Iam auth #184
Iam auth #184
Conversation
| /* | ||
| DESCRIPTION | ||
| The code sample shows how to use the JDBC driver to establish a connection | ||
| to the Autonomous Database (ADB) using database token |
There was a problem hiding this comment.
If "database token" is the term we use in our documentation, this is fine. But to me, I think "access token" would be more accurate. It is common to find the term "access token" in literature about token based authentication systems.
| to the Autonomous Database (ADB) using database token | ||
| issued by the OCI Identity service. | ||
| | ||
| You need to use either JDBC driver to use |
There was a problem hiding this comment.
I don't know what "either" is referring to. Are there two JDBC drivers that can be used? Also the "n" is missing from "authenticatio"
| Step 1: Enter the DB_URL to pointing to your Autonomous Database (ADB) | ||
| Step 2: Make sure to have either 21.4.0.0.1 or 19.13.0.0.1 JDBC driver | ||
| in the classpath. | ||
| Step 2: Compile and Run the sample JDBCDBTokenSample |
There was a problem hiding this comment.
"Run" can be lower case: "run"
| Step 2: Compile and Run the sample JDBCDBTokenSample | ||
| | ||
| NOTES | ||
| Use JDK 1.7 and above |
There was a problem hiding this comment.
JDK 8 is the oldest version we support for token authentication.
| // Download the wallet zip file and provide the path to the zip file as TNS_ADMIN | ||
| // Note that you need to pass the property oracle.jdbc.tokenAuthentication=OCI_TOKEN for token authentication | ||
| final static String DB_URL="jdbc:oracle:thin:@dbname_high?TNS_ADMIN=/Users/user/wallet/Wallet_dbname&oracle.jdbc.tokenAuthentication=OCI_TOKEN"; | ||
| // If mutla TLS(mTLS) is disabled then, ADB connection does not require wallets. |
| final static String DB_URL="jdbc:oracle:thin:@dbname_high?TNS_ADMIN=/Users/user/wallet/Wallet_dbname&oracle.jdbc.tokenAuthentication=OCI_TOKEN"; | ||
| // If mutla TLS(mTLS) is disabled then, ADB connection does not require wallets. | ||
| // Copy the connection string from "DB Connection" tab from "Connection Strings" section choosing "TLS" in the dropdown | ||
| //final static String DB_URL="jdbc:oracle:thin:@(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=adb.us-phoenix-1.oraclecloud.com))(connect_data=(service_name=gebqqeredfsozhjbqbs_dbname_medium.adb.oraclecloud.com)))?oracle.jdbc.tokenAuthentication=OCI_TOKEN"; |
There was a problem hiding this comment.
For this example URL, it is using a TNS descriptor format. The descriptor format supports a "TOKEN_AUTH" parameter that has the same effect as the "oracle.jdbc.tokenAuthentication" property.
It would be nice to show this TOKEN_AUTH parameter in the example, rather than the oracle.jdbc.tokenAuthentication property.
"jdbc:oracle:thin:@(description=" + "(retry_count=20)(retry_delay=3)" + "(address=(protocol=tcps)(port=1521)(host=adb.us-phoenix-1.oraclecloud.com))" + "(security=(token_auth=OCI_TOKEN))" + "(connect_data=(service_name=gebqqeredfsozhjbqbs_dbname_medium.adb.oraclecloud.com)))"Note that I've added in line breaks as well, these will improve the readability of the long form descriptor string.
There was a problem hiding this comment.
This is good to know, but, I prefer not to use this as customers need to add in the middle of the connection string. It is easy to use EZConnect and pass this additional parameter. We can add it as a comment to show the possibility though.
| // the OracleConnection interface. | ||
| Properties properties = new Properties(); | ||
| | ||
| properties.put(OracleConnection.CONNECTION_PROPERTY_DEFAULT_ROW_PREFETCH, "20"); |
There was a problem hiding this comment.
These non-default properties do not need to be set for token authentication, so we can remove them to make the example more concise.
| Step 1: Enter the DB_URL to pointing to your Autonomous Database (ADB) | ||
| Step 2: Make sure to have either 21.4.0.0.1 or 19.13.0.0.1 or later versions of | ||
| JDBC driver and UCP (ucp.jar) in the classpath. Both must be from the same version. | ||
| Step 2: Compile and Run the sample UCPDBTokenSample |
There was a problem hiding this comment.
"Run" can be lower case here too
| | ||
| // If mutla TLS(mTLS) is disabled then, ADB connection does not require wallets. | ||
| // Copy the connection string from "DB Connection" tab from "Connection Strings" section choosing "TLS" in the dropdown | ||
| //final static String DB_URL="jdbc:oracle:thin:@(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=adb.us-phoenix-1.oraclecloud.com))(connect_data=(service_name=gebfdferevpozhjbqbs_dbname_medium.adb.oraclecloud.com)))?oracle.jdbc.tokenAuthentication=OCI_TOKEN"; |
There was a problem hiding this comment.
The TOKEN_AUTH=OCI_TOKEN parameter can be used here too.
| | ||
| Properties properties = new Properties(); | ||
| | ||
| properties.put(OracleConnection.CONNECTION_PROPERTY_DEFAULT_ROW_PREFETCH, "20"); |
There was a problem hiding this comment.
These properties don't need to be set here either.
| final static String DB_URL="jdbc:oracle:thin:@(description=" | ||
| + "(retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=adb.us-phoenix-1.oraclecloud.com))" | ||
| + "(security=(token_auth=OCI_TOKEN))" | ||
| + "(connect_data=(service_name=gebqqeredfsozhjbqbs_dbname_medium.adb.oraclecloud.com)))?oracle.jdbc.tokenAuthentication=OCI_TOKEN"; |
There was a problem hiding this comment.
Let's remove the ?oracle.jdbc.tokenAuthentication=OCI_TOKEN from this URL. It has no effect. The descriptor parameter "TOKEN_AUTH=OCI_TOKEN" takes precedence over the connection property, so we can remove the connection property.
| New code samples for IAM token authentication |
3 participants
Can you review the 3 new code samples for IAM Token Authentication?