db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r510173 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/jdbc/ engine/org/apache/derby/loc/ shared/org/apache/derby/shared/common/reference/ testing/org/apache/derbyTesting/functionTests/master/ testing/org/apache/derbyTesting/f...
Date Wed, 21 Feb 2007 19:56:54 GMT
Author: rhillegas
Date: Wed Feb 21 11:56:52 2007
New Revision: 510173

URL: http://svn.apache.org/viewvc?view=rev&rev=510173
Log:
DERBY-2264: Commit Dag's DERBY-2264-1.diff patch, which restricts database shutdown to the DBA.

Added:
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java   (with props)
Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
    db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
    db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers1.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users2.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers1.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users2.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/secureUsers.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users2.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers1.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users2.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/_Suite.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers.sql
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers1.sql
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users.sql
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2.sql
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2_derby.properties
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/nist/NistScripts.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Wed Feb 21 11:56:52 2007
@@ -273,6 +273,11 @@
 
 			// now we have the database connection, we can shut down
 			if (shutdown) {
+				if (!usingNoneAuth) {
+					// DERBY-2264: Only allow db owner to shut down if
+					// authentication is on.
+					checkIsDBOwner();
+				}
 				throw tr.shutdownDatabaseException();
 			}
 
@@ -304,23 +309,24 @@
 
 
 	/**
-	  Examine the attributes set provided and determine if this is a create
-	  boot. A boot is a create boot iff.
+	  Examine the attributes set provided for illegal boot
+	  combinations and determine if this is a create boot.
 
-	  <OL>
-	  <LI>create=true - This means create a standard database.
-	  <LI> createFrom = Path - creates database from backup if it does not exist.
-	  <LI> restoreFrom = Path - database is restored completley from backup.
-           if a database exists in the same place it is replaced by the version
-		   in the backup otherwise a new one is created using the backup copy.
-      <LI> rollForwardRecoveryFrom = Path  - rollforward is performed 
-      using the version backup and any active and archived log files.
-	  </OL>
+	  @return true iff the attribute <em>create=true</em> is provided. This
+	  means create a standard database.  In other cases, returns
+	  false.
 
 	  @param p the attribute set.
 
-	  @exception SQLException Ooops.
-	  */
+	  @exception SQLException Throw if more than one of
+	  <em>create</em>, <em>createFrom</em>, <em>restoreFrom</em> and
+	  <em>rollForwardRecoveryFrom</em> is used simultaneously. <br>
+
+	  Also, throw if (re)encryption is attempted with one of
+	  <em>createFrom</em>, <em>restoreFrom</em> and
+	  <em>rollForwardRecoveryFrom</em>.
+
+	*/
 	private boolean createBoot(Properties p) throws SQLException
 	{
 		int createCount = 0;
@@ -339,9 +345,10 @@
 		if(restoreCount > 1)
 			throw newSQLException(SQLState.CONFLICTING_RESTORE_ATTRIBUTES);
 	
-        // check if user has specified re-encryption attributes 
-        // in combination with create/restore/recover attributes.
-        // re-encryption is not allowed when restoring from backup. 
+        // check if user has specified re-encryption attributes in
+        // combination with createFrom/restoreFrom/rollForwardRecoveryFrom
+        // attributes.  Re-encryption is not
+        // allowed when restoring from backup.
         if (restoreCount != 0 && 
             (Boolean.valueOf(p.getProperty(
                             Attribute.DATA_ENCRYPTION)).booleanValue() ||
@@ -468,6 +475,24 @@
 		// to its implementation here, since it will always be present.
 		if (authenticationService instanceof NoneAuthenticationServiceImpl)
 			usingNoneAuth = true;
+	}
+
+	/**
+	 * Check if actual authenticationId is equal to the database owner's.
+	 *
+	 * @throws SQLException if actual authenticationId is different
+	 * from authenticationId of database owner.
+	 */
+	private void checkIsDBOwner() throws SQLException
+	{
+		final LanguageConnectionContext lcc = getLanguageConnection();
+		final String actualId = lcc.getAuthorizationId();
+		final String dbOwnerId = lcc.getDataDictionary().
+			getAuthorizationDatabaseOwner();
+		if (!actualId.equals(dbOwnerId)) {
+			throw newSQLException(SQLState.AUTH_NOT_DB_OWNER, 
+								  actualId, tr.getDBName());
+		}
 	}
 
     /**

Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Wed Feb 21 11:56:52 2007
@@ -844,6 +844,13 @@
                 <arg>objectName</arg>
             </msg>
 
+            <msg>
+                <name>2850H</name>
+                <text>User '{0}' cannot shut down database '{1}'. Only database owner can perform this operation.</text>
+                <arg>authorizationID</arg>
+                <arg>databaseName</arg>
+            </msg>
+
         </family>
 
 

Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java (original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java Wed Feb 21 11:56:52 2007
@@ -1378,6 +1378,7 @@
 	String AUTH_NOT_DATABASE_OWNER                                     = "2850E";
 	String AUTH_GRANT_REVOKE_NOT_ALLOWED                               = "2850F";
 	String AUTH_NO_OBJECT_PERMISSION                                   = "2850G";
+	String AUTH_NOT_DB_OWNER                                           = "2850H";
 
