oracle wallet java_oracle wallet实践及常用维护操作

最新推荐文章于 2023-06-08 11:35:10 发布

weixin_39565021

最新推荐文章于 2023-06-08 11:35:10 发布

阅读量149

点赞数

文章标签： oracle wallet java

本文链接：https://blog.csdn.net/weixin_39565021/article/details/114905944

版权

Wallet作用

从Oracle 10g R2开始, 通过使用Oracle Wallet达到任意用户不使用密码登录数据库(非操作系统认证方式), 这对在shell中要使用用户密码登录数据库进行操作的脚本来说是非常有用的, 可以不暴露用户密码. 比如在Oracle客户端通过mkstore命令设置Wallet认证信息, 然后通过"sqlplus/@connect_string"方式就可以直接连接数据库.

本例是让sysrls用户无需使用密码登录系统, mkstore用法如下:

$ $ORACLE_HOME/bin/mkstore

mkstore [-wrl wrl] [-create] [-createSSO] [-delete] [-deleteSSO] [-list] [-createEntry alias secret] [-viewEntry alias] [-modifyEntry alias secret] [-deleteEntry alias] [-help]

1)安装Oracle Client

2)创建wallet存放目录和修改.bash_profile

mkdir /home/sysrls/wallet

vi .bash_profile

# Oracle Base Directory

ORACLE_BASE=/opt/oraapp

# Oracle Home Directory- Set this to the correct Oracle Home forthe client

ORACLE_HOME=/opt/oraapp/client/12.1.0.2_x64_DBAocl030

# Set TNS_ADMIN to point to correct location

TNS_ADMIN=$ORACLE_HOME/network/admin/tnsnames.ora

# Add the ORACLE_HOME bin directory to the PATH variable

PATH=$ORACLE_HOME/bin:$PATH

# Add Add the ORACLE_HOME lib directories to the LD_LIBRARY_PATH variable

LD_LIBRARY_PATH=${ORACLE_HOME}/lib:${LD_LIBRARY_PATH}

# Set LANG& NLS variables appropriately foryour region

LANG="en_US.UTF-8"# NLS_LANG is of the form Language_country.characterset

NLS_LANG="AMERICAN_AMERICA.AL32UTF8"ORA_NLS10=$ORACLE_HOME/nls/data

# Export variable to ensure they are set correctlyforany sub processes

export ORACLE_BASE LANG ORACLE_HOME PATH LD_LIBRARY_PATH NLS_LANG ORA_NLS10 TNS_ADMIN

3)生成wallet

$ $ORACLE_HOME/bin/mkstore -wrl /home/sysrls/wallet -create

Enter password:

Enter password again:

[sysrls@cnl20059850 wallet]$ ll

total 8

-rw-------. 1 sysrls sysrls 581 Jul 18 11:01 cwallet.sso

-rw-rw-rw-. 1 sysrls sysrls 0 Jul 18 10:52 cwallet.sso.lck

-rw-------. 1 sysrls sysrls 536 Jul 18 11:01 ewallet.p12

-rw-rw-rw-. 1 sysrls sysrls 0 Jul 18 10:52 ewallet.p12.lck

4)修改网路配置

vi $ORACLE_HOME/network/admin/tnsnames.ora

CRCDB =(DESCRIPTION=(ADDRESS_LIST=(ADDRESS= (PROTOCOL = TCP)(HOST = 133.9.207.35)(PORT = 2001))

)

(CONNECT_DATA= (SERVER = DEDICATED) (SERVICE_NAME =CRCDB)

)

$ vi $ORACLE_HOME/network/admin/sqlnet.ora

WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/home/sysrls/wallet)))

SQLNET.WALLET_OVERRIDE=TRUE

5)给特定数据库用户生成Credential

$ORACLE_HOME/bin/mkstore -wrl /home/u_test/wallet -createCredential CRCDB wallet test123

6) 确认用户认证信息已经加入到Wallet

$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -listCredential

7)维护

生成wallet

mkstore -wrl /home/sysrls/wallet/ -createCredential CRCDB wallet Frank

Oracle Secret Store Tool : Version 12.1.0.2

Enter wallet password:

Create credential oracle.security.client.connect_string1

查看wallet中的认证信息

[sysrls@cnl20059850 wallet]$ mkstore -wrl /home/sysrls/wallet -listCredential

Oracle Secret Store Tool : Version 12.1.0.2

Enter wallet password:

List credential (index: connect_string username)

1: CRCDB wallet

修改wallet中的认证信息

[sysrls@cnl20059850 wallet]$ mkstore -wrl /home/sysrls/wallet/ -modifyCredential CRCDB wallet test2

Oracle Secret Store Tool : Version 12.1.0.2

Enter wallet password:

