You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Francois Orsini (JIRA)" <de...@db.apache.org> on 2006/09/07 03:13:24 UTC
[jira] Created: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
--------------------------------------------------------------------------------------------------------------
Key: DERBY-1823
URL: http://issues.apache.org/jira/browse/DERBY-1823
Project: Derby
Issue Type: Bug
Components: Documentation
Affects Versions: 10.1.1.0
Reporter: Francois Orsini
Priority: Minor
There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
"User authentication example in a single-user, embedded environment"
http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
"User authentication example in a client/server environment"
http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Francois Orsini (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537793 ]
Francois Orsini commented on DERBY-1823:
----------------------------------------
Latest changes look good Kim.
Yes it would be useful, in fact, connection authorization and SQL authorization (modes) can work together so one could expand these samples to add some grant/revoke statements for particular objects and restrict some users to be read-only ones at the connection level. Yes, it should be done under a separate JIRA IMHO. Cheers.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823-3.zip, DERBY-1823-4.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542802 ]
Kim Haase commented on DERBY-1823:
----------------------------------
If someone would be so kind as to commit this, I'd be very grateful. It only needs to be committed to the trunk. Francois approved the latest patch a few weeks ago.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823-3.zip, DERBY-1823-4.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12538014 ]
Kim Haase commented on DERBY-1823:
----------------------------------
Great, thanks, Francois. I will work on enhancing the examples (and will file a JIRA for that). In the meantime, it looks as if these changes can be committed.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823-3.zip, DERBY-1823-4.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
Posted by Francois Orsini <fr...@gmail.com>.
On 10/23/07, Richard Applebaum <di...@mac.com> wrote:
>
> How do I unsubscribe from this list?
Send an email to:
derby-dev-unsubscribe@db.apache.org
(as described per http://db.apache.org/derby/derby_mail.html)
Cheers
TIA
>
> Dick
>
>
>
Re: [jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
Posted by Richard Applebaum <di...@mac.com>.
How do I unsubscribe from this list?
TIA
Dick
[jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Francois Orsini (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537177 ]
Francois Orsini commented on DERBY-1823:
----------------------------------------
Changes look good Kim. I guess we want to inform the users that these samples are making use of Derby's built-in authentication mechanism (aka connection authorization in Derby) but they could also use ANSI SQL Standard GRANT/REVOKE object statements (aka SQL Authorization in Derby) and find more information by pointing them to http://db.apache.org/derby/docs/dev/devguide/devguide-single.html#cdevcsecure36595
Feel free to file a new JIRA if you think it is needed. I was just trying to make sure that by looking at these samples, users miss the fact that Derby also have support for GRANT/REVOKE.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase updated DERBY-1823:
-----------------------------
Attachment: DERBY-1823-2.zip
DERBY-1823-3.diff
Thanks very much, Francois! I hope the attached files (DERBY-1823-3.diff and DERBY-1823-2.zip) make the fixes correctly. I added a little more detail on compiling, possibly more than is needed.
I would be happy to work on the additional JIRA, involving adding pointers to GRANT/REVOKE information, if you decide to file it. Probably the changes should be made to the parent topics rather than to these files? And possibly elsewhere. I can file it myself if you would prefer.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Knut Anders Hatlen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Knut Anders Hatlen resolved DERBY-1823.
---------------------------------------
Resolution: Fixed
Fix Version/s: 10.4.0.0
Derby Info: (was: [Patch Available])
Thanks Kim and Francois. Committed revision 595345.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Fix For: 10.4.0.0
>
> Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823-3.zip, DERBY-1823-4.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase updated DERBY-1823:
-----------------------------
Attachment: DERBY-1823-3.zip
DERBY-1823-4.diff
Attaching DERBY-1823-4.diff and DERBY-1823-3.zip. After looking at the "User authorizations" topic and the others related to SQL authorization and user authentication, I realized you were right that the pointer really does belong in these two topics -- the parent topics have a different focus. I hope this does the job.
We don't seem to have a complete program example that uses SQL authorization. Do you think it would be useful to have one? That would definitely need a separate JIRA.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823-3.zip, DERBY-1823-4.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase updated DERBY-1823:
-----------------------------
Derby Info: [Patch Available]
Affects Version/s: 10.1.2.1
10.1.3.1
10.2.1.6
10.2.2.0
10.3.1.4
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542813 ]
Kim Haase commented on DERBY-1823:
----------------------------------
Thanks so much, Knut Anders!
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Fix For: 10.4.0.0
>
> Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823-3.zip, DERBY-1823-4.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase closed DERBY-1823.
