Enabling user authentication

If you use NATIVE authentication, you do not need to set the derby.connection.requireAuthentication property. When you create a database with NATIVE authentication, simply specify a username and password, and that user becomes the database owner.

If you do not use NATIVE authentication, you must set the derby.connection.requireAuthentication property to true to enable user authentication; if you do not set this property, Derby does not require a user name and password. You can set this property as a system-wide property or as a database-wide property. For a multi-user product, you would typically set it for the system in the derby.properties file for your server, since it is in a trusted environment.

Note: If you start a Derby system with user authentication enabled but without defining at least one user, you will not be able to shut down the system gracefully. When Derby is running in a connectivity server and user authentication is turned on, stopping the server requires a user name and password. You will need to alter shutdown scripts accordingly.

Note: Additionally, if you create and start a Derby system with user authentication and SQL authorization both enabled, or plan to enable them later, you should make sure you create the database by connecting as the user that is to become the database owner. If you neglect to supply a user when the database is created, the database owner will by default become "APP". If you later enable both authentication and SQL authorization and "APP" is a not valid user name, you will not be able to perform operations restricted to the database owner, including shutting down the database (as opposed to the full system which may currently be shut down by any authenticated user, see previous note). Nor will you be able to (re)encrypt the database nor perform a full upgrade of it.
Related concepts
Using NATIVE authentication
Defining users
External directory service
Programming applications for Derby user authentication
Related reference
List of user authentication properties