You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by Sunitha Kambhampati <ks...@gmail.com> on 2006/02/11 01:21:50 UTC
Accept username of form xyz@somedomain.com
Hello All,
I have a case where the username can be xyz@somedomain.com . The only
way I can get derby to accept this username is if I quote it. - ie
"xyz@domain.com". I think that it is possible for different
authentication mechanisms (e.g ldap) that are pluggable into derby, to
have username of the form xyz@somedomain.com. I want to allow such
usernames.
If I try to connect, the error thrown is
ij> connect
'jdbc:derby:testdb;create=true;user=skambha@xyz.com;password=a';
ERROR 28502: The user name 'skambha@xyz.com' is not valid.
The first error is being thrown from this method in
org.apache.derby.impl.sql.conn.GenericLanguageConnectionContext#getAuthorizationId(String
username) This method calls the IdUtil.parseId() which will for an
unqualified id, check if the string has only characters from a-z, A-Z
and _ and digits.
I want to remove this restriction for the username case.
So it would be like this once I remove the restriction.
ij version 10.2
ij> connect 'jdbc:derby:GHMDB;user=skambha@xyz.com;password=p';
ij> create table t2(i1 int);
0 rows inserted/updated/deleted
ij> select * from sys.sysschemas where schemaname='SKAMBHA@XYZ.COM';
SCHEMAID |SCHEMANAME
------------------------------------------------------------------------------
4d6f406a-0109-5672-a66d-000000143840|SKAMBHA@XYZ.COM
1 row selected
ij> select * from "SKAMBHA@XYZ.COM".t1;
I1
-----------
0 rows selected
ij>
Is this reasonable. Thoughts/comments?
If noone objects, I will be posting a patch to address this.
Thanks,
Sunitha.
Re: Accept username of form xyz@somedomain.com
Posted by Satheesh Bandaram <sa...@Sourcery.Org>.
Satheesh Bandaram wrote:
>Also this authorizationID is currently used as SQL identifier. According
>to ANSI, SQL identifiers can only have alphabets, digits and underscore.
>That is why there seems to be that check. So, skamba@xyz.com is not a
>valid SQL identifier.
>
>You could treat them as delimited identifiers... meaning
>'skamba@xyz.com', but that has its own issues.. User names need to be
>case insensitive.
>
>
The second part of the statement is not quite correct... User names are
case sensitive for authentication purpose, but not for authorization
purpose. Take a look at section "Authorization identifiers, user
authentication, and user authorization" in reference guide.
Current Grant and Revoke DDL functionality that is already committed
treats grantee as 'Authentication identifier', treating it case
sensitive. I think it should treat grantee as 'Authorization
identifier', making it like an SQL-identifier. I am changing this in
Phase II Grant and Revoke patch.
Satheesh
>Satheesh
>
>
>
Re: Accept username of form xyz@somedomain.com
Posted by Satheesh Bandaram <sa...@Sourcery.Org>.
Bryan Pendleton wrote:
> Sunitha Kambhampati wrote:
>
>> If I try to connect, the error thrown is
>> ij> connect
>> 'jdbc:derby:testdb;create=true;user=skambha@xyz.com;password=a';
>> ERROR 28502: The user name 'skambha@xyz.com' is not valid.
>
>
> Is the string that we pass to "connect" an URL? If so, does it
> need to satisfy the URL character set requirements of RFC 1738:
> http://www.rfc-editor.org/rfc/rfc1738.txt
Also this authorizationID is currently used as SQL identifier. According
to ANSI, SQL identifiers can only have alphabets, digits and underscore.
That is why there seems to be that check. So, skamba@xyz.com is not a
valid SQL identifier.
You could treat them as delimited identifiers... meaning
'skamba@xyz.com', but that has its own issues.. User names need to be
case insensitive.
Satheesh
Re: Accept username of form xyz@somedomain.com
Posted by Bryan Pendleton <bp...@amberpoint.com>.
Sunitha Kambhampati wrote:
> If I try to connect, the error thrown is
> ij> connect
> 'jdbc:derby:testdb;create=true;user=skambha@xyz.com;password=a';
> ERROR 28502: The user name 'skambha@xyz.com' is not valid.
Is the string that we pass to "connect" an URL? If so, does it
need to satisfy the URL character set requirements of RFC 1738:
http://www.rfc-editor.org/rfc/rfc1738.txt
If we have to satisfy those requirements, then I think "@" is
a special character and may have to be "%-encoded" as %40 or something
like that.
thanks,
bryan
Re: Accept username of form xyz@somedomain.com
Posted by Francois Orsini <fr...@gmail.com>.
On 2/10/06, Sunitha Kambhampati <ks...@gmail.com> wrote:
> Hello All,
>
> I have a case where the username can be xyz@somedomain.com . The only
> way I can get derby to accept this username is if I quote it. - ie
> "xyz@domain.com". I think that it is possible for different
> authentication mechanisms (e.g ldap) that are pluggable into derby, to
> have username of the form xyz@somedomain.com. I want to allow such
> usernames.
>
Today it is possible to map a user created in derby to one defined in
LDAP - for instance, in your example, you could have 'xyz' mapped to
a user DN in ldap - not sure it is common to have 'xyz@domain.com' as
a user name in ldap (i.e. 'cn=xyz,ou=People,o=FlyTours.com'), this
information can be extracted out of the email in the directory tree if
a proper search filter is defined (that's another possibility) - the
DN could also reference some LDAP email attribute. I know this is just
one case but the mapping allows to separate the SQL Ansi
authentication identifier with some other (external) types (i.e.
LDAP)....
> If I try to connect, the error thrown is
> ij> connect
> 'jdbc:derby:testdb;create=true;user=skambha@xyz.com;password=a';
> ERROR 28502: The user name 'skambha@xyz.com' is not valid.
>
> The first error is being thrown from this method in
> org.apache.derby.impl.sql.conn.GenericLanguageConnectionContext#getAuthorizationId(String
> username) This method calls the IdUtil.parseId() which will for an
> unqualified id, check if the string has only characters from a-z, A-Z
> and _ and digits.
> I want to remove this restriction for the username case.
>
> So it would be like this once I remove the restriction.
> ij version 10.2
> ij> connect 'jdbc:derby:GHMDB;user=skambha@xyz.com;password=p';
> ij> create table t2(i1 int);
> 0 rows inserted/updated/deleted
> ij> select * from sys.sysschemas where schemaname='SKAMBHA@XYZ.COM';
> SCHEMAID |SCHEMANAME
> ------------------------------------------------------------------------------
> 4d6f406a-0109-5672-a66d-000000143840|SKAMBHA@XYZ.COM
>
> 1 row selected
> ij> select * from "SKAMBHA@XYZ.COM".t1;
> I1
> -----------
>
> 0 rows selected
> ij>
>
>
>
> Is this reasonable. Thoughts/comments?
>
> If noone objects, I will be posting a patch to address this.
>
> Thanks,
> Sunitha.
>