Using SSPI for Authentication to Access a SAS Workspace Server

Goal

You want to use SSPI for an Integrated Windows Authentication (IWA) connection from a client program running on a Windows host to a SAS Workspace Server running on Windows. A program that uses SSPI does not store credentials in the source code or transmit credentials over the network. The Windows identity of the user account that is running the client program is propagated to the SAS server that the client program connects to. SSPI is available only when the client host and the server are both Windows hosts in the same domain or in domains that trust each other.

Implementation

Requirements

  1. Ensure that the SAS ObjectSpawner for the workspace server is configured with the -sspi option. Check the ObjectSpawner.bat file for this option. For more information about the -sspi option, see "Spawner Invocation Options" in SAS Intelligence Platform: Application Server Administration Guide.
  2. Make the sspiauth.dll file available to the JVM that is running the client program. An sspiauth.dll is available with a SAS Foundation installation such as C:\Program Files\SASHome\SASFoundation\9.3\core\sasext. This file must be available to the JVM within the java.library.path system property. One method of providing access to the library is to have the dll in the same directory that the JVM will run. Another method is to ensure that the file is available in the PATH environment variable.

Sample Code

In this example, the IOM driver is used to return the number of observations stored in the SASHELP shoes SAS data set.
import java.sql.*;
import java.util.Properties;

public class SSPIAuthentication
{

  public static void main(String argv[])
  {
    Connection connection;
    Properties props;
    Statement statement;
    String queryString = "SELECT COUNT(*) " +
        "FROM sashelp.shoes"; 
    ResultSet result;
    double rowcount;
 
    try {
      //CONNECT TO THE SERVER BY USING A CONNECTION PROPERTY LIST
      Class.forName("com.sas.rio.MVADriver");
      props = new Properties();
      props.setProperty("usesspi","negotiate");  
      /*
       * properties user and password are not specified because
       * SSPI is providing the identity to the workspace server 
       */

      connection = DriverManager.getConnection(
          "jdbc:sasiom://c123.na.abc.com:8591", props);
 
      //ACCESS DATA
      statement = connection.createStatement();
      result = statement.executeQuery(queryString);
      while (result.next()){
        rowcount = result.getDouble(1);
        System.out.println("Number of obs in sashelp.shoes: " + rowcount);
      }
      statement.close();
      connection.close();
    }
    catch(Exception e){
      System.out.println("error " + e);
    }
  }
}