[
https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518546
]
Kim Haase commented on DERBY-1823:
----------------------------------
Francois, your second comment is easily fixed in the map file, but I need a bit
of clarification on how to fix the first.
Are you suggesting that we provide a complete program example that would start
the database, call the first method, stop the database, restart the database,
connect to the database using some of the users created by the first method,
fail to add data to the database as a guest, succeed in adding data to the
database as a full user, then call the second method to remove the users, and
shut down the database again? This would be a long and complicated program, and
I'm afraid the actual property-setting methods would get lost in it. Also I
think there would have to be two different versions for embedded and
client-server, since the database startup and shutdown can be done within the
program using the embedded driver, but must be done outside the program for the
client driver.
Or is it enough to state that the user would have to do all those things?
By the way, there seems to be another problem with the topic. It begins "The
following two examples from the sample database ..." However, I don't think we
supply this database with Derby any more. Do we? I can't find them in the demo
directory.
> Derby Developer's Guide - Issues w/ User authentication and authorization
> extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0
> Reporter: Francois Orsini
> Priority: Minor
>
> There is a couple of issues with the paragraph/section "User authentication
> and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown
> and reboot the database for which the
> 'derby.connection.requireAuthentication' authentication database property is
> being set - as this last one is a derby static property, it will not be taken
> into account until the database is rebooted (or the whole derby engine
> instance). Hence, the 2 checks for "Confirming requireAuthentication" is
> misleading as the property value is changed _but_ the actual database
> authentication enabling/disabling has not changed since it was last booted.
> Database needs to be shutdown and rebooted after
> 'derby.connection.requireAuthentication' is set and then some negative
> testing of invalid user connection needs to be added to show that only valid
> users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same
> level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a
> client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
