Database Reference
In-Depth Information
System.out.println( "Oracle success 1)" );
In our call to p_check_role_access, we do not have to test whether the two-factor authentication
code exists, though we do it here out of habit. You will recall that we are only doing two-factor
authentication in the initial application verification connection, not in each specific application
connection. We removed two-factor authentication from
p_check_role_access
and added it to our
application verification procedure to get the list of connection strings for an application,
p_get_app_conns
.
Rehashing the security chain to this point; the user must be granted proxy connect through the
application user account, and by extension, was granted access through the secure application role
associated with this application connection.
Get Encrypted Data with the Application Connection
The full demonstration of our application authentication is provided when we get encrypted data from
our application connection as shown in Listing 10-54.
Listing 10-54.
Test Getting Encrypted Data from Oracle
...
String locModulus = OracleJavaSecure.getLocRSAPubMod();
String locExponent = OracleJavaSecure.getLocRSAPubExp();
stmt = ( OracleCallableStatement )conn.prepareCall(
"CALL hr.hr_sec_pkg.p_select_employees_sensitive(?,?,?,?,?,?,?,?,?)" );
...
OracleJavaSecure.closeConnection();
We have seen this procedure call before, multiple times. The only difference here is that we are
using a connection that we got from our application verification list
Add More Application Connection Strings
A developer may have some call to use connections in her application that are not stored in the
connsHash
list that has been stored in Oracle Database. Those application strings can be added to the
local application connections list by calling
putAppConnString()
. This call can even overwrite existing
connection strings coming from the Oracle Database store (table), perhaps for testing against a new
Oracle instance or a development or acceptance instance:
putAppConnString( "Orcl", "appusr",
"password", "localhost", String.valueOf( 1521 ), true );
If a subsequent call to
putAppConnections()
is not made, then the modified connection strings list is
not stored in Oracle, and they are only seen by and used by the local client application. The plan is to call
putAppConnections()
once, to store the strings in the Oracle database, and from then on, to remove the
connection strings from the application and use only what is stored in the database. We will avoid
putting our connection strings into the application at all, and will make that process easy with the
administrative interface we build in Chapter 12.