 	/*
 	** Dependency manager

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers.out Wed Feb 21 11:56:52 2007
@@ -1,20 +1,20 @@
 ij> --
---   Licensed to the Apache Software Foundation (ASF) under one or more
---   contributor license agreements.  See the NOTICE file distributed with
---   this work for additional information regarding copyright ownership.
---   The ASF licenses this file to You under the Apache License, Version 2.0
---   (the "License"); you may not use this file except in compliance with
---   the License.  You may obtain a copy of the License at
---
---      http://www.apache.org/licenses/LICENSE-2.0
---
---   Unless required by applicable law or agreed to in writing, software
---   distributed under the License is distributed on an "AS IS" BASIS,
---   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
---   See the License for the specific language governing permissions and
---   limitations under the License.
---
---
+-----   Licensed to the Apache Software Foundation (ASF) under one or more
+-----   contributor license agreements.  See the NOTICE file distributed with
+-----   this work for additional information regarding copyright ownership.
+-----   The ASF licenses this file to You under the Apache License, Version 2.0
+-----   (the "License"); you may not use this file except in compliance with
+-----   the License.  You may obtain a copy of the License at
+-----
+-----      http://www.apache.org/licenses/LICENSE-2.0
+-----
+-----   Unless required by applicable law or agreed to in writing, software
+-----   distributed under the License is distributed on an "AS IS" BASIS,
+-----   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-----   See the License for the specific language governing permissions and
+-----   limitations under the License.
+-----
+-----
 ----- Specifically test SECURE users and various authentication
 ----- service/scheme configuration for different databases.
 -----
@@ -56,10 +56,14 @@
 ij(CONNECTION2)> prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
 ij(CONNECTION2)> execute p2 using 'values(''derby.authentication.provider'', ''BUILTIN'')';
 Statement executed.
+ij(CONNECTION2)> execute p2 using 'values(''derby.connection.requireAuthentication'', ''true'')';
+Statement executed.
 ij(CONNECTION2)> -- let's define users in this database (other than the ones
 ----- known at the system level. This is for the test
 ----- These 3 users will only be known in this database
-execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
+execute p2 using 'values(''derby.user.system'', ''manager'')';
+Statement executed.
+ij(CONNECTION2)> execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
 Statement executed.
 ij(CONNECTION2)> execute p2 using 'values(''derby.user.dan'', ''makeItFaster'')';
 Statement executed.
@@ -97,7 +101,7 @@
 ij> connect 'guestSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'guestSchemeDB' shutdown.
 ij> connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
-ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
+ERROR 08006: Database 'derbySchemeDB' shutdown.
 ij> connect 'simpleSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'simpleSchemeDB' shutdown.
 ij> disconnect all;
@@ -111,7 +115,7 @@
 ij> connect 'wombat;user=jeff;password=homeRun';
 ij(CONNECTION1)> connect 'wombat;user=howardR;password=takeItEasy';
 ij(CONNECTION2)> connect 'wombat;user=francois;password=paceesalute';
-ij(CONNECTION3)> -- Invalid ones:
+ij(CONNECTION3)> -- Jamie is allowed here, since he is user at system level
 connect 'wombat;user=Jamie;password=theHooligan';
 ij(CONNECTION4)> show connections;
 CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/wombat;create=true;user=kreg;password=IwasBornReady
@@ -124,8 +128,8 @@
 ij(CONNECTION5)> connect 'guestSchemeDB;user=jeff;password=homeRun';
 ij(CONNECTION6)> connect 'guestSchemeDB;user=howardR;password=takeItEasy';
 ij(CONNECTION7)> connect 'guestSchemeDB;user=francois;password=paceesalute';
-ij(CONNECTION8)> -- Invalid ones:
-connect 'guestSchemeDB;user=Jamie;password=theHooligan';
+ij(CONNECTION8)> -- allowed: no authentication
+connect 'guestSchemeDB;user=bad;password=guy';
 ij(CONNECTION9)> show connections;
 CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/wombat;create=true;user=kreg;password=IwasBornReady
 CONNECTION1 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/wombat;user=jeff;password=homeRun
@@ -136,7 +140,7 @@
 CONNECTION6 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=jeff;password=homeRun
 CONNECTION7 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=howardR;password=takeItEasy
 CONNECTION8 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=francois;password=paceesalute
-CONNECTION9* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=Jamie;password=theHooligan
+CONNECTION9* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=bad;password=guy
 * = current connection
 ij(CONNECTION9)> connect 'derbySchemeDB;user=mamta;password=ieScape';
 ij(CONNECTION10)> connect 'derbySchemeDB;user=dan;password=makeItFaster';
@@ -159,7 +163,7 @@
 CONNECTION6 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=jeff;password=homeRun
 CONNECTION7 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=howardR;password=takeItEasy
 CONNECTION8 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=francois;password=paceesalute
-CONNECTION9 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=Jamie;password=theHooligan
+CONNECTION9 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=bad;password=guy
 * = current connection
 ij(CONNECTION12)> connect 'simpleSchemeDB;user=jeff;password=homeRun';
 ij(CONNECTION13)> connect 'simpleSchemeDB;user=howardR;password=takeItEasy';
@@ -190,7 +194,7 @@
 CONNECTION6 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=jeff;password=homeRun
 CONNECTION7 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=howardR;password=takeItEasy
 CONNECTION8 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=francois;password=paceesalute
-CONNECTION9 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=Jamie;password=theHooligan
+CONNECTION9 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/guestSchemeDB;user=bad;password=guy
 * = current connection
 ij(CONNECTION15)> disconnect all;
 ij> show connections;
@@ -201,13 +205,14 @@
 ij> show connections;
 No connections available.
 ij> -- Database shutdown - check user - should succeed
-connect 'wombat;user=jeff;password=homeRun;shutdown=true';
-ERROR 08006: Database 'wombat' shutdown.
-ij> connect 'guestSchemeDB;user=kreg;password=IwasBornReady;shutdown=true';
+connect 'guestSchemeDB;user=kreg;password=IwasBornReady;shutdown=true';
 ERROR 08006: Database 'guestSchemeDB' shutdown.
-ij> connect 'derbySchemeDB;user=mamta;password=ieScape;shutdown=true';
+ij> -- Database shutdown - authenticated, so must use owner
+connect 'wombat;user=system;password=manager;shutdown=true';
+ERROR 08006: Database 'wombat' shutdown.
+ij> connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'derbySchemeDB' shutdown.
-ij> connect 'simpleSchemeDB;user=jeff;password=homeRun;shutdown=true';
+ij> connect 'simpleSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'simpleSchemeDB' shutdown.
 ij> show connections;
 No connections available.

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers1.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers1.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers1.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/secureUsers1.out Wed Feb 21 11:56:52 2007
@@ -51,7 +51,7 @@
 ij> show connections;
 No connections available.
 ij> disconnect all;
-ij> -- Derby system shutdown - check user - should succeed
+ij> -- Derby system shutdown - check user (owner) - should succeed
 connect ';user=system;password=manager;shutdown=true';
 ERROR XJ015: Derby system shutdown.
 ij> 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users.out Wed Feb 21 11:56:52 2007
@@ -150,7 +150,7 @@
 ----- beetle 5367
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
 ERROR 08006: Database 'wombat' shutdown.
-ij(CONNECTION1)> connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ij(CONNECTION1)> connect 'myDB;user=dan;password=MakeItFaster;shutdown=true';
 ERROR 08006: Database 'myDB' shutdown.
 ij(CONNECTION1)> show connections;
 CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/wombat;user=francois;password=paceesalute

