Database Reference
In-Depth Information
Our Example Application Oracle SSO
We will examine this from the outside in; that is, from the application developers' point of view first.
After we explore what the developer needs to do, we'll discuss what changes we need to make to the
OracleJavaSecure
class in order to support the developers.
Use the Application Oracle Connection
Each application will make connections to different Oracle instances as different application user
accounts. That logic has to exist within the application. Our example application gets data from the
HR
schema as the
appusr
user, so we connect as that user in Listing 8-21.
Listing 8-21.
Application Oracle Connection Specification
String urlString = "jdbc:oracle:thin:
appusr
/password@localhost:1521:orcl";
Class.forName( "oracle.jdbc.driver.OracleDriver" );
OracleConnection conn =
(OracleConnection)DriverManager.getConnection( urlString );
Note
You can find this code in the file named
Chapter8/AppOraSSO.java.
Another approach, and one you would use if you were implementing a connection pool in the
OracleJavaSecure
class rather than in the client application, would
not
instantiate a connection in the
application; rather, you would simply pass the application-specific URL,
urlString
to
OracleJavaSecure
in order to configure the connection pool. And you would get back an
OracleConnection
from the pool
for use in your application. At least, that's how I would do it.
Get a Proxy Connection for SSO
Preferably, the developers can make a single method call to acquire a proxy connection that will
successfully pass the tests in our secure application role procedure. Let's call that method
setConnection()
. The application developer would call it like this:
conn = OracleJavaSecure.setConnection( conn );
This would overwrite the existing
conn
with the
OracleConnection
returned by that method. In
reality, remember that these are just references (pointers) to objects in memory, and there has been no
new instance of this object created, so the object pointer has not changed. We passed a reference to the
OracleConnection
from the application to
OracleJavaSecure
(everything resides in a single JVM.) Then
OracleJavaSecure
set the proxy session and the client identifier on that
OracleConnection
. When we go to
use it back in the application, those features are now part of our original
OracleConnection
. We can and
will just use the syntax shown in Listing 8-22.