PAM in JDBC
JDBC developers using PAM to communicate with a PAM-enabled HCL OneDB™ server
must implement the com.informix.jdbc.IfmxPAM interface. To
do so, put the following on the class declaration line in a Java™ class file:
implements IfmxPAMThat Java class must then implement the IfmxPAM interface conforming to Java standards and the details provided previously. The next step is to inform the JDBC driver what Java class has implemented the IfmxPAM interface. There are two ways to do this:
- Add the key-value pair IFX_PAM_CLASS=your.class.name to the connection
URL, where the value your.class.name is the path to the class that has
implemented the IfmxPAM interface.
This method is typically used when connecting to the HCL OneDB server by using the DriverManager.getConnection (URL) approach.
- Add the property IFX_PAM_CLASS with the value your.class.name to your
properties list before attempting the connection to the PAM-enabled server.
This method is used when connecting to the HCL OneDB server by using the DataSource.getConnection() approach.
JDBC developers have a wide latitude in implementing the IfmxPAM interface.
The following actions happen during authentication that uses PAM:
- The JDBC driver, when detecting communication with a PAM-enabled server, contacts the IfxPAM() method and passes it a IfxPAMChallenge object containing the PAM challenge question.
- A dialog box you create appears with a text question containing the challenge message that was sent by PAM.
- When the user furnishes the response, it is packaged into an IfxPAMResponse object, and it is returned to the JDBC driver by exiting the IfxPAM() method returning the IfxPAMResponse object.
- When PAM receives the response from the challenge question, it can authorize the user, deny access to the user, or issue another challenge question, in which case the previous process is repeated.
This process continues until either the user is authorized or the user is denied access. The Java developer or user can terminate the PAM authorization sequence by calling the IfxPAMResponse.setTerminateConnection() method with a value of TRUE.