geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject Re: Configuring embedded Derby security in Geronimo 2.0.2
Date Wed, 05 Mar 2008 05:46:59 GMT
you will need to create derby.properties under var/derby directory.  The
properties file will look like the following.
derby.connection.requireAuthentication=true
derby.authentication.provider=BUILTIN
derby.user.userName1=password1
derby.user.userName2=password2

You can also use LDAP or your own authenticator instead of BUILTIN.  For
more details, you can consult
http://db.apache.org/derby/binaries/jta-WE15.pdf .

Once you enable derby security, you will need to change the user credentials
in the database pools accrodingly.  I suggest you edit the database pools
first using Admin Console, stop the server, create derby.properties and
start the server.

++Vamsi
On Wed, Mar 5, 2008 at 5:08 AM, Brian Dellert <bdellert@rcn.com> wrote:

>  Hi.
>
> I am evaluating using the Derby instance embedded in Geronimo to store
> application-specific data.  The data would be stored in a separate,
> application-specific database.  In order to achieve this, I would need to
> lock down this application-specific database so that un-authorized processes
> (which did not authenticate with a username/password) would not be able to
> access the database.  This could occur, since it is possible to connect to
> the Derby instance on port 1527 on the machine where Geronimo is running
> and, by default, no username/password is required to connect.  It should be
> noted that there are scenarios in my application where authorized remote
> processes will need to connect to this Derby instance, so simply disabling
> the Derby 'network server' is not an adequate solution.  I searched through
> the Geronimo documentation and this mailing list, but could not find any
> info on this topic.  Any help regarding how to configure Geronimo to meet
> these requirements would be greatly appreciated.  Thanks.
>
> - Brian
>
>

Mime
View raw message