0

we are trying to configure Spotfire to use JDBC connection to ORACLE. We would like it to use integrated security (I call it Active Directory, TIBCO seems to like integrated security).

Here is the current connection string which required username, pwd

jdbc:oracle:thin:@WARHAWK.conocophillips.net:1521:OWVCORP3

can anyone point me to, or tell me how to modify this to use integrated security.

LowlyDBA - John M
11.1k11 gold badges46 silver badges63 bronze badges
asked Apr 7, 2015 at 16:30
1
  • I've used standard connections string for jdbc drivers on SQL Server in which case you use Integrated Security=yes;. Might want to give that a shot. Commented Apr 7, 2015 at 17:08

1 Answer 1

3

When you use Kerberos authentication (for example Active Directory) with JDBC, you have to prepare your code for it, and not just simply change the connection string.

The Database JDBC Developer's Guide and Reference covers this topic: http://docs.oracle.com/cd/E11882_01/java.112/e16548/clntsec.htm#JJDBC28344

Essential parts from the example of the above URL:

Example connection string and declarations:

 String url ="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)"+
 "(HOST=oracleserver.mydomain.com)(PORT=5561))(CONNECT_DATA=" +
 "(SERVICE_NAME=mydatabaseinstance)))";
 OracleDriver driver = new OracleDriver();
 Properties prop = new Properties();

Specifying the kerberos specific options:

prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_SERVICES, "("+AnoServices.AUTHENTICATION_KERBEROS5+")"); 
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_MUTUAL, "true");

Specifying the credential cache location:

prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME, "/tmp/krb5cc_5088");

Finally connecting:

Connection conn = driver.connect(url,prop);
String auth = ((OracleConnection)conn).getAuthenticationAdaptorName();
System.out.println("Authentication adaptor="+auth);
printUserName(conn);
conn.close();
answered Apr 7, 2015 at 17:31
2
  • PS: there is also possibility to use tnsnames.ora. Then these vendor specific properties can be put into config file, which is under DBAs control. Commented Apr 8, 2015 at 7:49
  • thanks. For better or worse, Spotfire provides for limited configurability in setting up Data Sources. There is a mildly ambiguous checkbox and a connection string box. THe spotfire admin told me I would need to check the check box and alter the connection string to use AD. This may wind up being a Spotfire specific thing. I dont know at this point. As i get more information, I may need to edit my question. Commented Apr 8, 2015 at 18:10

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.