...

• JS7 has provision for two levels of integration with an Oracle DBMS:
  • JS7 supports use of Oracle as the JS7 - Database.
  • JS7 provides job templates for JS7 - JITL Database Jobs that can be used to access Oracle databases. For this scenario see the JS7 - How to make JITL Jobs connect to an Oracle database using Wallet® article.

• For both scenarios users might prefer not to provide a user account and password for authentication with the DBMS from readable files.

  • The use of passwords is considered insecure when passwords are stored in clear text in external files or in job parameters.
  • JS7 enables JS7 - Use of Credential Store with JITL Jobs as an alternative way to store and to retrieve passwords.
  • The Oracle Wallet® provides a credential store to connect to an Oracle database without specifying a user account and password from parameters or from readable files.

SOS does not accept any liability for use of JS7 with Oracle Wallet®. Configuration of Oracle Wallet® is the user's responsibility and can change based on the version of the DBMS. The following explanations offer an example how to integrate with Oracle 18c, the example is not authoritative and does not cover future versions of the DBMS. The database vendor's documentation offers authoritative instruction how to connect to Oracle Wallet® and how to analyze connection problems.

Oracle Wallet®

The Oracle Wallet® configuration is explained in the Oracle documentation. At the time of writing the following links are available:

• To configur clients to use the External Password Store see, for example, http://docs.oracle.com/cd/B19306_01/network.102/b14266/cnctslsh.htm#CBHEHGCE
• An introduction to the technical configuration in https://www.oracle.com/technetwork/database/enterprise-edition/wp-oracle-jdbc-thin-ssl-130128.pdf
• Or in a more condensed version from the Oracle-Base web site e.g. in https://oracle-base.com/articles/10g/secure-external-password-store-10gr2
• The location of the docs depends on the specific Oracle version in use.

...

• The Oracle PKI libraries are required and have to match the version of the Oracle DBMS and Oracle JDBC Driver.
• The .jar files are provided by Oracle for download and are available from an Oracle Client installation, for example from:
  • ORACLE_HOME/jlib/oraclepki.jar
  • ORACLE_HOME/jlib/osdt_cert.jar
  • ORACLE_HOME/jlib/osdt_core.jar
• For on premises installations, store the Oracle PKI libraries in the JOCJETTY_HOMEBASE/lib/ext/user_libjoc directory of the JOC Cockpit installation configuration directory.
• When running JOC Cockpit containers, consider storing the Oracle PKI libraries in the JETTY_BASE/resources/joc/lib directory.

...

The JOC Cockpit is configured to connect to an Oracle database using Hibernate. In addition, the locations location of Oracle configuration files and of the wallet have has to be specified.

Anchor
hibernate_cfg_xml hibernate_cfg_xml

Hibernate hibernate.cfg.xml Configuration File

...

• The Hibernate configuration file may look like this:
  
  

  Code Block
  title Example of a Hibernate configuration file linenumbers true collapse true
  <?xml version="1.0" encoding="UTF-8" standalone="no"?> <hibernate-configuration> <session-factory> <property name="hibernate.connection.driver_class">oracle.jdbc.OracleDriver</property> <property name="hibernate.connection.password"></property> <property name="hibernate.connection.url">jdbc:oracle:thin:@/js7@js7?TNS_ADMIN=/home/js7/wallet</property> <property name="hibernate.connection.username"></property> <property name="hibernate.dialect">org.hibernate.dialect.Oracle12cDialect</property> <property name="hibernate.show_sql">false</property> <property name="hibernate.connection.autocommit">false</property> <property name="hibernate.format_sql">true</property> <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property> <property name="hibernate.connection.provider_class">org.hibernate.hikaricp.internal.HikariCPConnectionProvider</property> <property name="hibernate.hikari.maximumPoolSize">10</property> </session-factory> </hibernate-configuration>

  
  
  

• Note the empty elements that are used for the account and password. Do not delete these elements from the Hibernate configuration file.
• The connection URL specifies js7 as as the key for an entry in the tnsnames.ora configuration file and in the wallet.
• The TNS_ADMIN URL parameter is used to specify the directory of the tnsnames.ora configuration file. JDBC Connections usually do not require this configuration file as connection details (Listener, Service Name, Service ID) are specified in the URL. However, due to use of the js7 wallet key in the URL, it is preferable that connection details are managed in a tnsnames.ora configuration file.
• In the example above this file is located in the /home/js7/wallet directory which is in fact the directory where the wallet is located. This location is not authoritative as the file can reside in any directory that is accessible to JOC Cockpit.
• Note that an sqlnet.ora configuration file is not used with the above setup for a JDBC connection.

...