DigitalPlatform
dp2kernel NamedPipe 方式连接 MySQL 8.0.24 以上版本时出现 UnauthorizedException
dp2kernel 用 NamedPipe 方式连接 MySQL 8.0.24(注:有说 8.0.23) 以上版本时,会抛出 System.UnauthorizedException 异常。
这篇文字里面提供了线索信息: https://dev.mysql.com/doc/connectors/en/connector-j-named-pipe.html
Important For MySQL 8.0.14 and later, 5.7.25 and later, and 5.6.43 and later, minimal permissions on named pipes are granted to clients that use them to connect to the server. Connector/J, however, can only use named pipes when granted full access on them. As a workaround, the MySQL Server that Connector/J wants to connect to must be started with the system variable named_pipe_full_access_group, which specifies a Windows local group containing the user by which the client application JVM (and thus Connector/J) is being executed; see the description for named_pipe_full_access_group for more details.
Command-Line Format --named-pipe-full-access-group=value 8.0.14 named_pipe_full_access_group Global No No Windows String empty string empty stringvalid Windows local group nameeveryone (Windows only.) The access control granted to clients on the named pipe created by the MySQL server is set to the minimum necessary for successful communication when the
named_pipesystem variable is enabled to support named-pipe connections. Newer MySQL client software can open named pipe connections without any additional configuration; however, older client software may still require full access to open a named pipe connection.This variable sets the name of a Windows local group whose members are granted sufficient access by the MySQL server to use older named-pipe clients. As of MySQL 8.0.24, the default value is set to an empty string, which means that no Windows user is granted full access to the named pipe.
A new Windows local group name (for example,
mysql_old_client_users) can be created in Windows and then used to replace the default value when access is absolutely necessary. In this case, limit the membership of the group to as few users as possible, removing users from the group when their client software is upgraded. A non-member of the group who attempts to open a connection to MySQL with the older named-pipe client is denied access until a Windows administrator adds the user to the group. Newly added users must log out and log in again to join the group (required by Windows).Setting the value to
'*everyone*'provides a language-independent way of referring to the Everyone group on Windows. The Everyone group is not secure by default.
解决办法
打开 MySQL 的 my.ini 文件,在 [mysqld] 小节内增加一行 named_pipe_full_access_group 变量定义,如下:
[mysqld]
named_pipe_full_access_group=everyone
测试要点
当MySQL安装高于8.0.23 版本时,配置上面参数,观察是否可以通过命名管道方式连接MySQL
测试步骤:
- 在官网上下载MySQL8.0.24版本
- 安装详细MySQL 按照文档:https://github.com/DigitalPlatform/dp2/wiki/MySQL8.0%E5%AE%89%E8%A3%85%E6%AD%A5%E9%AA%A4%E5%8F%8A%E6%B3%A8%E6%84%8F%E4%BA%8B%E9%A1%B9
- 勾选tcp/ip 和name pipe
- 勾选:Use Legacy Authentication Method
- 修改my.ini文件
port=3306---------# port=3306、# skip-networking--------------skip-networking
- 在my.ini上面新增代码到[mysqld]下面:
named_pipe_full_access_group=everyone
- 保存,退出,重启MySQL服务
- 打开installer,部署服务器
- 连接数据库时,sql服务器名输入:127.0.0.1;protocol=NamedPipe;pipe=MYSQL(命名管道方式),输入密码验证成功 符合预期
- 部署好服务器后,打开内务,导入书目iso文件到中文图书库 成功
- 打开书目查询窗,检索数目后,修改书目信息 成功 符合预期
测试结果
20211122-wy:MySQL版本:8.0.27 dp2installer正式版:3.5.1.0 测试结果符合预期
20211122-wy:MySQL版本:1.8.24. dp2installer正式版:3.5.1.0 测试结果符合预期