You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-user@db.apache.org by Ashish Jain <as...@gmail.com> on 2010/11/04 11:19:36 UTC
Invalid authentication exception on enabling requireAuthentication=true
Hi Derby Team,
I am using Apache Geronimo which uses embedded derby as the default
database. Recently I tried to
enable authentication in derby by including a derby.properties file in with
content as
derby.connection.requireAuthentication=true.
Following this I had used system call's something as follows:
"CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.test','test123');"
to provide secure access to database.
Till this everything works fine.
Next I utilize the NetworkServerControl api to start and stop a Network
Server. A Network Server
is created as follows--> NetworkServerControl(address, port). Start is fine.
However during network.shutdown()
I see the following exception:
java.sql.SQLException: Connection authentication failure occurred.
Reason: Invalid authentication..
at org.apache.derby.impl.drda.NetworkServerControlImpl.
throwSQLException(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.
consolePropertyMessageWork(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.
consolePropertyMessage(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.
wrapSQLError(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.
readResult(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.shutdown
(Unknown Source)
at org.apache.derby.drda.NetworkServerControl.shutdown(Unknown
This exception is legitimate since I do not provide any credentials to
create a Network Server and this also
helps to prevent server shutdown from any unauthorised personnel. I am able
to avoid this using the following
2 steps:
1) Add derby.user.test=test123 is derby.properties file.
2) create a Network Server Control object using
NetworkServerControl(address, port,"test","test123");
However I am not happy with this kind of solution because of the following:
1) I had to set a system wide property that is "derby.user.test=test123".
2) The password appears in plain text.
3) I have to hard code the username/password while creating a
NetworkServerControl object.
How can I avoid the above situation so that I
a) do not need to set password in plain text
b) do not need to set system wide properties
c) No hard coding username/password while creating a network server control
object.
Kindly help!!
Thanks
Ashish
Re: Invalid authentication exception on enabling requireAuthentication=true
Posted by "Dag H. Wanvik" <da...@oracle.com>.
Ashish Jain <as...@gmail.com> writes:
> derby.connection.requireAuthentication=true.
Setting this property in derby.properties makes it a system-wide
property, cf. your issue with shutting down the server. You could also
make it a database level property (it would then only protect access for
that one database, but not server shutdown, I think). If you really want
a system level property for derby.connection.requireAuthentication=true,
you need to either use derby.properties or set a system wide property as
long as you stick with Derby's built-in users.
Note that Derby's built-in users system isn't recommended for
production, cf. the caveat in:
http://db.apache.org/derby/docs/10.6/devguide/cdevcsecure21547.html
Hope this helps,
Dag
>
> Following this I had used system call's something as follows:
> "CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.test','test123');"
> to provide secure access to database.
>
> Till this everything works fine.
>
> Next I utilize the NetworkServerControl api to start and stop a Network
> Server. A Network Server
> is created as follows--> NetworkServerControl(address, port). Start is fine.
> However during network.shutdown()
> I see the following exception:
>
> java.sql.SQLException: Connection authentication failure occurred.
> Reason: Invalid authentication..
> at org.apache.derby.impl.drda.NetworkServerControlImpl.
> throwSQLException(Unknown Source)
> at org.apache.derby.impl.drda.NetworkServerControlImpl.
> consolePropertyMessageWork(Unknown Source)
> at org.apache.derby.impl.drda.NetworkServerControlImpl.
> consolePropertyMessage(Unknown Source)
> at org.apache.derby.impl.drda.NetworkServerControlImpl.
> wrapSQLError(Unknown Source)
> at org.apache.derby.impl.drda.NetworkServerControlImpl.
> readResult(Unknown Source)
> at org.apache.derby.impl.drda.NetworkServerControlImpl.shutdown
> (Unknown Source)
> at org.apache.derby.drda.NetworkServerControl.shutdown(Unknown
>
> This exception is legitimate since I do not provide any credentials to
> create a Network Server and this also
> helps to prevent server shutdown from any unauthorised personnel. I am able
> to avoid this using the following
> 2 steps:
>
> 1) Add derby.user.test=test123 is derby.properties file.
> 2) create a Network Server Control object using
> NetworkServerControl(address, port,"test","test123");
>
> However I am not happy with this kind of solution because of the following:
> 1) I had to set a system wide property that is "derby.user.test=test123".
> 2) The password appears in plain text.
> 3) I have to hard code the username/password while creating a
> NetworkServerControl object.
>
> How can I avoid the above situation so that I
> a) do not need to set password in plain text
> b) do not need to set system wide properties
> c) No hard coding username/password while creating a network server control
> object.
>
> Kindly help!!
>
> Thanks
> Ashish
--