Database Reference
In-Depth Information
Planning to Pass the Two-Factor Code as an Argument to Main
The entire code of the
TestOracleJavaSecure
class resides within the
main()
method. So, we simply run
the code from top to bottom when we call Java with this class from the command line. This is similar to
how we did testing in Chapter 7. Here, however, we will have to call the class two times. The first time,
we call it without any arguments. At the end of that call, if all goes as planned, a two-factor
authentication code will have been sent to our cell phone, pager, and e-mail.
Once we have received that code on any of our devices, and within 10 minutes, we can execute Java
again calling
TestOracleJavaSecure
, except this time we will include the two-factor code as an argument.
The two commands that we execute later will resemble these:
java TestOracleJavaSecure
java TestOracleJavaSecure 1234-5678-9012
If you don't have any devices or e-mail on which to receive two-factor authorization codes, you can
set the
isTesting boolean
to
true
in
OracleJavaSecure.java
and reload it in Oracle database. Then
recompile and run the commands given above. This will place a two-factor code in the
t_two_fact_cd_cache
table, even if no distribution devices are found. You may then get the generated
two-factor code from this query:
SELECT * FROM appsec.v_two_fact_cd_cache;
Arguments on the command line are delivered to the
main()
method as an array of
Strings
. We can
test for the presence of a two-factor code by testing if the
String
array length is greater than 0. We also
assure ourselves that the first element of the array is not
null
, as shown in Listing 9-28.
Listing 9-28.
Pass Two-Factor Code to TestOracleJavaSecure main() Method
public static void main( String[] args ) {
try {
// Passing 2-factor code in as argument on command line
String args0 = "";
if(
args.length != 0 && args[0] != null
) args0 = args[0];
args0 = OracleJavaSecure.checkFormat2Factor( args0 );
When the person enters the code he received on his cell phone, we want to make sure we put the
least amount of burden on him to understand our formatting rules. If he only types in the numeric
characters, leaving off the dashes, we want to accept that. If he appends other characters, like time and
date or whatever his phone displays, we should pick out our two-factor code, if readily available. We
send whatever he provides at the command prompt to the
OracleJavaSecure.checkFormat2Factor()
method. If you find other typographical errors are frequent, you might add some more intelligence to
that method.
Planning to Acquire the Secure Application Role
Whether or not we have a two-factor code, we call our Oracle procedure,
p_check_hrview_access
, for the
secure application role,
hrview_role
. If we do not have a two-factor code yet, we pass an empty string to
the procedure; otherwise, we pass the code. You are now familiar with reading procedures like this, in
Listing 9-29.
