Built-in Derby users

Derby provides a simple, built-in repository of user names and passwords.

Important: Derby's built-in authentication mechanism is suitable only for development and testing purposes. It is strongly recommended that production systems rely on LDAP or a user-defined class for authentication. It is also strongly recommended that production systems protect network connections with SSL/TLS.

To use the built-in repository, set derby.authentication.provider to BUILTIN. Using built-in users is an alternative to using an external directory service such as LDAP.

derby.authentication.provider=BUILTIN

You can create user names and passwords for Derby users by specifying them with the derby.user.UserName property.

Note: These user names are case-sensitive for user authentication. User names are SQL92Identifiers. Delimited identifiers are allowed:

derby.user."FRed"=java

Note: For passwords, it is a good idea not to use words that would be easily guessed, such as a login name or simple words or numbers. A password should be a mix of numbers and upper- and lowercase letters.

Database-level properties
When you create users with database-level properties, those users are available to the specified database only.
System-level properties
When you create users with system-level properties, those users are available to all databases in the system.

Parent topic: Working with user authentication

Related concepts

Enabling user authentication

Defining users

External directory service

Programming applications for Derby user authentication

Users and authorization identifiers

Related reference

List of user authentication properties