Built-in Derby users

Derby provides a simple, built-in repository of user names and passwords.

Important: Derby's built-in authentication mechanism is suitable only for development and testing purposes. It is strongly recommended that production systems rely on LDAP or a user-defined class for authentication. It is also strongly recommended that production systems protect network connections with SSL/TLS.

To use the built-in repository, set derby.authentication.provider to BUILTIN. Using built-in users is an alternative to using an external directory service such as LDAP.


You can create user names and passwords for Derby users by specifying them with the derby.user.UserName property.

Note: These user names are case-sensitive for user authentication. User names are SQL92Identifiers. Delimited identifiers are allowed:
Note: For passwords, it is a good idea not to use words that would be easily guessed, such as a login name or simple words or numbers. A password should be a mix of numbers and upper- and lowercase letters.
Related concepts
Enabling user authentication
Defining users
External directory service
Programming applications for Derby user authentication
Users and authorization identifiers
Related reference
List of user authentication properties