----------------------------
Closing, since this was resolved over a year ago.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Fix For: 10.4.1.3
>
> Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823-3.zip, DERBY-1823-4.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518546 ]
Kim Haase commented on DERBY-1823:
----------------------------------
Francois, your second comment is easily fixed in the map file, but I need a bit of clarification on how to fix the first.
Are you suggesting that we provide a complete program example that would start the database, call the first method, stop the database, restart the database, connect to the database using some of the users created by the first method, fail to add data to the database as a guest, succeed in adding data to the database as a full user, then call the second method to remove the users, and shut down the database again? This would be a long and complicated program, and I'm afraid the actual property-setting methods would get lost in it. Also I think there would have to be two different versions for embedded and client-server, since the database startup and shutdown can be done within the program using the embedded driver, but must be done outside the program for the client driver.
Or is it enough to state that the user would have to do all those things?
By the way, there seems to be another problem with the topic. It begins "The following two examples from the sample database ..." However, I don't think we supply this database with Derby any more. Do we? I can't find them in the demo directory.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0
> Reporter: Francois Orsini
> Priority: Minor
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase updated DERBY-1823:
-----------------------------
Attachment: DERBY-1823.zip
DERBY-1823.diff
I'm attaching a patch (DERBY-1823.diff and DERBY-1823.zip) that contains the following changes:
M src/devguide/rdevcsecure26537.dita
A src/devguide/rdevcsecureclientexample.dita
M src/devguide/derbydev.ditamap
rdevcsecure26537.dita now contains an end-to-end embedded example. I've added a file with a client example, rdevcsecureclientexample.dita. The client example had to be split into two source files run in sequence, even though you don't have to shut down and restart the Network Server in between.
I left the examples nested under their respective parent files (on client/server and embedded examples) in the TOC.
Please let me know if further changes are needed. I'm still waiting for approval of the fix to one of the parent files (DERBY-3109).
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase reassigned DERBY-1823:
--------------------------------
Assignee: Kim Haase
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Kim Haase (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase updated DERBY-1823:
-----------------------------
Attachment: DERBY-1823-2.diff
Attached new patch, DERBY-1823-2.diff, to correct errors in the map file.
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823-2.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/
User authentication and authorization extended examples section/paragraph
Posted by "Francois Orsini (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536870 ]
Francois Orsini commented on DERBY-1823:
----------------------------------------
Great changes Kim. I tested all the samples and they worked great.
The only minor nit based on the write-ups is that you don't need the Derby jars to compile the samples. They are just required to run them. There's also a little step issue with the network client samples when it comes to shutting down the server at the end, which you should not have to do - if you do then we should tell the user to restart the server before running the samples.
So I would change: (for embedded)
"Before you compile and run AuthExampleEmbedded.java, make sure that %DERBY_HOME%\lib\derby.jar (or $DERBY_HOME/lib/derby.jar) is in your classpath."
into -->
"Compile AuthExampleEmbedded.java
Before you run this program, make sure that %DERBY_HOME%\lib\derby.jar (or $DERBY_HOME/lib/derby.jar) is in your classpath."
and (for client-server)
"Before you compile these programs, make sure that %DERBY_HOME%\lib\derbyclient.jar (or $DERBY_HOME/lib/derbyclient.jar) is in your classpath.
Before you run these programs, start Derby as described in "Activity 4: Create and run a JDBC program using the client driver and Network Server" in Getting Started with Derby. After you run the programs, stop Derby as described in the same topic."
into -->
"Compile AuthExampleClient1.java and AuthExampleClient2.java"
Before you run these programs, make sure that %DERBY_HOME%\lib\derbyclient.jar (or $DERBY_HOME/lib/derbyclient.jar) is in your classpath,
then start Derby server as described in "Activity 4, step 2: Create and run a JDBC program using the client driver and Network Server" in Getting Started with Derby guide."
Another comment which is probably best treating in a separate JIRA is that we should probably document the fact that users can now use GRANT/REVOKE instead of Derby's non-standard built-in authorization implementation, but I would do this in a separate JIRA and at least point them to the Grant/Revoke documentation / samples.
See derby.database.sqlAuthorization property which was added as part of DERBY-464.
We could add something along these lines:
"For more information about user authorization, see "User authorizations" in the Derby Developer's Guide"
http://db.apache.org/derby/docs/dev/devguide/devguide-single.html#cdevcsecure36595
> Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1823
> URL: https://issues.apache.org/jira/browse/DERBY-1823
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Francois Orsini
> Assignee: Kim Haase
> Priority: Minor
> Attachments: DERBY-1823-2.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
> "User authentication example in a single-user, embedded environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
> "User authentication example in a client/server environment"
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.