Hi, Libor Jelinek <[email protected]> writes:
> *derby.database.defaultConnectionMode=noAccess > derby.authentication.provider=BUILTIN > derby.user.sa=veryStrongPwd > derby.user.readonly=readonly > derby.fullAccessUsers=sa > derby.readonlyAccessUsers=readonly > * > My intention is to restrict access only with pre-defined users. In my simply > environment only two: super-administrator and readonly user. These my two > users should be "global" - be sa or readonly for every database I have. > > But always I ended with error: > > *java.sql.SQLNonTransientConnectionException - DERBY SQL error: SQLCODE: -1, > SQLSTATE: 08004, SQLERRMC: Database connection refused.* I can reproduce this. I believe this is a Derby bug; it fails when trying to verify that the supplied user name "sa" is not a role. Derby seems to stumble over the fact that the default access is noAccess. Derby internally tries to open the just created database to check that "sa" is not a role (internal sanity check) without short circuiting the noAccess setting and gets stuck and throws the error you see. I'll file a bug report for this. Instead, you could use derby.authentication.provider=BUILTIN derby.connection.requireAuthentication=true derby.database.defaultConnectionMode=readOnlyAccess derby.user.sa=veryStrongPwd derby.user.readonly=readonly derby.fullAccessUsers=sa to limit reading to acknowledged users I think: $ java org.apache.derby.tools.ij ij version 10.9 ij> connect 'jdbc:derby:wombat;create=true;user=sa;password=veryStrongPwd'; ij> connect 'jdbc:derby:wombat'; ERROR 08004: Connection authentication failure occurred. Reason: Invalid authentication.. ij> connect 'jdbc:derby:wombat;user=readonly;password=readonly'; ij(CONNECTION1)> create table t(i int); ERROR 25503: DDL is not permitted for a read-only connection, user or database. Thanks, Dag
