Database Reference
In-Depth Information
Listing 9-29.
Set Secure Application Role from TestOracleJavaSecure
stmt = ( OracleCallableStatement )conn.prepareCall(
"CALL appsec.p_check_hrview_access(?,?,?)" );
stmt.registerOutParameter( 2, OracleTypes.NUMBER );
stmt.registerOutParameter( 3, OracleTypes.VARCHAR );
stmt.setString( 1, args0 )
;
stmt.setInt( 2, 0 );
stmt.setNull( 3, OracleTypes.VARCHAR );
stmt.executeUpdate();
errNo = stmt.getInt( 2 );
errMsg = stmt.getString( 3 );
if( errNo != 0 ) {
System.out.println( "Oracle error 1) " + errNo + ", " + errMsg );
} else if( args0.equals( "" ) ) {
System.out.println( "DistribCd = " + errMsg );
System.out.println( "Call again with 2-Factor code parameter" );
} else {
if( null != stmt ) stmt.close();
System.out.println( "
Oracle success
1)" );
OracleResultSet rs = null;
RAW sessionSecretDESPassPhrase = null;
RAW sessionSecretDESAlgorithm = null;
RAW sessionSecretDESSalt = null;
RAW sessionSecretDESIterationCount = null;
String locModulus = OracleJavaSecure.getLocRSAPubMod();
String locExponent = OracleJavaSecure.getLocRSAPubExp();
stmt = ( OracleCallableStatement )conn.prepareCall(
"CALL hr.hr_sec_pkg.
p_select_employees_sensitive
(?,?,?,?,?,?,?,?,?)" );
We report any errors coming back from the procedure. One definite potential error is the possibility
that the user has entered a wrong or old code, in which case a “DATA NOT FOUND” error will be
returned.
If there are no errors and we didn't have a two-factor code when we called, then we presume the
two-factor code was distributed, and we display the distribution code that was returned in the
errMsg
and ask the user to come again with their two-factor code. If they had a two-factor code when they
called, and no errors, then we assume the
p_check_hrview_access
succeeded, and the user's connection
has been granted the
hrview_role
and can proceed to read the data.
Our
TestOracleJavaSecure
class will execute the
p_select_employees_sensitive
procedure to
demonstrate that access has succeeded. You are, no doubt, all too familiar with that procedure.
Running the Tests and Observing the Results
To recap the requirements: To run the test, you must have created the tables, procedures, and grants
that we have described in this chapter. You will have inserted a record for your user ID in the
