ORA-24247 ACL

ORA-24247: network access denied by access control list (ACL)

近两日，在安装完Oracle 11gR2后，想启用APEX，在配置完APEX后，进行登录时，出现  如上错误。经查证，在ORACLE官方的APEX安装文档中，有如下所示一节“

3.3.6.1 Granting Connect Privileges

”，但是，配置完后不起作用。经过继续google，发现如下文章能够解决这个问题。请看：
http://gavinsoorma.com/2009/07/sending-mail-from-apex-installed-on-an-oracle-11g-database/comment-page-1/#comment-5761

现将该文章转贴如下：

11g Access Control Lists (ACL) and Sending Mail From APEX

In Oracle 11g, security has been enhanced by restricting access to packages that were used in earlier releases like UTL_SMTP and UTL_HTTP to send emails and connect over the network to mail servers etc. By default, attempt to use these packages will result in an ORA-24247 (network access denied by access control list).

Using Access Control Lists or ACL’s, administrators can have control over which ports are opened for ‘public’ access.

This example below will show how we can use the DBMS_NETWORK_ACL_ADMIN package to enable us to send emails from an APEX 3.1 application which connects to an Oracle 11g database.

Create the mailserver_acl procedure which calls the DBMS_NETWORK_ACL_ADMIN package

set serveroutput on

show user;

create or replace procedure mailserver_acl(
aacl varchar2,
acomment varchar2,
aprincipal varchar2,
aisgrant boolean,
aprivilege varchar2,
aserver varchar2,
aport number)
is
begin
begin
DBMS_NETWORK_ACL_ADMIN.DROP_ACL(aacl);
dbms_output.put_line(‘ACL dropped…..’);
exception
when others then
dbms_output.put_line(‘Error dropping ACL: ‘||aacl);
dbms_output.put_line(sqlerrm);
end;
begin
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(aacl,acomment,aprincipal,aisgrant,aprivilege);
dbms_output.put_line(‘ACL created…..’);
exception
when others then
dbms_output.put_line(‘Error creating ACL: ‘||aacl);
dbms_output.put_line(sqlerrm);
end;
begin
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(aacl,aserver,aport);
dbms_output.put_line(‘ACL assigned…..’);
exception
when others then
dbms_output.put_line(‘Error assigning ACL: ‘||aacl);
dbms_output.put_line(sqlerrm);
end;
commit;
dbms_output.put_line(‘ACL commited…..’);
end;
/
show errors

Now we need to grant the database user ‘FLOWS_030100′ and the application owner ‘MONITOR’ the required privileges to interact with network services – in this case to access the SMTP server FRMWEB02 using port 25.

begin
mailserver_acl(
‘mailserver_acl.xml’,
‘ACL for used Email Server to connect’,
‘MONITOR‘,
TRUE,
‘connect’,
‘FRMWEB02.BANKWEST.COM’,
25);
end;
/

begin
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(‘mailserver_acl.xml’,‘FLOWS_030100′,TRUE,’connect’);
commit;
end;
/
****************************************************

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/10877931/viewspace-757630/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/10877931/viewspace-757630/