The Oracle SSM makes use of a feature in Oracle 10g called Fine Grained Access Control (FGAC). FGAC allows an Oracle customer to define access policies to restrict access to database tables for DML operations.
FGAC is used to intercept DML queries on protected tables and filter the result sets based on user entitlements stored in ALES. The Web Service SSM Client Library is used to invoke Authorization queries.
This section describes how to configure and run the Oracle SSM.
As an alternative, you can use the BEA_HOME
\ales30-ssm\webservice-ssm\examples\JavaWebServiceClient
example to quickly set up a Web Service SSM, and then use the resulting SSM to configure Oracle SSM.
ora_dba
group on Windows or dba
group on Unix.
For instance, if the currently logged on user is 'joe' then 'joe' needs to be in the ora_dba
or dba
group, as appropriate.
This is required in order to connect as "system" user with "SYSDBA" role.
ales30-shared/bin
directory:
asipassword.bat|sh system ../keys/password.xml ../keys/password.key
ALES30_SSM
/oracle-ssm/examples/OracleSSM/build.properties.
To do this, use ALES30_SSM
/oracle-ssm/adm/instancewizard.cmd|sh.
ORACLE_SSM_INSTANCE
/bin
. ORACLE_SSM_INSTANCE
/bin/set-env.bat|sh.
ORACLE_SSM_INSTANCE
/bin/setupOracleSSM.bat|sh
in the shell window. Substitute your actual values for each field.setupOracleSSM.bat|sh
-jdbc_url <JDBC_URL>
-oracle_home <c:/oracle/products/10.2.0/db2>
-db_sys_user <system>
-db_sys_password <password>
-ales_ssm_home <c:/bea/ales30-ssm>
-ws_ssm_instance_dir <c:/bea/ales30-ssm/webservice-ssm/instance/ssmws>
-db_user <ales_ora_user>
-db_password <password>
-load_example_table <true>
Note: | If a password is not provided, the tool prompts for one. The password entry does not echo. |
Note: | Default values are assigned for keys/properties when values are unspecified. |
ales30-ssm/oracle-ssm/examples/OracleSSM.
build.properties
and then execute set-env.bat|sh.
ant dist config load
.ales30-ssm/oracle-ssm/examples/OracleSSM/Client.properties
to reflect your {jdbcUrl,schemaName,queryType,query} settingsrun.bat|sh
to execute client.Listing 6-1 shows a sample test result for a queryType of select, update, and delete.
C:\buildTree\ales30-ssm\oracle-ssm\examples\OracleSSM>run
Properties loaded from file : ./Client.properties
Database URL : jdbc:oracle:thin:@192.168.200.10:1521:ORCL
User Name : smysore3
User Password : password
User (of database connection) : SMYSORE3
ClientIdentifier : smysore3
Query Type [select/update/delete] : select
Query : select * from cust_payment_info
Executing SELECT query...
Last Name, First Name : White,Chris
C:\buildTree\ales30-ssm\oracle-ssm\examples\OracleSSM>run
Properties loaded from file : ./Client.properties
Database URL : jdbc:oracle:thin:@192.168.200.10:1521:ORCL
User Name : smysore3
User Password : password
User (of database connection) : SMYSORE3
ClientIdentifier : smysore3
Query Type [select/update/delete] : update
Query : UPDATE cust_payment_info set first_name = 'Test' where first_name='Alan'
Executing UPDATE query...
0 rows updated
C:\buildTree\ales30-ssm\oracle-ssm\examples\OracleSSM>run
Properties loaded from file : ./Client.properties
Database URL : jdbc:oracle:thin:@192.168.200.10:1521:ORCL
User Name : smysore3
User Password : password
User (of database connection) : SMYSORE3
ClientIdentifier : smysore3
Query Type [select/update/delete] : delete
Query : DELETE from cust_payment_info where first_name='Alan'
Executing DELETE query...
0 rows deleted