Database Reference
In-Depth Information
The top half of Figure 10-2 illustrates the process of storing Oracle connection strings in a list for the
client application. All connection strings in the list on the client are maintained in encrypted form. The
first call the client application may make, at the top of Figure 10-2 is a call to put a new connection string
into the local list. This addition is only made locally on the client, and does not yet exist in the list stored
on Oracle database. Notice that we call an encryption function using the secret password key to encrypt
the connection string for storage.
The next call in Figure 10-2 that the client application may make is a call to
putAppConnections()
,
which stores the entire list of connection strings in the Oracle database. This process illustrates best our
use of different processing environments for different purposes. The individual columns of our
illustration are informative. The client application (far left column) calls functions in
OracleJavaSecur
—
this is Java calling Java.
OracleJavaSecure
calls Java stored procedures in the Oracle database, which
passes the call through to the Oracle JVM—Java running on Oracle database. We also have the need from
the Oracle JVM to call stored procedures and functions in Oracle (the far right column.) The two
columns labeled “Oracle Database” are one and the same Oracle instance, just called from different
directions.
In that process of storing the list of connection strings for the application in the Oracle database,
you can see that we decrypt each connection string. We build a new
HashMap
of decrypted connection
strings and we store them unencrypted in the Oracle database.
The bottom half of Figure 10-2 illustrates the acquisition of a specific Oracle connection for use by
the application. The client application asks
OracleJavaSecure.getAAConnRole()
for a connection that
uses a specific Oracle instance and user. Note that the connection string is only briefly decrypted for use
in creating the new
OracleConnection
. The
getAAConnRole()
method not only creates the
OracleConnection
, but also sets the role to the secure application role needed for access to the sensitive
application data. This
OracleConnection
with secure application role set is returned to the client
application for use.
