db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5741) Native user authentication: improve checking of syntax
Date Thu, 03 May 2012 17:54:51 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13267631#comment-13267631
] 

Rick Hillegas commented on DERBY-5741:
--------------------------------------

Technically, this behavior is correct although the error message is not helpful. The NATIVE
authentication service boots only when the authentication provider begins with NATIVE: (note
the trailing colon). The trailing colon unambiguously marks the provider value as something
which could not be a legal class name. For backward compatibility reasons, any value of derby.authentication.provider
(other than BUILTIN and LDAP) which could be a class name is handed to the user-defined authentication
service. The user-defined authentication service attempts to instantiate that class and boot
it as the authentication provider.

One fix to this confusion would be for the user-authentication service to throw a more helpful
error message. Maybe a message which says that the value of derby.authentication.provider
is not LDAP or BUILTIN, and does not begin with NATIVE:, and does not identify a class which
can be reached.

Would that be satisfactory? Thanks.
                
> Native user authentication: improve checking of syntax
> ------------------------------------------------------
>
>                 Key: DERBY-5741
>                 URL: https://issues.apache.org/jira/browse/DERBY-5741
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.9.0.0
>            Reporter: Dag H. Wanvik
>            Priority: Minor
>         Attachments: repro2.sh
>
>
> Trying to set derby.authentication.provider to "NATIVE:" correctly gives an error message
complaining about the syntax:
> "ERROR XCY05: Invalid setting of the derby.authentication.provider property. This property
cannot be set to NATIVE::LOCAL unless credentials for the database owner have been stored
in the database using the SYSCS_UTIL.SYSCS_CREATE_USER procedure."
> Trying to set it as "NATIVE" (no trailing colon) does not treat this the value as a malformed
NATIVE authentication specification. This leads to it being interpreted as a used defined
authentication class, so when I attempt to connect after disconnection from the database I
see:
> ERROR XJ040: Failed to start database 'cred' with class loader sun.misc.Launcher$AppClassLoader@18d107f,
see the next exception for details.
> ERROR XJ001: Java exception: 'NATIVE: java.lang.ClassNotFoundException'.
> Another thing is that the error message in the first place is out of date now: we never
shoudl be setting "NATIVE::LOCAL" explicitly, it id does once the first user is created according
to version 7.0 of the spec. See DERBY-5742.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message