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users2.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users2.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users2.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/users2.out Wed Feb 21 11:56:52 2007
@@ -1,23 +1,23 @@
 ij> --
---   Licensed to the Apache Software Foundation (ASF) under one or more
---   contributor license agreements.  See the NOTICE file distributed with
---   this work for additional information regarding copyright ownership.
---   The ASF licenses this file to You under the Apache License, Version 2.0
---   (the "License"); you may not use this file except in compliance with
---   the License.  You may obtain a copy of the License at
---
---      http://www.apache.org/licenses/LICENSE-2.0
---
---   Unless required by applicable law or agreed to in writing, software
---   distributed under the License is distributed on an "AS IS" BASIS,
---   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
---   See the License for the specific language governing permissions and
---   limitations under the License.
---
---
+-----   Licensed to the Apache Software Foundation (ASF) under one or more
+-----   contributor license agreements.  See the NOTICE file distributed with
+-----   this work for additional information regarding copyright ownership.
+-----   The ASF licenses this file to You under the Apache License, Version 2.0
+-----   (the "License"); you may not use this file except in compliance with
+-----   the License.  You may obtain a copy of the License at
+-----
+-----      http://www.apache.org/licenses/LICENSE-2.0
+-----
+-----   Unless required by applicable law or agreed to in writing, software
+-----   distributed under the License is distributed on an "AS IS" BASIS,
+-----   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-----   See the License for the specific language governing permissions and
+-----   limitations under the License.
+-----
+-----
 ----- Specifically test Derby users using DERBY scheme
 ----- and by only looking at database properties for authentication
------ The only user at the system level is system/manager
+----- The only user only defined at the system level is mickey/mouse
 -----
 ----- check allowed users in wombat db.
 ----- initial connection in sysprop was:
@@ -43,6 +43,8 @@
 -----
 autocommit off;
 ij> prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+ij> execute p2 using 'values(''derby.user.system'', ''manager'')';
+Statement executed.
 ij> execute p2 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 Statement executed.
 ij> execute p2 using 'values(''derby.user.jeff'', ''HomeRun61'')';
@@ -55,7 +57,7 @@
 Statement executed.
 ij> execute p2 using 'values(''derby.user.francois'', ''paceesalute'')';
 Statement executed.
-ij> execute p2 using 'values(''derby.database.fullAccessUsers'', ''jeff,howardR,ames,francois,kreg'')';
+ij> execute p2 using 'values(''derby.database.fullAccessUsers'', ''system,jeff,howardR,ames,francois,kreg'')';
 Statement executed.
 ij> execute p2 using 'values(''derby.database.readOnlyAccessUsers'', ''jamie'')';
 Statement executed.
@@ -116,6 +118,8 @@
 -----
 autocommit off;
 ij> prepare p4 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+ij> execute p4 using 'values(''derby.user.system'', ''manager'')';
+Statement executed.
 ij> execute p4 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 Statement executed.
 ij> execute p4 using 'values(''derby.user.dan'', ''MakeItFaster'')';
@@ -128,7 +132,7 @@
 Statement executed.
 ij> execute p4 using 'values(''derby.user.francois'', ''paceesalute'')';
 Statement executed.
-ij> execute p4 using 'values(''derby.database.fullAccessUsers'', ''jerry,dan,kreg,ames,francois,jamie'')';
+ij> execute p4 using 'values(''derby.database.fullAccessUsers'', ''system,jerry,dan,kreg,ames,francois,jamie'')';
 Statement executed.
 ij> execute p4 using 'values(''derby.database.defaultConnectionMode'', ''noAccess'')';
 Statement executed.
@@ -216,6 +220,11 @@
 ij> connect 'wombat;user=jerry;password=SacreBleu';
 ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
 ij> connect 'wombat;user=jamie;password=MrNamePlates';
+ij> -- users only defined at system level; not allowed:
+connect 'myDB;user=mickey;password=mouse';
+ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
+ij> connect 'wombat;user=mickey;password=mouse';
+ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
 ij> show connections;
 CONNECTION0* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/wombat;user=jamie;password=MrNamePlates
 * = current connection
@@ -236,12 +245,19 @@
 ij(CONNECTION2)> disconnect all;
 ij> show connections;
 No connections available.
-ij> -- Database shutdown - check user - should succeed
+ij> -- Database shutdown - check user - should fail, not owner, cf DERBY-2264
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
+ERROR 2850H: FRANCOISwombat2850H
+ij> -- Database shutdown - check owner - should succeed
+connect 'wombat;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'wombat' shutdown.
 ij> -- beetle 5468
 disconnect all;
-ij> connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ij> -- Database shutdown - check user - should fail, not owner, cf DERBY-2264
+connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ERROR 2850H: JERRYmyDB2850H
+ij> -- Database shutdown - check owner - should succeed
+connect 'myDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'myDB' shutdown.
 ij> -- beetle 5468
 disconnect all;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers.out Wed Feb 21 11:56:52 2007
@@ -1,20 +1,20 @@
 ij> --
---   Licensed to the Apache Software Foundation (ASF) under one or more
---   contributor license agreements.  See the NOTICE file distributed with
---   this work for additional information regarding copyright ownership.
---   The ASF licenses this file to You under the Apache License, Version 2.0
---   (the "License"); you may not use this file except in compliance with
---   the License.  You may obtain a copy of the License at
---
---      http://www.apache.org/licenses/LICENSE-2.0
---
---   Unless required by applicable law or agreed to in writing, software
---   distributed under the License is distributed on an "AS IS" BASIS,
---   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
---   See the License for the specific language governing permissions and
---   limitations under the License.
---
---
+-----   Licensed to the Apache Software Foundation (ASF) under one or more
+-----   contributor license agreements.  See the NOTICE file distributed with
+-----   this work for additional information regarding copyright ownership.
+-----   The ASF licenses this file to You under the Apache License, Version 2.0
+-----   (the "License"); you may not use this file except in compliance with
+-----   the License.  You may obtain a copy of the License at
+-----
+-----      http://www.apache.org/licenses/LICENSE-2.0
+-----
+-----   Unless required by applicable law or agreed to in writing, software
+-----   distributed under the License is distributed on an "AS IS" BASIS,
+-----   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-----   See the License for the specific language governing permissions and
+-----   limitations under the License.
+-----
+-----
 ----- Specifically test SECURE users and various authentication
 ----- service/scheme configuration for different databases.
 -----
@@ -56,10 +56,14 @@
 ij(CONNECTION2)> prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
 ij(CONNECTION2)> execute p2 using 'values(''derby.authentication.provider'', ''BUILTIN'')';
 Statement executed.
+ij(CONNECTION2)> execute p2 using 'values(''derby.connection.requireAuthentication'', ''true'')';
+Statement executed.
 ij(CONNECTION2)> -- let's define users in this database (other than the ones
 ----- known at the system level. This is for the test
 ----- These 3 users will only be known in this database
-execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
+execute p2 using 'values(''derby.user.system'', ''manager'')';
+Statement executed.
+ij(CONNECTION2)> execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
 Statement executed.
 ij(CONNECTION2)> execute p2 using 'values(''derby.user.dan'', ''makeItFaster'')';
 Statement executed.
@@ -97,7 +101,7 @@
 ij> connect 'guestSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'guestSchemeDB' shutdown.
 ij> connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
-ERROR 08004: Connection authentication failure occurred.  Reason: userid or password invalid.
+ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'derbySchemeDB' shutdown.
 ij> connect 'simpleSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'simpleSchemeDB' shutdown.
 ij> disconnect all;
@@ -111,7 +115,7 @@
 ij> connect 'wombat;user=jeff;password=homeRun';
 ij(CONNECTION1)> connect 'wombat;user=howardR;password=takeItEasy';
 ij(CONNECTION2)> connect 'wombat;user=francois;password=paceesalute';
-ij(CONNECTION3)> -- Invalid ones:
+ij(CONNECTION3)> -- Jamie is allowed here, since he is user at system level
 connect 'wombat;user=Jamie;password=theHooligan';
 ij(CONNECTION4)> show connections;
 CONNECTION0 - 	jdbc:derby://xxxFILTERED_HOSTNAMExxx:1527/wombat;create=true
@@ -124,8 +128,8 @@
 ij(CONNECTION5)> connect 'guestSchemeDB;user=jeff;password=homeRun';
 ij(CONNECTION6)> connect 'guestSchemeDB;user=howardR;password=takeItEasy';
 ij(CONNECTION7)> connect 'guestSchemeDB;user=francois;password=paceesalute';
-ij(CONNECTION8)> -- Invalid ones:
-connect 'guestSchemeDB;user=Jamie;password=theHooligan';
+ij(CONNECTION8)> -- allowed: no authentication
+connect 'guestSchemeDB;user=bad;password=guy';
 ij(CONNECTION9)> show connections;
 CONNECTION0 - 	jdbc:derby://xxxFILTERED_HOSTNAMExxx:1527/wombat;create=true
 CONNECTION1 - 	jdbc:derby://xxxFILTERED_HOSTNAMExxx:1527/wombat
@@ -201,13 +205,14 @@
 ij> show connections;
 No connections available.
 ij> -- Database shutdown - check user - should succeed
-connect 'wombat;user=jeff;password=homeRun;shutdown=true';
-ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'wombat' shutdown.
-ij> connect 'guestSchemeDB;user=kreg;password=IwasBornReady;shutdown=true';
+connect 'guestSchemeDB;user=kreg;password=IwasBornReady;shutdown=true';
 ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'guestSchemeDB' shutdown.
-ij> connect 'derbySchemeDB;user=mamta;password=ieScape;shutdown=true';
+ij> -- Database shutdown - authenticated, so must use owner
+connect 'wombat;user=system;password=manager;shutdown=true';
+ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'wombat' shutdown.
+ij> connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'derbySchemeDB' shutdown.
-ij> connect 'simpleSchemeDB;user=jeff;password=homeRun;shutdown=true';
+ij> connect 'simpleSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'simpleSchemeDB' shutdown.
 ij> show connections;
 No connections available.

