grouper-users - [grouper-users] Re: JDBC provider-specific properties?
Subject: Grouper Users - Open Discussion List
List archive
- From: "Bee-Lindgren, Bert" <>
- To: Tom Poage <>, "" <>
- Subject: [grouper-users] Re: JDBC provider-specific properties?
- Date: Fri, 27 Jan 2017 16:56:44 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:OZf1EhynQQcLoorXCy+O+j09IxM/srCxBDY+r6Qd0usTKPad9pjvdHbS+e9qxAeQG96Kt7QZ1KGH6ujJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMizexe7N/IRe5oQjVq8UdnJdvJLs2xhbVuHVDZv5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnMURGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LpwRRT2lCkIKSI28GDPisxxkq1bpg6hpwdiyILQeY2ZKeZycr/Ycd4cWGFPXNteVzZZD428cYUBEvYBM+hboYnzpVQOrAexCga3Cez11jNEmmX70bEm3+khFwzNwQwuH8gJsHTRtNj5OrofXv6rw6XRyzvDbvVW1iry6IjSbB8hp+mAVq9tfMXP00kvCw3JhUiXpIP+ITyVzPgNv3KA4OV+S+2jkmonqwB3ojeyyccskJfGhoQOx1DD9CV53Jw5JdKiR05nf9GrDJtQuzuEOIRrX8MvWmdlszs0xL0BvJ60ZikKyJI/yh7favyIaJaH4gjlVOmLPTd3mmhpeLWlhxa96USg0fH8WdOo31ZJqSpFjMfDtmoD1xzX7ciGROFx8Vum2TaKzwzT7ftELloomqrfNZEt2KI/lp0WsUnFAyT4m132gbeLekk49eWk8evqb7f8qpKTK4N4kBzyPrgzlsCnH+g1MxUCU3Se9Oih27Du/kj0TKhEjvEqjKXUtY3WKMoHqqKkBgJY3Jgv5hm8Ajqj0NkVn3kKIVJAdR+IjYXkNEzCLfXlAfexnlihlDFmzO3cMLL7GJXCNH3Dna/hfblj705czxI+w8hD6pxTFr0MLuv/V1HoutDFFxM5NBe7zPj9BNV6y4MeRXmAAqiEMKPUrFCE/PovI/OLZI8JpjnyN+Ql5//pjX8/g1MderSp3YcTaHC/GfRmIF+VbmbrgtcECWsKvww+Q/L2iFCaTDJfe3m/U7gz6zw5Eo6rApvPSpqwjLCdwSu3BphWaXpHClCIH3fobYKEW/IUZS2JPMBhiCAEWaK6RIA/yx6irQv6y7thLuXJ9S0Yr4zs1N5u6u3UlBEy6SZ4D8uH3GGRUW57gmMISyUo069ivExx0k2D3rRgg/xECdxT4OtEUgggNZ7b0ux6E879WhjYcteUU1apXM+mASoqQ9I1wt8OeFp9G868ghzZ3iqqBaMVmKKRBJwy7K3cw2b9K9xjxHnbyalyx2UhF/dIMCWegadw+kCHG4DRlEyWmo63fqgVwi/WsmqP0DzK9AtXSgltSajfGG0Ea1HNhdX/+k7YSbKyU/IqPhYLgZqNMKxXctDzyEhdSe34ENXYf2+rnWqsX1CFyq7aP6TwfGBIlg/QBQ0gkgYf8myLM0x2LCq7vyiWWDZjD06paU7htO1/rn+0VEIy5waLcwtu3qa48R5TiPCBHaBAlokYsTss/m0nVG222MjbXp/Z/1Js
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
I think that setting java properties may help, as I found the following in the decompiled source: tempval = getSystemProperty("oracle.net.encryption_client", null);
If java properties don't get the job done, I think we'll have to create a grouper setting that allows JDBC or Oracle-JDBC Driver setup before hibernate uses it... Essentially make use of the setProperties API which does not seem accessible through hibernate properties.
From: <> on behalf of Tom Poage <>
Sent: Thursday, December 8, 2016 12:05 PM To: Subject: [grouper-users] Re: JDBC provider-specific properties? Right, I’m trying to find some Hibernate, Grouper-ish, beans, ... way to inject the settings below.
Have used the OCI driver previously on other projects. Yes, it uses external files to configure these details e.g. sqlnet.ora. Because the OCI driver uses native libraries, it involves making those available to the container, effectively LD_LIBRARY_PATH, plus adding proprietary environment variables. The thin driver is pure Java, so doesn’t need/use this. I do see examples that are close e.g. http://stackoverflow.com/questions/26432019/oracle-connection-encryption-and-connection-poling
and this gets directly addresses the issue, but the question remains unanswered: https://forum.hibernate.org/viewtopic.php?f=1&t=949890
I know the database server supports this (“Oracle Advanced Security”). Oracle also supports a form of “SSL” but that involves changing the database server (not to mention I often get blank stares on the mention of certificates). One could use IPsec, but mention of that often invokes a similar response. :-) All I want to do is protect data in motion. LDAP is a no-brainer. It’s the DB connection. Thanks! Tom. > On Dec 7, 2016, at 8:11 PM, Hyzer, Chris <> wrote: > > You can specify the Oracle connect URL, and any other hibernate properties. Not sure if hibernate has settings for those things. Doesnt the server require security and the client just does it? Or maybe the oci client has more options without having to pass properties to the driver? > > Thanks > Chris > > > From: <> on behalf of Tom Poage <> > Sent: Wednesday, December 7, 2016 7:42 PM > To: > Subject: [grouper-users] JDBC provider-specific properties? > > Grouper Newbie. Knowledge of Hibernate ancient. > > I’ve poked around the Grouper and Hibernate source, a bit of Googling and come up short. Can one (and where) wire in properties specific to a JDBC provider? > > Specifically, Oracle thin driver encryption/integrity, cf. > > https://docs.oracle.com/database/121/JJDBC/clntsec.htm#JJDBC28313
> > With the connection pool would be a plus! > > Bits of analogous Java: > > OracleDriver dr = new OracleDriver(); > String url = ""jdbc:oracle:thin:@ldap://....ucdavis.edu:389/...,cn=OracleContext,dc=ucdavis,dc=edu”; > Properties props = new Properties(); > ... > props.setProperty("oracle.net.encryption_client", "REQUIRED"); > props.setProperty("oracle.net.encryption_types_client", "(AES256,AES192,AES128,3DES168)"); > props.setProperty("oracle.net.crypto_checksum_client","REQUIRED"); > props.setProperty("oracle.net.crypto_checksum_types_client","(SHA1)"); > ... > OracleConnection conn = (OracleConnection) dr.connect(url,props); > > Would these have to be set as system/container properties? > > Thanks! > Tom. |
- [grouper-users] Re: JDBC provider-specific properties?, Bee-Lindgren, Bert, 01/27/2017
- [grouper-users] Re: JDBC provider-specific properties?, Tom Poage, 01/27/2017
Archive powered by MHonArc 2.6.19.