Connections and Security

Connecting Using JNDI

Before you can use JNDI to connect your client program to an Oracle8i server, you must set up an environment for the JNDI context. You can use a hash table or a properties list for the environment. The examples in this guide always use a Java Hashtable, as follows:

Hashtable environment = new Hashtable();

Next, you set up properties in the hash table. You must always set the Context URL_PKG_PREFIXES property. The remaining properties that you can set are for authentication. They are:

javax.naming.Context.SECURITY_PRINCIPAL
javax.naming.Context.SECURITY_CREDENTIALS
javax.naming.Context.SECURITY_ROLE
javax.naming.Context.SECURITY_AUTHENTICATION

These properties are described in the following sections.

URL_PKG_PREFIXES

Context.URL_PKG_PREFIXES holds the name of the environment property for specifying the list of package prefixes to use when loading in URL context factories. The value of the property should be a colon-separated list of package prefixes for the class name of the factory class that will create a URL context factory.

In the current implementation, this property must always be supplied in the Context environment, and it must be set to the String "oracle.aurora.jndi".

SECURITY_PRINCIPAL

Context.SECURITY_PRINCIPAL holds the database username.

SECURITY_CREDENTIALS

Context.SECURITY_CREDENTIAL holds the clear-text password. This is the Oracle database password for the SECURITY_PRINCIPAL (the database user). In all of the three authentication methods mentioned in SECURITY_AUTHENTICATION below, the password is encrypted when it is transmitted to the server.

SECURITY_ROLE

Context.SECURITY_ROLE holds the Oracle8i database role with which the user is connecting. For example, "CLERK" or "MANAGER".

SECURITY_AUTHENTICATION

Context.SECURITY_AUTHENTICATION holds the name of the environment property that specifies the type of authentication to use. Values for this property provide for the authentication types supported by Oracle8i. There are three possible values. These values are defined in the ServiceCtx class, and are:

ServiceCtx.NON_SSL_LOGIN: Authenticate using the Login protocol over a standard TCP/IP connection (not a secure socket layer connection). The Login protocol provides for encryption of the password as it is transmitted from the client to the server. See "The Login Protocol" for more information about this protocol.
ServiceCtx.SSL_CREDENTIAL: Authenticate using the credential protocol over a secure socket layer (SSL) connection. Encryption of the password is provided by the secure socket layer.
SSL_LOGIN: Authenticate using the Login protocol over an SSL connection. The extra encryption provided by the Login protocol is redundant in this case, and use of SSL_CREDENTIAL might be slightly more time efficient.

Note: To use an SSL connection, you must be able to access a listener that has an SSL port configured, and the listener must be able to redirect requests to an SSL-enabled dispatcher IIOP port. You must also include the library vbj30ssl.jar when you compile and build your application. See the Net8 Administrator's Guide for more information about configuration, and see EJB README file for information about the location of the vbj30ssl.jar file.

Context Methods

The Context interface contains a number of methods that the CORBA and EJB application developer will use. The methods required have been implemented in the ServiceCtx and SessionCtx classes that implement methods in the Context interface.

The JNDI InitialContext Class

InitialContext is a class in the javax.naming package that implements the Context interface. All naming operations are relative to a context. The initial context implements the Context interface and provides the starting point for resolution of names.

Constructor

You construct a new initial context using the constructor:

public InitialContext(Hashtable environment)

passing it a hashtable that has the environment information described in "Connecting Using JNDI" above. The following code fragment sets up an environment for a typical client, and creates a new initial context:

    Hashtable env = new Hashtable();
    env.put(Context.URL_PKG_PREFIXES, "oracle.aurora.jndi");
    env.put(Context.SECURITY_PRINCIPAL, "scott");
    env.put(Context.SECURITY_CREDENTIALS, "tiger");
    env.put(Context.SECURITY_AUTHENTICATION, ServiceCtx.NON_SSL_LOGIN);
    Context ic = new InitialContext(env);

Method

The most common initial context class method that the CORBA or EJB application developer will use is

public Object lookup(String URL)

You use lookup() to create a new service context, specifying in the URL the service identifier. The return result must be cast to ServiceCtx when a new service context is being created. For example, if initContext is a JNDI initial context, the following statement creates a new service context:

ServiceCtx service =
    (ServiceCtx) initContext.lookup("sess_iiop://localhost:2481:ORCL");