db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-4642) Successful login with securityMechanism=8 writes exception to log
Date Wed, 05 May 2010 08:24:02 GMT
Successful login with securityMechanism=8 writes exception to log
-----------------------------------------------------------------

                 Key: DERBY-4642
                 URL: https://issues.apache.org/jira/browse/DERBY-4642
             Project: Derby
          Issue Type: Bug
          Components: Network Server
    Affects Versions: 10.5.3.0, 10.4.1.3, 10.6.1.0, 10.7.0.0
            Reporter: Knut Anders Hatlen
            Priority: Minor


With authentication and strong password substitution enabled, the first connection to a database
logs an exception, even if the connection attempt was successful.

Example:

Start a network server in one terminal:

$ java -Dderby.connection.requireAuthentication=true -Dderby.user.test=test -jar /code/derby/trunk0/jars/sane/derbynet.jar
start
2010-05-05 08:04:00.857 GMT : Security manager installed using the Basic server security policy.
2010-05-05 08:04:01.121 GMT : Apache Derby Network Server - 10.7.0.0 alpha - (941167P) started
and ready to accept connections on port 1527

Then, in another terminal, connect to the database using ij:

java -jar /code/derby/trunk0/jars/sane/derbyrun.jar ij
ij version 10.7
ij> connect 'jdbc:derby://localhost/db;create=true;user=test;password=test;securityMechanism=8';
ij> values 'I''m in! :)';
1         
----------
I'm in! :)

1 row selected
ij> 

Even though the connection was successfully established, the following exception is written
to derby.log:

java.sql.SQLException: Connection authentication failure occurred.  Reason: Invalid authentication..
        at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:45)
        at org.apache.derby.impl.jdbc.SQLExceptionFactory40.wrapArgsForTransportAcrossDRDA(SQLExceptionFactory40.java:119)
        at org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(SQLExceptionFactory40.java:70)
        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:142)
        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:148)
        at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Util.java:227)
        at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(EmbedConnection.java:3044)
        at org.apache.derby.impl.jdbc.EmbedConnection.checkUserCredentials(EmbedConnection.java:1218)
        at org.apache.derby.impl.jdbc.EmbedConnection.<init>(EmbedConnection.java:402)
        at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(EmbedConnection30.java:73)
        at org.apache.derby.impl.jdbc.EmbedConnection40.<init>(EmbedConnection40.java:54)
        at org.apache.derby.jdbc.Driver40.getNewEmbedConnection(Driver40.java:68)
        at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:238)
        at org.apache.derby.jdbc.AutoloadedDriver.connect(AutoloadedDriver.java:119)
        at org.apache.derby.impl.drda.Database.makeDummyConnection(Database.java:268)
        at org.apache.derby.impl.drda.DRDAConnThread.validateSecMecUSRSSBPWD(DRDAConnThread.java:8834)
        at org.apache.derby.impl.drda.DRDAConnThread.parseACCSEC(DRDAConnThread.java:1964)
        at org.apache.derby.impl.drda.DRDAConnThread.processCommands(DRDAConnThread.java:948)
        at org.apache.derby.impl.drda.DRDAConnThread.run(DRDAConnThread.java:295)

Logging an exception when nothing is wrong is confusing and may make users think there's a
real problem.

The exception itself is harmless, though. Database.makeDummyConnection() is expected to fail
in some circumstances. It attempts to connect to the database without specifying any credentials
in order to boot the database. That code doesn't care whether a connection is returned or
an exception is thrown, since the database is booted even if the credentials are invalid.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message