You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by jt...@apache.org on 2005/03/31 02:27:28 UTC
svn commit: r159548 [6/17] - in incubator/derby/docs/trunk/src: adminguide/
devguide/ getstart/ tuning/
Modified: incubator/derby/docs/trunk/src/devguide/cdevconcepts842304.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevconcepts842304.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevconcepts842304.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevconcepts842304.dita Wed Mar 30 16:26:36 2005
@@ -1,34 +1,34 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevconcepts842304">
-<title>Shared locks</title>
-<prolog>
-</prolog>
-<conbody>
-<p>When a statement reads data without making any modifications, its transaction
-obtains a <i>shared lock</i> on the data. Another transaction
-that tries to read the same data is permitted to read, but a transaction that
-tries to update the data will be prevented from doing so until the shared
-lock is released. How long this shared lock is held depends on the isolation
-level of the transaction holding the lock. Transactions using the TRANSACTION_READ_COMMITTED
-isolation level release the lock when the transaction steps through to the
-next row. Transactions using the TRANSACTION_SERIALIZABLE or TRANSACTION_REPEATABLE_READ
-isolation level hold the lock until the transaction is committed, so even
-a SELECT can prevent updates if a commit is never issued. Transactions using
-the TRANSACTION_READ_UNCOMMITTED isolation level do not request any locks.</p>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevconcepts842304">
+<title>Shared locks</title>
+<prolog>
+</prolog>
+<conbody>
+<p>When a statement reads data without making any modifications, its transaction
+obtains a <i>shared lock</i> on the data. Another transaction
+that tries to read the same data is permitted to read, but a transaction that
+tries to update the data will be prevented from doing so until the shared
+lock is released. How long this shared lock is held depends on the isolation
+level of the transaction holding the lock. Transactions using the TRANSACTION_READ_COMMITTED
+isolation level release the lock when the transaction steps through to the
+next row. Transactions using the TRANSACTION_SERIALIZABLE or TRANSACTION_REPEATABLE_READ
+isolation level hold the lock until the transaction is committed, so even
+a SELECT can prevent updates if a commit is never issued. Transactions using
+the TRANSACTION_READ_UNCOMMITTED isolation level do not request any locks.</p>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevconcepts842304.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevconcepts842385.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevconcepts842385.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevconcepts842385.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevconcepts842385.dita Wed Mar 30 16:26:36 2005
@@ -1,38 +1,38 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevconcepts842385">
-<title>Update locks</title>
-<prolog><metadata>
-<keywords>
-<indexterm>Update locks</indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<p>When a user-defined update cursor (created with the FOR UPDATE clause)
-reads data, its transaction obtains an <i>update </i>lock
-on the data. If the user-defined update cursor updates the data, the update
-lock is converted to an exclusive lock. If the cursor does not update the
-row, when the transaction steps through to the next row, transactions using
-the TRANSACTION_READ_COMMITTED isolation level release the lock, and transactions
-using the TRANSACTION_SERIALIZABLE or TRANSACTION_REPEATABLE_READ isolation
-level downgrade it to a shared lock until the transaction is committed. (For
-update locks, the TRANSACTION_READ_UNCOMMITTED isolation level acts the same
-way as TRANSACTION_READ_COMMITTED.)</p>
-<p>Update locks help minimize deadlocks.</p>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevconcepts842385">
+<title>Update locks</title>
+<prolog><metadata>
+<keywords>
+<indexterm>Update locks</indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<p>When a user-defined update cursor (created with the FOR UPDATE clause)
+reads data, its transaction obtains an <i>update </i>lock
+on the data. If the user-defined update cursor updates the data, the update
+lock is converted to an exclusive lock. If the cursor does not update the
+row, when the transaction steps through to the next row, transactions using
+the TRANSACTION_READ_COMMITTED isolation level release the lock, and transactions
+using the TRANSACTION_SERIALIZABLE or TRANSACTION_REPEATABLE_READ isolation
+level downgrade it to a shared lock until the transaction is committed. (For
+update locks, the TRANSACTION_READ_UNCOMMITTED isolation level acts the same
+way as TRANSACTION_READ_COMMITTED.)</p>
+<p>Update locks help minimize deadlocks.</p>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevconcepts842385.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevconcepts842613.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevconcepts842613.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevconcepts842613.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevconcepts842613.dita Wed Mar 30 16:26:36 2005
@@ -1,29 +1,29 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevconcepts842613">
-<title>Notes on locking</title>
-<prolog>
-</prolog>
-<conbody>
-<p>In addition to the locks already described, foreign key lookups require
-briefly held shared locks on the referenced table (row or table, depending
-on the configuration).</p>
-<p>The table and examples in this section do not take performance-based lock
-escalation into account. Remember that the system can choose table-level locking
-for performance reasons.</p>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevconcepts842613">
+<title>Notes on locking</title>
+<prolog>
+</prolog>
+<conbody>
+<p>In addition to the locks already described, foreign key lookups require
+briefly held shared locks on the referenced table (row or table, depending
+on the configuration).</p>
+<p>The table and examples in this section do not take performance-based lock
+escalation into account. Remember that the system can choose table-level locking
+for performance reasons.</p>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevconcepts842613.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevconcepts844813.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevconcepts844813.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevconcepts844813.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevconcepts844813.dita Wed Mar 30 16:26:36 2005
@@ -1,34 +1,34 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevconcepts844813">
-<title>Information provided in SQLExceptions</title>
-<prolog><metadata>
-<keywords>
-<indexterm>SQLWarnings</indexterm>
-<indexterm>SQLExceptions<indexterm>chaining of</indexterm></indexterm>
-<indexterm>Processing SQLExceptions</indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<p><ph conref="devconrefs.dita#prod/productshortname"></ph> provides the message, <i>SQLState</i> values,
-and error codes. Use the <codeph><i>getSQLState</i></codeph> and <codeph><i>getMessage</i></codeph> methods to view the <codeph><i>SQLState</i></codeph> and error messages. Use <codeph><i>getErrorCode</i></codeph> to see the error code. The error code defines the severity of
