Connecting Using SSL Authentication Without Username and Password
Hi,
We're on RedHat Linux 4.0 using 10.2.0.3 (server/client). We're trying to figure out a way to connect to the database using instantclient and JDBC-OCI and SSL authentication without using a username or password. According to the documentation this should be possible but no sample code is given.
LD_LIBRARY_PATH is set /opt/app/oracle/product/10.2.0/db_1/lib:/usr/lib:/home/oracle/instantclient where the instantclient was installed from the 10.2.0.1 client software
and we are using JDK version 1.6.0_03.
We're also referencing the following paper:
http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl_2007.pdf
We've got our client and server wallets configured and the sample code we tried looks like this:
import java.sql.*;
import java.sql.*;
import java.io.*;
import java.util.*;
import oracle.net.ns.*;
import oracle.net.ano.*;
import oracle.jdbc.*;
import oracle.jdbc.pool.*;
import java.security.*;
import oracle.jdbc.pool.OracleDataSource;
public static void main(String[] argv) throws Exception {
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
System.setProperty("oracle.net.tns_admin", "/opt/app/oracle/product/10.2.0/db_1/network/admin");
String url = "jdbc:oracle:thin:@orcl";
java.util.Properties props = new java.util.Properties();
props.setProperty("oracle.net.authentication_services","(TCPS)");
props.setProperty("javax.net.ssl.trustStore",
"/opt/app/oracle/product/10.2.0/db_1/admin/wallet/server/cwallet.sso");
props.setProperty("javax.net.ssl.trustStoreType","SSO");
props.setProperty("javax.net.ssl.keyStore", "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client/cwallet.sso");
props.setProperty("javax.net.ssl.keyStoreType","SSO");
props.put ("oracle.net.ssl_version","3.0");
props.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client)))");
System.out.println("At Here...");
OracleDataSource ods = new OracleDataSource();
//ods.setUser("scott");
//ods.setPassword("tiger");
ods.setURL(url);
ods.setConnectionProperties(props);
System.out.println("At Here1...");
Connection conn = ods.getConnection();
System.out.println("At Here2...");
Statement stmt = conn.createStatement();
ResultSet rset = stmt.executeQuery("select 'Hello Thin driver SSL "
+ "tester ' from dual");
while (rset.next())
System.out.println(rset.getString(1));
rset.close();
stmt.close();
conn.close();
When this code is compiled and run, the following error is thrown:
Exception in thread "main" java.sql.SQLException: invalid arguments in call
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
If a username and password is supplied, the code works. So does anyone have a working of using SSL to authenticate without supplying username/password?
Thanks
mohammed
Hi,
I just solved this. I noticed from another thread that I was not using the OCI driver (see below):
String url = "jdbc:oracle:thin:@pki14";
Once I changed it to:
String url = "jdbc:oracle:oci:@pki14";
The code worked perfectly. One more setting that you'll have to do is to create the user you want to connect as externally:
create user scott identified externally as
'CN=acme, OU=development, O=acme, C=US';
grant connect,create session to scott;
Note that the DN should be the same as the SSL certificate that you created in your wallet.
hth
mohammed
Similar Messages
-
Write code for authentication of username and password using struts
write code for authentication of username and password using session using struts with jdbc connection..
write code for authentication of username and
password using session using struts with jdbc
connection..and please, allow me to spoon feed you! -
SOAP URL without username and password
Hello Everyone,
its a synchronous SOAP - PI -ECC scenario .
I have created HTTP URL through sender agreement in integration for testing.
However, customer now wants HTTPS URL without Username and password in production URL. How do i create this .
Regards,
RaviHello,
However, customer now wants HTTPS URL without Username and password in production URL. How do i create this .
You can disable basic authentication for the sender SOAP Adapter by following William's reply in this thread
http://forums.sdn.sap.com/thread.jspa?threadID=236507
However, the authentication will be disabled for all SOAP Sender, so you should weigh-in the impacts of granting that request.
