JDBC Dynamic Credential with proxy users

Similar Messages

• Weblogic & JNDI Data Source with proxy user.

  We're trying to use Oracle proxy user authentication on a data source configured in WebLogic 10.3.6, however, we want to approach it in a programatic way. So we want to obtain the DataSource, and set the proxy related properties inside the application.
  We came up with the following snippet:
  Hashtable<String, Object> env = new Hashtable<String, Object>();
  env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
  env.put(Context.PROVIDER_URL, "t3://10.1.1.10:7003");
  env.put(Context.SECURITY_PRINCIPAL, "weblogic");
  env.put(Context.SECURITY_CREDENTIALS, "weblogic");
  Context context = new InitialContext(env);
  javax.sql.DataSource ds = (javax.sql.DataSource) context.lookup("ds_puser");
  OracleConnection oconn = (OracleConnection) ds.getConnection();
  The problem comes up when we try to cast the connection to OracleConnection, the thing is that the returned type is actually a 1036_WLStub.
  How can we avoid that type or cast to it to something useful? I found this reference on Oracle forums and he's being able to cast it directly:
  Re: My problem in using weblogic Datasource and proxy user
  Can someone help us out?
  Thanks a lot in advance!
  Edited by: 990800 on 27-feb-2013 13:26

  A DataSource is an Interface. What the code gets from the jndi tree is some concrete object that
  the code doesn't need to know the name of, or anything specific about it, as long as it implements
  the DataSource Interface, which it successfully casts to, to allow calling the methods defined in the
  DataSource Interface. If you call for a plumber, you don't need to know his name as long as you
  can get a plumber, and can call the "Fix this leak" method, defined in the Plumber Interface.

• Configure Oracle Forms with Proxy user

  Hi Everyone,
  We have successfully enabled SSO with OAM, OID and used proxy user on the RAD config for forms and reports as described in thie doc: http://docs.oracle.com/cd/E14571_01/web.1111/e10240/sso.htm#BABBEFGJ
  Our problem is our forms user account has been prefixed with 'ops$' and we don't want to use 'ops$' for our OID useraccount. Is there a way to remap or prefix an OID user and tell form to use it to connect to DB using a proxy user? E.g.:
  1. OID user - scott
  2. DB user/Form user - ops$scott
  3. Proxy user - midtier
  Any insights is greatly appreciated.

  Hello,
  Open the Canvas editor, then select the menu : Edit -> Import -> Images...
  Then, you can have a background image in your canvas.
  Francois

• [SOLVED]JDBC Dynamic credentials problem

  Hello everyone. I have been trying to implement Steve Muench example 14 about JDBC Dynamic Credentials on my own web app., I am using Jdeveloper 10.1.3.2 and JSF/ADF.
  The thing is that the JDBC dynamic credential works well but when I enter a non-existant username/password the login.jsp page sends me to the main.jsp page and in the table that I have placed there (in the main.jsp page) it shows "Access Denied". Is there any way to tell the app. to redirect the users to the login.jsp page if they try to acces other parts of the app. and they are not logged in???, or is it thay I am missing something from the Steve Muench's example???
  I have been cheking the "DynamicJDBCBindingFilter.java" code and, if I understand correctly ('cause I consider myself a newbe), the "super.doFilter(request, response,chain)" is suppoused to throw an exception if the authentication fails and the "catch" code then sends the user to the login.jsp page... but for some reason this doesn't work!!!
  Can anybody help me on this one please?
  Thanks.
  * By the way, no errors are thrown!
  Message was edited by:
  dragonov7

  Hi Frank, thanks for your response. That same idea crossed my mind but the thing is that the line "super.doFilter(request, response,chain);" is supouseded to throw an exception if it fails to do its job but for some reason it does not... I have placed a "System.out.printline("XXX");" line inmediatly after the "catch" statement to see if an exception is thrown but apparently it doesn't, so I can't set a flag if I don't know for sure if the process ended well (or wrong).
  I think I'll clear my mind for 1 hour and start all over again... maybe I am missing something...

