db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dag.wan...@oracle.com (Dag H. Wanvik)
Subject Re: Beginner's authentication question
Date Thu, 05 May 2011 21:26:14 GMT
Hi,

Libor Jelinek <ljelinek@virtage.com> writes:

> *derby.database.defaultConnectionMode=noAccess
> derby.authentication.provider=BUILTIN
> derby.user.sa=veryStrongPwd
> derby.user.readonly=readonly
> derby.fullAccessUsers=sa
> derby.readonlyAccessUsers=readonly
> *
> My intention is to restrict access only with pre-defined users. In my simply
> environment only two: super-administrator and readonly user. These my two
> users should be "global" - be sa or readonly for every database I have.
>
> But always I ended with error:
>
> *java.sql.SQLNonTransientConnectionException - DERBY SQL error: SQLCODE: -1,
> SQLSTATE: 08004, SQLERRMC: Database connection refused.*

I can reproduce this. I believe this is a Derby bug; it fails when
trying to verify that the supplied user name "sa" is not a role. Derby
seems to stumble over the fact that the default access is
noAccess. Derby internally tries to open the just created database to
check that "sa" is not a role (internal sanity check) without short
circuiting the noAccess setting and gets stuck and throws the error you
see. I'll file a bug report for this.

Instead, you could use 

derby.authentication.provider=BUILTIN
derby.connection.requireAuthentication=true
derby.database.defaultConnectionMode=readOnlyAccess
derby.user.sa=veryStrongPwd
derby.user.readonly=readonly
derby.fullAccessUsers=sa

to limit reading to acknowledged users I think:

$ java org.apache.derby.tools.ij
ij version 10.9
ij> connect 'jdbc:derby:wombat;create=true;user=sa;password=veryStrongPwd';
ij> connect 'jdbc:derby:wombat';
ERROR 08004: Connection authentication failure occurred.  Reason: Invalid authentication..
ij> connect 'jdbc:derby:wombat;user=readonly;password=readonly';
ij(CONNECTION1)> create table t(i int);
ERROR 25503: DDL is not permitted for a read-only connection, user or database.


Thanks,
Dag




Mime
View raw message