When working with both user authentication and user authorization, you need to understand how user names are treated by each system.
If an external authentication system is used, the conversion of the user's name to an authorization identifier does not happen until after authentication has occurred but before user authorization. Imagine, for example, a user named Fred.
Connection conn = DriverManager.getConnection( "jdbc:derby:myDB", "FRed", "flintstone");
derby.fullAccessUsers=sa,FRED,mary
Let's take a second example, where Fred has a slightly different name within the user authentication system.
Connection conn = DriverManager.getConnection( "jdbc:derby:myDB", "\"Fred!\"", "flintstone");
derby.fullAccessUsers=sa,"Fred!",manager
As shown in the first example, your external authentication system may be case-sensitive, whereas the authorization identifier within Derby may not be. If your authentication system allows two distinct users whose names differ by case, delimit all user names within the connection request to make all user names case-sensitive within the Derby system. In addition, you must also delimit user names that do not conform to SQL92Identifier rules with double quotes.