问题
The MS SQL Server 2008 R2 database "dbname" hosted on server "HOSTNAME" is accessible by an Active Directory user from domain "ABC", let's call him "dbuser" or "ABC\dbuser".
We are running our application as AD user "ABC\appuser". "appuser" and "dbuser" are in different AD groups.
When run by the service running under "ABC\appuser", the connection uses user "ABC\appuser" to connect to the database:
DriverManager.getConnection(
"jdbc:sqlserver://HOSTNAME:1433;databaseName=dbname;integratedSecurity=true",
"", ""
);
Using the same connection string and supplying the "ABC\dbuser" and password "dbpass", the connection ignores those values and instead again attempts to use the AD info the service is running as, "ABC\appuser":
DriverManager.getConnection(
"jdbc:sqlserver://HOSTNAME:1433;databaseName=dbname;integratedSecurity=true",
"ABC\\dbuser", "dbpass"
);
Removing flag integratedSecurity=true, the connection treats "ABC\dbuser" as a SQL account instead of an AD account, throwing a SQLServerException:
DriverManager.getConnection(
"jdbc:sqlserver://HOSTNAME:1433;databaseName=dbname",
"ABC\\dbuser", "dbpass"
);
throws
com.microsoft.sqlserver.jdbc.SQLServerException:
Login failed for user 'ABC\dbuser'.
So far, I'm about to assume that it's not possible and that I'm going to have the database team either provide "ABC\appuser" AD access to the database, or put "ABC\appuser" into an AD group and give that AD group access to the database. I am not provided access to configure the database; I can only provide advice/direction.
回答1:
The connection string has parameters for user and password.
user=yyy;password=xxx
Maybe try setting the credentials via the connection string and leaving the user/password parameters as empty string for your ABC\dbuser connections. I'm not sure if this will work but it's an alternate way to send credentials.
来源:https://stackoverflow.com/questions/24702084/how-to-configure-a-jdbc-connection-to-use-a-different-ad-user-than-the-current-u