• Error when connect proxy user

  i using ODP.NET connect to oracle database with proxy user, when i connect with a password not correct then i can't again connect with password correct after.
  string[] cs = new string[2];
  cs[0] = "Data Source=orcl;User Id=user1;Password=pass1;"+
  "Proxy User Id=proxyuser;Proxy Password=pass;Pooling=true";
  cs[1] = "Data Source=orcl;User Id=user1;Password=pass2;"+
  "Proxy User Id=proxyuser;Proxy Password=pass;Pooling=true";
  using (OracleConnection oc = new OracleConnection(cs[0]))
  try
  oc.Open();
  catch (OracleException ex)
  oc.Close();
  using (OracleConnection oc = new OracleConnection(cs[1]))
  try
  oc.Open();
  catch (OracleException ex)
  oc.Close();
  using (OracleConnection oc = new OracleConnection(cs[0]))
  try
  oc.Open();
  catch (OracleException ex)
  oc.Close();
  Part 3: always wrong. it can't open
  Please help me.
  Message was edited by:
  bvnhan

  Hi,
  I tested the following and got the expected results (doenst connect). I'm using 10.2.0.2 ODP, and got the same behavior pointing to 9206 db and 10.2.0.2 db.
  I did a quick check and dont see any obvious related bug fixes in ODP, but if you're not using 10.2.0.2 ODP, you might want to try that.
  Here's exactly what I tested.
  Cheers
  Greg
  CODE
  ==========================
  drop user proxyacct cascade;
  drop user puser1 cascade;
  create user proxyacct identified by pass;
  create user puser1 identified by pass;
  grant connect, resource to proxyacct;
  grant create session to puser1;
  ALTER USER puser1 GRANT CONNECT THROUGH proxyacct AUTHENTICATED USING PASSWORD;
  using System;
  using System.Data;
  using Oracle.DataAccess.Client;
  public class testproxy
  public static void Main()
  string goodstring ="data source=orcl;user id=puser1;password=pass;proxy user id=proxyacct;proxy password=pass";
  string badstring = "data source=orcl;user id=puser1;password=;proxy user id=proxyacct;proxy password=pass";
  using (OracleConnection oc = new OracleConnection(goodstring))
  try
       oc.Open();
       Console.WriteLine("con1 connected");
  catch (OracleException ex)
       Console.WriteLine("exception caught1 " + ex.Message);
  using (OracleConnection oc = new OracleConnection(badstring))
  try
       oc.Open();
       Console.WriteLine("con2 connected");
  catch (OracleException ex)
       Console.WriteLine("exception caught2 " + ex.Message);
       // still need this to work around the problem
       // of next connection getting the same error this one did
       OracleConnection.ClearPool(oc);
  using (OracleConnection oc = new OracleConnection(goodstring))
  try
       oc.Open();
       Console.WriteLine("con3 connected");
  catch (OracleException ex)
       Console.WriteLine("exception caught3 " + ex.Message);
  MY OUTPUT
  ===============================
  con1 connected
  exception caught2 ORA-28183: proper authentication not provided by proxy
  con3 connected

• How to pass Proxy user dynamically in Toplink proxy authentication?

  Hi,
  I'm using Toplink Proxy Authentication with my ADF JSF application and want to pass the Proxy user dynamically to the preLogin(..) method of mySessionEventListener (Currently proxy user is hard coded).
  This is to make my application user as the Proxy user.
  I have tried to do this in two ways:
  1) In my Login screen Backing Bean, I retrieve the session as
  session = sessionFactory.acquireSession(); and set the application user in it as
  session.setProperty("proxyUser1", inputText1.getValue());
  But,
  session.getProperty("proxyUser1") returns null in the preLogin(..) method
  2) I add a loginUser property to the mySessionEventListener class and create a constructor to set it.
  Then I call the constructor from my Login Backing Bean as
  mySessionEventListener eventMgr = new mySessionEventListener(<proxy_user>);
  session.getEventManager().addListener( eventMgr );
  But, the loginUser property seeems to be transient and does not retain value when retrieved in preLogin(..) method.
  Please indicate if anything is wrong. Also, is there any other way to get this done?
  Thanks in advance.
  Vikas

  Hi Vikas,
  Probably your sessions.xml defines a ServerSession, and acquireSession method returns a ClientSession. ServerSession is the object that connects to the database, it may have any number of ClientSessions associated with it - all of them use connections provided by ServerSession's connection pools.
  So if you'd like to alter the serverSession before login, acquireSession is too late - it triggers login of the ServerSession and returns a ClientSession.
  To get the ServerSession before login:
  // the first param indicates that the session shouldn't be connected
  Session serverSession = sessionFactory.getSharedSession(false, false);Now you have a serverSession on which login hasn't been called yet.
  You can set the property into the session, or directly into its login.
  In fact you may choose to do whatever you wanted to do in preLogin right here - in this case no preLogin event would be required of course.
  Finally to get a ClientSession, call the same api did:
  // the first param indicates that the session shouldn't be connected
  Session clientSession = sessionFactory.getSession();On the first such call the ServerSession will be connected.
  Note that because all the ClientSessions will connect through the connections provided by the same ServerSession they will all use proxyUser1.
  If you are interested in using different proxy users for different ClientSessions http://www.oracle.com/technology/products/ias/toplink/doc/1013/main/_html/dblgcfg008.htm#BABDABCF lists several scenarios for that.
  Andrei

• Is proxy user list dynamic?

