How to reproduce:
- Use a revision 516 (http://bazaar.launchpad.net/~maria-captains/mariadb-java-client/trunk/files/516) of MariaDB JDBC. The error does not exist in 1.1.7.
- Make sure your Mysql/MariaDB server does not allow anonymous logins (I don’t even know if it is possible to allow this?)
- Run the Junit test cases in the attached ConnectionPoolDeletedUserNamePasswordTest.java
The test case testConnectionWithApacheDBCP() will fail on the dataSource.getConnection() call (row 32).
The test case testConnectionWithSimululatedApacheDBCP() will fail when creating the second Connection (row 62).
Both test cases will fail with the Exception:
(and some more rows of exception)
The Connection in the test cases should be created without problems (both test cases should pass).
It is the code found in the constructor of MySQLConnection.java (http://bazaar.launchpad.net/~maria-captains/mariadb-java-client/trunk/view/516/src/main/java/org/mariadb/jdbc/MySQLConnection.java):
that was added as a fix for https://mariadb.atlassian.net/browse/CONJ-89 that is the problem. I think the removing of user and password was added as a type of security so that a call to connection.getClientInfo("password") would not disclose the password?!
The code removes the user and password from the Properties data structure in MySQLConnection. The problem is that Apache DBCP has a reference to this object. Thus, MySQLConnection is changing in the data structure that is “owned” by DriverConnectionFactory.
One might argue that it is debatable if the caller of the calling method should own a parameter. But since I don’t feel like changing in the Apache DBCP source code I would argue that one possible solution is for MariaDB to copy the data structure before altering it.