The Oracle SSM makes use of a feature in Oracle 10g called Fine Grained Access Control (FGAC). This allows an Oracle customer to define access policies that restrict access to database tables for DML operations.
FGAC is used to intercept DML queries on protected tables and filter the result sets based on user entitlements stored in OES. The Web Service SSM client library is used to invoke authorization queries.
This section describes how to configure and run the Oracle SSM.
ora_dba
group on Windows or dba
group on UNIX. This is required in order to connect as "system" user with "SYSDBA" role.ORACLE_HOME/ordata
directory must be writable. Files are added there by OES scripts.
ales32-shared/bin
directory:
asipassword.bat|sh system ../keys/password.xml ../keys/password.key
BEA_HOME/ales32_SSM
/oracle-ssm/adm/instancewizard.cmd|sh
and complete the wizard fields as indicated in Table 5-1. These entries reflect the values specified in BEA_HOME/ales32-ssm/oracle-ssm/examples/OracleSSM/build properties
.bin
directory, use an editor to make the following changes in set-env.bat|sh
:
ORACLE_HOME
ORACLE_HOME/bin (must be the first element in path)
ORACLE_SID (set to the SID of the database)
setupOracleSSM.bat|sh
in the shell window. Substitute the actual values for each field.
setupOracleSSM.bat|sh
-jdbc_url <JDBC_URL>
-oracle_home <c:/oracle/products/10.2.0/db2>
-db_sys_user <system>
-db_sys_password <password>
-ales_ssm_home <c:/bea/ales32-ssm>
-ales_shared_home <c:/bea/ales32-shared>
-ws_ssm_instance_dir <c:/bea/ales32-ssm/webservice-ssm/<instance
>
-db_user <ales_ora_user>
-db_password <password>
-load_example_table <true>
Note: The -db_user
value must not be the name of an existing user. This user is created when the script is run.
ales32-ssm/oracle-ssm/examples/OracleSSM
.build.properties
and then execute set-env.bat|sh
.ant
dist
config
load
.oes_oracle_ssm_properties
.Note: This value can be obtained from the database using the following SQL query:
'select value from oes_oracle_ssm_properties where KEY='secret';')
sysdba
to see the complete data set.
$ sqlplus sys/sys-password@oracle-listner as sysdba
SQL> select * from ales_ora_user.cust_payment_info;
FIRST LAST ORDER CREDIT_CARD_NUMB
Jon Oldfield 10001 5446959708812985
Chris White 10002 5122358046082560
Alan Squire 10003 5595968943757920
Mike Anderson 10004 4929889576357400
Annie Schmidt 10005 4556988708236902
Elliot Meyer 10006 374366599711820
Celine Smith 10007 4716898533036
Steve Haslam 10008 340975900376858
Albert Einstein 10009 310654305412389
ales_ora_user
to see a subset of the data.
$ sqlplus ales_ora_user/password@oracle-listner
SQL> select * from cust_payment_info;
$ sqlplus ales_ora_user/password@oracle-listner
FIRST LAST ORDER CREDIT_CARD_NUMB
Chris White 10002 5122358046082560
This section shows sample results by using run.bat|sh
(a sample JDBC client).
Note: | Before using run.bat|sh , update BEA_HOME/ales32-ssm/oracle-ssm/examples/OracleSSM/client.properties to reflect your {jdbcUrl,schemaName,queryType,query} settings. |
Listing 5-1 shows a sample test result for a queryType of select, update, and delete.
C:\buildTree\ales32-ssm\oracle-ssm\examples\OracleSSM>run
Properties loaded from file : ./Client.properties
Database URL : jdbc:oracle:thin:@192.168.200.10:1521:ORCL
User Name : smysore3
User Password : password
User (of database connection) : SMYSORE3
ClientIdentifier : smysore3
Query Type [select/update/delete] : select
Query : select * from cust_payment_info
Executing SELECT query...
Last Name, First Name : White,Chris
C:\buildTree\ales32-ssm\oracle-ssm\examples\OracleSSM>run
Properties loaded from file : ./Client.properties
Database URL : jdbc:oracle:thin:@192.168.200.10:1521:ORCL
User Name : smysore3
User Password : password
User (of database connection) : SMYSORE3
ClientIdentifier : smysore3
Query Type [select/update/delete] : update
Query : UPDATE cust_payment_info set first_name = 'Test' where
first_name='Alan'
Executing UPDATE query...
0 rows updated
C:\buildTree\ales32-ssm\oracle-ssm\examples\OracleSSM>run
Properties loaded from file : ./Client.properties
Database URL : jdbc:oracle:thin:@192.168.200.10:1521:ORCL
User Name : smysore3
User Password : password
User (of database connection) : SMYSORE3
ClientIdentifier : smysore3
Query Type [select/update/delete] : delete
Query : DELETE from cust_payment_info where first_name='Alan'
Executing DELETE query...
0 rows deleted