You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-user@db.apache.org by Ashish Jain <as...@gmail.com> on 2010/11/04 11:19:36 UTC

Invalid authentication exception on enabling requireAuthentication=true

Hi Derby Team,

I am using Apache Geronimo which uses embedded derby as the default
database. Recently I tried to
enable authentication in derby by including a derby.properties file in with
content as
derby.connection.requireAuthentication=true.

Following this I had used system call's something as follows:
"CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.test','test123');"
to provide secure access to database.

Till this everything works fine.

Next I utilize the NetworkServerControl api to start and stop a Network
Server.  A Network Server
is created as follows--> NetworkServerControl(address, port). Start is fine.
However during network.shutdown()
I see the following exception:

java.sql.SQLException: Connection authentication failure occurred.
Reason: Invalid authentication..
        at org.apache.derby.impl.drda.NetworkServerControlImpl.
throwSQLException(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.
consolePropertyMessageWork(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.
consolePropertyMessage(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.
wrapSQLError(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.
readResult(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.shutdown
(Unknown Source)
        at org.apache.derby.drda.NetworkServerControl.shutdown(Unknown

This exception is legitimate since I do not provide any credentials to
create a Network Server and this also
helps to prevent server shutdown from any unauthorised personnel. I am able
to avoid this using the following
2 steps:

1) Add derby.user.test=test123 is derby.properties file.
2) create a Network Server Control object using
NetworkServerControl(address, port,"test","test123");

However I am not happy with this kind of solution  because of the following:
1) I had to set a system wide property that is "derby.user.test=test123".
2) The password appears in plain text.
3) I have to hard code the username/password while creating a
NetworkServerControl object.

How can I avoid the above situation so that I
a) do not need to  set password in plain text
b) do not need to  set system wide properties
c) No hard coding username/password while creating a network server control
object.

Kindly help!!

Thanks
Ashish

Re: Invalid authentication exception on enabling requireAuthentication=true

Posted by "Dag H. Wanvik" <da...@oracle.com>.

Ashish Jain <as...@gmail.com> writes:

> derby.connection.requireAuthentication=true.

Setting this property in derby.properties makes it a system-wide
property, cf. your issue with shutting down the server. You could also
make it a database level property (it would then only protect access for
that one database, but not server shutdown, I think). If you really want
a system level property for derby.connection.requireAuthentication=true,
you need to either use derby.properties or set a system wide property as
long as you stick with Derby's built-in users.

Note that Derby's built-in users system isn't recommended for
production, cf. the caveat in:

http://db.apache.org/derby/docs/10.6/devguide/cdevcsecure21547.html

Hope this helps,
Dag

>
> Following this I had used system call's something as follows:
> "CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.test','test123');"
> to provide secure access to database.
>
> Till this everything works fine.
>
> Next I utilize the NetworkServerControl api to start and stop a Network
> Server.  A Network Server
> is created as follows--> NetworkServerControl(address, port). Start is fine.
> However during network.shutdown()
> I see the following exception:
>
> java.sql.SQLException: Connection authentication failure occurred.
> Reason: Invalid authentication..
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> throwSQLException(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> consolePropertyMessageWork(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> consolePropertyMessage(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> wrapSQLError(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> readResult(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.shutdown
> (Unknown Source)
>         at org.apache.derby.drda.NetworkServerControl.shutdown(Unknown
>
> This exception is legitimate since I do not provide any credentials to
> create a Network Server and this also
> helps to prevent server shutdown from any unauthorised personnel. I am able
> to avoid this using the following
> 2 steps:
>
> 1) Add derby.user.test=test123 is derby.properties file.
> 2) create a Network Server Control object using
> NetworkServerControl(address, port,"test","test123");
>
> However I am not happy with this kind of solution  because of the following:
> 1) I had to set a system wide property that is "derby.user.test=test123".
> 2) The password appears in plain text.
> 3) I have to hard code the username/password while creating a
> NetworkServerControl object.
>
> How can I avoid the above situation so that I
> a) do not need to  set password in plain text
> b) do not need to  set system wide properties
> c) No hard coding username/password while creating a network server control
> object.
>
> Kindly help!!
>
> Thanks
> Ashish

--