Database Reference
In-Depth Information
C H A P T E R 12
Administration of Security
Now that we have built Oracle structures and Oracle and Java code, we will need to maintain the data
that keeps it running. Primarily, this data consists of users, proxy grants, application registrations, and
application connection strings. It has not been too difficult to execute SQL scripts to insert records for
one or two users, and one or two applications—especially while we are studying the issues and
requirements. But in a year or so, the steps to accomplish these tasks will be long forgotten, along with
the reasons for doing them.
However, if we can encapsulate the business rules, logic, and procedure steps in a user-friendly
application, we will have a much easier time adding new users and applications. In fact, once we have
done that, we will have developed a pretty handy interface, part of which we will provide as a template to
the application developers in our organizations, so that they can implement our security code.
A Security Administration Interface
When I talk about user-friendly applications, what I mean is actually well designed, simple GUIs.
The security administration interface we will be exploring in this chapter consists simply of a Login
screen, a Menu screen, and seven functional screens. The Login screen is where we expect the user to
enter a two-factor authentication code that we send him. It is this screen that we will provide as a GUI
template to other application developers so they can implement our security structures.

Note
Files for the security administration interface application can be found in the directory
Chapter12/orajavsec
.
The functional screens will walk the administrator through tasks such as editing employee and user
data (especially those elements that we use for single sign-on and two-factor authentication). There are
also functional screens for granting both administrative and application proxy privileges. We need to be
able to register a new application, and most of that process is done through the GUI. Then we want to
edit existing connection strings for an application, and occasionally copy connection strings from a
previous version of an application. All those functions are represented on screens in our GUI.
