Grouper Users - Open Discussion List

["Bee-Lindgren, Bert" <>]

I think that setting java properties may help, as I found the following in the decompiled source:

tempval = getSystemProperty("oracle.net.encryption_client", null);

If java properties don't get the job done, I think we'll have to create a grouper setting that allows JDBC or Oracle-JDBC Driver setup before hibernate uses it... Essentially make use of the setProperties API which does not seem accessible through hibernate properties.

---

From: <> on behalf of Tom Poage <>
Sent: Thursday, December 8, 2016 12:05 PM
To:
Subject: [grouper-users] Re: JDBC provider-specific properties?

 

Right, I’m trying to find some Hibernate, Grouper-ish, beans, ... way to inject the settings below.

Have used the OCI driver previously on other projects. Yes, it uses external files to configure these details e.g. sqlnet.ora. Because the OCI driver uses native libraries, it involves making those available to the container, effectively LD_LIBRARY_PATH, plus adding proprietary environment variables. The thin driver is pure Java, so doesn’t need/use this.

I do see examples that are close e.g.

http://stackoverflow.com/questions/26432019/oracle-connection-encryption-and-connection-poling

c3p0 - oracle connection encryption and connection poling ... stackoverflow.com I have been using c3p0 pool but I could not find any information on how to add connection properties such as shown below to a c3p0 connection pool configuration XML ...

and this gets directly addresses the issue, but the question remains unanswered:

https://forum.hibernate.org/viewtopic.php?f=1&t=949890

Hibernate Community &bull; View topic - Oracle encryption: connection properties

forum.hibernate.org

Hibernate Community Forums

I know the database server supports this (“Oracle Advanced Security”). Oracle also supports a form of “SSL” but that involves changing the database server (not to mention I often get blank stares on the mention of certificates). One could use IPsec, but mention of that often invokes a similar response. :-)

All I want to do is protect data in motion. LDAP is a no-brainer. It’s the DB connection.

Thanks!
Tom.

> On Dec 7, 2016, at 8:11 PM, Hyzer, Chris <> wrote:
>
> You can specify the Oracle connect URL, and any other hibernate properties.  Not sure if hibernate has settings for those things.  Doesnt the server require security and the client just does it?  Or maybe the oci client has more options without having to pass properties to the driver?
>
> Thanks
> Chris 
>
>
> From: <> on behalf of Tom Poage <>
> Sent: Wednesday, December 7, 2016 7:42 PM
> To:
> Subject: [grouper-users] JDBC provider-specific properties?
> 
> Grouper Newbie. Knowledge of Hibernate ancient.
>
> I’ve poked around the Grouper and Hibernate source, a bit of Googling and come up short. Can one (and where) wire in properties specific to a JDBC provider?
>
> Specifically, Oracle thin driver encryption/integrity, cf.
>
> https://docs.oracle.com/database/121/JJDBC/clntsec.htm#JJDBC28313

JDBC Client-Side Security Features - Oracle Help Center

docs.oracle.com

9 JDBC Client-Side Security Features. This chapter discusses support in the Oracle Java Database Connectivity (JDBC) Oracle Call Interface (OCI) and JDBC Thin drivers ...

>
> With the connection pool would be a plus!
>
> Bits of analogous Java:
>
> OracleDriver dr = new OracleDriver();
> String url = ""jdbc:oracle:thin:@ldap://....ucdavis.edu:389/...,cn=OracleContext,dc=ucdavis,dc=edu”; > Properties props = new Properties();
> ...
> props.setProperty("oracle.net.encryption_client", "REQUIRED");
> props.setProperty("oracle.net.encryption_types_client", "(AES256,AES192,AES128,3DES168)");
> props.setProperty("oracle.net.crypto_checksum_client","REQUIRED");
> props.setProperty("oracle.net.crypto_checksum_types_client","(SHA1)");
> ...
> OracleConnection conn = (OracleConnection) dr.connect(url,props);
>
> Would these have to be set as system/container properties?
>
> Thanks!
> Tom.