Database Reference
In-Depth Information
Note
Edit the code found in the file named
Chapter10/orajavsec/OracleJavaSecure.java
.
private static String expectedDomain = "ORGDOMAIN" ; // All Caps
private static String comDomain = "org.com";
private static String smtpHost = "smtp." + comDomain;
private static String baseURL =
We also have an embedded password in the
setAppVerConnection()
method and several more in the
main()
method. Change each of those to the appropriate password for
appver
and other users. Also
change other connection string components in
setAppVerConnection()
and each
putAppConnString()
method call: the server name, port number, and instance name.
Get New Structures into Oracle
Load the new
orajavsec/OracleJavaSecure.java
code into Oracle Database. Again, uncomment the top
line that begins “CREATE OR REPLACE AND RESOLVE JAVA…” and execute it in your SQL client
(SQL*Plus, SQL Developer, JDeveloper, or TOAD). Remember to set the role and set define off, if using a
SQL client that tries to do variable substitution, as documented in the comments:
// First
// SET ROLE APPSEC_ROLE;
// Also having ampersands in the code without substitution variables
// SET DEFINE OFF;
// To run in Oracle, search for and comment @Suppress
Next, execute all the commands in
AppSec.sql
and
SecAdm.sql
files. Execute the commands in that
order, because of dependencies in
SecAdm.sql
.
Note
You can find these scripts in the files named
Chapter10/AppSec.sql
and
SecAdm.sql
.
Review Steps of Testing
In order to test our application authentication, we are going to take the following steps:
•
Set our application context: application ID, inner class, and two-factor code.
Call
getAppConnections()
to get our list of connection strings for this application—
the first time will register our application.
•
Call
putAppConnections()
to upload our list of connection strings to Oracle.
•
Call
getAppAuthConn()
to get a specific connection for use in this application.
•
•
Use the connection to get data from Oracle.