Return-Path: Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: (qmail 83533 invoked from network); 24 May 2007 00:45:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 24 May 2007 00:45:34 -0000 Received: (qmail 90965 invoked by uid 500); 24 May 2007 00:45:37 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 90939 invoked by uid 500); 24 May 2007 00:45:37 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 90928 invoked by uid 99); 24 May 2007 00:45:37 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 May 2007 17:45:37 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of francois.orsini@gmail.com designates 64.233.184.239 as permitted sender) Received: from [64.233.184.239] (HELO wr-out-0506.google.com) (64.233.184.239) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 May 2007 17:45:30 -0700 Received: by wr-out-0506.google.com with SMTP id 70so17231wra for ; Wed, 23 May 2007 17:45:10 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=L3P7FdxJBgQDzAiAXhx5o49D/5eAeeS0qggrPdzqMvvisPuI1pKNgQNPKy2YopPpvpTKgOPhxZD4GMCvhGbEITmued7dlOVcDX7oEM/tfSjNbFPqi6gTupEDHFCJOq4V3hU4rADktZ9B7ACxo0niYZOjd52fCEzjRsb2BAIf6Jk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=bxVYKa4oW3JdNvJFTd260Da384qOpml7OVTfrh++7t1s7AQsWAApX6Ynv1qoFGbZzAotNu6Jy5y46myMKaHsTaSLM8Zx2tttcqFf1EUAibHYmv22FhPpTpH9bvOwoi3+cUL5Z4k/xFRIRnpm4+HMYLJo4QGK6beVANkHqqWf6Ow= Received: by 10.114.194.1 with SMTP id r1mr595481waf.1179967509111; Wed, 23 May 2007 17:45:09 -0700 (PDT) Received: by 10.114.197.6 with HTTP; Wed, 23 May 2007 17:45:09 -0700 (PDT) Message-ID: <7921d3e40705231745o63ac2d76i5d6f7d234a3c3321@mail.gmail.com> Date: Wed, 23 May 2007 17:45:09 -0700 From: "Francois Orsini" To: "Derby Discussion" Subject: Re: Password Authentication Failure In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_125281_17032134.1179967509049" References: X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_125281_17032134.1179967509049 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Dan, The error you posted is not an authentication failure one but It would be great to get more info - The default schema is 'APP' when no user name (or 'APP') is passed to connect to Derby. Are you trying to access some tables which have not been created yet - That would cause this error to be raised too...Are you getting this error right upon the connection request or are you sending some statements - if you could post all the attributes that you're passing to the DriverManager.getConnection() call, that would be good too... You might want to check this FAQ entry about this type of error: http://db.apache.org/derby/faq.html#schema_exist Derby's BUILTIN (default) authentication provider can be set at the system or database level. The BUILTIN authentication scheme will use system-wide properties if they have not been overriden by database properties - users can be created at the system or / and database level (database properties). If a user does not get authenticated successfully, you should get an authentication failure error. Also, user system properties are static ones, which means you will need to restart the server for new ones to be taken into account... Hope this helps a bit, --francois On 5/23/07, Petrula, Dan wrote: > > I am using a client-server configuration with the datebase located on a > separate server. If I set 'derby.connection.requireAuthentication=true' , > 'derby.authentication.provider=BUILTIN' , and 'derby.user.dan=danpass' in > the derby.properties file, I get the error message SQLException:Schema > 'DAN' > does not exist. I am passing a Properties object containing the password > name/value pairs as an attribute to the connection url 'conn= > DriverManager.get > Connection(dbURL,prop); > > I would like to set system-wide properties using the 'BUILTIN' > authenication provider. There are many examples in Derby documents showing > the > passing of a Properties object or just string value pairs combinations > to Derby. > > However, I came upon a note on page 9 of "Tuning Derby" dated 12-11-06. > This notes says "If you pass in a Properties object as an argument to the > DriverManager.getConnection call when connecting to the database, those > properties are used as a database connection URL attribute, not as > properties > of the type discussed in this book". > > I am not sure how to interpret that statement. However, it seems to imply > that: > > 1. It is not possible to authenticate using system-wide properties by > passing a password name/value pair as an attribute. > > 2. The only way to validate by passing an attribute seems to be at the > database level. > > 3. I am assuming the use of the 'BUILTIN' authentication provider. > > If I create the database using user=dan & password=danpass during the > creation process, I can connect to the database by passing the Properties > object > and setting derby.connection.requireAuthentication=true. If I don't set > the authentication and don't pass the Properties object, I can connect to > the database. > > If I am correct in my numbered statements, what is the purpose of the > 'BUILTIN' option as an authentication provider using system-wide properties? > It does not > appear that it can be used. > > Of course maybe I just don't understand this authentication process. > > Anyone have any comments? > > Dan > > ********************************************************************** > > NOTICE: > > This e-mail, including attachments, contains information that may be > confidential, protected by the attorney/client or other privileges, or > exempt from disclosure under applicable law. Further, this e-mail may > contain information that is proprietary and/or constitutes a trade secret. > This e-mail, including attachments, constitutes non-public information > intended to be conveyed only to the designated recipient(s). If you are not > an intended recipient of this communication, please be advised that any > disclosure, dissemination, distribution, copying, or other use of this > communication or any attached document is strictly prohibited. If you have > received this communication in error, please notify the sender immediately > by reply e-mail and promptly destroy all electronic and printed copies of > this communication and any attached documents. > > > > ********************************************************************** > > > ------=_Part_125281_17032134.1179967509049 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Dan,

