If an external authentication system is used, the conversion of the user's
name to an authorization identifier does not happen until after authentication
has occurred but before user authorization. Imagine, for example, a
user named Fred.
- Within the user authentication system, Fred is known as FRed. Your
external user authorization service is case-sensitive, so Fred must always
type his name that way. Connection conn = DriverManager.getConnection(
"jdbc:derby:myDB", "FRed", "flintstone");
- Within the user
authorization system, Fred becomes a case-insensitive authorization identifier.
Fred is known as FRED.
- When specifying which users are authorized to access the accounting database,
you must list Fred's authorization identifier, FRED (which you can
type as FRED, FREd, or fred, since the system automatically
converts it to all-uppercase). derby.fullAccessUsers=sa,FRED,mary
Let's take a second example, where Fred has a slightly different name within
the user authentication system.
- Within the user authentication system, Fred is known as Fred!.
You must now put double quotes around the name, because it is not a valid SQL92Identifier.
( knows to remove
the double quotes when passing the name to the external authentication system.)
Connection conn = DriverManager.getConnection(
"jdbc:derby:myDB", "\"Fred!\"", "flintstone");
- Within the user
authorization system, Fred becomes a case-sensitive authorization identifier.
Fred is known as Fred!.
- When specifying which users are authorized to access the accounting database,
you must list Fred's authorization identifier, "Fred!" (which you must
always delimit with double quotation marks). derby.fullAccessUsers=sa,"Fred!",manager
As shown in the first example, your external authentication system may
be case-sensitive, whereas the authorization identifier within may
not be. If your authentication system allows two distinct users whose names
differ by case, delimit all user names within the connection request to make
all user names case-sensitive within the system.
In addition, you must also delimit user names that do not conform to SQL92Identifier rules
with double quotes.