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers1.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers1.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers1.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/secureUsers1.out Wed Feb 21 11:56:52 2007
@@ -51,7 +51,7 @@
 ij> show connections;
 No connections available.
 ij> disconnect all;
-ij> -- Derby system shutdown - check user - should succeed
+ij> -- Derby system shutdown - check user (owner) - should succeed
 connect ';user=system;password=manager;shutdown=true';
 ERROR XJ015: DERBY SQL error: SQLCODE: -1, SQLSTATE: XJ015, SQLERRMC: Derby system shutdown.
 ij> 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users.out Wed Feb 21 11:56:52 2007
@@ -150,7 +150,7 @@
 ----- beetle 5367
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
 ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'wombat' shutdown.
-ij(CONNECTION1)> connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ij(CONNECTION1)> connect 'myDB;user=dan;password=MakeItFaster;shutdown=true';
 ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'myDB' shutdown.
 ij(CONNECTION1)> show connections;
 CONNECTION0 - 	jdbc:derby://xxxFILTERED_HOSTNAMExxx:1527/wombat

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users2.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users2.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users2.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/users2.out Wed Feb 21 11:56:52 2007
@@ -1,23 +1,23 @@
 ij> --
---   Licensed to the Apache Software Foundation (ASF) under one or more
---   contributor license agreements.  See the NOTICE file distributed with
---   this work for additional information regarding copyright ownership.
---   The ASF licenses this file to You under the Apache License, Version 2.0
---   (the "License"); you may not use this file except in compliance with
---   the License.  You may obtain a copy of the License at
---
---      http://www.apache.org/licenses/LICENSE-2.0
---
---   Unless required by applicable law or agreed to in writing, software
---   distributed under the License is distributed on an "AS IS" BASIS,
---   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
---   See the License for the specific language governing permissions and
---   limitations under the License.
---
---
+-----   Licensed to the Apache Software Foundation (ASF) under one or more
+-----   contributor license agreements.  See the NOTICE file distributed with
+-----   this work for additional information regarding copyright ownership.
+-----   The ASF licenses this file to You under the Apache License, Version 2.0
+-----   (the "License"); you may not use this file except in compliance with
+-----   the License.  You may obtain a copy of the License at
+-----
+-----      http://www.apache.org/licenses/LICENSE-2.0
+-----
+-----   Unless required by applicable law or agreed to in writing, software
+-----   distributed under the License is distributed on an "AS IS" BASIS,
+-----   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-----   See the License for the specific language governing permissions and
+-----   limitations under the License.
+-----
+-----
 ----- Specifically test Derby users using DERBY scheme
 ----- and by only looking at database properties for authentication
------ The only user at the system level is system/manager
+----- The only user only defined at the system level is mickey/mouse
 -----
 ----- check allowed users in wombat db.
 ----- initial connection in sysprop was:
@@ -43,6 +43,8 @@
 -----
 autocommit off;
 ij> prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+ij> execute p2 using 'values(''derby.user.system'', ''manager'')';
+Statement executed.
 ij> execute p2 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 Statement executed.
 ij> execute p2 using 'values(''derby.user.jeff'', ''HomeRun61'')';
@@ -55,7 +57,7 @@
 Statement executed.
 ij> execute p2 using 'values(''derby.user.francois'', ''paceesalute'')';
 Statement executed.
-ij> execute p2 using 'values(''derby.database.fullAccessUsers'', ''jeff,howardR,ames,francois,kreg'')';
+ij> execute p2 using 'values(''derby.database.fullAccessUsers'', ''system,jeff,howardR,ames,francois,kreg'')';
 Statement executed.
 ij> execute p2 using 'values(''derby.database.readOnlyAccessUsers'', ''jamie'')';
 Statement executed.
@@ -116,6 +118,8 @@
 -----
 autocommit off;
 ij> prepare p4 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+ij> execute p4 using 'values(''derby.user.system'', ''manager'')';
+Statement executed.
 ij> execute p4 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 Statement executed.
 ij> execute p4 using 'values(''derby.user.dan'', ''MakeItFaster'')';
@@ -128,7 +132,7 @@
 Statement executed.
 ij> execute p4 using 'values(''derby.user.francois'', ''paceesalute'')';
 Statement executed.
-ij> execute p4 using 'values(''derby.database.fullAccessUsers'', ''jerry,dan,kreg,ames,francois,jamie'')';
+ij> execute p4 using 'values(''derby.database.fullAccessUsers'', ''system,jerry,dan,kreg,ames,francois,jamie'')';
 Statement executed.
 ij> execute p4 using 'values(''derby.database.defaultConnectionMode'', ''noAccess'')';
 Statement executed.
@@ -216,6 +220,11 @@
 ij> connect 'wombat;user=jerry;password=SacreBleu';
 ERROR 08004: Connection authentication failure occurred.  Reason: userid or password invalid.
 ij> connect 'wombat;user=jamie;password=MrNamePlates';
+ij> -- users only defined at system level; not allowed:
+connect 'myDB;user=mickey;password=mouse';
+ERROR 08004: Connection authentication failure occurred.  Reason: userid or password invalid.
+ij> connect 'wombat;user=mickey;password=mouse';
+ERROR 08004: Connection authentication failure occurred.  Reason: userid or password invalid.
 ij> show connections;
 CONNECTION0* - 	jdbc:derby://xxxFILTERED_HOSTNAMExxx:1527/wombat
 * = current connection
@@ -236,12 +245,19 @@
 ij(CONNECTION2)> disconnect all;
 ij> show connections;
 No connections available.
-ij> -- Database shutdown - check user - should succeed
+ij> -- Database shutdown - check user - should fail, not owner, cf DERBY-2264
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
+ERROR 2850H: DERBY SQL error: SQLCODE: -1, SQLSTATE: 2850H, SQLERRMC: FRANCOISwombat2850H
+ij> -- Database shutdown - check owner - should succeed
+connect 'wombat;user=system;password=manager;shutdown=true';
 ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'wombat' shutdown.
 ij> -- beetle 5468
 disconnect all;
-ij> connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ij> -- Database shutdown - check user - should fail, not owner, cf DERBY-2264
+connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ERROR 2850H: DERBY SQL error: SQLCODE: -1, SQLSTATE: 2850H, SQLERRMC: JERRYmyDB2850H
+ij> -- Database shutdown - check owner - should succeed
+connect 'myDB;user=system;password=manager;shutdown=true';
 ERROR 08006: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: Database 'myDB' shutdown.
 ij> -- beetle 5468
 disconnect all;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/secureUsers.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/secureUsers.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/secureUsers.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/secureUsers.out Wed Feb 21 11:56:52 2007
@@ -56,10 +56,14 @@
 ij(CONNECTION2)> prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
 ij(CONNECTION2)> execute p2 using 'values(''derby.authentication.provider'', ''BUILTIN'')';
 0 rows inserted/updated/deleted
+ij(CONNECTION2)> execute p2 using 'values(''derby.connection.requireAuthentication'', ''true'')';
+0 rows inserted/updated/deleted
 ij(CONNECTION2)> -- let's define users in this database (other than the ones
 -- known at the system level. This is for the test
 -- These 3 users will only be known in this database
-execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
+execute p2 using 'values(''derby.user.system'', ''manager'')';
+0 rows inserted/updated/deleted
+ij(CONNECTION2)> execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
 0 rows inserted/updated/deleted
 ij(CONNECTION2)> execute p2 using 'values(''derby.user.dan'', ''makeItFaster'')';
 0 rows inserted/updated/deleted
@@ -97,7 +101,7 @@
 ij> connect 'guestSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'guestSchemeDB' shutdown.
 ij> connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
-ERROR 08004: Connection refused : Invalid authentication.
+ERROR 08006: Database 'derbySchemeDB' shutdown.
 ij> connect 'simpleSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'simpleSchemeDB' shutdown.
 ij> disconnect all;
@@ -112,7 +116,7 @@
 ij> connect 'wombat;user=jeff;password=homeRun';
 ij(CONNECTION1)> connect 'wombat;user=howardR;password=takeItEasy';
 ij(CONNECTION2)> connect 'wombat;user=francois;password=paceesalute';
-ij(CONNECTION3)> -- Invalid ones:
+ij(CONNECTION3)> -- Jamie is allowed here, since he is user at system level
 connect 'wombat;user=Jamie;password=theHooligan';
 ij(CONNECTION4)> show connections;
 CONNECTION0
@@ -125,8 +129,8 @@
 ij(CONNECTION5)> connect 'guestSchemeDB;user=jeff;password=homeRun';
 ij(CONNECTION6)> connect 'guestSchemeDB;user=howardR;password=takeItEasy';
 ij(CONNECTION7)> connect 'guestSchemeDB;user=francois;password=paceesalute';
-ij(CONNECTION8)> -- Invalid ones:
-connect 'guestSchemeDB;user=Jamie;password=theHooligan';
+ij(CONNECTION8)> -- allowed: no authentication
+connect 'guestSchemeDB;user=bad;password=guy';
 ij(CONNECTION9)> show connections;
 CONNECTION0
 CONNECTION1
@@ -202,13 +206,14 @@
 ij> show connections;
 No connections available.
 ij> -- Database shutdown - check user - should succeed
-connect 'wombat;user=jeff;password=homeRun;shutdown=true';
-ERROR 08006: Database 'wombat' shutdown.
-ij> connect 'guestSchemeDB;user=kreg;password=IwasBornReady;shutdown=true';
+connect 'guestSchemeDB;user=kreg;password=IwasBornReady;shutdown=true';
 ERROR 08006: Database 'guestSchemeDB' shutdown.
-ij> connect 'derbySchemeDB;user=mamta;password=ieScape;shutdown=true';
+ij> -- Database shutdown - authenticated, so must use owner
+connect 'wombat;user=system;password=manager;shutdown=true';
+ERROR 08006: Database 'wombat' shutdown.
+ij> connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'derbySchemeDB' shutdown.
-ij> connect 'simpleSchemeDB;user=jeff;password=homeRun;shutdown=true';
+ij> connect 'simpleSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'simpleSchemeDB' shutdown.
 ij> show connections;
 No connections available.

