The derby.authentication.provider property specifies the authentication provider for Derby user authentication.
Legal values include:
NATIVE authentication using credentialsDB, a dedicated database, to store user credentials. This value must be set by using system-wide Java Virtual Machine (JVM) properties or by using the derby.properties file; it cannot be set in the database by using the SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY system procedure. When this system-wide value is set, credentialsDB is used to authenticate all operations. Individual databases can override this directive by specifying their own value for derby.authentication.provider.
The value of credentialsDB must be a valid name for a database.
NATIVE authentication using credentialsDB for system-wide operations, but using an individual database's SYSUSERS system table to authenticate connections to that database. This value must be set by using system-wide JVM properties or by using the derby.properties file; it cannot be set in the database by using the SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY procedure.
An external LDAP directory service.
A user-defined class that provides user authentication.
For more information about these settings, see "Configuring NATIVE authentication" and "Configuring LDAP authentication" in the Derby Security Guide.
To enable any Derby user authentication setting other than NATIVE, you must set the derby.connection.requireAuthentication property to true. If you specify NATIVE authentication, Derby behaves as if the derby.connection.requireAuthentication and derby.database.sqlAuthorization properties were also set.
When using NATIVE authentication, you can also set the following related properties:
When using NATIVE authentication, the database owner calls the SYSCS_UTIL.SYSCS_CREATE_USER system procedure to create users, and can also call the following additional user management procedures:
When using NATIVE authentication, any user can call the SYSCS_UTIL.SYSCS_MODIFY_PASSWORD system procedure to change that user's password.
For more information about user authentication, see "Configuring user authentication" in the Derby Security Guide.
When using an external authentication service provider (LDAP), you must also set:
When using LDAP, you can set other LDAP-specific properties. See also:
Alternatively, you can write your own class to provide a different external authentication service. This class must implement the public interface org.apache.derby.authentication.UserAuthenticator and throw exceptions of the type java.sql.SQLException where appropriate. Using a user-defined class makes Derby adaptable to various naming and directory services. For example, the class could allow Derby to hook up to an existing user authentication service that uses any of the standard directory and naming service providers to JNDI.
derby.authentication.provider={ NATIVE:credentialsDB |
NATIVE:credentialsDB:LOCAL |
LDAP |
classProviderName }
No authentication.
-- system-wide property
derby.authentication.provider=NATIVE:MyCredsDB:LOCAL
-- database-wide property
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.authentication.provider',
'LDAP')
Static. For system-wide properties, you must reboot Derby for the change to take effect. For database-wide properties, you must reboot the database for the change to take effect.