我在tomcat中通过JDBC使用数据库连接 . 我们的环境是Tomcat 7 JDK 8和Oracle 12c .
由于我只能通过TCPS连接到Oracle数据库(我们使用的是Oracle的钱包),因此我必须修改当前的Tomcat server.xml以创建与Oracle的JDBC连接 . 我更新的配置代码段
<Resource auth="Container" driverClassName="oracle.jdbc.driver.OracleDriver"
initialSize="10"
jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReportJmx(threshold=10000)"
jmxEnabled="true" logAbandoned="true" maxActive="100" maxIdle="100"
maxWait="10000"
name="jdbc/jndiconnection" password="XXXXXX" removeAbandoned="true"
type="javax.sql.DataSource" url=""jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname)(PORT=1234))(CONNECT_DATA=(SERVICE_NAME=servicename)))"
username="XXXXXXXX" validationInterval="30000" validationQuery="SELECT 1 FROM DUAL" />
我添加了truststore / trusttypey / keystore / keytype作为参数,但是我收到了错误:
Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:296)
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:117)
at oracle.net.nt.ConnOption.connect(ConnOption.java:133)
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:370)
... 73 more
Caused by: oracle.net.ns.NetException: Unable to initialize the key store.
at oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:369)
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:279)
... 76 more
Caused by: java.security.KeyStoreException: SSO not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:357)
... 77 more
Caused by: java.security.NoSuchAlgorithmException: SSO KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 78 more
然后我按照以下说明进行操作:https://sysapp.wordpress.com/2010/08/31/how-to-oracle-wallet-with-jdbc-thin-driver-datasource-tomcat/但是在文章中它使用PROTOCAL作为TCP而不是TCPS .
<Resource
name="jdbc/confluence"
auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:/@mywallet"
connectionProperties=”oracle.net.wallet_location=/opt/wallet"/>
然后我得到了错误:
Caused by: oracle.net.ns.NetException: The method specified in wallet_location is not supported. Location: /opt/wallet
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:219)
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:117)
at oracle.net.nt.ConnOption.connect(ConnOption.java:133)
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:370)
... 73 more
我已经编写了Java示例代码来通过TCPS进行连接,并且连接工作正常 . 我错过了配置文件中的一些关键点吗?还有其他方法可以通过JDBC创建Oracle的TCPS连接吗?
2 回答
这不是该 properties 应该是什么 . 它应该是:
(SOURCE =(METHOD =文件)(METHOD_DATA =(DIRECTORY = /选择/钱包)))
您收到的错误消息是因为它无法在您提供的那个中找到“METHOD =” .
您需要遵循几个步骤 . (1)确保在类路径中有oraclepki.jar,osdt_core.jar,osdt_cert.jar
(2)另外,通过以下系统属性指定cwallet.sso文件的位置 . 您可以创建setenv.sh并添加所需的系统属性 . 此外,启用另一个系统属性,如此处所示 . export JAVA_OPTS =“$ CATALINA_OPTS -Doracle.net.wallet_location ='(SOURCE =(METHOD = file)(METHOD_DATA =(DIRECTORY = / test / wallet /)))'”export JAVA_OPTS =“$ CATALINA_OPTS -Doracle.net.ssl_server_dn_match =真”
(3)确保您在URL中有证书信息,如下所示 . 请从证书中复制URL的“安全”部分 . (description =(address =(protocol = tcps)(port = 1522)(host = myorclhostname))(connect_data =(service_name = myorcldb))(security =(ssl_server_cert_dn =“CN = CMAN,O = Oracle Database,C = US) “)))(4)您需要激活oracle PKI提供程序 . 要静态启用它:更改JRE的java.security文件(JRE_HOME / jre / lib / security / java.security):security.provider.7 = oracle.security.pki.OraclePKIProvider
有关详细信息,请参阅“SSL with JDBC driver” .