Configuring NATIVE authentication

Derby's simplest authentication mechanism is NATIVE authentication.

When you use NATIVE authentication, user names and encrypted passwords are stored in a database. You can specify a dedicated credentials database for this purpose, or you can store the credentials in the same database you use for your application data. The credentials are stored in the SYSUSERS system table of the database.

To configure NATIVE authentication, follow these steps.

  1. Use the SYSCS_UTIL.SYSCS_CREATE_USER system procedure to add credentials for the Database Owner. Remember that the Database Owner is the user who created the database.
  2. Add credentials for other users.
  3. Shut down the database, then reboot it. When the database reboots, NATIVE authentication is enabled.

For example, you can issue the following commands:

java org.apache.derby.tools.ij
ij version 10.11
ij> connect 'jdbc:derby:testdb;create=true;user=tquist';
ij> -- the Database Owner must be the first user you create
call SYSCS_UTIL.SYSCS_CREATE_USER( 'tquist', 'tquist' );
0 rows inserted/updated/deleted
ij> -- now add other users
call SYSCS_UTIL.SYSCS_CREATE_USER( 'thardy', 'thardy' );
0 rows inserted/updated/deleted
ij> call SYSCS_UTIL.SYSCS_CREATE_USER( 'jhallett', 'jhallett' );
0 rows inserted/updated/deleted
ij> call SYSCS_UTIL.SYSCS_CREATE_USER( 'mchrysta', 'mchrysta' );
0 rows inserted/updated/deleted
ij> -- shut down the database in order to turn on NATIVE authentication
connect 'jdbc:derby:testdb;shutdown=true';
ERROR 08006: Database 'testdb' shutdown.
ij> -- these connection attempts fail because of bad credentials
connect 'jdbc:derby:testdb;user=tquist';
ERROR 08004: Connection authentication failure occurred.  Reason: Invalid authentication..
ij> connect 'jdbc:derby:testdb;user=thardy;password=tquist';
ERROR 08004: Connection authentication failure occurred.  Reason: Invalid authentication..
ij> -- these connection attempts present good credentials, so they succeed
connect 'jdbc:derby:testdb;user=tquist;password=tquist';
ij(CONNECTION1)> connect 'jdbc:derby:testdb;user=thardy;password=thardy';
ij(CONNECTION2)> connect 'jdbc:derby:testdb;user=jhallett;password=jhallett';
ij(CONNECTION3)> connect 'jdbc:derby:testdb;user=mchrysta;password=mchrysta';
Related concepts
Configuring LDAP authentication
Specifying authentication with a user-defined class
Programming applications for Derby user authentication
Configuring Network Server authentication in special circumstances
Related reference
List of user authentication properties
Login failure exceptions with user authentication