Database Reference
In-Depth Information
We indicate what pager to send in the
PAGERID
argument and what the message will be in the
MESSAGE
argument. After we create a new
URL
instance with this address, we call its
getContent()
method
to “browse” the web address. At that point, the web server with the paging application has responded to
the
GET
method, and if no exception is thrown, we can continue on with returning the value of the
USE_PAGER
constant.
Listing 9-27.
Distribute the Code to Pager, distribToPagerURL()
private static final int distribToPagerURL( String twoFactorAuth,
String pagerNo )
{
int distribCode = 0;
try {
URL u =
new URL( baseURL + pagerNo + msgURL + twoFactorAuth )
;
u.
getContent
();
distribCode += USE_PAGER
;
} catch ( Exception x ) {}
return distribCode;
}
This method is the most likely to require special editing to be functional in your organization. You
will have to research how page messages are sent to your corporate pagers, if at all. Even if you do not
have pagers, this code may serve as an example of how you might send the two-factor codes to some
other web service.
Distributing the Code to E-Mail
Our
distribToEMail()
method is not only similar, but also almost identical to the
distribToSMS()
method, except that the recipient in this case is the user's e-mail address. I'm leaving out the code, but
the message resembles this:
From:
response@org.com
To:
OSUSER@org.com
Subject: Response
1234-5678-9012
If successful, we return the value of the
USE_EMAIL
constant.
Testing Two-Factor Authentication
In this section, we again draw on all our resources to demonstrate and test two-factor authentication
along with everything else we have discussed so far. We will test our two-factor authentication by using
the code we have been examining to generate and transmit two-factor authentication codes. In order to
experience this fully, you will need to enter your pager, cell phone, and/or e-mail addresses in the
database, as we described. Alternatively, you can query the database to select the generated two-factor
codes from the
appsec.v_two_fact_cd_cache
view.
If you haven't been executing the SQL commands we've been exploring throughout this chapter as
we discussed them, you will need to open the
Chapter9
folder and the files
Sys.sql
,
SecAdm.sql
,
AppSec.sql
, and
HR.sql
and execute those commands as the appropriate user. You can execute them in