Database Reference
In-Depth Information
first is our encrypted sensitive data update procedure, p_update_employees_sensitive , from Chapter 7.
The second is a new update procedure in the hr_public_pkg package for data in the hr.v_emp_mobile_nos
view, p_update_emp_mobile_nos shown in Listing 12-21.
In Listing 12-24, we see the code used to call the p_update_employees_sensitive procedure. We pass
the current employee ID to indicate which employee we are updating. Notice that we set parameters
eight and nine to the encrypted values of the salary and commission percent fields. We also take the
formatted date entered for hire date and parse it using the hDateFormat.parse() method into a
java.util.Date , then convert it into a java.sql.Date to pass to the Oracle stored procedure for update. If
no entry exists in the Hire Date field, we submit the current date to the procedure. One of the user-
interface protections we enforce in AddUser is that the application user may not edit the hire date of an
existing employee.
Note This process removes time significance from the hire date. We are doing that just for simplicity here.
Listing 12-24. Update Employee Data
stmt = (OracleCallableStatement)conn.prepareCall(
"CALL hr.hr_sec_pkg. p_update_employees_sensitive (?,?,?,?,?,?,?,?,?,?,?,?,?)");
stmt.registerOutParameter(12, OracleTypes.NUMBER);
stmt.registerOutParameter(13, OracleTypes.VARCHAR);
stmt.setInt(1, employeeID) ;
...
if (hireDateTextField.getText().equals("")) {
stmt.setDate(6, new java.sql.Date((new Date()).getTime()));
} else {
Date hDate = hDateFormat.parse(hireDateTextField.getText());
stmt.setDate(6, new java.sql.Date(hDate.getTime()));
}
stmt.setString(7, (String)jobIDComboBox.getSelectedItem());
stmt.setRAW(8, OracleJavaSecure.getCryptData(salaryTextField .getText()));
stmt.setRAW(9, OracleJavaSecure.getCryptData(commissionPctTextField .getText()));
...
stmt.executeUpdate();
We only call the p_update_emp_mobile_nos procedure in Listing 12-25 if we have selected an existing
employee and if the osUserIDTextField is not blank. We do not do any further data validation here, but
you may want to.
Note Adding an entry in the hr.v_emp_mobile_nos view does not equate to creating an Oracle user with the
user ID we entered in the view. However, we will need to create the Oracle user in order for that user to have
access to our applications. As a corollary situation, we may drop (delete) an Oracle user, but the entry in
hr.v_amp_mobile_nos will not be automatically deleted.
 
Previous Page
Next Page
Expert Oracle and Java Security
Search WWH ::




Custom Search
Home