Hope this helps,
Mark
Edited by: Mark Dihiansan on Feb 13, 2012 3:51 AM -
I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???
I could do that, however when I select the icloud button (or whatever the heck it is) I am asked to enter the apple id and password. So if you are suppose to create another one for icloud you'd think it would give you the option at this point which would be logical.
-
Can I use the same icloud username and password for multiple phones?
I have 6 iphones and wanted to use Apple Configurator to install the same apps on all 6 phones. Some of the apps though, also require further installation by email. Can I use the same iCloud username and password for all 6 phones to download the apps and also to configure email or do I need to create 6 different Apple IDs?
If different people will be using these phones, you might be better off using the same Apple ID for the iTunes content...apps, music, etc. on each of these devices, but create different ID's for iCloud on each device. You can use one ID for the iTunes/App store, & a different ID for iCloud. That way, messages, notes, contacts, calendars, etc will be kept separate on each device.
-
DAD without username and password
I create a DAD without username and password.
I want to pass this parameters when I call my page login.
How can I do this?
Thanks.Maybe the Oracle Application Express (APEX) guys know more about it ..
-
Web service functions in SSO without username and password
Is there a way to use the Public Report Web Service functions when configured in SSO and without passing a username and password? I was able to try out the web service and make it work. As we all know, you need to pass a username and password for each web service call unless your reports can be accessed by guests. In an SSO + LDAP server configuration, there are cases in which you are not allowed to get the password. The password can not be decrypted.
Is there a way to still use web service? or do you need to use the url approach instead? But if you use the url approach then you may be limited to generating reports only.
I'm thinking there should be since if you are already logged in for SSO then you should be able to generate.
Any way to configure this?<i>When I access web reports from bw.</i>
i hope you are not talking about BEX web reports , since you have mentioned ITS.
Is it a standlone ITS or intergrated ITS?
can you post the url pattern here.
Regards
Raja -
Imqcmd without username and password everytime ...
hi *,
does anyone knoe how to use imqcmd without having to type username and password everytime?
when i do imqcmd -help i amgetting the following hint:
-passfile : Specify a file containing the administrator password.but i cant find anywhere (in sun documentation) how this pwd file must be structured.
regards chris
Edited by: cbrennsteiner on Oct 6, 2008 11:01 AMThere is a sample password file (password.sample) in the /etc directory. Depending on your install that is in:
<MQ_HOME>/etc
or
/etc/imq -
Configuring Basic Authentication with Username and password on BizTalk Schema Service
Hi,
I have published my schema as a webservice with WCF-BASICHTTP adapter in IIS 8.0.
I wanted to have a Basic Authentication(User name and password restriction).
I made the Receive location with Security mode as Transport and Transport Client Crediential Type as Basic.
I also set the Service in IIS with Basic Authentication only enabled.
But I don't know how to provide a UserName and Password Authentication.
Please provide your suggestions
Regards, Vignesh SHi,
Try & go through the below MSDN link as it explains configuring WCF BasicHttp adapter very well.
http://msdn.microsoft.com/en-us/library/bb246064(v=bts.80).aspx
HTH,
Sumit
Sumit Verma - MCTS BizTalk 2006/2010 - Please indicate "Mark as Answer" or "Mark as Helpful" if this post has answered the question -
Connection string without username and password
Hi,
I need to use DriverManager.getConnection() to connect to sql2000 use only dsn name; no user name and password allowed.
how do I do it?the main reason is we do not want to put password as clear text on the java code. the customer does not want to put the password at registry either.
Is there a way that we can store the password on the client side and just use the dsn name to connect to sql server?Still doesn't explain the problem.
As I already said, there are only two ways to connect to MS SQL Server, with a user/pwd or via windows authentication.
So if you must use the first then you must have a user/pwd somewhere. In that case it doesn't matter what the user wants unless they want to convince Microsoft to re-engineer MS SQL Server.
