Return-Path: X-Original-To: apmail-db-derby-user-archive@www.apache.org Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id F27F0F03E for ; Mon, 15 Apr 2013 13:37:33 +0000 (UTC) Received: (qmail 61437 invoked by uid 500); 15 Apr 2013 13:37:33 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 61412 invoked by uid 500); 15 Apr 2013 13:37:33 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 61402 invoked by uid 99); 15 Apr 2013 13:37:32 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Apr 2013 13:37:32 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of rick.hillegas@oracle.com designates 141.146.126.69 as permitted sender) Received: from [141.146.126.69] (HELO aserp1040.oracle.com) (141.146.126.69) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Apr 2013 13:37:24 +0000 Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r3FDb2gt027519 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 15 Apr 2013 13:37:03 GMT Received: from userz7022.oracle.com (userz7022.oracle.com [156.151.31.86]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r3FDb1Po017357 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 15 Apr 2013 13:37:02 GMT Received: from abhmt109.oracle.com (abhmt109.oracle.com [141.146.116.61]) by userz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r3FDb1tm002604 for ; Mon, 15 Apr 2013 13:37:01 GMT Received: from dhcp-amer-vpn-rmdc-anyconnect-10-159-102-88.vpn.oracle.com (/10.159.102.88) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 15 Apr 2013 06:37:01 -0700 Message-ID: <516C027D.7030703@oracle.com> Date: Mon, 15 Apr 2013 06:37:01 -0700 From: Rick Hillegas User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11 MIME-Version: 1.0 To: derby-user@db.apache.org Subject: Re: Authentication required only for remote users? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: ucsinet21.oracle.com [156.151.31.93] X-Virus-Checked: Checked by ClamAV on apache.org On 4/12/13 3:49 PM, Al Eridani wrote: > This may not be possible out-of-the-box, but here it goes, in case > someone can help. > > We have an application that uses Derby with a single database and, > until now, with no authentication. > > The application can be configured to start Derby with either the > embedded or client data sources. The client data source is not needed > by the application, but it is useful to remotely monitor the data. > > We would like to require authentication only for remote users, not the > application. Alternatively, we could live with requiring > authentication when the application boots Derby using the client data > source, but not when using the embedded data source. > > The documentation does not address this. Does anybody have any ideas? > Thanks! > > Al > Hi Al, I don't know any way to do this purely within Derby's public API. However, you could write your own custom authenticator which checks to see whether the DRDAConnThread class appears on the stack returned by Thread.getStackTrace(). DRDAConnThread will only appear on the stack if you are authenticating a network connection request. Note that there are no guarantees that this will work in future revs of Derby; however, DRDAConnThread has been around for 7 years and no-one has suggested removing it. Hope this helps, -Rick