-the error and is not unique to each exception. The severity levels are described
-in<codeph><i>org.apache.derby.types.ExceptionSeverity</i></codeph>.</p>
-<p>Applications should also check for and process <i>java.sql.SQLWarnings</i>, which are processed in a similar way. <ph conref="devconrefs.dita#prod/productshortname"></ph> issues an <codeph><i>SQLWarning</i></codeph> if the <codeph><i>create=true</i></codeph> attribute is specified and the database already exists.</p>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevconcepts844813">
+<title>Information provided in SQLExceptions</title>
+<prolog><metadata>
+<keywords>
+<indexterm>SQLWarnings</indexterm>
+<indexterm>SQLExceptions<indexterm>chaining of</indexterm></indexterm>
+<indexterm>Processing SQLExceptions</indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<p><ph conref="devconrefs.dita#prod/productshortname"></ph> provides the message, <i>SQLState</i> values,
+and error codes. Use the <codeph><i>getSQLState</i></codeph> and <codeph><i>getMessage</i></codeph> methods to view the <codeph><i>SQLState</i></codeph> and error messages. Use <codeph><i>getErrorCode</i></codeph> to see the error code. The error code defines the severity of
+the error and is not unique to each exception. The severity levels are described
+in<codeph><i>org.apache.derby.types.ExceptionSeverity</i></codeph>.</p>
+<p>Applications should also check for and process <i>java.sql.SQLWarnings</i>, which are processed in a similar way. <ph conref="devconrefs.dita#prod/productshortname"></ph> issues an <codeph><i>SQLWarning</i></codeph> if the <codeph><i>create=true</i></codeph> attribute is specified and the database already exists.</p>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevconcepts844813.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevconcepts89097.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevconcepts89097.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevconcepts89097.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevconcepts89097.dita Wed Mar 30 16:26:36 2005
@@ -1,29 +1,29 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevconcepts89097">
-<title>Lock wait timeouts</title>
-<prolog>
-</prolog>
-<conbody>
-<p>Even if a transaction is not involved in a deadlock, it might have to wait
-a considerable amount of time to obtain a lock because of a long-running transaction
-or transactions holding locks on the tables it needs. In such a situation,
-you might not want a transaction to wait indefinitely. Instead, you might
-want the waiting transaction to abort, or <i>time out</i>,
-after a reasonable amount of time, called a <i>lock wait timeout</i>. (For information about configuring the lock wait timeout, see <xref href="cdevconcepts16400.dita#cdevconcepts16400"/>.)</p>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevconcepts89097">
+<title>Lock wait timeouts</title>
+<prolog>
+</prolog>
+<conbody>
+<p>Even if a transaction is not involved in a deadlock, it might have to wait
+a considerable amount of time to obtain a lock because of a long-running transaction
+or transactions holding locks on the tables it needs. In such a situation,
+you might not want a transaction to wait indefinitely. Instead, you might
+want the waiting transaction to abort, or <i>time out</i>,
+after a reasonable amount of time, called a <i>lock wait timeout</i>. (For information about configuring the lock wait timeout, see <xref href="cdevconcepts16400.dita#cdevconcepts16400"/>.)</p>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevconcepts89097.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevconcepts89498.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevconcepts89498.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevconcepts89498.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevconcepts89498.dita Wed Mar 30 16:26:36 2005
@@ -1,62 +1,62 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevconcepts89498">
-<title>Pitfalls of sharing a connection among threads</title>
-<prolog>
-</prolog>
-<conbody>
-<p>Here is a review of the potential pitfalls of sharing a single <i>Connection</i> among multiple threads:</p>
-<ul>
-<li>Committing or rolling back a transaction closes all open <i>ResultSet</i> objects and currently executing <i>Statements</i>, unless you are using held cursors.
-<p>If one thread commits, it closes
-the <i>Statements</i> and <i>ResultSets</i> of
-all other threads using the same connection.</p></li>
-<li>Executing a <i>Statement</i> automatically closes any
-existing open <i>ResultSet</i> generated by an earlier execution
-of that <i>Statement</i>.
-<p>If threads share <i>Statements</i>, one thread could close another's <i>ResultSet.</i></p></li>
-</ul>
-<p>In many cases, it is easier to assign each thread to a distinct <i>Connection</i>. If thread <i>A</i> does database work that
-is not transactionally related to thread <i>B</i>, assign
-them to different <i>Connections</i>. For example, if thread <i>A</i> is associated with a user input window that allows users
-to delete hotels and thread <i>B</i> is associated with a
-user window that allows users to view city information, assign those threads
-to different <i>Connections</i>. That way, when thread <i>A</i> commits, it does not affect any <i>ResultSets</i> or <i>Statements</i> of thread B.</p>
-<p>Another strategy is to have one thread do queries and another thread do
-updates. Queries hold shared locks until the transaction commits in SERIALIZABLE
-isolation mode; use READ_COMMITTED instead.</p>
-<p>Yet another strategy is to have only one thread do database access. Have
-other threads get information from the database access thread.</p>
-<p>Multiple threads are permitted to share a <i>Connection</i>, <i>Statement</i>, or <i>ResultSet</i>. However, the application programmer must ensure that one thread does
-not affect the behavior of the others.</p>
-<section><title>Recommended Practices</title>
-<p>Here are some tips for avoiding unexpected behavior:</p>
-<ul>
-<li>Avoid sharing <i>Statements</i> (and their <codeph><i>ResultSets</i></codeph>) among threads.</li>
-<li>Each time a thread executes a<i> Statement</i>, it should
-process the results before relinquishing the <codeph><i>Connection</i></codeph>.</li>
-<li>Each time a thread accesses the <i>Connection</i>, it
-should consistently commit or not, depending on application protocol.</li>
-<li>Have one thread be the "managing" database <i>Connection</i> thread that should handle the higher-level tasks, such as
-establishing the <codeph><i>Connection</i></codeph>, committing,
-rolling back, changing <codeph><i>Connection</i></codeph> properties
-such as auto-commit, closing the <codeph><i>Connection</i></codeph>,
-shutting down the database (in an embedded environment), and so on.</li>
-<li>Close <i>ResultSets</i> and <codeph><i>Statements</i></codeph> that are no longer needed in order to release resources.</li>
-</ul></section>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevconcepts89498">
+<title>Pitfalls of sharing a connection among threads</title>
+<prolog>
+</prolog>
+<conbody>
+<p>Here is a review of the potential pitfalls of sharing a single <i>Connection</i> among multiple threads:</p>
+<ul>
+<li>Committing or rolling back a transaction closes all open <i>ResultSet</i> objects and currently executing <i>Statements</i>, unless you are using held cursors.