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users.out Wed Feb 21 11:56:52 2007
@@ -151,7 +151,7 @@
 -- beetle 5367
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
 ERROR 08006: Database 'wombat' shutdown.
-ij(CONNECTION1)> connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ij(CONNECTION1)> connect 'myDB;user=dan;password=MakeItFaster;shutdown=true';
 ERROR 08006: Database 'myDB' shutdown.
 ij(CONNECTION1)> show connections;
 No current connection

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users2.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users2.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users2.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/j9_foundation/users2.out Wed Feb 21 11:56:52 2007
@@ -17,7 +17,7 @@
 --
 -- Specifically test Derby users using DERBY scheme
 -- and by only looking at database properties for authentication
--- The only user at the system level is system/manager
+-- The only user only defined at the system level is mickey/mouse
 --
 -- check allowed users in wombat db.
 -- initial connection in sysprop was:
@@ -43,6 +43,8 @@
 --
 autocommit off;
 ij> prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+ij> execute p2 using 'values(''derby.user.system'', ''manager'')';
+0 rows inserted/updated/deleted
 ij> execute p2 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 0 rows inserted/updated/deleted
 ij> execute p2 using 'values(''derby.user.jeff'', ''HomeRun61'')';
@@ -55,7 +57,7 @@
 0 rows inserted/updated/deleted
 ij> execute p2 using 'values(''derby.user.francois'', ''paceesalute'')';
 0 rows inserted/updated/deleted
-ij> execute p2 using 'values(''derby.database.fullAccessUsers'', ''jeff,howardR,ames,francois,kreg'')';
+ij> execute p2 using 'values(''derby.database.fullAccessUsers'', ''system,jeff,howardR,ames,francois,kreg'')';
 0 rows inserted/updated/deleted
 ij> execute p2 using 'values(''derby.database.readOnlyAccessUsers'', ''jamie'')';
 0 rows inserted/updated/deleted
@@ -116,6 +118,8 @@
 --
 autocommit off;
 ij> prepare p4 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+ij> execute p4 using 'values(''derby.user.system'', ''manager'')';
+0 rows inserted/updated/deleted
 ij> execute p4 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 0 rows inserted/updated/deleted
 ij> execute p4 using 'values(''derby.user.dan'', ''MakeItFaster'')';
@@ -128,7 +132,7 @@
 0 rows inserted/updated/deleted
 ij> execute p4 using 'values(''derby.user.francois'', ''paceesalute'')';
 0 rows inserted/updated/deleted
-ij> execute p4 using 'values(''derby.database.fullAccessUsers'', ''jerry,dan,kreg,ames,francois,jamie'')';
+ij> execute p4 using 'values(''derby.database.fullAccessUsers'', ''system,jerry,dan,kreg,ames,francois,jamie'')';
 0 rows inserted/updated/deleted
 ij> execute p4 using 'values(''derby.database.defaultConnectionMode'', ''noAccess'')';
 0 rows inserted/updated/deleted
@@ -216,6 +220,11 @@
 ij> connect 'wombat;user=jerry;password=SacreBleu';
 ERROR 08004: Connection refused : Invalid authentication.
 ij> connect 'wombat;user=jamie;password=MrNamePlates';
+ij> -- users only defined at system level; not allowed:
+connect 'myDB;user=mickey;password=mouse';
+ERROR 08004: Connection refused : Invalid authentication.
+ij> connect 'wombat;user=mickey;password=mouse';
+ERROR 08004: Connection refused : Invalid authentication.
 ij> show connections;
 CONNECTION0*
 * = current connection
@@ -236,12 +245,19 @@
 ij(CONNECTION2)> disconnect all;
 ij> show connections;
 No connections available.
-ij> -- Database shutdown - check user - should succeed
+ij> -- Database shutdown - check user - should fail, not owner, cf DERBY-2264
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
+ERROR 2850H: User 'FRANCOIS' cannot shut down database 'wombat'. Only database owner can perform this operation.
+ij> -- Database shutdown - check owner - should succeed
+connect 'wombat;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'wombat' shutdown.
 ij> -- beetle 5468
 disconnect all;
-ij> connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ij> -- Database shutdown - check user - should fail, not owner, cf DERBY-2264
+connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ERROR 2850H: User 'JERRY' cannot shut down database 'myDB'. Only database owner can perform this operation.
+ij> -- Database shutdown - check owner - should succeed
+connect 'myDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'myDB' shutdown.
 ij> -- beetle 5468
 disconnect all;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers.out Wed Feb 21 11:56:52 2007
@@ -56,10 +56,14 @@
 ij(CONNECTION2)> prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
 ij(CONNECTION2)> execute p2 using 'values(''derby.authentication.provider'', ''BUILTIN'')';
 0 rows inserted/updated/deleted
+ij(CONNECTION2)> execute p2 using 'values(''derby.connection.requireAuthentication'', ''true'')';
+0 rows inserted/updated/deleted
 ij(CONNECTION2)> -- let's define users in this database (other than the ones
 -- known at the system level. This is for the test
 -- These 3 users will only be known in this database
-execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
+execute p2 using 'values(''derby.user.system'', ''manager'')';
+0 rows inserted/updated/deleted
+ij(CONNECTION2)> execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
 0 rows inserted/updated/deleted
 ij(CONNECTION2)> execute p2 using 'values(''derby.user.dan'', ''makeItFaster'')';
 0 rows inserted/updated/deleted
@@ -97,7 +101,7 @@
 ij> connect 'guestSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'guestSchemeDB' shutdown.
 ij> connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
-ERROR 08004: Connection refused : Invalid authentication.
+ERROR 08006: Database 'derbySchemeDB' shutdown.
 ij> connect 'simpleSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'simpleSchemeDB' shutdown.
 ij> disconnect all;
@@ -112,7 +116,7 @@
 ij> connect 'wombat;user=jeff;password=homeRun';
 ij(CONNECTION1)> connect 'wombat;user=howardR;password=takeItEasy';
 ij(CONNECTION2)> connect 'wombat;user=francois;password=paceesalute';
-ij(CONNECTION3)> -- Invalid ones:
+ij(CONNECTION3)> -- Jamie is allowed here, since he is user at system level
 connect 'wombat;user=Jamie;password=theHooligan';
 ij(CONNECTION4)> show connections;
 CONNECTION0 - 	jdbc:derby:wombat
@@ -125,8 +129,8 @@
 ij(CONNECTION5)> connect 'guestSchemeDB;user=jeff;password=homeRun';
 ij(CONNECTION6)> connect 'guestSchemeDB;user=howardR;password=takeItEasy';
 ij(CONNECTION7)> connect 'guestSchemeDB;user=francois;password=paceesalute';
-ij(CONNECTION8)> -- Invalid ones:
-connect 'guestSchemeDB;user=Jamie;password=theHooligan';
+ij(CONNECTION8)> -- allowed: no authentication
+connect 'guestSchemeDB;user=bad;password=guy';
 ij(CONNECTION9)> show connections;
 CONNECTION0 - 	jdbc:derby:wombat
 CONNECTION1 - 	jdbc:derby:wombat
@@ -202,13 +206,14 @@
 ij> show connections;
 No connections available.
 ij> -- Database shutdown - check user - should succeed
-connect 'wombat;user=jeff;password=homeRun;shutdown=true';
-ERROR 08006: Database 'wombat' shutdown.
-ij> connect 'guestSchemeDB;user=kreg;password=IwasBornReady;shutdown=true';
+connect 'guestSchemeDB;user=kreg;password=IwasBornReady;shutdown=true';
 ERROR 08006: Database 'guestSchemeDB' shutdown.
-ij> connect 'derbySchemeDB;user=mamta;password=ieScape;shutdown=true';
+ij> -- Database shutdown - authenticated, so must use owner
+connect 'wombat;user=system;password=manager;shutdown=true';
+ERROR 08006: Database 'wombat' shutdown.
+ij> connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'derbySchemeDB' shutdown.
-ij> connect 'simpleSchemeDB;user=jeff;password=homeRun;shutdown=true';
+ij> connect 'simpleSchemeDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'simpleSchemeDB' shutdown.
 ij> show connections;
 No connections available.

