Return-Path: X-Original-To: apmail-db-derby-user-archive@www.apache.org Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0E801927B for ; Fri, 27 Apr 2012 14:13:08 +0000 (UTC) Received: (qmail 83683 invoked by uid 500); 27 Apr 2012 14:13:07 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 83603 invoked by uid 500); 27 Apr 2012 14:13:07 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 83594 invoked by uid 99); 27 Apr 2012 14:13:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Apr 2012 14:13:07 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_PASS,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of rick.hillegas@oracle.com designates 148.87.113.117 as permitted sender) Received: from [148.87.113.117] (HELO rcsinet15.oracle.com) (148.87.113.117) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Apr 2012 14:13:00 +0000 Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q3RECaVi026806 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 27 Apr 2012 14:12:37 GMT Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q3RECZBU018243 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 27 Apr 2012 14:12:36 GMT Received: from abhmt105.oracle.com (abhmt105.oracle.com [141.146.116.57]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q3RECZfF023899 for ; Fri, 27 Apr 2012 09:12:35 -0500 Received: from dhcp-rmdc-twvpn-1-vpnpool-10-159-4-103.vpn.oracle.com (/10.159.4.103) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 27 Apr 2012 07:12:35 -0700 Message-ID: <4F9AA949.5050800@oracle.com> Date: Fri, 27 Apr 2012 07:12:25 -0700 From: Rick Hillegas User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11 MIME-Version: 1.0 To: derby-user@db.apache.org Subject: Re: User authorisation References: <4F9185C6.6020203@oracle.com> <4F955021.6060603@oracle.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: ucsinet22.oracle.com [156.151.31.94] X-Virus-Checked: Checked by ClamAV on apache.org Hi Trejkaz, I can reproduce your results if my UserAuthenticator throws a SQLException whose SQLState is 08004, one of the SQLStates reserved for use by Derby. If my UserAuthenticator throws a SQLException whose SQLState is ZZZZZ, a state not reserved by Derby, then the exception traverses the network correctly and is seen by the client application. Here is a sample program showing the success case: import java.sql.*; public class ZZ { public static void main( String... args ) throws Exception { try { Connection conn = DriverManager.getConnection ( "jdbc:derby://localhost:8246/memory:db;create=true;user=foo;password=bar" ); } catch (Throwable t) { printThrowable( t ); } } private static void printThrowable( Throwable t ) { if ( t == null ) { return; } println( "\nThrowable is a " + t.getClass().getName() ); println( " message = " + t.getMessage() ); if ( t instanceof SQLException ) { SQLException se = (SQLException) t; println( " SQLState = " + se.getSQLState() ); printThrowable( se.getNextException() ); } printThrowable( t.getCause() ); } private static void println( String text ) { System.out.println( text ); } } ...and here is the UserAuthenticator I used: import java.sql.SQLException; import java.util.Properties; import org.apache.derby.authentication.UserAuthenticator; public class Z implements UserAuthenticator { public Z() {} public boolean authenticateUser ( String userName, String userPassword, String databaseName, Properties info ) throws SQLException { throw new SQLException( "I can't do that, Dave.", "ZZZZZ" ); } } Hope this helps, -Rick On 4/26/12 10:09 PM, Trejkaz wrote: > On Mon, Apr 23, 2012 at 10:50 PM, Rick Hillegas > wrote: >> UserAuthenticator.authenticateUser() can throw a SQLException which explains >> that the user doesn't have access to the given database. I find that >> SQLExceptions raised by the following code reach the application: > [snip] > > I just gave this a shot, but it doesn't appear to work, at least not > over the client-server connection. > > I tried it using a mock authenticator: > > mockery.checking(new Expectations() {{ > oneOf(authenticator).authenticateUser("bob", "bob", > dbDir.getAbsolutePath(), new Properties()); > will(throwException(new > SQLNonTransientConnectionException("Database access denied for user > bob", "08004.C.3"))); > }}); > > Then when I connect to the database, I do get back SQLState "08004", > but it's "08004.C.1" with a different error message to the one I > returned. My initial guess would be that Derby swallows the > authentication exception on the server side, sends some kind of error > code over the wire and then the client driver propagates a brand new > exception to the application. > > TX >