User-Defined Class

More DBA job interview questions and answers at http://dba.fyicenter.com/Interview-Questions/

(Continued from previous question...)

User-Defined Class

Set derby.authentication.provider to the full name of a class that implements the public interface org.apache.derby.authentication.UserAuthenticator.

By writing your own class that fulfills some minimal requirements, you can hook Derby up to an external authentication service other than LDAP. To do so, specify an external authentication service by setting the property derby.authentication.provider to a class name that you want Derby to load at startup.

The class that provides the external authentication service must implement the public interface org.apache.derby.authentication.UserAuthenticator and throw exceptions of the type java.sql.SQLException where appropriate.

Using a user-defined class makes Derby adaptable to various naming and directory services.

A very simple example of a class that implements the interface follows.

import org.apache.derby.authentication.UserAuthenticator;
import java.io.FileInputStream;
import java.util.Properties;
import java.sql.SQLException;
/**
* A simple example of a specialized Authentication scheme.
* The system property 'derby.connection.requireAuthentication'
* must be set
* to true and 'derby.connection.specificAuthentication' must
* contain the full class name of the overriden authentication
* scheme, i.e., the name of this class.
*
* @see org.apache.derby.authentication.UserAuthenticator
*/

public class MyAuthenticationSchemeImpl implements
UserAuthenticator {
private static final String USERS_CONFIG_FILE = "myUsers.cfg";
private static Properties usersConfig;

// Constructor
// We get passed some Users properties if the
//authentication service could not set them as
//part of System properties.
//
public MyAuthenticationSchemeImpl() {
}
/* static block where we load the users definition from a
users configuration file.*/

static {
/* load users config file as Java properties
File must be in the same directory where
Derby gets started.
(otherwise full path must be specified) */
FileInputStream in = null;
usersConfig = new Properties();
try {
in = new FileInputStream(USERS_CONFIG_FILE);
usersConfig.load(in);
in.close();
} catch (java.io.IOException ie) {
// No Config file. Raise error message
System.err.println(
"WARNING: Error during Users Config file
retrieval");
System.err.println("Exception: " + ie);
}
}
/**
* Authenticate the passed-in user's credentials.
* A more complex class could make calls
* to any external users directory.
*
* @param userName The user's name
* @param userPassword The user's password
* @param databaseName The database
* @param infoAdditional jdbc connection info.
* @exception SQLException on failure
*/
public boolean authenticateUser(String userName,
String userPassword,
String databaseName,
Properties info)
throws SQLException
{
/* Specific Authentication scheme logic.
If user has been authenticated, then simply return.
If user name and/or password are invalid,
then raise the appropriate exception.

This example allows only users defined in the
users config properties object.

Check if the passed-in user has been defined for the system.
We expect to find and match the property corresponding to
the credentials passed in. */
if (userName == null)
// We do not tolerate 'guest' user for now.
return false;
//
// Check if user exists in our users config (file)
// properties set.
// If we did not find the user in the users config set, then
// try to find if the user is defined as a System property.
//
String actualUserPassword;
actualUserPassword = usersConfig.getProperty(userName);
if (actualUserPassword == null)
actualUserPassword = System.getProperty(userName);
if (actualUserPassword == null)
// no such passed-in user found
return false;
// check if the password matches
if (!actualUserPassword.equals(userPassword))
return false;
// Now, check if the user is a valid user of the database
if (databaseName != null)
{
/* if database users restriction lists present, then check
if there is one for this database and if so,
check if the user is a valid one of that database.
For this example, the only user we authorize in database
DarkSide is user 'DarthVader'. This is the only database
users restriction list we have for this example.
We authorize any valid (login) user to access the
OTHER databases in the system.
Note that database users ACLs could be set in the same
properties file or a separate one and implemented as you
wish. */
//
if (databaseName.equals("DarkSide")) {
// check if user is a valid one.
if (!userName.equals("DarthVader"))
// This user is not a valid one of the passed-in
return false;
}
}
// The user is a valid one in this database
return true;
}
}

(Continued on next question...)

Other Job Interview Questions

• What is the Derby System ?
• IDEs and Multiple JVMs
• SQL Tips - Tricks of the VALUES Clause - Multiple Rows
• Authorization Identifiers, User Authentication, and User Authorization
• How to define Users?
• Multiple Connections from a Single Application
• How to avoid Deadlocks ?
• How to define Users?
• How to access Before and After Rows ?
• Deployment Options and Threading and Connection Modes
• More...