如何为Jruby Oracle连接设置SSL?

时间:2019-03-05 17:22:49

标签: ruby-on-rails ruby oracle ssl

在Rails,Jruby等中。我创建了一个可正常运行的调用,用于查询网页中的Oracle数据库。我需要在SSL中保护该正常运行的呼叫。

<%
require 'jdbc_connection'

# Database settings
user   = "***REMOVED***"
passwd = "***REMOVED***"
url    = "jdbc:oracle:thin:@***REMOVED***:1521/test"
output = ""
error = ""

select_stmt, rest, select_sql = nil
error = "No Errors."
begin
  conn = OracleConnection.create(user, passwd, url)
  select_sql = "select columnA from test.tableA WHERE name='"+@subject["name"].first+"'"
  select_stmt = conn.create_statement
  rset = select_stmt.execute_query select_sql
  while (rset.next)
    output = output + rset.getString(1)
  end

rescue
  error = "Failed executing Oracle demo from JRuby ", $!, "\n"

  ensure
   # We have to ensure everything is closed here.
   if (!select_stmt.nil?)
    select_stmt.close
   end
   if (!rset.nil?)
    rset.close
   end
   conn.close_connection
end
%>

我认为我需要引用密钥库,用户名,密码和连接字符串。

我在此站点上找到了一个示例连接字符串:https://blogs.oracle.com/dev2dev/ssl-connection-to-oracle-db-using-jdbc,-tlsv12,-jks-or-oracle-wallets 

DB_USER = "hr", DB_PASSWORD ="hr", and 
DB_URL = "jdbc:oracle:thin:@(DESCRIPTION= (ADDRESS=
                   (PROTOCOL=TCPS)(PORT=1522)(HOST=myhost))
                   (CONNECT_DATA=(SERVICE_NAME=myorcldbservicename))
                   (SECURITY=(ssl_server_cert_dn="CN=testcert.oracle.com, O=Oracle Corporation,L=Redwood City,ST=California,C=US")))"

我在哪里引用密钥库?我觉得类OracleConnection可能应该类似于OracleConnectionSSL?

2 个答案:

答案 0 :(得分:0)

对不起,这只是答案的一半-我对JRuby不太了解,但从Oracle方面来说-this Oracle PDF describes how to set up SSL with the Oracle JDBC Thin driver。您可能需要阅读整个内容,但这是使用JKS密钥库的Java示例(对于Oracle Wallets略有不同):

String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps(HOST=servername)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=servicename))))";
Properties props = new Properties();
props.setProperty("user", "scott");
props.setProperty("password", "tiger"); 
props.setProperty("javax.net.ssl.keyStore",
 "D:\\client_jks\\keystore.jks");
props.setProperty("javax.net.ssl.keyStoreType","JKS");
props.setProperty("javax.net.ssl.keyStorePassword","welcome123"); 
Connection conn = DriverManager.getConnection(url, props);

在调用DriverManager.getConnection之前,您是否了解它是如何设置Java属性的?我认为,您需要先进入jdbc_connection接口,然后再执行相同的getConnection调用。但是我对Ruby不够熟悉,无法知道如何做到这一点。

答案 1 :(得分:0)

有许多方法可以设置JKS连接属性。 (a)以编程方式使用连接属性。参见示例DataSourceForJKS.java

(b)可以将这些属性设置为系统属性。 

-Doracle.net.ssl_server_dn_match=true  
-Djavax.net.ssl.trustStore=${TNS_ADMIN}/truststore.jks  
-Djavax.net.ssl.trustStorePassword=welcome1  
-Djavax.net.ssl.keyStore=${TNS_ADMIN}/keystore.jks  
-Djavax.net.ssl.keyStorePassword=welcome1

(c)如果使用的是18.3,则可以利用ojdbc.properties添加这些连接属性。查看blog

相关问题
最新问题