+<p>If one thread commits, it closes
+the <i>Statements</i> and <i>ResultSets</i> of
+all other threads using the same connection.</p></li>
+<li>Executing a <i>Statement</i> automatically closes any
+existing open <i>ResultSet</i> generated by an earlier execution
+of that <i>Statement</i>.
+<p>If threads share <i>Statements</i>, one thread could close another's <i>ResultSet.</i></p></li>
+</ul>
+<p>In many cases, it is easier to assign each thread to a distinct <i>Connection</i>. If thread <i>A</i> does database work that
+is not transactionally related to thread <i>B</i>, assign
+them to different <i>Connections</i>. For example, if thread <i>A</i> is associated with a user input window that allows users
+to delete hotels and thread <i>B</i> is associated with a
+user window that allows users to view city information, assign those threads
+to different <i>Connections</i>. That way, when thread <i>A</i> commits, it does not affect any <i>ResultSets</i> or <i>Statements</i> of thread B.</p>
+<p>Another strategy is to have one thread do queries and another thread do
+updates. Queries hold shared locks until the transaction commits in SERIALIZABLE
+isolation mode; use READ_COMMITTED instead.</p>
+<p>Yet another strategy is to have only one thread do database access. Have
+other threads get information from the database access thread.</p>
+<p>Multiple threads are permitted to share a <i>Connection</i>, <i>Statement</i>, or <i>ResultSet</i>. However, the application programmer must ensure that one thread does
+not affect the behavior of the others.</p>
+<section><title>Recommended Practices</title>
+<p>Here are some tips for avoiding unexpected behavior:</p>
+<ul>
+<li>Avoid sharing <i>Statements</i> (and their <codeph><i>ResultSets</i></codeph>) among threads.</li>
+<li>Each time a thread executes a<i> Statement</i>, it should
+process the results before relinquishing the <codeph><i>Connection</i></codeph>.</li>
+<li>Each time a thread accesses the <i>Connection</i>, it
+should consistently commit or not, depending on application protocol.</li>
+<li>Have one thread be the "managing" database <i>Connection</i> thread that should handle the higher-level tasks, such as
+establishing the <codeph><i>Connection</i></codeph>, committing,
+rolling back, changing <codeph><i>Connection</i></codeph> properties
+such as auto-commit, closing the <codeph><i>Connection</i></codeph>,
+shutting down the database (in an embedded environment), and so on.</li>
+<li>Close <i>ResultSets</i> and <codeph><i>Statements</i></codeph> that are no longer needed in order to release resources.</li>
+</ul></section>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevconcepts89498.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevconcepts95005.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevconcepts95005.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevconcepts95005.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevconcepts95005.dita Wed Mar 30 16:26:36 2005
@@ -1,53 +1,53 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevconcepts95005">
-<title>Deadlock detection</title>
-<prolog><metadata>
-<keywords>
-<indexterm>Deadlock detection</indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<p>When a transaction waits more than a specific amount of time to obtain
-a lock (called the deadlock timeout), <ph conref="devconrefs.dita#prod/productshortname"></ph> can detect whether the transaction
-is involved in a deadlock. When <ph conref="devconrefs.dita#prod/productshortname"></ph> analyzes such a situation for
-deadlocks it tries to determine how many transactions are involved in the
-deadlock (two or more). Usually aborting one transaction breaks the deadlock. <ph conref="devconrefs.dita#prod/productshortname"></ph> must
-pick one transaction as the victim and abort that transaction; it picks the
-transaction that holds the fewest number of locks as the victim, on the assumption
-that transaction has performed the least amount of work. (This may not be
-the case, however; the transaction might have recently been escalated from
-row-level locking to table locking and thus hold a small number of locks even
-though it has done the most work.) </p>
-<p>When <ph conref="devconrefs.dita#prod/productshortname"></ph> aborts the victim transaction, it receives a deadlock
-error (an <i>SQLException</i> with an <codeph><i>SQLState</i></codeph> of 40001). The error message gives you the transaction
-IDs, the statements, and the status of locks involved in a deadlock situation.</p>
-<codeblock>ERROR 40001: A lock could not be obtained due to a deadlock,
-cycle of locks & waiters is:
-Lock : ROW, DEPARTMENT, (1,14)
-Waiting XID : {752, X} , APP, update department set location='Boise'
- where deptno='E21'
-Granted XID : {758, X} Lock : ROW, EMPLOYEE, (2,8)
-Waiting XID : {758, U} , APP, update employee set bonus=150 where salary=23840
-Granted XID : {752, X} The selected victim is XID : 752</codeblock>
-<p>For information on configuring when deadlock checking occurs, see <xref href="cdevconcepts16400.dita#cdevconcepts16400"/>.</p>
-<note>Deadlocks are detected only within a single database. Deadlocks
-across multiple databases are not detected. Non-database deadlocks caused
-by Java synchronization primitives are not detected by <ph conref="devconrefs.dita#prod/productshortname"></ph>.</note>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevconcepts95005">
+<title>Deadlock detection</title>
+<prolog><metadata>
+<keywords>
+<indexterm>Deadlock detection</indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<p>When a transaction waits more than a specific amount of time to obtain
+a lock (called the deadlock timeout), <ph conref="devconrefs.dita#prod/productshortname"></ph> can detect whether the transaction
+is involved in a deadlock. When <ph conref="devconrefs.dita#prod/productshortname"></ph> analyzes such a situation for
+deadlocks it tries to determine how many transactions are involved in the
+deadlock (two or more). Usually aborting one transaction breaks the deadlock. <ph conref="devconrefs.dita#prod/productshortname"></ph> must
+pick one transaction as the victim and abort that transaction; it picks the
+transaction that holds the fewest number of locks as the victim, on the assumption
+that transaction has performed the least amount of work. (This may not be
+the case, however; the transaction might have recently been escalated from
+row-level locking to table locking and thus hold a small number of locks even
+though it has done the most work.) </p>
+<p>When <ph conref="devconrefs.dita#prod/productshortname"></ph> aborts the victim transaction, it receives a deadlock
+error (an <i>SQLException</i> with an <codeph><i>SQLState</i></codeph> of 40001). The error message gives you the transaction
+IDs, the statements, and the status of locks involved in a deadlock situation.</p>
+<codeblock>ERROR 40001: A lock could not be obtained due to a deadlock,
+cycle of locks & waiters is:
+Lock : ROW, DEPARTMENT, (1,14)
+Waiting XID : {752, X} , APP, update department set location='Boise'
+ where deptno='E21'
+Granted XID : {758, X} Lock : ROW, EMPLOYEE, (2,8)
