[
https://issues.apache.org/jira/browse/DERBY-5522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13234866#comment-13234866
]
Kim Haase commented on DERBY-5522:
----------------------------------
I have been trying to figure out under what circumstances I would need to call
SYSCS_UTIL.SYSCS_CREATE_USER to create credentials for the DBO for a
pre-existing database. It seems that this never happens.
With authentication disabled, I create a database, testDB; then I set the
provider to NATIVE:credsDB. I create credsDB, in which I (the DBO) am already
entered. Then I create the user APP, who owns testDB. I can then connect to
testDB as APP. Nothing is stored in testDB's sysusers table, because credsDB is
used for everything.
jdench 100 =>java -jar ../codetrunk/trunk/jars/insane/derbyrun.jar ij
ij version 10.9
ij> connect 'jdbc:derby:testDB;create=true';
ij> create table t1(n int);
0 rows inserted/updated/deleted
ij> select * from t1;
N
-----------
0 rows selected
ij> exit;
jdench 101 =>mv notderby.properties derby.properties
jdench 102 =>more derby.properties
derby.authentication.provider=NATIVE:credsDB
jdench 103 =>java -jar ../codetrunk/trunk/jars/insane/derbyrun.jar ij
ij version 10.9
ij> connect 'jdbc:derby:credsDB;user=myself;password=mypass;create=true';
ij> select username from sys.sysusers;
USERNAME
-------------------------------------------------------------------------------
MYSELF
1 row selected
ij> call SYSCS_UTIL.SYSCS_CREATE_USER('APP', 'app');
0 rows inserted/updated/deleted
ij> select username from sys.sysusers;
USERNAME
-------------------------------------------------------------------------------
APP
MYSELF
2 rows selected
ij> disconnect;
ij> connect 'jdbc:derby:testDB;user=app;password=app';
ij> select * from t1;
N
-----------
0 rows selected
ij> insert into t1 values(3);
1 row inserted/updated/deleted
ij> select * from t1;
N
-----------
3
1 row selected
ij> select username from sys.sysusers;
USERNAME
-------------------------------------------------------------------------------
0 rows selected
ij> exit;
I then do exactly the same thing with the property set to NATIVE:credsDB:LOCAL,
after deleting the databases. This time I get an authentication failure when I
try to log in to testDB.
jdench 105 =>mv derby.properties notderby.properties
jdench 106 =>/bin/rm -rf testDB credsDB
jdench 107 =>java -jar ../codetrunk/trunk/jars/insane/derbyrun.jar ij
ij version 10.9
ij> connect 'jdbc:derby:testDB;create=true';
ij> create table t1(n int);
0 rows inserted/updated/deleted
ij> select * from t1;
N
-----------
0 rows selected
ij> exit;
jdench 108 =>mv notderby.properties derby.properties
jdench 109 =>more derby.properties
derby.authentication.provider=NATIVE:credsDB:LOCAL
jdench 110 =>java -jar ../codetrunk/trunk/jars/insane/derbyrun.jar ij
ij version 10.9
ij> connect 'jdbc:derby:credsDB;user=myself;password=mypass;create=true';
ij> select username from sys.sysusers;
USERNAME
--------------------------------------------------------------------------------------------------------------------------------
MYSELF
1 row selected
ij> call SYSCS_UTIL.SYSCS_CREATE_USER('APP', 'app');
0 rows inserted/updated/deleted
ij> select username from sys.sysusers;
USERNAME
--------------------------------------------------------------------------------------------------------------------------------
APP
MYSELF
2 rows selected
ij> disconnect;
ij> connect 'jdbc:derby:testDB;user=app;password=app';
ERROR 08004: Connection authentication failure occurred. Reason: Invalid
authentication..
ij> exit;
I cannot connect to testDB at all, so there is no way I can store my
credentials in it. What am I doing wrong?
> Document the NATIVE authentication scheme.
> ------------------------------------------
>
> Key: DERBY-5522
> URL: https://issues.apache.org/jira/browse/DERBY-5522
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Rick Hillegas
> Assignee: Kim Haase
> Attachments: CreateNativeUsers.java, CreateNativeUsers.java,
> DERBY-5522-devguide.diff, DERBY-5522-devguide.stat, DERBY-5522-devguide.zip,
> NativeAuthExampleClient1.java, NativeAuthExampleClient2.java,
> NativeAuthExampleEmbedded.java, NativeAuthExampleEmbedded.java,
> NativeAuthExampleEmbedded.java, NativeAuthExampleEmbedded.java,
> NativeAuthExampleEmbedded.java, NativeAuthExampleEmbedded.java,
> UseNativeUsers.java, UseNativeUsers.java
>
>
> We should document NATIVE authentication after we have implemented the
> changes described on DERBY-866. The documentation changes are described by
> the functional spec UserManagement.html attached to that issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
