Subject: Grouper Users - Open Discussion List
[grouper-users] Re: JDBC provider-specific properties?
- From: Tom Poage <>
- To: "" <>
- Subject: [grouper-users] Re: JDBC provider-specific properties?
- Date: Fri, 27 Jan 2017 17:00:45 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
That did cross my mind (from other research on the topic), though doing so
turns these into global properties. I'd also guess, though, that most people
do not colocate other services with Grouper. Have not pursued it further, as
> On Jan 27, 2017, at 8:56 AM, Bee-Lindgren, Bert
> I think that setting java properties may help, as I found the following in
> the decompiled source:
> tempval = getSystemProperty("oracle.net.encryption_client", null);
> If java properties don't get the job done, I think we'll have to create a
> grouper setting that allows JDBC or Oracle-JDBC Driver setup before
> hibernate uses it... Essentially make use of the setProperties API which
> does not seem accessible through hibernate properties.
> on behalf of Tom Poage
> Sent: Thursday, December 8, 2016 12:05 PM
> Subject: [grouper-users] Re: JDBC provider-specific properties?
> Right, I’m trying to find some Hibernate, Grouper-ish, beans, ... way to
> inject the settings below.
> Have used the OCI driver previously on other projects. Yes, it uses
> external files to configure these details e.g. sqlnet.ora. Because the OCI
> driver uses native libraries, it involves making those available to the
> container, effectively LD_LIBRARY_PATH, plus adding proprietary environment
> variables. The thin driver is pure Java, so doesn’t need/use this.
> I do see examples that are close e.g.
> c3p0 - oracle connection encryption and connection poling ...
> I have been using c3p0 pool but I could not find any information on how to
> add connection properties such as shown below to a c3p0 connection pool
> configuration XML ...
> and this gets directly addresses the issue, but the question remains
> Hibernate Community • View topic - Oracle encryption: connection
> Hibernate Community Forums
> I know the database server supports this (“Oracle Advanced Security”).
> Oracle also supports a form of “SSL” but that involves changing the
> database server (not to mention I often get blank stares on the mention of
> certificates). One could use IPsec, but mention of that often invokes a
> similar response. :-)
> All I want to do is protect data in motion. LDAP is a no-brainer. It’s the
> DB connection.
> > On Dec 7, 2016, at 8:11 PM, Hyzer, Chris
> > <>
> > wrote:
> > You can specify the Oracle connect URL, and any other hibernate
> > properties. Not sure if hibernate has settings for those things. Doesnt
> > the server require security and the client just does it? Or maybe the
> > oci client has more options without having to pass properties to the
> > driver?
> > Thanks
> > Chris
> > From:
> > <>
> > on behalf of Tom Poage
> > <>
> > Sent: Wednesday, December 7, 2016 7:42 PM
> > To:
> > Subject: [grouper-users] JDBC provider-specific properties?
> > Grouper Newbie. Knowledge of Hibernate ancient.
> > I’ve poked around the Grouper and Hibernate source, a bit of Googling and
> > come up short. Can one (and where) wire in properties specific to a JDBC
> > provider?
> > Specifically, Oracle thin driver encryption/integrity, cf.
> > https://docs.oracle.com/database/121/JJDBC/clntsec.htm#JJDBC28313
> JDBC Client-Side Security Features - Oracle Help Center
> 9 JDBC Client-Side Security Features. This chapter discusses support in the
> Oracle Java Database Connectivity (JDBC) Oracle Call Interface (OCI) and
> JDBC Thin drivers ...
> > With the connection pool would be a plus!
> > Bits of analogous Java:
> > OracleDriver dr = new OracleDriver();
> > String url =
> > "jdbc:oracle:thin:@ldap://....ucdavis.edu:389/...,cn=OracleContext,dc=ucdavis,dc=edu”;
> > Properties props = new Properties();
> > ...
> > props.setProperty("oracle.net.encryption_client", "REQUIRED");
> > props.setProperty("oracle.net.encryption_types_client",
> > "(AES256,AES192,AES128,3DES168)");
> > props.setProperty("oracle.net.crypto_checksum_client","REQUIRED");
> > props.setProperty("oracle.net.crypto_checksum_types_client","(SHA1)");
> > ...
> > OracleConnection conn = (OracleConnection) dr.connect(url,props);
> > Would these have to be set as system/container properties?
> > Thanks!
> > Tom.
- [grouper-users] Re: JDBC provider-specific properties?, Bee-Lindgren, Bert, 01/27/2017
- [grouper-users] Re: JDBC provider-specific properties?, Tom Poage, 01/27/2017
Archive powered by MHonArc 2.6.19.