When user authentication is enabled (which it is not by default), the user
requesting a connection must provide a valid name and password, which verifies against the
repository of users defined for the system. After authenticates
the user, it grants the user access to the system
but not necessarily access to the database made in the connection request.
In the system, access
to a database is determined by user
authorization.
For user authentication, allows
you to provide a repository of users in a number of different ways. For example,
you can hook up to
an external directory service elsewhere in your enterprise, create your own
directory service, or use 's
simple mechanism for creating a built-in repository of users.
's
built-in authentication mechanism is suitable only for development and testing
purposes. It is strongly recommended that production systems rely on an
external directory service such as LDAP or a user-defined class for
authentication. It is also strongly recommended that production systems protect
network connections with SSL/TLS.
You can define a repository of users for a particular database or for an
entire system, depending on whether you use system-wide or database-wide properties.
When user authentication
is enabled and uses
an external directory service, the architecture looks something like that
shown in the figure below.
user
authentication using an external service. The application can be a single-user
application with an embedded engine
or a multi-user application server.
This figure shows Derby
handling user authentication using an external service.
always runs embedded
in another Java application, whether that application is a single-user application
or a multiple-user application server or connectivity framework.
A database can be accessed by only one JVM at a time, so it is possible
to deploy a system in which the application in which is
embedded, not , handles
the user authentication by connecting to an external directory service.
The application provides the user authentication
using an external service. The application can be a single-user application
with an embedded engine
or a multi-user application server.
This figure shows the
application handling user authentication using an external service.