Modify credential

Modify 1

删除wallet中的认证信息

mkstore -wrl /home/sysrls/wallet -deleteCredential CRCDB

查看wallet中的条目

[sysrls@cnl20059850 wallet]$ mkstore -wrl /home/sysrls/wallet/ -list

Oracle Secret Store Tool : Version 12.1.0.2

Enter wallet password:

Oracle Secret Store entries:

oracle.security.client.connect_string1

oracle.security.client.password1

oracle.security.client.username1

查看wallet中条目的值

[sysrls@cnl20059850 wallet]$ mkstore -wrl /home/sysrls/wallet/ -viewEntry oracle.security.client.connect_string1

Oracle Secret Store Tool : Version 12.1.0.2

Enter wallet password:

oracle.security.client.connect_string1 = CRCDB

[sysrls@cnl20059850 wallet]$ mkstore -wrl /home/sysrls/wallet/ -viewEntry oracle.security.client.username1

Oracle Secret Store Tool : Version 12.1.0.2

Enter wallet password:

oracle.security.client.username1 = wallet

[sysrls@cnl20059850 wallet]$ mkstore -wrl /home/sysrls/wallet/ -viewEntry oracle.security.client.password1

Oracle Secret Store Tool : Version 12.1.0.2

Enter wallet password:

oracle.security.client.password1 = test2

修改wallet文件的密码

orapki wallet change_pwd -wallet /home/sysrls/wallet/

8)如何生成让wallet仅本机可用

Oracle Wallet is a container that stores authentication and signing credentials.

Trusted certificates are stored in the Oracle Wallet when the wallet is used for security credentials.

PeopleSoft enables you to create an Oracle Wallet in two ways:

ORAPKI command line - The ORAPKI tool is available with Oracle database, so this tool can be used only by those users have a license for Oracle database.

OpenSSL utility - Users who do not have a license for Oracle database can use this utility to create their own certificates.

After creating an Oracle Wallet, you must configure SSL for the Workstation Listener and Jolt Listener ports to ensure secure client and server communications.

附带一个带表单维护小脚本

#!/bin/bashecho -e "Useful action\n"

echo -e "1)create wallet"

echo -e "2)create Credential"

echo -e "3)check the created Credential"

echo -e "4)modify the created Credential"

echo -e "5)delete the created Credential"

echo -e "6)list Credential item"

echo -e "7)list Credential Entry value"

echo -e "8)modify wallet password"

echo -e "9)exit"read-p "choose your action:"num1case $num1 in

1)echo -e "Please enter wallet password:\n"read-s password

printf"$password\n$password\n" | /opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore -wrl /home/sysrls/wallet/ -createecho -e "wallet create success\n";;2)echo -e "Please enter wallet password:"read-s password

read-p "Please enter database tnsname:"tnsname

read-p "Please enter database user:"userecho -n "Please enter database user's password:"read-s dbpass

printf"$dbpass\n$dbpass\n$password\n" | /opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore -wrl /home/sysrls/wallet/ -createCredential $tnsname $userecho -e "Credential create success\n";;3)echo -e "Please enter wallet password:\n"read-s password

printf"$password\n" | /opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore -wrl /home/sysrls/wallet/ -listCredential

;;4)echo -e "Please enter wallet password:"read-s password

read-p "Please enter database tnsname:"tnsname

read-p "Please enter database user:"userecho -n "Please enter database user's password:"read-s dbpass

printf"$dbpass\n$dbpass\n$password\n" | /opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore -wrl /home/sysrls/wallet/ -modifyCredential $tnsname $userecho -e "modify Credential success\n";;5)echo -e "Please enter wallet password:"read-s password

read-p "Please enter database tnsname:"tnsname

printf"$password\n" | /opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore -wrl /home/sysrls/wallet/ -deleteCredential $tnsnameecho -e "delete Credential success\n";;6)echo -e "Please enter wallet password:"read-s password

printf"$password\n" | /opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore -wrl /home/sysrls/wallet/ -list

;;7)echo -e "Please enter wallet password:"read-s password

read-p "Please enter Entryname type:"typeif [ "$type" == "connect" ];thenprintf"$password\n" | /opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore -wrl /home/sysrls/wallet/ -viewEntry oracle.security.client.connect_string1fi

if [ "$type" == "user" ];thenprintf"$password\n" | /opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore -wrl /home/sysrls/wallet/ -viewEntry oracle.security.client.username1fi

if [ "$type" == "password" ];thenprintf"$password\n" | /opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore -wrl /home/sysrls/wallet/ -viewEntry oracle.security.client.password1fi;;8)/opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/orapki wallet change_pwd -wallet /home/sysrls/wallet/;;9)

exit0

esac