+Waiting XID : {758, U} , APP, update employee set bonus=150 where salary=23840
+Granted XID : {752, X} The selected victim is XID : 752</codeblock>
+<p>For information on configuring when deadlock checking occurs, see <xref href="cdevconcepts16400.dita#cdevconcepts16400"/>.</p>
+<note>Deadlocks are detected only within a single database. Deadlocks
+across multiple databases are not detected. Non-database deadlocks caused
+by Java synchronization primitives are not detected by <ph conref="devconrefs.dita#prod/productshortname"></ph>.</note>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevconcepts95005.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevcsecure10983.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevcsecure10983.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevcsecure10983.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevcsecure10983.dita Wed Mar 30 16:26:36 2005
@@ -1,45 +1,45 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevcsecure10983">
-<title>Notes on the Derby security features</title>
-<prolog><metadata>
-<keywords>
-<indexterm>Security features<indexterm>limitations of</indexterm></indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<p>Because <ph conref="devconrefs.dita#prod/productshortname"></ph> does not support traditional grant and revoke features,
-the security model has some basic limitations. For both embedded and client/server
-systems, it assumes that users are trusted. You must trust your full-access
-users not to perform undesirable actions. You lock out non full-access users
-with database properties, which are stored in the database (and in an encrypted
-database these properties are also encrypted). Note, however, for a distributed/embedded
-system that a sophisticated user with the database encryption key might be
-able to physically change those properties in the database files.</p>
-<p>In addition, in the <ph conref="devconrefs.dita#prod/productshortname"></ph> system, it is not necessary to have a specific
-connection (or permission to access a particular database) to shut down the
-system. Any authenticated user can shut down the system.</p>
-<p>Other security holes to think about are:</p>
-<ul>
-<li>JVM subversion, running the application under a home-grown JVM.</li>
-<li>Trolling for objects</li>
-<li>Class substitution, locating a class that has access to sensitive data
-and replacing it with one that passes on information</li>
-</ul>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevcsecure10983">
+<title>Notes on the Derby security features</title>
+<prolog><metadata>
+<keywords>
+<indexterm>Security features<indexterm>limitations of</indexterm></indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<p>Because <ph conref="devconrefs.dita#prod/productshortname"></ph> does not support traditional grant and revoke features,
+the security model has some basic limitations. For both embedded and client/server
+systems, it assumes that users are trusted. You must trust your full-access
+users not to perform undesirable actions. You lock out non full-access users
+with database properties, which are stored in the database (and in an encrypted
+database these properties are also encrypted). Note, however, for a distributed/embedded
+system that a sophisticated user with the database encryption key might be
+able to physically change those properties in the database files.</p>
+<p>In addition, in the <ph conref="devconrefs.dita#prod/productshortname"></ph> system, it is not necessary to have a specific
+connection (or permission to access a particular database) to shut down the
+system. Any authenticated user can shut down the system.</p>
+<p>Other security holes to think about are:</p>
+<ul>
+<li>JVM subversion, running the application under a home-grown JVM.</li>
+<li>Trolling for objects</li>
+<li>Class substitution, locating a class that has access to sensitive data
+and replacing it with one that passes on information</li>
+</ul>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevcsecure10983.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevcsecure12392.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevcsecure12392.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevcsecure12392.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevcsecure12392.dita Wed Mar 30 16:26:36 2005
@@ -1,51 +1,51 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevcsecure12392">
-<title>Configuring security for your environment</title>
-<prolog><metadata>
-<keywords>
-<indexterm>Security<indexterm>configuring</indexterm></indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<p>In most cases, you enable <ph conref="devconrefs.dita#prod/productshortname"></ph>'s security features through the
-use of properties. It is important to understand the best way of setting properties
-for your environment.</p>
-<ul>
-<li><xref href="tdevcsecure82556.dita#tdevcsecure82556"/></li>
-<li><xref href="tdevcsecure81850.dita#tdevcsecure81850"/></li>
-</ul>
-<section><title>Configuring security</title>
-<p><ph conref="devconrefs.dita#prod/productshortname"></ph> does not come with a built-in superuser. For that reason, be
-careful when configuring <ph conref="devconrefs.dita#prod/productshortname"></ph> for user authentication and user authorization. </p>
-<ol>
-<li>When first working with security, work with system-level properties only
-so that you can easily override them if you make a mistake. </li>
-<li>Be sure to create at least one valid user, and grant that user full (read-write)
-access. For example, you might always want to create a user called <i>sa</i> with the password <i><ph conref="devconrefs.dita#prod/productlowercase"></ph></i> while
-you are developing. </li>
-<li>Test the authentication system while it is still configured at the system
-level. Be absolutely certain that you have configured the system correctly
-before setting the properties as database-level properties.</li>
-<li>Before disabling system-level properties (by setting <i>derby.database.propertiesOnly</i> to true), test that at least one database-level read-write user (such
-as <i>sa</i>) is valid. If you do not have at least one valid
-user that the system can authenticate, you will not be able to access your
-database.</li>
-</ol></section>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevcsecure12392">
+<title>Configuring security for your environment</title>
+<prolog><metadata>
+<keywords>
+<indexterm>Security<indexterm>configuring</indexterm></indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<p>In most cases, you enable <ph conref="devconrefs.dita#prod/productshortname"></ph>'s security features through the
+use of properties. It is important to understand the best way of setting properties
+for your environment.</p>
+<ul>
+<li><xref href="tdevcsecure82556.dita#tdevcsecure82556"/></li>
+<li><xref href="tdevcsecure81850.dita#tdevcsecure81850"/></li>
+</ul>
+<section><title>Configuring security</title>
+<p><ph conref="devconrefs.dita#prod/productshortname"></ph> does not come with a built-in superuser. For that reason, be
+careful when configuring <ph conref="devconrefs.dita#prod/productshortname"></ph> for user authentication and user authorization. </p>
