = new byte[authPluginData.getAuthenticationPluginData().length + doubleSha1Password.length];
- System.arraycopy(authPluginData.getAuthenticationPluginData(), 0, concatBytes, 0, authPluginData.getAuthenticationPluginData().length);
- System.arraycopy(doubleSha1Password, 0, concatBytes, authPluginData.getAuthenticationPluginData().length, doubleSha1Password.length);
- byte[] sha1ConcatBytes = DigestUtils.sha1(concatBytes);
- return xor(sha1Password, sha1ConcatBytes);
- }
-
- private byte[] xor(final byte[] input, final byte[] secret) {
- byte[] result = new byte[input.length];
- for (int i = 0; i < input.length; ++i) {
- result[i] = (byte) (input[i] ^ secret[i]);
- }
- return result;
+ /**
+ * Get authenticator.
+ *
+ * @param username username
+ * @param hostname hostname
+ * @return authenticator
+ */
+ public MySQLAuthenticator getAuthenticator(final String username, final String hostname) {
+ // TODO get authenticator by username and hostname
+ return new MySQLNativePasswordAuthenticator(authPluginData);
}
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLAuthenticator.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLAuthenticator.java
new file mode 100644
index 0000000..3cf3e0a
--- /dev/null
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLAuthenticator.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator;
+
+import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
+import org.apache.shardingsphere.proxy.frontend.authentication.Authenticator;
+
+/**
+ * MySQL authenticator.
+ */
+public interface MySQLAuthenticator extends Authenticator {
+
+ /**
+ * Authenticate.
+ *
+ * @param user ShardingSphere user
+ * @param authResponse auth response for user authentication
+ * @return authentication success or not
+ */
+ boolean authenticate(ShardingSphereUser user, byte[] authResponse);
+}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLClearPasswordAuthenticator.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLClearPasswordAuthenticator.java
new file mode 100644
index 0000000..782ad46
--- /dev/null
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLClearPasswordAuthenticator.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator;
+
+import com.google.common.base.Strings;
+import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLAuthenticationMethod;
+import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
+
+/**
+ * Clear password authenticator for MySQL.
+ *
+ * @see <a href="https://dev.mysql.com/doc/internals/en/clear-text-authentication.html">Clear Text Authentication</a>
+ */
+public final class MySQLClearPasswordAuthenticator implements MySQLAuthenticator {
+
+ @Override
+ public boolean authenticate(final ShardingSphereUser user, final byte[] authResponse) {
+ byte[] password = new byte[authResponse.length - 1];
+ System.arraycopy(authResponse, 0, password, 0, authResponse.length - 1);
+ return Strings.isNullOrEmpty(user.getPassword()) || user.getPassword().equals(new String(password));
+ }
+
+ @Override
+ public String getAuthenticationMethodName() {
+ return MySQLAuthenticationMethod.CLEAR_TEXT_AUTHENTICATION.getMethodName();
+ }
+}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLNativePasswordAuthenticator.java
similarity index 56%
copy from shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java
copy to shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLNativePasswordAuthenticator.java
index 73056d7..efff048 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLNativePasswordAuthenticator.java
@@ -15,55 +15,32 @@
* limitations under the License.
*/
-package org.apache.shardingsphere.proxy.frontend.mysql.authentication;
+package org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator;
import com.google.common.base.Strings;
-import lombok.Getter;
+import lombok.RequiredArgsConstructor;
import org.apache.commons.codec.digest.DigestUtils;
-import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLServerErrorCode;
+import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLAuthenticationMethod;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
-import org.apache.shardingsphere.infra.executor.check.SQLCheckEngine;
-import org.apache.shardingsphere.infra.metadata.user.Grantee;
import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
-import org.apache.shardingsphere.infra.rule.ShardingSphereRule;
-import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import java.util.Arrays;
-import java.util.Collection;
-import java.util.Optional;
/**
- * Authentication handler for MySQL.
+ * Native password authenticator for MySQL.
+ *
+ * @see <a href="https://dev.mysql.com/doc/internals/en/secure-password-authentication.html">Secure Password Authentication</a>
*/
-@Getter
-public final class MySQLAuthenticationHandler {
+@RequiredArgsConstructor
+public final class MySQLNativePasswordAuthenticator implements MySQLAuthenticator {
- private static final ProxyContext PROXY_SCHEMA_CONTEXTS = ProxyContext.getInstance();
-
- private final MySQLAuthPluginData authPluginData = new MySQLAuthPluginData();
+ private final MySQLAuthPluginData authPluginData;
- /**
- * Login.