Windows authentication should solve the problem but you do need a windows user then. And you must use a driver that supports windows authentication.
If you must use the usr/pwd then the solution is to encrypt or other obfuscate the actual password. One way is to use an encrypted configuration file which contains the user and password. Then your application loads the file, decrypts it and extracts the values at run time. You will need to provide a separate encryption tool to create the file in the first place. -
Using a guest wi-fi network with changing username and password
I am trying to access a "guest user" wi-fi network at my office. For security purposes, the guest network username and password are changed periodically. The connection worked fine until the username and password changed. Is there any way to access the setup of a specific wi-fi network on the iPhone and update the user name and password? I would like to be able to do it without resetting ALL the networks used?
I tried to use "Forget Network" and then restored the connection, but it appears the iPhone retains the old username and password in memory.
Thanks!
liv3itupWell, I tried to duplicate what you talked about. I have my wireless here at home, and I chose, "Forget this network" and when I went to rejoin, it asked for a password. Many public networks take their username and password through the browser. Have you tried to open Safari to see if it will default to the username/password screen? I've used mine at hotels that change their access every 24 hours and if I try to log back on after the time, it defaults back to the login screen. That is the only solution that I can think of. And yes, if you go to settings and reset network settings, it will clear all of them.
-
How to configure JMS-Server to use username and password
Hi
Maybe this is a real stupid question, but please help me, I'm not very experienced using JMS:
I'm using JMS (provided by OC4J / Application Server 10.1.3). I configured a ConnectionFactory (without username and password) and a Queue and there is also a application, which successfully opens the JMS-Connections.
This works well as long as I do not provide a username und password in the ConnectionFactory (EnterpriseManager: OC4J/Admin/Services/JMS-provider...). If I do this, my application terminates with the following stacktrace:
javax.jms.JMSSecurityException: JMSServer[aplora2:12602]: failed to authenticate "myuser/mypassword", no such user.
at com.evermind.server.jms.JMSUtils.make(JMSUtils.java:1034)
at com.evermind.server.jms.JMSUtils.toJMSSecurityException(JMSUtils.java:1090)
at com.evermind.server.jms.JMSServer.getJMSServer(JMSServer.java:1237)
at com.evermind.server.jms.JMSServer.getJMSServer(JMSServer.java:1213)
at com.evermind.server.jms.InContainerProxy.getJMSServer(InContainerProxy.java:93)
at com.evermind.server.jms.EvermindConnection.<init>(EvermindConnection.java:103)
at com.evermind.server.jms.EvermindQueueConnection.<init>(EvermindQueueConnection.java:62)
at com.evermind.server.jms.EvermindQueueConnectionFactory.unprivileged_createQueueConnection(EvermindQueueConnectionFactory.java:98)
at com.evermind.server.jms.EvermindQueueConnectionFactory.access$000(EvermindQueueConnectionFactory.java:42)
at com.evermind.server.jms.EvermindQueueConnectionFactory$1.execute(EvermindQueueConnectionFactory.java:78)
at com.evermind.server.jms.InContainerProxy.doSecureOp(InContainerProxy.java:157)
at com.evermind.server.jms.EvermindQueueConnectionFactory.createQueueConnection(EvermindQueueConnectionFactory.java:75)
at com.evermind.server.jms.EvermindQueueConnectionFactory.createQueueConnection(EvermindQueueConnectionFactory.java:66)
at sam.model.messages.MessageManager.<init>(MessageManager.java:74)
where "myuser" and "mypassword" are the username and password I entered in the ConnectionFactory. (My Application certainly uses the same username and password)
I expected, that by entering username and password here I would configure my Queue to be protected by them. But obviously there are some very basic things I didn't understand. Can anyone give me a hint, how I can protect the (OC4J-) JMS-Server or the Queue by username and password?