+<ol>
+<li>When first working with security, work with system-level properties only
+so that you can easily override them if you make a mistake. </li>
+<li>Be sure to create at least one valid user, and grant that user full (read-write)
+access. For example, you might always want to create a user called <i>sa</i> with the password <i><ph conref="devconrefs.dita#prod/productlowercase"></ph></i> while
+you are developing. </li>
+<li>Test the authentication system while it is still configured at the system
+level. Be absolutely certain that you have configured the system correctly
+before setting the properties as database-level properties.</li>
+<li>Before disabling system-level properties (by setting <i>derby.database.propertiesOnly</i> to true), test that at least one database-level read-write user (such
+as <i>sa</i>) is valid. If you do not have at least one valid
+user that the system can authenticate, you will not be able to access your
+database.</li>
+</ol></section>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevcsecure12392.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevcsecure21547.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevcsecure21547.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevcsecure21547.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevcsecure21547.dita Wed Mar 30 16:26:36 2005
@@ -1,42 +1,42 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevcsecure21547">
-<title>Built-in Derby users</title>
-<prolog><metadata>
-<keywords>
-<indexterm>Users<indexterm>Derby's built-in repository</indexterm></indexterm>
-<indexterm>Passwords</indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<p><ph conref="devconrefs.dita#prod/productshortname"></ph> provides a simple, built-in repository of user names and passwords. </p>
-<p>To use the built-in repository, set <i>derby.authentication.provider</i> to <i>BUILTIN</i>. Using built-in users is an alternative
-to using an external directory service such as LDAP.</p>
-<codeblock>derby.authentication.provider=BUILTIN</codeblock>
-<p>You can create user names and passwords for <ph conref="devconrefs.dita#prod/productshortname"></ph> users by specifying
-them with the <i>derby.user.UserName</i> property.</p>
-<note>These user names are case-sensitive for user authorization.
-User names are <i>SQL92Identifiers</i>. Delimited identifiers
-are allowed:
-<codeblock>derby.user."FRed"=java</codeblock></note>
-<p>For more information on user names and <i>SQL92Identifiers</i>, see <xref href="cdevcsecure37241.dita#cdevcsecure37241"/>.</p>
-<note>For passwords, it is a good idea not to use words that would
-be easily guessed, such as a login name or simple words or numbers. A password
-should be a mix of numbers and upper- and lowercase letters.</note>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevcsecure21547">
+<title>Built-in Derby users</title>
+<prolog><metadata>
+<keywords>
+<indexterm>Users<indexterm>Derby's built-in repository</indexterm></indexterm>
+<indexterm>Passwords</indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<p><ph conref="devconrefs.dita#prod/productshortname"></ph> provides a simple, built-in repository of user names and passwords. </p>
+<p>To use the built-in repository, set <i>derby.authentication.provider</i> to <i>BUILTIN</i>. Using built-in users is an alternative
+to using an external directory service such as LDAP.</p>
+<codeblock>derby.authentication.provider=BUILTIN</codeblock>
+<p>You can create user names and passwords for <ph conref="devconrefs.dita#prod/productshortname"></ph> users by specifying
+them with the <i>derby.user.UserName</i> property.</p>
+<note>These user names are case-sensitive for user authorization.
+User names are <i>SQL92Identifiers</i>. Delimited identifiers
+are allowed:
+<codeblock>derby.user."FRed"=java</codeblock></note>
+<p>For more information on user names and <i>SQL92Identifiers</i>, see <xref href="cdevcsecure37241.dita#cdevcsecure37241"/>.</p>
+<note>For passwords, it is a good idea not to use words that would
+be easily guessed, such as a login name or simple words or numbers. A password
+should be a mix of numbers and upper- and lowercase letters.</note>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevcsecure21547.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevcsecure21561.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevcsecure21561.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevcsecure21561.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevcsecure21561.dita Wed Mar 30 16:26:36 2005
@@ -1,36 +1,36 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevcsecure21561">
-<title>User-defined class</title>
-<prolog><metadata>
-<keywords>
-<indexterm>User authorization<indexterm>providing your own</indexterm></indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<p>Set <i>derby.authentication.provider</i> to the full name
-of a class that implements the public interface <i>org.apache.derby.authentication.UserAuthenticator</i>.</p>
-<p>By writing your own class that fulfills some minimal requirements, you
-can hook <ph conref="devconrefs.dita#prod/productshortname"></ph> up to an <i>external authentication service</i> other than LDAP. To do so, specify an external authentication
-service by setting the property <codeph><i>derby.authentication.provider</i></codeph> to a class name that you want <ph conref="devconrefs.dita#prod/productshortname"></ph> to load at startup.</p>
-<p>The class that provides the external authentication service must implement
-the public interface <i>org.apache.derby.authentication</i>.<i>UserAuthenticator</i> and throw exceptions of the type <i>java.sql.SQLException</i> where appropriate.</p>
-<p>Using a user-defined class makes <ph conref="devconrefs.dita#prod/productshortname"></ph> adaptable to various naming
-and directory services.</p>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevcsecure21561">
+<title>User-defined class</title>
+<prolog><metadata>
+<keywords>
+<indexterm>User authorization<indexterm>providing your own</indexterm></indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<p>Set <i>derby.authentication.provider</i> to the full name
+of a class that implements the public interface <i>org.apache.derby.authentication.UserAuthenticator</i>.</p>
+<p>By writing your own class that fulfills some minimal requirements, you
+can hook <ph conref="devconrefs.dita#prod/productshortname"></ph> up to an <i>external authentication service</i> other than LDAP. To do so, specify an external authentication
+service by setting the property <codeph><i>derby.authentication.provider</i></codeph> to a class name that you want <ph conref="devconrefs.dita#prod/productshortname"></ph> to load at startup.</p>
+<p>The class that provides the external authentication service must implement
+the public interface <i>org.apache.derby.authentication</i>.<i>UserAuthenticator</i> and throw exceptions of the type <i>java.sql.SQLException</i> where appropriate.</p>
+<p>Using a user-defined class makes <ph conref="devconrefs.dita#prod/productshortname"></ph> adaptable to various naming
