[ https://issues.apache.org/jira/browse/DERBY-5741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13267631#comment-13267631 ] Rick Hillegas commented on DERBY-5741: -------------------------------------- Technically, this behavior is correct although the error message is not helpful. The NATIVE authentication service boots only when the authentication provider begins with NATIVE: (note the trailing colon). The trailing colon unambiguously marks the provider value as something which could not be a legal class name. For backward compatibility reasons, any value of derby.authentication.provider (other than BUILTIN and LDAP) which could be a class name is handed to the user-defined authentication service. The user-defined authentication service attempts to instantiate that class and boot it as the authentication provider. One fix to this confusion would be for the user-authentication service to throw a more helpful error message. Maybe a message which says that the value of derby.authentication.provider is not LDAP or BUILTIN, and does not begin with NATIVE:, and does not identify a class which can be reached. Would that be satisfactory? Thanks. > Native user authentication: improve checking of syntax > ------------------------------------------------------ > > Key: DERBY-5741 > URL: https://issues.apache.org/jira/browse/DERBY-5741 > Project: Derby > Issue Type: Improvement > Components: Services > Affects Versions: 10.9.0.0 > Reporter: Dag H. Wanvik > Priority: Minor > Attachments: repro2.sh > > > Trying to set derby.authentication.provider to "NATIVE:" correctly gives an error message complaining about the syntax: > "ERROR XCY05: Invalid setting of the derby.authentication.provider property. This property cannot be set to NATIVE::LOCAL unless credentials for the database owner have been stored in the database using the SYSCS_UTIL.SYSCS_CREATE_USER procedure." > Trying to set it as "NATIVE" (no trailing colon) does not treat this the value as a malformed NATIVE authentication specification. This leads to it being interpreted as a used defined authentication class, so when I attempt to connect after disconnection from the database I see: > ERROR XJ040: Failed to start database 'cred' with class loader sun.misc.Launcher$AppClassLoader@18d107f, see the next exception for details. > ERROR XJ001: Java exception: 'NATIVE: java.lang.ClassNotFoundException'. > Another thing is that the error message in the first place is out of date now: we never shoudl be setting "NATIVE::LOCAL" explicitly, it id does once the first user is created according to version 7.0 of the spec. See DERBY-5742. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira