--- title: "What’s New in MariaDB Connector/J 2.5" publish_date: 2019-11-06 updated_date: 2021-08-31 author: "Diego Dupin" channel: - name: "Product" url: "/resources/blog/channel/product.md" tags: - name: "Connector releases" url: "/resources/blog/tag/connector-releases.md" - name: "Connector/J" url: "/resources/blog/tag/connector-j.md" - name: "Java 8+" url: "/resources/blog/tag/java-8.md" - name: "MariaDB Connector" url: "/resources/blog/tag/mariadb-connector.md" --- # What’s New in MariaDB Connector/J 2.5 We are pleased to announce the RC release of [MariaDB Connector/J 2.5](https://staging-mdb.com/downloads/#connectors), the newest version of the MariaDB Connector/J for Java 8+. For this release, we enhanced the Java connector with a new framework that makes it easier to support multiple authentication services. This allows anyone to quickly add new authentication services as they become popular or useful for your application. ### Extendable MariaDB Connector/J 2.5 now supports a service implementation for authentication, providing credentials, and custom SSL implementation. New services can be added by implementing the corresponding interface and registering this service in the META-INF/services files. ### Authentication service The authentication service is the client side implementation of the server authentication plugin that determines whether the connection is from a legitimate user. List of authentication services in java connector: - mysql\_clear\_password - auth\_gssapi\_client - client\_ed25519 - mysql\_native\_password - mysql\_old\_password - dialog (PAM) - sha256\_password - caching\_sha2\_password New authentication plugins can be created by implementing the interface org.mariadb.jdbc.authentication.AuthenticationPlugin, and listing the new plugin in a META-INF/services/org.mariadb.jdbc.authentication.AuthenticationPlugin file. `sha256\_password` and `Caching\_sha2\_password` have been added for compatibility, the [ed25519](https://staging-mdb.com/kb/en/library/authentication-plugin-ed25519/) plugin can be used with MariaDB Server for a state of the art password encryption. ### Credential service Authentication is usually achieved by providing credentials in a connection string or by using [DriverManager.getConnection(String url, String user, String password)](https://devdocs.io/openjdk~8_web/java/sql/drivermanager). New services provide credentials in a different way. Credential plugins are used to provide this credential information. Those plugins have to be activated by setting the option `credentialType` to the designated plugin. A well known problem is that pool implementations usually have issues with changing passwords, like timeout token. The credential service implements a solution that generates / caches the token at the driver level. The driver has 3 default plugins : - AWS IAM: use a token limited in time for authentication - Environment: use user and password from environment - Properties : use user and password from java properties ### SSL factory service The driver provides a default SSL implementation that will solve most use-cases. But a custom implementation can be activated by using option `tlsSocketType`. An example would be using a custom [HostnameVerifier](https://devdocs.io/openjdk~8/javax/net/ssl/hostnameverifier) implementation to ensure a SAN value. A custom implementation needs to implement org.mariadb.jdbc.tls.TlsSocketPlugin and register the service META-INF/services/org.mariadb.jdbc.tls.TlsSocketPlugin. Download the [MariaDB Connector](https://staging-mdb.com/downloads/#connectors) now to try the newest evolution of MariaDB Connector/J 2.5. The connector is a release candidate and is great for testing and development environments but is not recommended for production.