Thanks for your help
Frank BrandstetterHey Frank -
Assuming you've set up users in the "Security Manager" for your application, you can specify what JNDI resources they can "read" (and thus also connect to) via the orion-application.xml file. Look at the following snippet from the orion-application.xml file:
<namespace-access>
<read-access>
<namespace-resource root="jms/firstQueue">
<security-role-mapping impliesAll="false" name="jmsSecurity">
<user name="scooter"/>
</security-role-mapping>
</namespace-resource>
</read-access>
<read-access>
<namespace-resource root="delme">
<security-role-mapping impliesAll="false" name="jmsSecurity">
<group name="messagingUsers"/>
</security-role-mapping>
</namespace-resource>
</read-access>
</namespace-access>
This would say that only the user "scooter" that you've set up would have access to the Queue whose JNDI name begins with jms/firstQueue. Anyone you've set up and added to a messagingUsers group would have access to any Queues whose JNDI name begins with "delme". (I'm honestly not sure what exactly this line does: <security-role-mapping impliesAll="false" name="jmsSecurity">)
This is the only way I've found to limit access to a particular Queue.
HTH.
Scott -
Unable to connect to 11.5.10 vision instance Invalid username and password
where using applications11.5.10.2 vision instance. We were able to connect to the database using sqlplus which means there must be nothing wrong with our connectivity. I've tried to logon to the applciations using the defauilt password w/c is operations/welcome.When I try to logon using ADI its giving me an error " Could not connect to the database Invalid Username and Password"
GWYUID: applsyspub/pub
FNDNAME:apps
I'm also using the latest version of ADI w/c is 7.2.4.10.27.
need help please on how to connect ADI to the Application
THanks,
ChaseCheck with your sysadmin. They may have setup a Server ID, which you will need to introduce to your database definition to complete the signon process.
-
Can anyone help me? I cannot sign in my iChat. I've been using iChat with same username and password with my Gmail account. Now, I cannot sign in my iChat, but I can still sign in my Gmail with the same username and password. Can someone advise me what to do?
Hi,
I am beginning to see more threads that suggest that something may be up with the Google Servers.
In iChat Menu > Preferences > Accounts > Server settings tab try changing the port to 443 (With SSL still selected)
It may be that in a couple of days the Google Servers will get back in sync.
10:25 PM Wednesday; June 29, 2011
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb( 10.6.8)
Mac OS X (10.6.7),
"Limit the Logs to the Bits above Binary Images." No, Seriously -
Im trying to listen to a book we downloaded from amazon. When we click on it it says we need to enter out audible username and password. I used my apple id username and password and it says it is not correct. I reset this and used it again and it still does not work. Any ideas?
Launch iTunes. From the menu bar click Store / View My Account then click Edit Payment Information.
Make sure the Security Code for you credit card is available and the expiration date is correct, then click Done.
Maybe you are looking for
-
Method of getting values from parameter ID to a form
Hi, Is it possible to get the value of a parameter ID from a FORM? If so, can you please give me the code to do it. Thanks Lilan
-
i have 3tb seagate goflex external hard drive.its brand new in package.i took it out of case and deleted partitions that were created by manufacturer.so now i have 2800 gigs.its formatted ntfs.will it work for late 2010 27" imac internal hard drive r
-
Multiple users on a single computer/synching device to more than one iTunes
Sorry if this has been asked before -- seems like it would be a common question. Our family has three iTunes users, and we each run off our own laptop, but there's a lot of overlap in the library and it's a huge waste of disk space. I'd like to achie
-
Problems with the correct Customizing of the Support Desk Rule 13200137
Hallo All, I have an issue with the rule 13200137. If I create the responsibility and assign a user, the Support Desk works well. The partner processing get the user of the created rule and fills the field "SupportDesk", with the assigned user. I tri
-
Highlight destination of drag and drop object
If drag an object in a drag and drop interaction to its destination, is it possible for the destination hotspot to highlight itself see screenshot: http://www.lshtm.ac.uk/dl/programme/sample/highlight.gif As you can see as I drag object 0.09 to its d