Table of Contents

Introduction

JS7 offers has provision for two levels of integration with an Oracle DBMS:
- JS7 supports use of Oracle as the JS7 - Database.
- JS7 provides job templates for JS7 - JITL Database Jobs that can be used to access Oracle databases. For this scenario see the JS7 - How to make JITL Jobs connect to an Oracle database using Wallet® article.
For both scenarios users might prefer not to provide a user account and password for authentication with the DBMS from readable files..
- Use The use of passwords is considered insecure when passwords are stored in clear text in external files or in job parameters.
- JS7 enables JS7 - Use of Credential Store with JITL Jobs as an alternative way to store and to retrieve passwords.
- The Oracle Wallet® provides a credential store to connect to an Oracle database without specifying a user account and password from parameters or from readable files.

...

Configuring clients to use the External Password Store see, for example, http://docs.oracle.com/cd/B19306_01/network.102/b14266/cnctslsh.htm#CBHEHGCE
An introduction to the technical configuration in https://www.oracle.com/technetwork/database/enterprise-edition/wp-oracle-jdbc-thin-ssl-130128.pdf
Or as in a more condensed version from the Oracle-Base web site e.g. in https://oracle-base.com/articles/10g/secure-external-password-store-10gr2
The location of the docs depends on the specific Oracle version in use.

...

The wallet does not necessarily have to be created on the machine where the JOC Cockpit is located. The wallet preferably consists of a number of keystore and truststore files that can be copied from a remote machine to the server that hosts JOC Cockpit.

Typical commands to create for creating a wallet include, for example:

Code Block

title	Example how to set up a wallet
linenumbers	true

# create the wallet in an arbitrary location
mkstore -wrl /home/js7/wallet -create

# add credentials to the wallet; specify key, user account and password for database access
mkstore -wrl /home/js7/wallet/ -createCredential js7 some_account some_password

# check that the key has been added to the wallet
mkstore -wrl  /home/js7/wallet/  -listCredential

...

The Oracle PKI libraries are required and have to match the version of the Oracle DBMS and Oracle JDBC Driver.
The .jar files are offered provided by Oracle for download and are available from an Oracle Client installation, for example from:
- ORACLE_HOME/jlib/oraclepki.jar
- ORACLE_HOME/jlib/osdt_cert.jar
- ORACLE_HOME/jlib/osdt_core.jar
For on premises installations, store the Oracle PKI libraries in the JETTY_HOME/lib/user_lib directory of the JOC Cockpit installation directory.
When running JOC Cockpit containers for Docker® consider storing the Oracle PKI libraries in the JETTY_BASE/resources/joc/lib directory.

...

The Hibernate configuration file can may look like this:

Code Block

title	Example of a Hibernate configuration file
linenumbers	true
collapse	true

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<hibernate-configuration>
 <session-factory>
  <property name="hibernate.connection.driver_class">oracle.jdbc.OracleDriver</property>
  <property name="hibernate.connection.password"></property>
  <property name="hibernate.connection.url">jdbc:oracle:thin:@/js7?tns_admin=/home/js7/wallet</property>
  <property name="hibernate.connection.username"></property>
  <property name="hibernate.dialect">org.hibernate.dialect.Oracle12cDialect</property>
  <property name="hibernate.show_sql">false</property>
  <property name="hibernate.connection.autocommit">false</property>
  <property name="hibernate.format_sql">true</property>
  <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property>
  <property name="hibernate.connection.provider_class">org.hibernate.hikaricp.internal.HikariCPConnectionProvider</property>
  <property name="hibernate.hikari.maximumPoolSize">10</property>
 </session-factory>
</hibernate-configuration>

Note the empty elements that are used for the account and password. Do not delete these elements from the Hibernate configuration file.
The connection URL specifies js7 as the key for an entry in the wallet.
The URL parameter tns_admin URL parameter is used to specify the directory of the tnsnames.ora configuration file. JDBC Connections usually do not require this configuration file as connection details (Listener, Service Name, Service ID) are specified in the URL. However, due to use of the js7 wallet key in the URL, it is preferable that connection details are managed in a tnsnames.ora configuration file.
In the example above this file is located in the /home/js7/wallet directory that which is in fact is the directory where the wallet is located. This location is not authoritative as the file can reside in any directory that is accessible to JOC Cockpit.
Note that an sqlnet.ora configuration file is not used with the above setup for a JDBC connection.

...

The following example is not authoritative but is intended to explain a few basic settings:

Code Block

language	text
title	Example of a tnsnames.ora configuration file
linenumbers	true
collapse	true

# tnsnames.ora Network Configuration File: /home/js7/product/18.0.0/dbhomeXE/NETWORK/ADMIN/tnsnames.ora
# Generated by Oracle configuration tools.

JS7 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.11.0.99)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = JS7)
    )
  )

LISTENER_JS7 =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.11.0.99)(PORT = 1521))


ORACLR_CONNECTION_DATA =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
    (CONNECT_DATA =
      (SID = CLRExtProc)
      (PRESENTATION = RO)
    )
  )

...

Configure the location of the wallet by using a Java define like this:
-Doracle.net.wallet_location=/home/js7/wallet. This setting should point to the directory where the wallet files are located. This setting can be specified with one of the following options:
- specify the Java define with the jettyOptions setting of the joc_install_xml installer response file like this:
  <entry key="jettyOptions" value="-Doracle.net.wallet_location=/home/js7/wallet"/>
- alternatively, for Unix, use one of the following options:
  - specify the JAVA_OPTIONS environment variable before running the JOC Cockpit jetty.sh start script.
  - create/modify and make executable the /home/js7/.jocrc file, assuming that js7 is the JOC Cockpit run-time account. This file should export the JAVA_OPTIONS environment variable like this:
    export JAVA_OPTIONS="-Doracle.net.wallet_location=/home/js7/wallet"
  - add the JAVA_OPTIONS environment variable to the systemd service file, as described in the JS7 - systemd Service Files for automated Startup / and Shutdown with Unix Systems article.
- Further details can be found in the JS7 - How To - Apply Java Options article.

...

Space shortcuts

Page tree

Versions Compared

Old Version 28

New Version 29

Key

Introduction

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 28

New Version 29

Key

Introduction