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers1.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers1.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers1.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/secureUsers1.out Wed Feb 21 11:56:52 2007
@@ -51,7 +51,7 @@
 ij> show connections;
 No connections available.
 ij> disconnect all;
-ij> -- Derby system shutdown - check user - should succeed
+ij> -- Derby system shutdown - check user (owner) - should succeed
 connect ';user=system;password=manager;shutdown=true';
 ERROR XJ015: Derby system shutdown.
 ij> 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users.out Wed Feb 21 11:56:52 2007
@@ -151,7 +151,7 @@
 -- beetle 5367
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
 ERROR 08006: Database 'wombat' shutdown.
-ij(CONNECTION1)> connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ij(CONNECTION1)> connect 'myDB;user=dan;password=MakeItFaster;shutdown=true';
 ERROR 08006: Database 'myDB' shutdown.
 ij(CONNECTION1)> show connections;
 No current connection

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users2.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users2.out?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users2.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/users2.out Wed Feb 21 11:56:52 2007
@@ -17,7 +17,7 @@
 --
 -- Specifically test Derby users using DERBY scheme
 -- and by only looking at database properties for authentication
--- The only user at the system level is system/manager
+-- The only user only defined at the system level is mickey/mouse
 --
 -- check allowed users in wombat db.
 -- initial connection in sysprop was:
@@ -43,6 +43,8 @@
 --
 autocommit off;
 ij> prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+ij> execute p2 using 'values(''derby.user.system'', ''manager'')';
+0 rows inserted/updated/deleted
 ij> execute p2 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 0 rows inserted/updated/deleted
 ij> execute p2 using 'values(''derby.user.jeff'', ''HomeRun61'')';
@@ -55,7 +57,7 @@
 0 rows inserted/updated/deleted
 ij> execute p2 using 'values(''derby.user.francois'', ''paceesalute'')';
 0 rows inserted/updated/deleted
-ij> execute p2 using 'values(''derby.database.fullAccessUsers'', ''jeff,howardR,ames,francois,kreg'')';
+ij> execute p2 using 'values(''derby.database.fullAccessUsers'', ''system,jeff,howardR,ames,francois,kreg'')';
 0 rows inserted/updated/deleted
 ij> execute p2 using 'values(''derby.database.readOnlyAccessUsers'', ''jamie'')';
 0 rows inserted/updated/deleted
@@ -116,6 +118,8 @@
 --
 autocommit off;
 ij> prepare p4 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+ij> execute p4 using 'values(''derby.user.system'', ''manager'')';
+0 rows inserted/updated/deleted
 ij> execute p4 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 0 rows inserted/updated/deleted
 ij> execute p4 using 'values(''derby.user.dan'', ''MakeItFaster'')';
@@ -128,7 +132,7 @@
 0 rows inserted/updated/deleted
 ij> execute p4 using 'values(''derby.user.francois'', ''paceesalute'')';
 0 rows inserted/updated/deleted
-ij> execute p4 using 'values(''derby.database.fullAccessUsers'', ''jerry,dan,kreg,ames,francois,jamie'')';
+ij> execute p4 using 'values(''derby.database.fullAccessUsers'', ''system,jerry,dan,kreg,ames,francois,jamie'')';
 0 rows inserted/updated/deleted
 ij> execute p4 using 'values(''derby.database.defaultConnectionMode'', ''noAccess'')';
 0 rows inserted/updated/deleted
@@ -216,6 +220,11 @@
 ij> connect 'wombat;user=jerry;password=SacreBleu';
 ERROR 08004: Connection refused : Invalid authentication.
 ij> connect 'wombat;user=jamie;password=MrNamePlates';
+ij> -- users only defined at system level; not allowed:
+connect 'myDB;user=mickey;password=mouse';
+ERROR 08004: Connection refused : Invalid authentication.
+ij> connect 'wombat;user=mickey;password=mouse';
+ERROR 08004: Connection refused : Invalid authentication.
 ij> show connections;
 CONNECTION0* - 	jdbc:derby:wombat
 * = current connection
@@ -236,12 +245,19 @@
 ij(CONNECTION2)> disconnect all;
 ij> show connections;
 No connections available.
-ij> -- Database shutdown - check user - should succeed
+ij> -- Database shutdown - check user - should fail, not owner, cf DERBY-2264
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
+ERROR 2850H: User 'FRANCOIS' cannot shut down database 'wombat'. Only database owner can perform this operation.
+ij> -- Database shutdown - check owner - should succeed
+connect 'wombat;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'wombat' shutdown.
 ij> -- beetle 5468
 disconnect all;
-ij> connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ij> -- Database shutdown - check user - should fail, not owner, cf DERBY-2264
+connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+ERROR 2850H: User 'JERRY' cannot shut down database 'myDB'. Only database owner can perform this operation.
+ij> -- Database shutdown - check owner - should succeed
+connect 'myDB;user=system;password=manager;shutdown=true';
 ERROR 08006: Database 'myDB' shutdown.
 ij> -- beetle 5468
 disconnect all;

