Connect to an Oracle database using KerberosTag(s): JDBC


The Oracle thin driver (v11g) supports Kerberos authentication.

Using this method, you don't need to provide a username/password to Oracle. Kerberos authentication can take advantage of the user name and password maintained by the operating system to authenticate users to the database or use another set of user credentials specified by the application.

The knowledge of how to configure your Kerberos environment is required.

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Properties;

import oracle.jdbc.OracleConnection;
import oracle.jdbc.OracleDriver;
import oracle.net.ano.AnoServices;

public class TestOra3 {
  public TestOra3() {    }
  public void doit () throws SQLException {
    Properties props = new Properties();
    props.setProperty(
      OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_SERVICES,
      "( " + AnoServices.AUTHENTICATION_KERBEROS5 + " )");
    props.setProperty(
      OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_MUTUAL,
      "true");
    System.setProperty("java.security.krb5.conf","c:/oracle/krb5.conf");
    
    String url = "jdbc:oracle:thin:@//oracleserver.mydomain.com:5561/mydatabaseinstance";
    DriverManager.registerDriver(new OracleDriver());
    Connection conn = DriverManager.getConnection(url,props);

    String sql = "select {fn user()} from dual" ;
    Statement stmt = conn.createStatement();
    ResultSet rs = stmt.executeQuery(sql);
    while (rs.next())
       System.out.println("results: " + rs.getString(1));
    conn.close();
  }

  public static void main(String[] args){
    TestOra3 test = new TestOra3();
    try {
      test.doit();
      System.out.println("Done..");
    }
    catch (SQLException e) {
      e.printStackTrace();
    }
  }
}
A list of problems that may occur when attempting a login :
http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/Troubleshooting.html.

On my installation (Windows XP SP2), I got the exception :

javax.security.auth.login.LoginException: KrbException:
KDC has no support for encryption type (14)

This registry entry has solved the problem :

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01

blog comments powered by Disqus