<< Configuring security in an embedded environment | Enabling user authentication >>

Derby user authentication using an external service

Derby Developer's Guide

also strongly recommended that production systems protect network connections with
SSL/TLS.

You can define a repository of users for a particular database or for an entire system,
depending on whether you use system-wide or database-wide properties.

When Derby user authentication is enabled and Derby uses an external directory service,
the architecture looks something like that shown in the following figure. The application
can be a single-user application with an embedded Derby engine or a multi-user
application server.

Figure 12.

Derby user authentication using an external service

Derby always runs embedded in another Java application, whether that application is a
single-user application or a multiple-user application server or connectivity framework.

A database can be accessed by only one JVM at a time, so it is possible to deploy a
system in which the application in which Derby is embedded, not Derby, handles the
user authentication by connecting to an external directory service. The application can
be a single-user application with an embedded Derby engine or a multi-user application
server. The following figure shows this kind of deployment.

Figure 13.

Application user authentication using an external service