The error you posted is not an authentication failure one but It would be great to get more info - The default schema is 'APP' when no user name (or 'APP') is passed to connect to Derby. Are you trying to access some tables which have not been created yet - That would cause this error to be raised too...Are you getting this error right upon the connection request or are you sending some statements - if you could post all the attributes that you're passing to the DriverManager.getConnection() call, that would be good too...

You might want to check this FAQ entry about this type of error:
http://db.apache.org/derby/faq.html#schema_exist

Derby's BUILTIN (default) authentication provider can be set at the system or database level. The BUILTIN authentication scheme will use system-wide properties if they have not been overriden by database properties - users can be created at the system or / and database level (database properties). If a user does not get authenticated successfully, you should get an authentication failure error.

Also, user system properties are static ones, which means you will need to restart the server for new ones to be taken into account...

Hope this helps a bit,

--francois

On 5/23/07, Petrula, Dan <DPetrula@thezenith.com> wrote:
I am using a client-server configuration with the datebase located on a separate server. If I set 'derby.connection.requireAuthentication=true' ,
'derby.authentication.provider=BUILTIN' , and 'derby.user.dan=danpass' in the derby.properties file, I get the error message SQLException:Schema 'DAN'
does not exist. I am passing a Properties object containing the password name/value pairs as an attribute to the connection url 'conn=DriverManager.get
Connection(dbURL,prop);
 
I would like to set system-wide properties using the 'BUILTIN' authenication provider. There are many examples in Derby documents showing the
 passing of a Properties object or just string value pairs  combinations to Derby.
 
However, I came upon a note on page 9 of "Tuning Derby" dated 12-11-06. This notes says "If you pass in a Properties object as an argument to the
DriverManager.getConnection call when connecting to the database, those properties are used as a database connection URL attribute, not as properties
of the type discussed in this book".
 
I am not sure how to interpret that statement. However, it seems to imply that:
 
    1. It is not possible to authenticate using system-wide properties by passing a password name/value pair as an attribute.
 
    2. The only way to validate by passing an attribute seems to be at the database level.
 
    3. I am assuming the use of the 'BUILTIN' authentication provider.
 
If I create the database using user=dan & password=danpass during the creation process, I can connect to the database by passing the Properties object
and setting derby.connection.requireAuthentication=true. If I don't set the authentication and don't pass the Properties object, I can connect to the database.
 
If I am correct in my numbered statements, what is the purpose of the 'BUILTIN' option as an authentication provider using system-wide properties? It does not
appear that it can be used.
 
Of course maybe I just don't understand this authentication process.
 
Anyone have any comments?
 
Dan

**********************************************************************

NOTICE:

This e-mail, including attachments, contains information that may be confidential, protected by the attorney/client or other privileges, or exempt from disclosure under applicable law. Further, this e-mail may contain information that is proprietary and/or constitutes a trade secret. This e-mail, including attachments, constitutes non-public information intended to be conveyed only to the designated recipient(s). If you are not an intended recipient of this communication, please be advised that any disclosure, dissemination, distribution, copying, or other use of this communication or any attached document is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by reply e-mail and promptly destroy all electronic and printed copies of this communication and any attached documents. 

 

**********************************************************************

 


------=_Part_125281_17032134.1179967509049--