Database Reference
In-Depth Information
Find Out Whether This Class Has Been Registered
If we have never seen this class before, then we will assume this is the initiation, and we will register a
new application by inserting the class in the
v_app_conn_registry
view. We find out if we have ever seen
this class before by selecting from the view where classes are registered with that same name and
version. The
p_count_class_conns
Oracle procedure accomplishes that for us. See Listing 10-29.
Listing 10-29.
Determine if the Application Class Is Already Registered
stmt = ( OracleCallableStatement )conn.prepareCall(
"CALL appsec.appsec_only_pkg.
p_count_class_conns
(?,?,?)" );
stmt.registerOutParameter( 3, OracleTypes.NUMBER );
stmt.setString( 1, className );
stmt.setString( 2, classVersion );
stmt.setInt( 3, 0 );
stmt.executeUpdate();
If it turns out that
p_count_class_conns
tells us there are no classes registered by that name /
version, then we go on to insert; otherwise we need to check if the class we just received is equal to the
class that we have registered by that name. If it's “equal,” we will overwrite the existing, stored
connsHash;
but if not equal, we are dealing with an imposter.
SOME DEVELOPER GOTCHA'S AND RESOLUTIONS
Unfortunately, our application developers can be victims of their own actions. If the developers change the
code of their inner class without changing the version number, this will cause our equality test to fail. In
that case, the developer should change both
serialVersionUID
and the
innerClassRevLvl
in his inner
class, register it through our processes, and create a new list of connection strings or copy the connection
strings from the previous version.
Another way the application developer might shoot himself in the foot, so to speak, is by moving his inner
class around in his code. For instance, if he moves his inner class outside the public class definition, it
becomes an outer class, or if he moves it out of the main body of the class into a method (a perfectly
acceptable move, technically), the package and hence the class name changes to reflect that move. In
these cases, the inner class will be seen as a new entity and registered, but won't have any associated
connection strings until the developer rebuilds the list for the new version. In this case, he cannot copy his
connection strings list from the previous version, because this is considered to be a new class, being found
in a new path (and it may even have the same version number as the previous class).
Get the Application ID Class and HashMap List of Connections
Back to the task at hand in
setDecryptConns()
, we call the
p_get_class_conns
stored procedure to get our
registered class and the
connsHash
associated with this class name and version. In Listing 10-30 we
handle the
connsHash
as a
BLOB
. You will recall that in the
t_app_conn_registry
table definition, we define
it as a
BLOB
; that allows us to store a
connsHash
object that is larger than 2K bytes. When we defined the