  Hi all,
  I don't know if this post is in the right place. Think it is client (8.x) related...
  Situation
  We are currently about to begin moving a large number of users to newly created postoffices. The users will be moved from Groupwise 8.0.2HP3 to Groupwise 12.0.1 (Build Date: 09-06-12). In a test environment we've moved users from one post office to the other and the proxy user list seems to be static.
  Question
  Is there a way to change the proxy list automatically? I mean the one under the online button.
  Any help greatly appreciated.
  With kind regards,
  Joost Brenters
  CNV

  On 4/4/2013 6:26 AM, laurabuckley wrote:
  >
  > Hi Joost,
  >
  > To the best of my knowledge the proxy list is static. If you move a
  > user you will need to manually remove them from the proxy list and
  > re-add them. I find the same thing with multi-user calendars.
  >
  > Cheers,
  >
  >
  Laura is correct - it's static and tends to break with moves.
  There is no dynamic or gwcheck process that checks all of these and
  rebuilds a list. The proxy list merely represents a snapshot in time. It
  may be incomplete, and it may also include accounts that no longer
  exists or to which access has been pulled. Think of the proxy list as a
  browser bookmark list, and you'll get the idea.

• How do i set the proxy user in FF 3.6.13, this entry was existing earlier its gone now. using IE with entries in user account pwds works while FF doesn't.

  How do i set the proxy user in FF 3.6.13.
  previous versions had an entry for proxy user.
  its gone now.
  using IE with entries in user account pwds works while FF doesn't.
  too bad have to change back to IE :-(

  You can find the connection settings in Tools > Options > Advanced : Network : Connection
  See "Firefox connection settings":
  *[[Firefox cannot load websites but other programs can]]

• HTTP to ABAP Proxy - Problem with "Current User" parameter

  Hi experts,
  We have a HTTP to ABAP proxy sceario, where I used an HTTP Destination to connect to the proxy.
  We're trying to use the option "Current User" in that destination in order to login to ECC with the same user that in PI adapter plain.
  The user exists i both systems, PI and ECC, with the same password.
  Checking that parameter we get the following error:
  <SAP:Error><SAP:Category>XIServer</SAP:Category><SAP:Code>INTERNAL.UNAUTHORIZED</SAP:Code><SAP:P1>401 </SAP:P1><SAP:P2>Unauthorized</SAP:P2><SAP:P3>(See attachment HTMLError for details)</SAP:P3></SAP:Error>
  We think that PI is not getting the password.
  Does aybody know how to do this?
  Thanks and regards,
  LUIS B.

  Hi Chirumamilla,
  If we put user and password in SM59 (unchecking "Current User") the commuication works without problems.
  We don't want to leave a user set there, beacuse we are looking to access to PI with different users and login to ECC with the same user.
  Thanks,

• Proxy User Authentication with SQL Developer

  Hello,
  I realized that there are 2 methods for configuring SQL Developer to user Proxy User Authentication.
  1) one-session method with Syntax:
  personaluser[appuser]
  2) two session-method with dialog "Proxy Connection"
  For me it is unclear, why anybody would want to use the two-session-method.
  a. you need username/password for both user acocunts (personaluser and appuser)
  b. it is unclear which operations in SQL Developer are using the personaluser account. It seems that the SQL Window is only using appuser account.
  What was the motivation to implement Two Session Method?
  Best regards,
  Martin

  I found the possibility that proxy authentication of both accounts can be enforced:
  SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
  I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
  Regards,
  Martin

• [OIM] Proxy User with groups

  Dear people,
  I have a scenario where there is a resource with an approval workflow, with 2 steps: in the first the Manager of the requester is the one who must approve. In the second step, a group is assigned as the one who has to make the approve.
  I give a proxy to the Manager and another proxy to one of the group members.
  When the workflow reaches the Manager approval step, it is automatically assigned to the proxy (what I expected).
  The problem arises when the workflow reaches the group approval step, the assignment is still made to the user that is member of the group, not to his proxy user. Is this an OIM limitation? Some workaround?
  Thanks!