+and directory services.</p>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevcsecure21561.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevcsecure24366.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevcsecure24366.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevcsecure24366.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevcsecure24366.dita Wed Mar 30 16:26:36 2005
@@ -1,33 +1,33 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevcsecure24366">
-<title>Encrypting databases on disk</title>
-<prolog><metadata>
-<keywords>
-<indexterm>Database encryption</indexterm>
-<indexterm>Databases<indexterm>encrypting</indexterm></indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<ul>
-<li><xref href="cdevcsecure99212.dita#cdevcsecure99212"/></li>
-<li><xref href="cdevcsecure96815.dita#cdevcsecure96815"/></li>
-<li><xref href="cdevcsecure97760.dita#cdevcsecure97760"/></li>
-</ul>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevcsecure24366">
+<title>Encrypting databases on disk</title>
+<prolog><metadata>
+<keywords>
+<indexterm>Database encryption</indexterm>
+<indexterm>Databases<indexterm>encrypting</indexterm></indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<ul>
+<li><xref href="cdevcsecure99212.dita#cdevcsecure99212"/></li>
+<li><xref href="cdevcsecure96815.dita#cdevcsecure96815"/></li>
+<li><xref href="cdevcsecure97760.dita#cdevcsecure97760"/></li>
+</ul>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevcsecure24366.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevcsecure24458.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevcsecure24458.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevcsecure24458.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevcsecure24458.dita Wed Mar 30 16:26:36 2005
@@ -1,67 +1,67 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevcsecure24458">
-<title>Authorization identifiers, user authentication, and user authorization</title>
-<prolog><metadata>
-<keywords>
-<indexterm>Users<indexterm>and schemas</indexterm></indexterm>
-<indexterm>Schemas<indexterm>and users</indexterm></indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<p>When working with both user authentication and user authorization, you
-need to understand how user names are treated by each system. If an external
-authentication system is used, the conversion of the user's name to an
-authorization identifier does not happen until <i>after</i> authentication
-has occurred but <i>before</i> user authorization (see <xref href="cdevcsecure36595.dita#cdevcsecure36595"/>). Imagine, for example, a user named
-Fred.</p>
-<ul>
-<li>Within the user authentication system, Fred is known as <i>FRed</i>. Your external user authorization service is case-sensitive, so
-Fred must always type his name that way.
-<codeblock>Connection conn = DriverManager.getConnection(
- "jdbc:derby:myDB", "FRed", "flintstone");</codeblock></li>
-<li>Within the <ph conref="devconrefs.dita#prod/productshortname"></ph> user authorization system, Fred becomes a case-insensitive
-authorization identifier. Fred is known as <i>FRED</i>.</li>
-<li>When specifying which users are authorized to access the accounting database,
-you must list Fred's authorization identifier, <i>FRED</i> (which you can type as <i>FRED</i>, <i>FREd</i>, or <i>fred</i>, since the system automatically
-converts it to all-uppercase).
-<codeblock><b>derby.fullAccessUsers=sa,FRED,mary</b></codeblock></li>
-</ul>
-<p>Let's take a second example, where Fred has a slightly different name
-within the user authentication system.</p>
-<ul>
-<li>Within the user authentication system, Fred is known as <i>Fred!</i>. You must now put double quotes around the name, because it is
-not a valid <codeph><i>SQL92Identifier</i></codeph>. (<ph conref="devconrefs.dita#prod/productshortname"></ph> knows
-to remove the double quotes when passing the name to the external authentication
-system.)
-<codeblock>Connection conn = DriverManager.getConnection(
- "jdbc:derby:myDB", "\"Fred!\"", "flintstone");</codeblock></li>
-<li>Within the <ph conref="devconrefs.dita#prod/productshortname"></ph> user authorization system, <i>Fred</i> becomes a case-sensitive authorization identifier. Fred is known
-as <i>Fred!</i>.</li>
-<li>When specifying which users are authorized to access the accounting database,
-you must list Fred's authorization identifier, <i>"Fred!"</i> (which you must always delimit with double quotation marks).
-<codeblock>derby.fullAccessUsers=sa,"Fred!",manager</codeblock></li>
-</ul>
-<p>As shown in the first example, your external authentication system may
-be case-sensitive, whereas the authorization identifier within <ph conref="devconrefs.dita#prod/productshortname"></ph> may
-not be. If your authentication system allows two distinct users whose names
-differ by case, delimit all user names within the connection request to make
-all user names case-sensitive within the <ph conref="devconrefs.dita#prod/productshortname"></ph> system. In addition,
-you must also delimit user names that do not conform to <i>SQL92Identifier</i> rules with double quotes.</p>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevcsecure24458">
+<title>Authorization identifiers, user authentication, and user authorization</title>
+<prolog><metadata>
+<keywords>
+<indexterm>Users<indexterm>and schemas</indexterm></indexterm>
+<indexterm>Schemas<indexterm>and users</indexterm></indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<p>When working with both user authentication and user authorization, you
+need to understand how user names are treated by each system. If an external
+authentication system is used, the conversion of the user's name to an
+authorization identifier does not happen until <i>after</i> authentication
+has occurred but <i>before</i> user authorization (see <xref href="cdevcsecure36595.dita#cdevcsecure36595"/>). Imagine, for example, a user named
+Fred.</p>
+<ul>
+<li>Within the user authentication system, Fred is known as <i>FRed</i>. Your external user authorization service is case-sensitive, so
+Fred must always type his name that way.
+<codeblock>Connection conn = DriverManager.getConnection(
+ "jdbc:derby:myDB", "FRed", "flintstone");</codeblock></li>
+<li>Within the <ph conref="devconrefs.dita#prod/productshortname"></ph> user authorization system, Fred becomes a case-insensitive
+authorization identifier. Fred is known as <i>FRED</i>.</li>
+<li>When specifying which users are authorized to access the accounting database,
+you must list Fred's authorization identifier, <i>FRED</i> (which you can type as <i>FRED</i>, <i>FREd</i>, or <i>fred</i>, since the system automatically
+converts it to all-uppercase).
+<codeblock><b>derby.fullAccessUsers=sa,FRED,mary</b></codeblock></li>
+</ul>
+<p>Let's take a second example, where Fred has a slightly different name
+within the user authentication system.</p>
+<ul>
+<li>Within the user authentication system, Fred is known as <i>Fred!</i>. You must now put double quotes around the name, because it is
+not a valid <codeph><i>SQL92Identifier</i></codeph>. (<ph conref="devconrefs.dita#prod/productshortname"></ph> knows
+to remove the double quotes when passing the name to the external authentication
+system.)
