Database Reference
In-Depth Information
Probably the most important thing to know here is that we need to establish new encryption keys
whenever we get a new connection, even if we are re-entering this same screen multiple times from the
OJSAdmin
menu. In order to assure we are cleaning up after ourselves, we call
closeConnection()
whenever we close this window. That happens in the
this_WindowClosing()
method shown in Listing
12-14. We also see in Listing 12-14 what we described about the
AddUser
class making itself invisible and
making the
OJSAdmin
menu screen visible again when done. Please use this approach as a template for
opening and closing connections and resetting encryption keys.
Listing 12-14.
Window Closing Method
private void this_windowClosing(WindowEvent e) {
OracleJavaSecure.
closeConnection()
;
parent.setVisible(true);
this.setVisible(false);
}
In addition to calling
resetKeys()
in the default constructor for
AddUser
, we get a new RSA key pair,
storing the exponent and modulus in static members. We also have static members in
AddUser
for the
artifacts of the DES secret password key. We set one artifact,
sessionSecretDESPassPhrase
to be null in
Listing 12-13. We test this static member later to see whether we need to re-acquire the secret password
key. If we are doing an update or insert before we do a select, then we may need to call an additional
stored procedure to exchange keys,
p_get_shared_passphrase
.
Each of the functional screens in our application requires that we connect to a specific Oracle
instance (
orcl
or
apver
) and that we connect as a specific user. The screens, instances, users, and roles
are listed in Table 12-1. Different users are required because each screen requires different security
privileges that we will acquire through different Oracle roles that are set based on the specific
application and proxy user. The role is set through our
getAAConnRole()
method and the
p_check_role_access
procedure. That procedure finds the relation between the application/proxy user
and the required role by querying the
appsec.v_application_registry
view. We need to insert the
relationship data shown in Listing 12-15 as the
appsec
user on the
orcl
instance.
Table 12-1.
OJSAdmin Functional Screen Users
Screen Class
Instance
User
Role
AddUser
orcl
appusr
hrview_role
AdminUsers
orcl
ojsaadm
ojs_adm_admin
AssignApp
orcl
ojsaadm
ojs_adm_admin
RegNewApp
apver
avadmin
appver_admin
PickAppManage
apver
avadmin
appver_admin
EditAppConns
apver
appver
{none}
Copy2NewVer
apver
appver
{none}
