db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5522) Document the NATIVE authentication scheme.
Date Wed, 21 Mar 2012 19:03:42 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13234866#comment-13234866
] 

Kim Haase commented on DERBY-5522:
----------------------------------

I have been trying to figure out under what circumstances I would need to call SYSCS_UTIL.SYSCS_CREATE_USER
to create credentials for the DBO for a pre-existing database. It seems that this never happens.

With authentication disabled, I create a database, testDB; then I set the provider to NATIVE:credsDB.
I create credsDB, in which I (the DBO) am already entered. Then I create the user APP, who
owns testDB. I can then connect to testDB as APP. Nothing is stored in testDB's sysusers table,
because credsDB is used for everything.

 jdench 100 =>java -jar ../codetrunk/trunk/jars/insane/derbyrun.jar ij
ij version 10.9
ij> connect 'jdbc:derby:testDB;create=true';
ij> create table t1(n int);
0 rows inserted/updated/deleted
ij> select * from t1;
N          
-----------

0 rows selected
ij> exit;
 jdench 101 =>mv notderby.properties derby.properties
 jdench 102 =>more derby.properties
derby.authentication.provider=NATIVE:credsDB
 jdench 103 =>java -jar ../codetrunk/trunk/jars/insane/derbyrun.jar ij
ij version 10.9
ij> connect 'jdbc:derby:credsDB;user=myself;password=mypass;create=true';
ij> select username from sys.sysusers;
USERNAME                                                                                 
                                      
-------------------------------------------------------------------------------
MYSELF                                                                                   
                                      

1 row selected
ij> call SYSCS_UTIL.SYSCS_CREATE_USER('APP', 'app');
0 rows inserted/updated/deleted
ij> select username from sys.sysusers;
USERNAME                                                                                 
                                      
-------------------------------------------------------------------------------
APP                                                                                      
                                      
MYSELF                                                                                   
                                      

2 rows selected
ij> disconnect;
ij> connect 'jdbc:derby:testDB;user=app;password=app';
ij> select * from t1;
N          
-----------

0 rows selected
ij> insert into t1 values(3);
1 row inserted/updated/deleted
ij> select * from t1;
N          
-----------
3          

1 row selected
ij> select username from sys.sysusers;
USERNAME                                                                                 
                                      
-------------------------------------------------------------------------------

0 rows selected
ij> exit;

I then do exactly the same thing with the property set to NATIVE:credsDB:LOCAL, after deleting
the databases. This time I get an authentication failure when I try to log in to testDB.

 jdench 105 =>mv derby.properties notderby.properties
 jdench 106 =>/bin/rm -rf testDB credsDB
 jdench 107 =>java -jar ../codetrunk/trunk/jars/insane/derbyrun.jar ij
ij version 10.9
ij> connect 'jdbc:derby:testDB;create=true';
ij> create table t1(n int);
0 rows inserted/updated/deleted
ij> select * from t1;
N          
-----------

0 rows selected
ij> exit;
 jdench 108 =>mv notderby.properties derby.properties
 jdench 109 =>more derby.properties
derby.authentication.provider=NATIVE:credsDB:LOCAL
 jdench 110 =>java -jar ../codetrunk/trunk/jars/insane/derbyrun.jar ij
ij version 10.9
ij> connect 'jdbc:derby:credsDB;user=myself;password=mypass;create=true';
ij> select username from sys.sysusers;
USERNAME                                                                                 
                                      
--------------------------------------------------------------------------------------------------------------------------------
MYSELF                                                                                   
                                      

1 row selected
ij> call SYSCS_UTIL.SYSCS_CREATE_USER('APP', 'app');
0 rows inserted/updated/deleted
ij> select username from sys.sysusers;
USERNAME                                                                                 
                                      
--------------------------------------------------------------------------------------------------------------------------------
APP                                                                                      
                                      
MYSELF                                                                                   
                                      

2 rows selected
ij> disconnect;
ij> connect 'jdbc:derby:testDB;user=app;password=app';
ERROR 08004: Connection authentication failure occurred.  Reason: Invalid authentication..
ij> exit;

I cannot connect to testDB at all, so there is no way I can store my credentials in it. What
am I doing wrong?

                
> Document the NATIVE authentication scheme.
> ------------------------------------------
>
>                 Key: DERBY-5522
>                 URL: https://issues.apache.org/jira/browse/DERBY-5522
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.9.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
>         Attachments: CreateNativeUsers.java, CreateNativeUsers.java, DERBY-5522-devguide.diff,
DERBY-5522-devguide.stat, DERBY-5522-devguide.zip, NativeAuthExampleClient1.java, NativeAuthExampleClient2.java,
NativeAuthExampleEmbedded.java, NativeAuthExampleEmbedded.java, NativeAuthExampleEmbedded.java,
NativeAuthExampleEmbedded.java, NativeAuthExampleEmbedded.java, NativeAuthExampleEmbedded.java,
UseNativeUsers.java, UseNativeUsers.java
>
>
> We should document NATIVE authentication after we have implemented the changes described
on DERBY-866. The documentation changes are described by the functional spec UserManagement.html
attached to that issue.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message