+<codeblock>Connection conn = DriverManager.getConnection(
+ "jdbc:derby:myDB", "\"Fred!\"", "flintstone");</codeblock></li>
+<li>Within the <ph conref="devconrefs.dita#prod/productshortname"></ph> user authorization system, <i>Fred</i> becomes a case-sensitive authorization identifier. Fred is known
+as <i>Fred!</i>.</li>
+<li>When specifying which users are authorized to access the accounting database,
+you must list Fred's authorization identifier, <i>"Fred!"</i> (which you must always delimit with double quotation marks).
+<codeblock>derby.fullAccessUsers=sa,"Fred!",manager</codeblock></li>
+</ul>
+<p>As shown in the first example, your external authentication system may
+be case-sensitive, whereas the authorization identifier within <ph conref="devconrefs.dita#prod/productshortname"></ph> may
+not be. If your authentication system allows two distinct users whose names
+differ by case, delimit all user names within the connection request to make
+all user names case-sensitive within the <ph conref="devconrefs.dita#prod/productshortname"></ph> system. In addition,
+you must also delimit user names that do not conform to <i>SQL92Identifier</i> rules with double quotes.</p>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevcsecure24458.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevcsecure30032.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevcsecure30032.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevcsecure30032.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevcsecure30032.dita Wed Mar 30 16:26:36 2005
@@ -1,72 +1,72 @@
-<?xml version="1.0" encoding="utf-8"?>
-
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN"
- "../dtd/concept.dtd">
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<concept id="cdevcsecure30032" xml:lang="en-us">
-<title>Overview</title>
-<prolog></prolog>
-<conbody>
-<p><ph conref="devconrefs.dita#prod/productshortname"></ph> provides support
-for user authentication. <i>User authentication</i> means that <ph conref="devconrefs.dita#prod/productshortname"></ph> authenticates
-a user's name and password before allowing that user access to the system.</p>
-<p>When user authentication is enabled (which it is not by default), the user
-requesting a connection must provide a valid name and password, which <ph
-conref="devconrefs.dita#prod/productshortname"></ph> verifies against the
-repository of users defined for the system. Once <ph conref="devconrefs.dita#prod/productshortname"></ph> authenticates
-the user, it grants the user access to the <ph conref="devconrefs.dita#prod/productshortname"></ph> system
-but not necessarily access to the database made in the connection request.
-In the <ph conref="devconrefs.dita#prod/productshortname"></ph> system, access
-to a database is determined by <i>user authorization</i>. For information,
-see <xref href="cdevcsecure36595.dita#cdevcsecure36595"></xref>.</p>
-<p><ph conref="devconrefs.dita#prod/productshortname"></ph> allows you to
-provide a repository of users in a number of different ways. For example,
-you can hook <ph conref="devconrefs.dita#prod/productshortname"></ph> up to
-an external directory service elsewhere in your enterprise, create your own,
-use <ph conref="devconrefs.dita#prod/productshortname"></ph>'s simple mechanism
-for creating a built-in repository of users.</p>
-<p>You can define a repository of users for a particular database or for an
-entire system, depending on whether you use system-wide or database-wide properties.
-See <xref href="cdevcsecure12392.dita#cdevcsecure12392"></xref> for more information.</p>
-<p>When <ph conref="devconrefs.dita#prod/productshortname"></ph> user authentication
-is enabled and <ph conref="devconrefs.dita#prod/productshortname"></ph> uses
-an external directory service, the architecture looks something like that
-shown in the Figure below: </p>
-<fig expanse="column" id="cdevcsecure32704"><title><ph conref="devconrefs.dita#prod/productshortname"></ph> user
-authentication using an external service. The application can be a single-user
-application with an embedded <ph conref="devconrefs.dita#prod/productshortname"></ph> engine
-or a multi-user application server.</title>
-<image href="authentic_os.gif" placement="break"><alt>Derb<?Pub Caret?>y user
-authentication using an external service.</alt></image>
-</fig>
-<p><ph conref="devconrefs.dita#prod/productshortname"></ph> always runs embedded
-in another Java application, whether that application is a single-user application
-or a multiple-user application server or connectivity framework. A database
-can be accessed by only one JVM at a time, so it is possible to deploy a system
-in which the application in which <ph conref="devconrefs.dita#prod/productshortname"></ph> is
-embedded, not <ph conref="devconrefs.dita#prod/productshortname"></ph>, handles
-the user authentication by connecting to an external directory service. </p>
-<fig expanse="column"><title>The application provides the user authentication
-using an external service. The application can be a single-user application
-with an embedded <ph conref="devconrefs.dita#prod/productshortname"></ph> engine
-or a multi-user application server.</title>
-<image href="appauth_os.gif" placement="break"><alt>The application user authentication
-as an external service.</alt></image>
-</fig>
-</conbody>
-</concept>
-<?Pub *0000004387?>
+<?xml version="1.0" encoding="utf-8"?>
+
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN"
+ "../dtd/concept.dtd">
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<concept id="cdevcsecure30032" xml:lang="en-us">
+<title>Overview</title>
+<prolog></prolog>
+<conbody>
+<p><ph conref="devconrefs.dita#prod/productshortname"></ph> provides support
+for user authentication. <i>User authentication</i> means that <ph conref="devconrefs.dita#prod/productshortname"></ph> authenticates
+a user's name and password before allowing that user access to the system.</p>
+<p>When user authentication is enabled (which it is not by default), the user
+requesting a connection must provide a valid name and password, which <ph
+conref="devconrefs.dita#prod/productshortname"></ph> verifies against the
+repository of users defined for the system. Once <ph conref="devconrefs.dita#prod/productshortname"></ph> authenticates
+the user, it grants the user access to the <ph conref="devconrefs.dita#prod/productshortname"></ph> system
+but not necessarily access to the database made in the connection request.
