Database Reference
In-Depth Information
AUTHID CURRENT_USER
AS
just_os_user VARCHAR2(40);
backslash_place NUMBER;
BEGIN
I'm leaving out the bulk of the body of this procedure here, but I wanted to point out the section
that is specifically used for two-factor authentication, shown in Listing 9-16. If we have passed SSO and
other connection tests, then we enter this code. If the user did not pass us a two-factor authentication
code, then we call the
f_send_2_factor
function. Otherwise, we test the two-factor code to see if it passes
muster by calling the
f_is_cur_cached_cd
function. If the two-factor code is good, we set the secure
application role; however, if not we let them know by raising a
NO_DATA_FOUND
exception: they entered
the wrong code, or perhaps just an old (older than 10 minutes) code.
Listing 9-16.
Secure Application Role Procedure Body, p_check_hrview_access
THEN
IF( two_factor_cd IS NULL OR two_factor_cd = '' )
THEN
m_err_txt := f_send_2_factor
( just_os_user );
ELSIF(
f_is_cur_cached_cd
( just_os_user, two_factor_cd ) = 'Y' )
THEN
EXECUTE IMMEDIATE
'SET ROLE
hrview_role';
ELSE
-- Wrong or Old 2_factor code. Could return message in M_ERR_TXT,
-- or this will get their attention.
RAISE NO_DATA_FOUND
;
END IF;
END IF;
Notice that when we call
f_send_2_factor
, we set
m_err_txt
to the return value. That is so we can
pass the distribution code (summary of what devices the two-factor code is delivered to) coming out of
f_send_2_factor
back to the client.
Update OracleJavaSecurity.java for Two-Factor Authentication
There are several updates and additions we will make to
OracleJavaSecure.java
to support two-factor
authentication. The biggest addition will be a new method to distribute the two-factor authentication
codes,
distribute2Factor()
. We will discuss that method at length.
We see how to set some static member variables to hold the specific addressing data we intend to
use. We also explore the individual methods that send two-factor codes to SMS devices, pagers, and e-
mail.
Setting Some Company-Specific Addresses
Several settings in
OracleJavaSecure.java
are specific to your corporate implementation of two-factor
authentication: the DNS domain name within your organization, the host name that handles mail
routing for your company, and perhaps a web application URL from which text pager messages can be