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java?view=auto&rev=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java (added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java Wed Feb 21 11:56:52 2007
@@ -0,0 +1,233 @@
+/*
+
+   Derby - Class org.apache.derbyTesting.functionTests.tests.jdbcapi.DboPowersTest
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derbyTesting.functionTests.tests.jdbcapi;
+
+import java.sql.SQLException;
+import javax.sql.DataSource;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+import org.apache.derbyTesting.junit.BaseJDBCTestCase;
+import org.apache.derbyTesting.junit.DatabasePropertyTestSetup;
+import org.apache.derbyTesting.junit.JDBCDataSource;
+import org.apache.derbyTesting.junit.TestConfiguration;
+
+/**
+ * This JUnit tests enforcement of dbo (=database owner) powers, cf.
+* DERBY-2264.
+ *
+ * The tests are run in the cross product (cardinality 10) of contexts:
+ *
+ *    {client/server, embedded} x 
+ *    {no authentication, authentication and authentication/sqlAuthorization} x
+ *    {data base owner, other user }
+ *
+ * One could consider removing the client/server suite to speed up
+ * this test as it does not add much value given the nature of the changes.
+ *
+*/
+public class DboPowersTest extends BaseJDBCTestCase
+{
+    /* test execution security context: one of three below */
+    final private int authLevel; 
+    final private static int NOAUTHENTICATION=0;
+    final private static int AUTHENTICATION=1;
+    final private static int SQLAUTHORIZATION=2;
+    
+    /**
+     * Create a new instance of DboPowersTest
+    *
+     * @param name Fixture name
+     * @param authLevel authentication level with which test is run
+     */
+    public DboPowersTest(String name, int authLevel) 
+    { 
+        super(name); 
+        this.authLevel = authLevel;
+    }
+
+    /**
+    * Construct top level suite in this JUnit test
+     *
+     * @return A suite containing embedded and client suites
+     */
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("DboPowersTest");
+        suite.addTest(dboSuite("embedded"));
+        suite.addTest(TestConfiguration.clientServerDecorator(
+                          dboSuite("client")));
+        return suite;
+   }
+        
+    /**
+     *
+     * Construct default suite of tests
+     *
+     * @param framework Derby framework
+     * @return A suite containing the test cases incarnated for the three
+     * security levels no authentication, authentication, and
+     * authentication plus sqlAuthorization, 
+     * The latter two has an instance for dbo, and one for ordinary user,
+    * in all five incarnations of tests.
+     */
+    private static Test dboSuite(String framework) 
+    {
+        final String[][] users = {
+            /* authLevel == AUTHENTICATION: dbo is APP/APP for db 'wombat',
+             * so use that as first user.  Otherwise,
+             * builtinAuthentication decorator's db shutdown fails to
+             * work after DERBY-2264(!).
+             */
+            {"APP", "U1"}, 
+           /* authLevel == SQLAUTHORIZATION: sqlAuthorizationDecorator
+             * decorator presumes TEST_DBO as dbo, so add it to set of
+             * valid users. Uses a fresh db 'dbsqlauth', not 'wombat'.
+             */
+            {"TEST_DBO", "U1"}};
+        
+        final String pwSuffix = "pwSuffix";
+
+        Test tests[] = new Test[3]; // one per authLevel
+
+        tests[NOAUTHENTICATION] = collectFixtures(NOAUTHENTICATION);
+
+        /** First decorate with users, then with authentication. Do this
+         * twice, once for authentication only, and once for
+         * authentication and sqlAuthorization (see extra decorator
+         * added below).
+         */
+        for (int autLev = AUTHENTICATION; 
+             autLev <= SQLAUTHORIZATION ; autLev++) {
+
+            // add decorator for different users authenticated
+            TestSuite userSuite =  new TestSuite(
+                "userSuite:"+ (autLev == AUTHENTICATION ? "authentication"
+                              : "sqlAuthorization"));
+
+            for (int userNo = 0; userNo < users.length; userNo++) {
+                userSuite.addTest
+                    (TestConfiguration.changeUserDecorator
+                     (collectFixtures(autLev),
+                      users[autLev-1][userNo], 
+                      users[autLev-1][userNo].concat(pwSuffix)));
+            }
+        
+            tests[autLev] = DatabasePropertyTestSetup.
+               builtinAuthentication(userSuite, users[autLev-1], pwSuffix);
+        }
+
+        TestSuite suite = new TestSuite("dboPowers:"+framework);
+
+        /* run tests with no authentication enabled */
+        suite.addTest(tests[NOAUTHENTICATION]);
+
+        /* run test for all users with only authentication enabled */
+        suite.addTest(tests[AUTHENTICATION]);
+
+       /* run test for all users with authentication and
+         * sqlAuthorization enabled
+         */
+        suite.addTest(
+            TestConfiguration.
+            sqlAuthorizationDecorator(tests[SQLAUTHORIZATION]));
+                         
+        return suite;
+    }
+
+    /**
+    * Picks up individual test fixtures explicitly, since we need to
+     * provide the context.
+     */
+    private static TestSuite collectFixtures(int authLevel)
+    {
+        TestSuite suite = new TestSuite("dboPowersTests");
+        suite.addTest(new DboPowersTest("testShutDown", authLevel));
+        return suite;
+    }
+
+    /**
+    * Test database shutdown power enforcement
+     */
+    public void testShutDown() throws SQLException
+    {
+        // make sure db is booted
+        getConnection().close();
+
+        String user = getTestConfiguration().getUserName();
+        String password = getTestConfiguration().getUserPassword();
+
+        DataSource ds = JDBCDataSource.getDataSource();
+        JDBCDataSource.setBeanProperty(
+            ds, "connectionAttributes", "shutdown=true");
+        JDBCDataSource.setBeanProperty(ds, "user", user);
+        JDBCDataSource.setBeanProperty(ds, "password", password);
+        try {
+            ds.getConnection();
+            fail("shutdown failed: no exception");
+        } catch (SQLException e) {
+            if ("08006".equals(e.getSQLState())) {
+                // reboot if shutdown succeeded
+                JDBCDataSource.setBeanProperty(ds, "connectionAttributes", "");
+               ds.getConnection().close();
+            }
+
+            vetShutdownException(user, e);
+        }
+    }
+
+    /**
+     * Decide if the result of trying to shut down the database is
+     * compliant with the semantics introduced by DERBY-2264.
+     */
+   private void vetShutdownException (String user, SQLException e)
+    {
+        switch (authLevel) {
+        case NOAUTHENTICATION:
+            assertSQLState("database shutdown, no authentication", 
+                           "08006", e);
+            break;
+        case AUTHENTICATION:
+            if ("APP".equals(user)) {
+                assertSQLState("database shutdown, authentication, db owner", 
+                               "08006", e);
+           } else {
+                assertSQLState("database shutdown restriction, authentication," +
+                               " not db owner", "2850H", e);
+            }
+            break;
+        case SQLAUTHORIZATION:
+            if ("TEST_DBO".equals(user)) {
+                assertSQLState("database shutdown, SQL authorization, db owner",
+                               "08006", e);
+            } else {
+                assertSQLState("database shutdown restriction, " + 
+                              "SQL authorization, not db owner",
+                               "2850H", e);
+            }
+            break;
+        default:
+            fail("test error");
+            break;
+        }
+    }
+}
+

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/_Suite.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/_Suite.java?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/_Suite.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/_Suite.java Wed Feb 21 11:56:52 2007
@@ -61,6 +61,7 @@
 		suite.addTest(CharacterStreamsTest.suite());
 		suite.addTest(BatchUpdateTest.suite());
 		suite.addTest(StreamTest.suite());
+		suite.addTest(DboPowersTest.suite());
         
         // Old harness .java tests that run using the HarnessJavaTest
         // adapter and continue to use a single master file.

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers.sql
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers.sql?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers.sql (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers.sql Wed Feb 21 11:56:52 2007
@@ -57,9 +57,11 @@
 autocommit off;
 prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
 execute p2 using 'values(''derby.authentication.provider'', ''BUILTIN'')';
+execute p2 using 'values(''derby.connection.requireAuthentication'', ''true'')';
 -- let's define users in this database (other than the ones
 -- known at the system level. This is for the test
 -- These 3 users will only be known in this database
+execute p2 using 'values(''derby.user.system'', ''manager'')';
 execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
 execute p2 using 'values(''derby.user.dan'', ''makeItFaster'')';
 execute p2 using 'values(''derby.user.mamta'', ''ieScape'')';
@@ -104,7 +106,7 @@
 connect 'wombat;user=jeff;password=homeRun';
 connect 'wombat;user=howardR;password=takeItEasy';
 connect 'wombat;user=francois;password=paceesalute';
--- Invalid ones:
+-- Jamie is allowed here, since he is user at system level
 connect 'wombat;user=Jamie;password=theHooligan';
 show connections;
 
