It’s strange, i can’t find anything on the web related to this problem.. so i felt compelled to write a little HOW TO to document what has been done.
The Oracle wallet allow an external password management of the database user credentials. It’s usefull in case of crontab script, or application, where you have to keep you credentials in clear. With the application usually, you don’t have this problem, because generally the datasources are encrypted, but with tomcat your datasource definition is in clear text, inside the .xml configuration files.
A solution could be using Oracle wallet with Tomcat..
Let’s start..
Before proceeding, let’s your DBAdministrator create a wallet to your DB server(I will not explain here how to). He will provide you two files ewallet.p12 and cwallet.sso. Put this two files in a secured places in your AS filesystem, in this examples the wallet location will be /opt/wallet.
1. Change your datasource definition in tomcat from:
<Resource
name=”jdbc/confluence”
auth=”Container”
type=”javax.sql.DataSource”
driverClassName=”oracle.jdbc.OracleDriver”
url=”jdbc:oracle:thin:@mydb.com:1521:mydb_instance”
username=”db_user”
password=”db_password”
/>
to:
<Resource
name=”jdbc/confluence”
auth=”Container”
type=”javax.sql.DataSource”
driverClassName=”oracle.jdbc.OracleDriver”
url=”jdbc:oracle:thin:/@mywallet”
connectionProperties=”oracle.net.wallet_location=/opt/wallet“
/>
2. Change your java.security file $JAVA_HOME/jre/lib/security/java.security from:
security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
to:
security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
security.provider.2=sun.security.provider.Sun
security.provider.3=oracle.security.pki.OraclePKIProvider
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
3. Change your $JAVA_OPTS adding this parameter:
-Doracle.net.tns_admin=/opt/wallet
4. Create inside the /opt/wallet folder a file tnsnames.ora like this:
mywallet =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = mydb.com)(PORT = 1521))
(CONNECT_DATA =
(SID = mydb_instance)
)
)
Restart your tomcat instance, and see if everything works
In my configuration with tomcat 6.0.26, jdk1.6.0_20, and oracle 10.2.0.5 works.
ps. Remember that crypting your password doesn’t improve your security, if you don’t protect your wallet files. With this solution, you are moving the security issue of a clear text password, in a file that contains your password encrypted.. nobody is interested in your password, but in your data
ps. temporary post, will be edited with clear information..
Hi SysyApp,
Thanks for the very informative blog.
In fact I was looking for the java batch -oracle data source connectivity through oracle wallet .
Could you please let me know the steps.
TIA,
shef
Hi
Thanks for the informative blog. I was struggling to use oracle wallet in my tomcat for a while. It’s very helpful.
Thanks once again
[…] https://sysapp.wordpress.com/2010/08/31/how-to-oracle-wallet-with-jdbc-thin-driver-datasource-tomcat/ […]
Hi.
I would like some help.
Have setup values in server.xml, tns_names.ora and Java parameters, but am getting this response:
javax.naming.NamingException: Cannot create PoolableConnectionFactory (The Network Adapter could not establish the connection)
at org.apache.naming.NamingContext.lookup(NamingContext.java:860)
at org.apache.naming.NamingContext.lookup(NamingContext.java:154)
at org.apache.naming.NamingContext.lookup(NamingContext.java:831)
at org.apache.naming.NamingContext.lookup(NamingContext.java:168)
at org.apache.naming.factory.ResourceLinkFactory.getObjectInstance(ResourceLinkFactory.java:94)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
at org.apache.naming.NamingContext.lookup(NamingContext.java:843)
…
Any ideas would be much appreciated.
seems to be a connection problem.. are you sure that all the values in the tnsnames are right?
from the tomcat server can you connect to the database? try a telnet
Hi clagi0,
after all the settings/changes and getting this response, I started configuring from base – recreated wallet, redefined items in tnsnames.ora etc. and got it working.
The “SSL With Oracle JDBC Thin Driver” (Oracle White Paper) – pointed me what has been misconfigured. Turns out I had incorrect alias_name definition in tnsnames.ora and corresponding in server.xml
Does this solution work for Grails? I replaced DataSource.groovy with suggestion from step 1. Such as replacing username and password with connectionProperties. I am not able to get a successfull Oracle connection.
Hi, we are using JBOSS EAP 6.3 now, could you explain how to do it? Does any one know to do so?
Thanks great tutorial, but I don’t understand your last point
“but in your data
ps. temporary post, will be edited with clear information..”
Please explain me, what do you mean by this???
Reblogged this on Godick.
[…] I followed the instruction from : https://sysapp.wordpress.com/2010/08/31/how-to-oracle-wallet-with-jdbc-thin-driver-datasource-tomcat… However in the article it is using PROTOCAL as TCP but not […]
Hi,
I am struggling to write a java program, which can connect to Oracle database without providing password ie using oracle wallet. Can you please post a java code example how we can write this.
Thanks
[…] HOW TO: Oracle wallet with Jdbc thin driver datasource (Tomcat) […]
I am trying to connect to a ATP cloud database using the wallet from a java application.
I have put in context.xml under the conf folder
But getting some errors like
1.org.hibernate.exception.GenericJDBCException: Could not open connection
2.15-03-2019 11:24:07,100 [main ] hbm2ddl.SchemaUpdate: ERROR – HHH000319: Could not get database metadata
From a sql developer I am able to connect to the ATP database using the wallet.