Database Reference
In-Depth Information
Get a List of Application Connection Strings: The Server Side
Here we are at that foreboding Oracle stored procedure with a dozen
IN
and
OUT
parameters,
p_get_app_conns
. But that is not what is notable about this procedure. Rather, the internal workings are
what we need to give attention to. However, even those are familiar.
If we pass SSO, then we deal with two-factor authentication. If the user did not submit a two-factor
code, we call the
f_send_2_factor
function, passing our validated user name and the
application_id
in
order to create, distribute and cache (store in a table) a two-factor code for this user in this application.
However, if the user did submit a two-factor authentication code, then we call the
f_is_cur_cached_cd
function, passing the validated user, the
application_id
and the two-factor code. If
the two-factor code equals the one cached for this user and this application, then we proceed to set
return values for the secret password key, and we call
f_get_crypt_conns
to return the encrypted list of
connection strings.
We will add
p_get_app_conns
to the
appsec_public_pkg
package since it gets called by any user using
our proxy connection. The core code from this procedure is displayed in Listing 10-46.
Listing 10-46.
Get List of Connection Strings to Return from Oracle,
p_get_app_conns
return_user :=
f_is_sso
( m_app_user );
IF( return_user IS NOT NULL )
THEN
IF( m_two_factor_cd IS NULL )
THEN
m_err_txt := appsec_only_pkg.
f_send_2_factor
( return_user, m_application_id );
ELSIF( appsec_only_pkg.
f_is_cur_cached_cd
( return_user, m_application_id,
m_two_factor_cd ) = 'Y' )
THEN
secret_pass_salt :=
app_sec_pkg.f_get_crypt_secret_salt( ext_modulus, ext_exponent );
secret_pass_count :=
app_sec_pkg.f_get_crypt_secret_count( ext_modulus, ext_exponent );
secret_pass :=
app_sec_pkg.f_get_crypt_secret_pass( ext_modulus, ext_exponent );
secret_pass_algorithm :=
app_sec_pkg.f_get_crypt_secret_algorithm(ext_modulus, ext_exponent);
m_crypt_connections := appsec_only_pkg.f_get_crypt_conns( m_class_instance )
;
ELSE
-- Wrong two-factor code entered
RAISE NO_DATA_FOUND
;
END IF;
app_sec_pkg.p_log_error( 0, 'Success getting App Conns, ' || return_user );
ELSE
app_sec_pkg.p_log_error( 0,
'Problem getting App Conns
, ' || return_user );
END IF;
There are a couple ways for this process to exit with a failure. If the user's connection/session fails to
pass our SSO requirements, then we log the error “Problem getting App Conns” and return without
sending a two-factor code. Something is seriously wrong with that user, and we don't want to deal with
him at all. If however the user is good (passes SSO) but he submits a bad or old two-factor code, then we
