Database Reference
In-Depth Information
We call either
p_set_proxy_through
or
p_drop_proxy_through
for each of the administrative proxy
users, depending on whether the check box is selected for that administrative proxy or not. In addition,
for the proxy user avadmin, we also call the procedures that go across the link to grant or revoke proxy,
ojsaadm.apver_usr_adm_pkg.p_set_apver_proxy_through
or
p_set_apver_proxy_through
, because this
proxy user is used on both instances.
If the
avadminCheckBox
is selected we run one more procedure,
p_grant_apver_appver_conns
, and if
not selected, we run
p_revoke_apver_appver_conns
. We will discuss those procedures in detail when we
get to the Register New Application screen. The procedures grant or revoke another role we will need at
that point.
Revoke User Access to Run Applications
When the administrative user selects a user on the Admin Users screen and then selects the Revoke User
Access button, the
revokeUserButton_actionPerformed()
method is called. The code that gets run in that
method drops all the proxies for the selected user on both instances. This code is shown in Listing 12-33.
We instantiate an ordinary
Statement
class,
stmt2
, which will support a query that returns a
ResultSet
. This is in addition to the
OracleCallableStatement
that we instantiate to call our stored
procedures. Similarly to the way we selected from
ojsaadm.instance_proxy_users
to set the
administrative proxy grant check boxes when an existing user is selected from our
userComboBox
; here
again, we select all the proxy users and only concern ourselves, as we walk through the
ResultSet
, with
those proxy grants that were made to the selected user. Then if the instance where we saw the proxy
grant is equal to “apver,” we call the stored procedure to revoke the proxy grant across the database link.
Otherwise, we call the stored procedure to revoke the proxy grant locally.
Listing 12-33.
Dropping all Administrative and Application Proxy Privileges
stmt2 = conn.createStatement();
rs = stmt2.executeQuery("SELECT INSTANCE, proxy, client " +
"FROM
ojsaadm.instance_proxy_users
");
while (rs.next()) {
if (rs.getString(3).
equalsIgnoreCase(userID)
) {
if (rs.getString(1).equalsIgnoreCase(
"apver"
)) {
stmt = (OracleCallableStatement)conn.prepareCall(
"CALL ojsaadm.apver_usr_adm_pkg.
p_drop_apver_proxy_through
(?,?)");
} else {
stmt = (OracleCallableStatement)conn.prepareCall(
"CALL sys.usr_role_adm_pkg.
p_drop_proxy_through
(?,?)");
}
stmt.setString(1, userID);
stmt.setString(2, rs.getString(1));
stmt.executeUpdate()
;
if (stmt != null) stmt.close();
}
}
if (rs != null) rs.close();
blankAll();
I considered writing this method a bit differently, only dropping those proxies that we know are
related to our applications, and you may want to rewrite this (calling both
p_drop_user
and
p_drop_apver_user
procedures to revoke the proxy grant to
appver
) if that is your goal. This method as
written will drop all application proxies, including the privilege to proxy through the
appver
user, which