Grouper Users - Open Discussion List

[Tom Poage <>]

Right, I’m trying to find some Hibernate, Grouper-ish, beans, ... way to 
inject the settings below.

Have used the OCI driver previously on other projects. Yes, it uses external 
files to configure these details e.g. sqlnet.ora. Because the OCI driver uses 
native libraries, it involves making those available to the container, 
effectively LD_LIBRARY_PATH, plus adding proprietary environment variables. 
The thin driver is pure Java, so doesn’t need/use this.

I do see examples that are close e.g.

http://stackoverflow.com/questions/26432019/oracle-connection-encryption-and-connection-poling

and this gets directly addresses the issue, but the question remains 
unanswered:

https://forum.hibernate.org/viewtopic.php?f=1&t=949890

I know the database server supports this (“Oracle Advanced Security”). Oracle 
also supports a form of “SSL” but that involves changing the database server 
(not to mention I often get blank stares on the mention of certificates). One 
could use IPsec, but mention of that often invokes a similar response. :-)

All I want to do is protect data in motion. LDAP is a no-brainer. It’s the DB 
connection.

Thanks!
Tom.

> On Dec 7, 2016, at 8:11 PM, Hyzer, Chris 
> <>
>  wrote:
> 
> You can specify the Oracle connect URL, and any other hibernate properties. 
>  Not sure if hibernate has settings for those things.  Doesnt the server 
> require security and the client just does it?  Or maybe the oci client has 
> more options without having to pass properties to the driver?
> 
> Thanks
> Chris  
> 
> 
> From: 
> 
>  
> <>
>  on behalf of Tom Poage 
> <>
> Sent: Wednesday, December 7, 2016 7:42 PM
> To: 
> 
> Subject: [grouper-users] JDBC provider-specific properties?
>  
> Grouper Newbie. Knowledge of Hibernate ancient.
> 
> I’ve poked around the Grouper and Hibernate source, a bit of Googling and 
> come up short. Can one (and where) wire in properties specific to a JDBC 
> provider?
> 
> Specifically, Oracle thin driver encryption/integrity, cf.
> 
> https://docs.oracle.com/database/121/JJDBC/clntsec.htm#JJDBC28313
> 
> With the connection pool would be a plus!
> 
> Bits of analogous Java:
> 
> OracleDriver dr = new OracleDriver();
> String url = 
> "jdbc:oracle:thin:@ldap://....ucdavis.edu:389/...,cn=OracleContext,dc=ucdavis,dc=edu”;
> Properties props = new Properties();
> ...
> props.setProperty("oracle.net.encryption_client", "REQUIRED");
> props.setProperty("oracle.net.encryption_types_client", 
> "(AES256,AES192,AES128,3DES168)");
> props.setProperty("oracle.net.crypto_checksum_client","REQUIRED");
> props.setProperty("oracle.net.crypto_checksum_types_client","(SHA1)");
> ...
> OracleConnection conn = (OracleConnection) dr.connect(url,props);
> 
> Would these have to be set as system/container properties?
> 
> Thanks!
> Tom.