- *
- * @param username username
- * @param hostname hostname
- * @param authenticationResponse authentication response
- * @param databaseName database name
- * @return login success or failure
- */
- public Optional<MySQLServerErrorCode> login(final String username, final String hostname, final byte[] authenticationResponse, final String databaseName) {
- Grantee grantee = new Grantee(username, hostname);
- Collection<ShardingSphereRule> rules = ProxyContext.getInstance().getRules(databaseName);
- if (!SQLCheckEngine.check(grantee, (a, b) -> isPasswordRight((ShardingSphereUser) a, (byte[]) b), authenticationResponse, rules)) {
- return Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR);
- }
- return null == databaseName || SQLCheckEngine.check(databaseName, rules, grantee) ? Optional.empty() : Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
- }
-
- private boolean isPasswordRight(final ShardingSphereUser user, final byte[] authentication) {
- return Strings.isNullOrEmpty(user.getPassword()) || Arrays.equals(getAuthCipherBytes(user.getPassword()), authentication);
+ @Override
+ public boolean authenticate(final ShardingSphereUser user, final byte[] authResponse) {
+ return Strings.isNullOrEmpty(user.getPassword()) || Arrays.equals(getAuthCipherBytes(user.getPassword()), authResponse);
}
-
+
private byte[] getAuthCipherBytes(final String password) {
byte[] sha1Password = DigestUtils.sha1(password);
byte[] doubleSha1Password = DigestUtils.sha1(sha1Password);
@@ -81,4 +58,9 @@ public final class MySQLAuthenticationHandler {
}
return result;
}
+
+ @Override
+ public String getAuthenticationMethodName() {
+ return MySQLAuthenticationMethod.SECURE_PASSWORD_AUTHENTICATION.getMethodName();
+ }
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngineTest.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngineTest.java
index d3c4623..c91d6fd 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngineTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngineTest.java
@@ -28,18 +28,20 @@ import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLConstants;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLServerErrorCode;
import org.apache.shardingsphere.db.protocol.mysql.packet.generic.MySQLErrPacket;
import org.apache.shardingsphere.db.protocol.mysql.packet.generic.MySQLOKPacket;
+import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLHandshakePacket;
import org.apache.shardingsphere.db.protocol.mysql.payload.MySQLPacketPayload;
import org.apache.shardingsphere.infra.config.props.ConfigurationProperties;
import org.apache.shardingsphere.infra.executor.kernel.ExecutorEngine;
+import org.apache.shardingsphere.infra.federation.optimizer.context.OptimizerContext;
import org.apache.shardingsphere.infra.metadata.ShardingSphereMetaData;
import org.apache.shardingsphere.infra.metadata.rule.ShardingSphereRuleMetaData;
-import org.apache.shardingsphere.infra.federation.optimizer.context.OptimizerContext;
import org.apache.shardingsphere.mode.manager.ContextManager;
import org.apache.shardingsphere.mode.metadata.MetaDataContexts;
import org.apache.shardingsphere.mode.metadata.persist.MetaDataPersistService;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import org.apache.shardingsphere.proxy.frontend.authentication.AuthenticationResultBuilder;
+import org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator.MySQLNativePasswordAuthenticator;
import org.junit.Before;
import org.junit.Test;
@@ -100,6 +102,7 @@ public final class MySQLAuthenticationEngineTest {
when(channelHandlerContext.channel()).thenReturn(channel);
when(payload.readInt1()).thenReturn(1);
when(payload.readInt4()).thenReturn(MySQLCapabilityFlag.CLIENT_PLUGIN_AUTH.getValue());
+ when(authenticationHandler.getAuthenticator(any(), any())).thenReturn(new MySQLNativePasswordAuthenticator(mock(MySQLAuthPluginData.class)));
authenticationEngine.authenticate(channelHandlerContext, payload);
assertThat(getConnectionPhase(), is(MySQLConnectionPhase.AUTHENTICATION_METHOD_MISMATCH));
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandlerTest.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandlerTest.java
index c9dbf5a..122011c 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandlerTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandlerTest.java
@@ -23,6 +23,7 @@ import org.apache.shardingsphere.authority.config.AuthorityRuleConfiguration;
import org.apache.shardingsphere.authority.provider.natived.NativeAuthorityProviderAlgorithm;
import org.apache.shardingsphere.authority.rule.AuthorityRule;
import org.apache.shardingsphere.authority.rule.builder.AuthorityRuleBuilder;
+import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLAuthenticationMethod;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLServerErrorCode;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
import org.apache.shardingsphere.infra.config.algorithm.ShardingSphereAlgorithmConfiguration;
@@ -37,6 +38,8 @@ import org.apache.shardingsphere.mode.manager.ContextManager;
import org.apache.shardingsphere.mode.metadata.MetaDataContexts;
import org.apache.shardingsphere.mode.metadata.persist.MetaDataPersistService;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
+import org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator.MySQLAuthenticator;
+import org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator.MySQLNativePasswordAuthenticator;
import org.apache.shardingsphere.spi.ShardingSphereServiceLoader;
import org.junit.Before;
import org.junit.Test;
@@ -50,6 +53,7 @@ import java.util.Map;
import java.util.Optional;
import java.util.Properties;
+import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertThat;
@@ -125,6 +129,13 @@ public final class MySQLAuthenticationHandlerTest {
assertThat(authenticationHandler.getAuthPluginData().getAuthenticationPluginData(), is(Bytes.concat(part1, part2)));
}
+ @Test
+ public void assertGetAuthenticator() {
+ MySQLAuthenticator authenticator = authenticationHandler.getAuthenticator("root", "");
+ assertThat(authenticator, instanceOf(MySQLNativePasswordAuthenticator.class));
+ assertThat(authenticator.getAuthenticationMethodName(), is(MySQLAuthenticationMethod.SECURE_PASSWORD_AUTHENTICATION.getMethodName()));
+ }
+
private void setAuthority(final ShardingSphereUser user) {
NativeAuthorityProviderAlgorithm algorithm = new NativeAuthorityProviderAlgorithm();
algorithm.init(Collections.emptyMap(), Collections.emptyList());
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-spi/src/main/java/org/apache/shardingsphere/proxy/frontend/authentication/Authenticator.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-spi/src/main/java/org/apache/shardingsphere/proxy/frontend/authentication/Authenticator.java
new file mode 100644
index 0000000..6f47e05
--- /dev/null
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-spi/src/main/java/org/apache/shardingsphere/proxy/frontend/authentication/Authenticator.java
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.proxy.frontend.authentication;
+
+/**
+ * Authenticator.
+ */
+public interface Authenticator {
+
+ /**
+ * Get the name of authentication method.
+ *
+ * @return name of authentication method
+ */
+ String getAuthenticationMethodName();
+}