+In the <ph conref="devconrefs.dita#prod/productshortname"></ph> system, access
+to a database is determined by <i>user authorization</i>. For information,
+see <xref href="cdevcsecure36595.dita#cdevcsecure36595"></xref>.</p>
+<p><ph conref="devconrefs.dita#prod/productshortname"></ph> allows you to
+provide a repository of users in a number of different ways. For example,
+you can hook <ph conref="devconrefs.dita#prod/productshortname"></ph> up to
+an external directory service elsewhere in your enterprise, create your own,
+use <ph conref="devconrefs.dita#prod/productshortname"></ph>'s simple mechanism
+for creating a built-in repository of users.</p>
+<p>You can define a repository of users for a particular database or for an
+entire system, depending on whether you use system-wide or database-wide properties.
+See <xref href="cdevcsecure12392.dita#cdevcsecure12392"></xref> for more information.</p>
+<p>When <ph conref="devconrefs.dita#prod/productshortname"></ph> user authentication
+is enabled and <ph conref="devconrefs.dita#prod/productshortname"></ph> uses
+an external directory service, the architecture looks something like that
+shown in the Figure below: </p>
+<fig expanse="column" id="cdevcsecure32704"><title><ph conref="devconrefs.dita#prod/productshortname"></ph> user
+authentication using an external service. The application can be a single-user
+application with an embedded <ph conref="devconrefs.dita#prod/productshortname"></ph> engine
+or a multi-user application server.</title>
+<image href="authentic_os.gif" placement="break"><alt>Derb<?Pub Caret?>y user
+authentication using an external service.</alt></image>
+</fig>
+<p><ph conref="devconrefs.dita#prod/productshortname"></ph> always runs embedded
+in another Java application, whether that application is a single-user application
+or a multiple-user application server or connectivity framework. A database
+can be accessed by only one JVM at a time, so it is possible to deploy a system
+in which the application in which <ph conref="devconrefs.dita#prod/productshortname"></ph> is
+embedded, not <ph conref="devconrefs.dita#prod/productshortname"></ph>, handles
+the user authentication by connecting to an external directory service. </p>
+<fig expanse="column"><title>The application provides the user authentication
+using an external service. The application can be a single-user application
+with an embedded <ph conref="devconrefs.dita#prod/productshortname"></ph> engine
+or a multi-user application server.</title>
+<image href="appauth_os.gif" placement="break"><alt>The application user authentication
+as an external service.</alt></image>
+</fig>
+</conbody>
+</concept>
+<?Pub *0000004387?>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevcsecure30032.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevcsecure31493.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevcsecure31493.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevcsecure31493.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevcsecure31493.dita Wed Mar 30 16:26:36 2005
@@ -1,45 +1,45 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevcsecure31493">
-<title>Specifying an alternate encryption provider</title>
-<prolog><metadata>
-<keywords>
-<indexterm>Encryption providers<indexterm>configuring</indexterm></indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-<p>You can specify an alternate provider when you create the database with
-the <codeph><i>encryptionProvider=providerName</i></codeph> attribute. </p>
-<p>You must specify the full package and class name of the provider, and you
-must also add the libraries to the application's class path.</p>
-<codeblock><b>-- using the the provider library jce_jdk13-10b4.zip|
--- available from www.bouncycastle.org</b>
-jdbc:derby:encryptedDB3;create=true;dataEncryption=true;
-bootPassword=clo760uds2caPe;
-encryptionProvider=org.bouncycastle.jce.provider.BouncyCastleProvider;
-encryptionAlgorithm=DES/CBC/NoPadding
-
-<b>-- using a provider
--- available from
--- http://jcewww.iaik.tu-graz.ac.at/download.html</b>
-jdbc:derby:encryptedDB3;create=true;dataEncryption=true;
-bootPassword=clo760uds2caPe;
-encryptionProvider=iaik.security.provider.IAIK;encryptionAlgorithm=
-DES/CBC/NoPadding</codeblock>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevcsecure31493">
+<title>Specifying an alternate encryption provider</title>
+<prolog><metadata>
+<keywords>
+<indexterm>Encryption providers<indexterm>configuring</indexterm></indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+<p>You can specify an alternate provider when you create the database with
+the <codeph><i>encryptionProvider=providerName</i></codeph> attribute. </p>
+<p>You must specify the full package and class name of the provider, and you
+must also add the libraries to the application's class path.</p>
+<codeblock><b>-- using the the provider library jce_jdk13-10b4.zip|
+-- available from www.bouncycastle.org</b>
+jdbc:derby:encryptedDB3;create=true;dataEncryption=true;
+bootPassword=clo760uds2caPe;
+encryptionProvider=org.bouncycastle.jce.provider.BouncyCastleProvider;
+encryptionAlgorithm=DES/CBC/NoPadding
+
+<b>-- using a provider
+-- available from
+-- http://jcewww.iaik.tu-graz.ac.at/download.html</b>
+jdbc:derby:encryptedDB3;create=true;dataEncryption=true;
+bootPassword=clo760uds2caPe;
+encryptionProvider=iaik.security.provider.IAIK;encryptionAlgorithm=
+DES/CBC/NoPadding</codeblock>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevcsecure31493.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/docs/trunk/src/devguide/cdevcsecure33663.dita
URL: http://svn.apache.org/viewcvs/incubator/derby/docs/trunk/src/devguide/cdevcsecure33663.dita?view=diff&r1=159547&r2=159548
==============================================================================
--- incubator/derby/docs/trunk/src/devguide/cdevcsecure33663.dita (original)
+++ incubator/derby/docs/trunk/src/devguide/cdevcsecure33663.dita Wed Mar 30 16:26:36 2005
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
-<concept xml:lang="en-us" id="cdevcsecure33663">
-<title>Security overview</title>
-<prolog><metadata>
-<keywords>
-<indexterm>Security features</indexterm>
-</keywords>
-</metadata>
-</prolog>
-<conbody>
-</conbody></concept>
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 1997, 2004 The Apache Software Foundation or its licensors, as applicable.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!DOCTYPE concept PUBLIC "-//IBM//DTD DITA Concept//EN" "../dtd/concept.dtd">
+<concept xml:lang="en-us" id="cdevcsecure33663">
+<title>Security overview</title>
+<prolog><metadata>
+<keywords>
+<indexterm>Security features</indexterm>
+</keywords>
+</metadata>
+</prolog>
+<conbody>
+</conbody></concept>
Propchange: incubator/derby/docs/trunk/src/devguide/cdevcsecure33663.dita
------------------------------------------------------------------------------
svn:eol-style = native