If you use an external authentication system such as LDAP, the conversion of
the user's name to an authorization identifier happens after
authentication has occurred but before user authorization has occurred.
Imagine, for example, a user named Fred.
- Within the user authentication system, Fred is known as
FRed. Your external user authorization service is
case-sensitive, so Fred must always type his name that way.
Connection conn = DriverManager.getConnection(
"jdbc:derby:myDB", "FRed", "flintstone");
- Within the user
authorization system, Fred becomes a case-insensitive authorization identifier.
Fred is known as FRED.
Let's take a second example, where Fred has a slightly different name within
the user authentication system.
- Within the user authentication system, Fred is known as
Fred!. You must now put double quotes around the name, because
it is not a valid SQL92Identifier.
( knows to remove the
double quotes when passing the name to the external authentication system.)
Connection conn = DriverManager.getConnection(
"jdbc:derby:myDB", "\"Fred!\"", "flintstone");
- Within the user
authorization system, Fred becomes a case-sensitive
authorization identifier. Fred is known as Fred!.
As shown in the first example, your external authentication system may
be case-sensitive, whereas the authorization identifier within
may not be. If your
authentication system allows two distinct users whose names differ by case,
delimit all user names within the connection request to make all user names
case-sensitive within the
system. In addition,
you must also delimit user names that do not conform to
SQL92Identifier rules with double quotes.