@@ -112,8 +114,8 @@
 connect 'guestSchemeDB;user=jeff;password=homeRun';
 connect 'guestSchemeDB;user=howardR;password=takeItEasy';
 connect 'guestSchemeDB;user=francois;password=paceesalute';
--- Invalid ones:
-connect 'guestSchemeDB;user=Jamie;password=theHooligan';
+-- allowed: no authentication
+connect 'guestSchemeDB;user=bad;password=guy';
 show connections;
 
 connect 'derbySchemeDB;user=mamta;password=ieScape';
@@ -144,10 +146,12 @@
 show connections;
 
 -- Database shutdown - check user - should succeed
-connect 'wombat;user=jeff;password=homeRun;shutdown=true';
 connect 'guestSchemeDB;user=kreg;password=IwasBornReady;shutdown=true';
-connect 'derbySchemeDB;user=mamta;password=ieScape;shutdown=true';
-connect 'simpleSchemeDB;user=jeff;password=homeRun;shutdown=true';
+
+-- Database shutdown - authenticated, so must use owner
+connect 'wombat;user=system;password=manager;shutdown=true';
+connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
+connect 'simpleSchemeDB;user=system;password=manager;shutdown=true';
 
 show connections;
 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers1.sql
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers1.sql?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers1.sql (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/secureUsers1.sql Wed Feb 21 11:56:52 2007
@@ -49,5 +49,5 @@
 
 disconnect all;
 
--- Derby system shutdown - check user - should succeed
+-- Derby system shutdown - check user (owner) - should succeed
 connect ';user=system;password=manager;shutdown=true';

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users.sql
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users.sql?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users.sql (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users.sql Wed Feb 21 11:56:52 2007
@@ -95,7 +95,7 @@
 -- Database shutdown - check user - should succeed
 -- beetle 5367
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
-connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+connect 'myDB;user=dan;password=MakeItFaster;shutdown=true';
 show connections;
 -- JBMS System shutdown - check user - should fail
 connect ';user=jamie;password=LetMeIn;shutdown=true';

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2.sql
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2.sql?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2.sql (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2.sql Wed Feb 21 11:56:52 2007
@@ -17,7 +17,7 @@
 --
 -- Specifically test Derby users using DERBY scheme
 -- and by only looking at database properties for authentication
--- The only user at the system level is system/manager
+-- The only user only defined at the system level is mickey/mouse
 --
 
 -- check allowed users in wombat db.
@@ -46,13 +46,14 @@
 --
 autocommit off;
 prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+execute p2 using 'values(''derby.user.system'', ''manager'')';
 execute p2 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 execute p2 using 'values(''derby.user.jeff'', ''HomeRun61'')';
 execute p2 using 'values(''derby.user.ames'', ''AnyVolunteer?'')';
 execute p2 using 'values(''derby.user.jamie'', ''MrNamePlates'')';
 execute p2 using 'values(''derby.user.howardR'', ''IamBetterAtTennis'')';
 execute p2 using 'values(''derby.user.francois'', ''paceesalute'')';
-execute p2 using 'values(''derby.database.fullAccessUsers'', ''jeff,howardR,ames,francois,kreg'')';
+execute p2 using 'values(''derby.database.fullAccessUsers'', ''system,jeff,howardR,ames,francois,kreg'')';
 execute p2 using 'values(''derby.database.readOnlyAccessUsers'', ''jamie'')';
 execute p2 using 'values(''derby.database.defaultConnectionMode'', ''noAccess'')';
 execute p2 using 'values(''derby.database.propertiesOnly'', ''true'')';
@@ -105,13 +106,14 @@
 --
 autocommit off;
 prepare p4 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
+execute p4 using 'values(''derby.user.system'', ''manager'')';
 execute p4 using 'values(''derby.user.kreg'', ''visualWhat?'')';
 execute p4 using 'values(''derby.user.dan'', ''MakeItFaster'')';
 execute p4 using 'values(''derby.user.ames'', ''AnyVolunteer?'')';
 execute p4 using 'values(''derby.user.jerry'', ''SacreBleu'')';
 execute p4 using 'values(''derby.user.jamie'', ''MrNamePlates'')';
 execute p4 using 'values(''derby.user.francois'', ''paceesalute'')';
-execute p4 using 'values(''derby.database.fullAccessUsers'', ''jerry,dan,kreg,ames,francois,jamie'')';
+execute p4 using 'values(''derby.database.fullAccessUsers'', ''system,jerry,dan,kreg,ames,francois,jamie'')';
 execute p4 using 'values(''derby.database.defaultConnectionMode'', ''noAccess'')';
 execute p4 using 'values(''derby.database.propertiesOnly'', ''true'')';
 commit;
@@ -166,6 +168,10 @@
 connect 'wombat;user=jerry;password=SacreBleu';
 connect 'wombat;user=jamie;password=MrNamePlates';
 
+-- users only defined at system level; not allowed:
+connect 'myDB;user=mickey;password=mouse';
+connect 'wombat;user=mickey;password=mouse';
+
 show connections;
 
 connect 'wombat;user=francois;password=paceesalute';
@@ -180,13 +186,18 @@
 disconnect all;
 show connections;
 
--- Database shutdown - check user - should succeed
+-- Database shutdown - check user - should fail, not owner, cf DERBY-2264
 connect 'wombat;user=francois;password=paceesalute;shutdown=true';
+-- Database shutdown - check owner - should succeed
+connect 'wombat;user=system;password=manager;shutdown=true';
 
 -- beetle 5468
 disconnect all;
 
+-- Database shutdown - check user - should fail, not owner, cf DERBY-2264
 connect 'myDB;user=jerry;password=SacreBleu;shutdown=true';
+-- Database shutdown - check owner - should succeed
+connect 'myDB;user=system;password=manager;shutdown=true';
 
 -- beetle 5468
 disconnect all;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2_derby.properties
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2_derby.properties?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2_derby.properties (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/users2_derby.properties Wed Feb 21 11:56:52 2007
@@ -11,14 +11,9 @@
 derby.debug.true=AuthenticationTrace
 
 #
-# we only define system user (at the system level)
+# we define system user [owner] (at the system level)
 #
 derby.user.system=manager
-
-# Database users restriction lists - DEPRECATED Properties
-# Use derby.database.{fullAccessUsers,
-#						   readOnlyAccessUsers,
-#						   defaultConnectionMode} properties only.
 #
-derby.database.users.wombat=francois,jeff,howardR,ames,kreg
-derby.database.users.myDB=jerry,kreg,dan,jamie,ames,francois
+# This user is not defined at database level:
+derby.user.mickey=mouse

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/nist/NistScripts.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/nist/NistScripts.java?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/nist/NistScripts.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/nist/NistScripts.java Wed Feb 21 11:56:52 2007
@@ -203,7 +203,7 @@
         
         // Setup user authentication
         test = DatabasePropertyTestSetup.builtinAuthentication(test,
-                new String[] {"HU","FLATER","SUN","CTS1","SULLIVAN1","SCHANZLE"},
+                new String[] {"APP", "HU","FLATER","SUN","CTS1","SULLIVAN1","SCHANZLE"},
                 "ni8s4T");
         
         // Lock timeout settings that were set for the old harness when

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java?view=diff&rev=510173&r1=510172&r2=510173
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java Wed Feb 21 11:56:52 2007
@@ -403,7 +403,7 @@
         
         return changeUserDecorator(
             new DatabaseChangeSetup(setSQLAuthMode, DEFAULT_DBNAME_SQL, DEFAULT_DBNAME_SQL, true),
-            "TEST_DBO", "");
+            "TEST_DBO", "dummy"); // DRDA doesn't like empty pw
     }
     
     /**
@@ -493,6 +493,9 @@
         this.userPassword = DEFAULT_USER_PASSWORD;
         this.hostName = null;
         this.port = -1;
+        this.isVerbose = Boolean.valueOf(
+            getSystemProperties().getProperty(KEY_VERBOSE)).
+            booleanValue();
         
         this.jdbcClient = JDBCClient.getDefaultEmbedded();
         url = createJDBCUrlWithDatabaseName(defaultDbName);



Mime
View raw message