Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: JDBC provider-specific properties?

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: JDBC provider-specific properties?


Chronological Thread 
  • From: Tom Poage <>
  • To: "" <>
  • Subject: [grouper-users] Re: JDBC provider-specific properties?
  • Date: Thu, 8 Dec 2016 17:05:37 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:4h7NiRGrw/8t+G+bCEZ2e51GYnF86YWxBRYc798ds5kLTJ7yosSwAkXT6L1XgUPTWs2DsrQf2rGQ7vyrBTZIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSijewZb1/IA+2oAjeucUbjpVuIbstxxXUpXdFZ/5Yzn5yK1KJmBb86Maw/Jp9/ClVpvks6c1OX7jkcqohVbBXAygoPG4z5M3wqBnMVhCP6WcGUmUXiRVHHQ7I5wznU5jrsyv6su192DSGPcDzULs5Vyiu47ttRRT1jioMKjw3/3zNisFojKxVvg+vpwBxzYDXboGaNv1wfqLBct0VSmVMRdpRWDdEAo+gb4sDE+gMMOBFpIf9vVsOqh6+CBGyCuPozz9Dm2X43aog3OQuDw7NwQstH84AsHTMq9X6LqgSXv6uwanV0TrMculZ2Sn86IjTaBwuv+yDXa9pfMfX1EIhGQTFjlCKpozkOTOYzuQNs2mA4OV+T+KvjXQoqx1vrTS1wccskIbJipoOylDY7yp23IU1JdqmSEFle96kHp9QtyaUNodsXswiRGRotD49yr0co5G0YCwKx4o9yxHDbPyHdo6F6Q/gWuaJOTp0mWxpdbGlixqv70Ss1vfwW8eq3FpQsCZJj93BumgT2xHS9sSLVP5w80m91TuA0g3c8e9JLEA0mKfeNZEswL49moYWvEnMAyP7mkv7gaqSe0gn5uSl5OHqb7v4qZKeK4B5jx3xP6UwlcCjGeg0LwkDUmyB9eii1LDu8lf1TbdQgvEonaTUto3RK94Bqa6jGQBV154u6xahADei19QVhWIHLFdZeBKfkYTlIUzOL+zlAvilnVSskSxry+rYMbL8H5XBNnnDkLH/crZh80NQ1RQ/wNNF655JFL0NPOj/V0HvuNDCEBM1Lgi5z/7iCNpn14MeXWyPArWeMKPXqVKI+uwvI/GLZIAPtzbyNeMo5+PygnAkg1AdY6ip3YANZH+mA/tmPl2VYWDwjdcZDWcKog0+QfTliF2YVj5Tem6yULwm5j0iFYKmFpnMRpq2gLGa2Ce7H4ZWZnxdClySC3vodoOEW+sSZyKIJM9ujCAEWaa7R4A/yB6uqVyy970yZOXO/TAAuIimycN4/fb7lBcu+CZyAtjHlWyBUis8ymwSQCIu0bo6vFdw0Eyr0K5kjuZeGMAJof5FT1FpG4TbyrlGDNW6YgXIcdrBHEqoWtKvDjwZU9k9ysEPeABwF8j03UOL5DajH7JAz+/DP5cz6K+Jh3U=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Right, I’m trying to find some Hibernate, Grouper-ish, beans, ... way to
inject the settings below.

Have used the OCI driver previously on other projects. Yes, it uses external
files to configure these details e.g. sqlnet.ora. Because the OCI driver uses
native libraries, it involves making those available to the container,
effectively LD_LIBRARY_PATH, plus adding proprietary environment variables.
The thin driver is pure Java, so doesn’t need/use this.

I do see examples that are close e.g.

http://stackoverflow.com/questions/26432019/oracle-connection-encryption-and-connection-poling

and this gets directly addresses the issue, but the question remains
unanswered:

https://forum.hibernate.org/viewtopic.php?f=1&t=949890

I know the database server supports this (“Oracle Advanced Security”). Oracle
also supports a form of “SSL” but that involves changing the database server
(not to mention I often get blank stares on the mention of certificates). One
could use IPsec, but mention of that often invokes a similar response. :-)

All I want to do is protect data in motion. LDAP is a no-brainer. It’s the DB
connection.

Thanks!
Tom.

> On Dec 7, 2016, at 8:11 PM, Hyzer, Chris
> <>
> wrote:
>
> You can specify the Oracle connect URL, and any other hibernate properties.
> Not sure if hibernate has settings for those things. Doesnt the server
> require security and the client just does it? Or maybe the oci client has
> more options without having to pass properties to the driver?
>
> Thanks
> Chris
>
>
> From:
>
>
> <>
> on behalf of Tom Poage
> <>
> Sent: Wednesday, December 7, 2016 7:42 PM
> To:
>
> Subject: [grouper-users] JDBC provider-specific properties?
>
> Grouper Newbie. Knowledge of Hibernate ancient.
>
> I’ve poked around the Grouper and Hibernate source, a bit of Googling and
> come up short. Can one (and where) wire in properties specific to a JDBC
> provider?
>
> Specifically, Oracle thin driver encryption/integrity, cf.
>
> https://docs.oracle.com/database/121/JJDBC/clntsec.htm#JJDBC28313
>
> With the connection pool would be a plus!
>
> Bits of analogous Java:
>
> OracleDriver dr = new OracleDriver();
> String url =
> "jdbc:oracle:thin:@ldap://....ucdavis.edu:389/...,cn=OracleContext,dc=ucdavis,dc=edu”;
> Properties props = new Properties();
> ...
> props.setProperty("oracle.net.encryption_client", "REQUIRED");
> props.setProperty("oracle.net.encryption_types_client",
> "(AES256,AES192,AES128,3DES168)");
> props.setProperty("oracle.net.crypto_checksum_client","REQUIRED");
> props.setProperty("oracle.net.crypto_checksum_types_client","(SHA1)");
> ...
> OracleConnection conn = (OracleConnection) dr.connect(url,props);
>
> Would these have to be set as system/container properties?
>
> Thanks!
> Tom.




Archive powered by MHonArc 2.6.19.

Top of Page