Database Reference
In-Depth Information
about that order, but when you get about halfway through AppSec.sql , you will need to stop and execute
HR.sql before continuing as appsec .
You will also need to execute OracleJavaSecure.java in the Oracle database to create the Java
structure there. We will then run the class TestOracleJavaSecure on the client to accomplish all our
demonstrations and tests.
Updating OracleJavaSecure Java in Oracle
If you haven't already, edit the code for OracleJavaSecure.java to provide our company-specific
addresses for two-factor authentication. We saw this previously in Listing 9-17. Edit the code found in
the file named Chapter9/orajavsec/OracleJavaSecure.java .
private static String expectedDomain = "ORGDOMAIN";
private static String comDomain = "org.com";
private static String smtpHost = "smtp." + comDomain;
private static String baseURL =
" http://www.org.com/servlet/textpage.PageServlet? ACTION=2&PAGERID =";
private static String msgURL = "&MESSAGE=";
Load the new orajavsec/OracleJavaSecure.java code into Oracle database. You will be loading this
into the appsec schema, so you should be connected to Oracle Database as that user and don't forget to
set your role to appsec_role . Again, uncomment the top line that begins CREATE OR REPLACE AND RESOLVE
JAVA… and execute it in your SQL client (SQL*Plus, SQL Developer, JDeveloper, or TOAD). Remember to
set the role first. (This file will also be compiled and executed on the client, so re-comment the first line
before saving the file.)
You may also need to modify the environment of your SQL client in order to include an ampersand
in your URL string, as in the example baseURL , shown previously. Notice the ampersand between the
parameters for “ACTION=2” and “PAGERID=”. When some SQL clients see an ampersand like that, they
will assume it is a marker for a variable to be substituted on execution, in this case “&PAGERID”. Most
times that would be a good assumption, but not in this case and never with Java code that we are loading
into Oracle database. We can remedy this situation in one of two ways: we can use a different SQL client,
or even resort to using the loadjava utility, as described in Chapter 4. However, a simpler and more
immediate fix is to tell our SQL client not to do variable substitution with this simple command.
SET DEFINE OFF;
Editing the Test Code
We are going to execute a separate Java class, TestOracleJavaSecure , to test our two-factor
authentication. Edit the code near the top to set the appropriate password and connection string for the
appusr user.
Note You can find the code for the TestOracleJavaSecure class in the file
Chapter9/TestOracleJavaSecure.java .
 
Previous Page
Next Page
Expert Oracle and Java Security
Search WWH ::




Custom Search
Home