Page History
Table of Contents |
---|
Introduction
- JS7 offers has provision for two levels of integration with an Oracle DBMS:
- JS7 supports use of Oracle as the JS7 - Database.
- JS7 provides job templates for JS7 - JITL Database Jobs that can be used to access Oracle databases. For this scenario see the JS7 - How to make JITL Jobs connect to an Oracle database using Wallet® article.
For both scenarios users might prefer not to provide a user account and password for authentication with the DBMS from readable files..
- Use The use of passwords is considered insecure when passwords are stored in clear text in external files or in job parameters.
- JS7 enables JS7 - Use of Credential Store with JITL Jobs as an alternative way to store and to retrieve passwords.
- The Oracle Wallet® provides a credential store to connect to an Oracle database without specifying a user account and password from parameters or from readable files.
...
- Configuring clients to use the External Password Store see, for example, http://docs.oracle.com/cd/B19306_01/network.102/b14266/cnctslsh.htm#CBHEHGCE
- An introduction to the technical configuration in https://www.oracle.com/technetwork/database/enterprise-edition/wp-oracle-jdbc-thin-ssl-130128.pdf
- Or as in a more condensed version from the Oracle-Base web site e.g. in https://oracle-base.com/articles/10g/secure-external-password-store-10gr2
- The location of the docs depends on the specific Oracle version in use.
...
- The wallet does not necessarily have to be created on the machine where the JOC Cockpit is located. The wallet preferably consists of a number of keystore and truststore files that can be copied from a remote machine to the server that hosts JOC Cockpit.
Typical commands to create for creating a wallet include, for example:
Code Block title Example how to set up a wallet linenumbers true # create the wallet in an arbitrary location mkstore -wrl /home/js7/wallet -create # add credentials to the wallet; specify key, user account and password for database access mkstore -wrl /home/js7/wallet/ -createCredential js7 some_account some_password # check that the key has been added to the wallet mkstore -wrl /home/js7/wallet/ -listCredential
...
- The Oracle PKI libraries are required and have to match the version of the Oracle DBMS and Oracle JDBC Driver.
- The .jar files are offered provided by Oracle for download and are available from an Oracle Client installation, for example from:
ORACLE_HOME/jlib/oraclepki.jar
ORACLE_HOME/jlib/osdt_cert.jar
ORACLE_HOME/jlib/osdt_core.jar
- For on premises installations, store the Oracle PKI libraries in the
JETTY_HOME/lib/user_lib
directory of the JOC Cockpit installation directory. - When running JOC Cockpit containers for Docker® consider storing the Oracle PKI libraries in the
JETTY_BASE/resources/joc/lib
directory.
...
The Hibernate configuration file can may look like this:
Code Block title Example of a Hibernate configuration file linenumbers true collapse true <?xml version="1.0" encoding="UTF-8" standalone="no"?> <hibernate-configuration> <session-factory> <property name="hibernate.connection.driver_class">oracle.jdbc.OracleDriver</property> <property name="hibernate.connection.password"></property> <property name="hibernate.connection.url">jdbc:oracle:thin:@/js7?tns_admin=/home/js7/wallet</property> <property name="hibernate.connection.username"></property> <property name="hibernate.dialect">org.hibernate.dialect.Oracle12cDialect</property> <property name="hibernate.show_sql">false</property> <property name="hibernate.connection.autocommit">false</property> <property name="hibernate.format_sql">true</property> <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property> <property name="hibernate.connection.provider_class">org.hibernate.hikaricp.internal.HikariCPConnectionProvider</property> <property name="hibernate.hikari.maximumPoolSize">10</property> </session-factory> </hibernate-configuration>
- Note the empty elements that are used for the account and password. Do not delete these elements from the Hibernate configuration file.
- The connection URL specifies
js7
as the key for an entry in the wallet. - The URL parameter
tns_admin
URL parameter is used to specify the directory of thetnsnames.ora
configuration file. JDBC Connections usually do not require this configuration file as connection details (Listener, Service Name, Service ID) are specified in the URL. However, due to use of thejs7
wallet key in the URL, it is preferable that connection details are managed in atnsnames.ora
configuration file. - In the example above this file is located in the
/home/js7/wallet
directory that which is in fact is the directory where the wallet is located. This location is not authoritative as the file can reside in any directory that is accessible to JOC Cockpit. - Note that an
sqlnet.ora
configuration file is not used with the above setup for a JDBC connection.
...
The following example is not authoritative but is intended to explain a few basic settings:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# tnsnames.ora Network Configuration File: /home/js7/product/18.0.0/dbhomeXE/NETWORK/ADMIN/tnsnames.ora # Generated by Oracle configuration tools. JS7 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.11.0.99)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = JS7) ) ) LISTENER_JS7 = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.11.0.99)(PORT = 1521)) ORACLR_CONNECTION_DATA = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) (CONNECT_DATA = (SID = CLRExtProc) (PRESENTATION = RO) ) ) |
...
- Configure the location of the wallet by using a Java define like this:
-Doracle.net.wallet_location=/home/js7/wallet
. This setting should point to the directory where the wallet files are located. This setting can be specified with one of the following options:- specify the Java define with the
jettyOptions
setting of thejoc_install_xml
installer response file like this:<entry key="jettyOptions" value="-Doracle.net.wallet_location=/home/js7/wallet"/>
- alternatively, for Unix, use one of the following options:
- specify the
JAVA_OPTIONS
environment variable before running the JOC Cockpitjetty.sh
start script. - create/modify and make executable the
/home/js7/.jocrc
file, assuming thatjs7
is the JOC Cockpit run-time account. This file should export theJAVA_OPTIONS
environment variable like this:export JAVA_OPTIONS="-Doracle.net.wallet_location=/home/js7/wallet"
- add the
JAVA_OPTIONS
environment variable to thesystemd
service file, as described in the JS7 - systemd Service Files for automated Startup / and Shutdown with Unix Systems article.
- specify the
- Further details can be found in the JS7 - How To - Apply Java Options article.
- specify the Java define with the
...
Overview
Content Tools