[ http://issues.apache.org/jira/browse/DERBY-1711?page=comments#action_12429746 ] Francois Orsini commented on DERBY-1711: ----------------------------------------
Hi Chinmay, This is not a bug - The 'derby.connection.requireAuthentication' derby property is a static one - Once it is set to true to turn on authentication, the database or derby instance needs to be re-booted - So, if you set this property to true at the database level, just shutdown the database and re-open a connection to that database for the property to be taken into account during the following database boot... However, the example in the guide does NOT do some proper testing in my opinion - it basically checks if the properties have been set but it does NOT intrinsically check if authentication has really been turned by doing more negative testing...The example also does NOT shutdown and restart the database for the derby static properties to be taken into acount. This bug should be converted into a documentation one - I also believe that we need to highlight more the fact that the 'derby.connection.requireAuthentication' property is a static one... Hope this helps - in the meantime... > In an embedded env, connection happens properly even when the password > supplied is wrong. > ----------------------------------------------------------------------------------------- > > Key: DERBY-1711 > URL: http://issues.apache.org/jira/browse/DERBY-1711 > Project: Derby > Issue Type: Bug > Components: JDBC > Affects Versions: 10.1.3.1 > Environment: Win XP,Java 1.4.x > Reporter: Chinmay Bajikar > Attachments: derby.zip > > > Hi, > I am a new user of Derby. > Have tried to set user authorization at the database level using the example > given in the Derby Dev Guide.(Page 85). > The steps that I do are as follows, > 1)Create a db (using create=true attribute in the connection url) > 2) Connect to the db and set the appropriate properties i.e. set > requireAuthentication to true,provider to builtin, add a new user,passwrd and > give it full access. > 3) Set the default access level to noAccess. > 4) Close this connection. > 5) Now make a new connection using the user name/passwd.It connects fine. > 6) Now try to make a new connection using a wrong user name and it gives a > Connection Refused exception. > 7) Finally try giving a right username and wrong passwd and the connection > still happens. > Have attached the source file which does all these above steps for > reproducing the issue. > Thanks, > Chinmay. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