  Hi,
  when we assign the task to a group then if the proxy user is the part of that particular group then he has that task automatically why to duplicate the task and if proxy user is not the memeber of the group then he is not authorize to have that task because he is not the member of that group. As user set him as proxy user for him not for group.
  I hope this answer your query....
  Regards
  Alabhya Goel

• Proxy user authentication with BC4J

  On my webapp i have a connections pool and a MyApplicationModule.
  I can obtain a OracleConnection instace by overriding the method prepareSession()
  into the application module.
  I need to associate the OracleConnection with the ApplicationModule object to execute my queries with the application module and the proxy user.
  The application module is created by this code:
  appMod = (MyApplicationModule)Configuration.createRootApplicationModule("xx.xxx.MyApplicationModule", "MyApplicationModuleLocalTest1");
  The prepareSession ovverride is done by this code:
  protected void prepareSession(Session session) {
  Statement st = null;
  try {
  st = getDBTransaction().createPreparedStatement("rollback",0);
  OracleConnection oConn = (OracleConnection)st.getConnection();
  Properties props = new Properties();
  props.put("PROXY_USER_NAME", "USERTEST");
  oConn.openProxySession
  (OracleConnection.PROXYTYPE_USER_NAME,props);
  catch (SQLException s) {
  //ignore
  finally {
  if (st != null) {
  try {
  st.close();
  catch (SQLException s) { }
  super.prepareSession(session);
  Tanks and sorry for my poor english.

  I found the possibility that proxy authentication of both accounts can be enforced:
  SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
  I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
  Regards,
  Martin

• Proxy user connectivity with thin driver

  Hi,
  The database I'm working use proxy user authentication. When I select oci8 as driver I can connect using the below login method:
  Host Name : username[proxy user]
  password : password
  but it shows as invalid username/password when I select the driver = THIN.
  What could be the reason behind this?
  thanks
  Edited by: Nadvi on Jul 9, 2010 1:52 PM

  Hi John,
  Thanks for your reply. The documentation says, proxy connectivity method is same both for THIN & OCI8 driver. But what I can see is Jdeveloper is somehow misinterpreting the proxy user name.
  Ie, Username[Proxy user] and the reason why it throws invalid username/password.
  But the same syntax works fine with sqlplus, or any other IDE.
  Can anybody guide me on this.
  Thanks

• Proxy user with limited privileges

  Hi Expert,
  Wanted to know if there is any way to restrict proxy user with certain privileges.
  For an example, If i'm logging in as fnadvi[scott]/password....in this certain circumstances, fnadvi would override all the privileges from SCOTT user.
  And can do insert/update/delete/select whatever under schema SCOTT.
  <quote>
  BANNER
  Oracle Database 11g Release 11.2.0.2.0 - 64bit Production
  PL/SQL Release 11.2.0.2.0 - Production
  CORE 11.2.0.2.0 Production
  TNS for Linux: Version 11.2.0.2.0 - Production
  NLSRTL Version 11.2.0.2.0 - Production
  </quote>
  Is there any way, that I can setup for user:fnadvi to select certain tables, update certain tables and so on?
  The default proxy user can do anything as SCOTT can do.
  Thanks

  Nadvi wrote:
  Hi Expert,
  Wanted to know if there is any way to restrict proxy user with certain privileges.
  For an example, If i'm logging in as fnadvi[scott]/password....in this certain circumstances, fnadvi would override all the privileges from SCOTT user.
  And can do insert/update/delete/select whatever under schema SCOTT.
  <quote>
  BANNER
  Oracle Database 11g Release 11.2.0.2.0 - 64bit Production
  PL/SQL Release 11.2.0.2.0 - Production
  CORE 11.2.0.2.0 Production
  TNS for Linux: Version 11.2.0.2.0 - Production
  NLSRTL Version 11.2.0.2.0 - Production
  </quote>
  Is there any way, that I can setup for user:fnadvi to select certain tables, update certain tables and so on?
  The default proxy user can do anything as SCOTT can do.
  ThanksThe short answer is NO.
  With Oracle everything is prohibited, except that which is explicitly GRANTED.

• OSB db-adapter: how to pass a proxy user or something like this?

  Hello, on OSB with a Oracle db-adapter, I'd like to do some database updates. Usually the db-adapter is set up with a technical database user.
  But on database side, this way I don't know exactly which user has been updating my table because only the technical user will be inserted into "Created_by" Column
  (select USER from dual ==> technical user).
  Now I thougt about using Proxy Users. But there exists some other Problems:
  - every proxy user has to be initially created in the database
  - how can I pass proxy user and technical user from OSB to the database?
  (using JCA, JNDI and JDBC Data Sources)
  ... on JDBC datasources I can only specify hard coded userid/password (--> technical user)
  Any help would be appreciated. Maybe some good white papers or tutorial exists in the web, but I can't finde a good one.
  Thanks
  Best regards

  You can pass in the adapter header property "jca.db.ProxyUserName". That way you can specify a user for each invoke.
  I got confirmation that OSB supports setting these properties. The sample adapters-db-201-MovieImages on soasamples.samplecode.oracle.com > Adapters shows working with header properties but with Mediator.
  Thanks
  Steve