Database Reference
In-Depth Information
We also set the client identifier to the OS user name—that is a good handle for searching audit logs.
At this point we have a proxy session, and we can validate it with this query:
SELECT USER
, SYS_CONTEXT('USERENV','PROXY_USER')
, SYS_CONTEXT('USERENV','OS_USER')
, SYS_CONTEXT('USERENV','SESSION_USER')
, SYS_CONTEXT('USERENV','OS_USER')
, SYS_CONTEXT('USERENV','IP_ADDRESS')
, SYS_CONTEXT('USERENV','TERMINAL')
, SYS_CONTEXT('USERENV','CLIENT_IDENTIFIER')
FROM DUAL;
This will return a series of identity values like this:
user : OSUSER
userenv proxy_user :
APPUSR
userenv current_user : OSUSER
userenv session_user : OSUSER
userenv os_user : OSUser (occasionally OrgDomain\OSUser)
userenv ip_address : 127.0.0.1
userenv terminal : unknown
userenv client_id : OSUSER
In our Oracle proxy session, the
USER
,
CURRENT_USER
, and
SESSION_USER
also are set to
OSUSER
. Oracle
database saw that our OS user from JDBC was
OSUser
, as shown for the
OS_USER
session environment
value.
Finally, we connected as
appusr
, which allows proxying through by
OSUSER
, so we see
APPUSR
as the
PROXY_USER
. If you look at the code of
OraSSOTests
, you'll see that we connect as
appusr
:
private String appusrConnString =
"jdbc:oracle:thin:
appusr
/password@localhost:1521:orcl";
conn = (OracleConnection) DriverManager.getConnection( appusrConnString );
So we connected as
appusr
, but after establishing our proxy session, you can see that our user is
OSUSER
.
We close our proxy connections with a bit different syntax:
conn.close( OracleConnection.PROXY_SESSION );
In this context (the
doTest2()
method), the effect is the same as the standard
conn.close()
, but for
cached connections/connection pools this new syntax only closes the current session but keeps the
connection available for others.
PROXY USER VERSUS PROXY USER NAME
Unfortunately, Oracle has used the words “proxy user” for both sides of the “connect as user” and “proxy
through user” relationship. Proxy user,
proxy_user
, is the Oracle user that connects to the database as in
our session environment,
SYS_CONTEXT( 'USERENV',
'PROXY_USER'
)
. And
PROXY_USER_NAME
is the name
of the user getting access through the proxy user as when we set up our
proxy connection,