(Oracle)

Configure utilities to authenticate users with an Oracle Wallet encrypted passwords

We can configure the AllDBConnector class to use encrypted passwords that are stored in an Oracle Wallet to authenticate a user to establish a database connection for WebSphere Commerce utilities.

Task info

To complete the following steps, we must run the Oracle mkstore utility. For more information about the Oracle Wallet and running Oracle utilities, including any updated usage syntax, see Oracle Technology Network.

Procedure

1. Create an Oracle Wallet with the Oracle mkstore utility. In a command-line utility, run the following command from Oracle bin directory:

   mkstore -wrl wallet_directory -create

   Where

   • wallet_directory is the directory where to create the Wallet. For example, c:\server.wallet.

     Note: Ensure that the directory that you set as the wallet_directory is readable and executable by the appropriate users.

   For example,

   mkstore -wrl wallet.nonssl -create

2. Add the database user credentials into the Oracle Wallet for users that you do want to continue sending between the utility client and database server tiers to authenticate the users. In a command-line utility, run the following command from Oracle bin directory:

   mkstore -wrl wallet_directory -createCredential tns-name user

   Where

   • wallet_directory is the directory where to create the Wallet. For example, c:\server.wallet.

     Note: Ensure that the directory that you set as the wallet_directory is readable and executable by the appropriate users.

   • tns-name is the TNS alias that we use to specify the database in the tnsnames.ora file.

   • user is the name of the user to include an encrypted password for within the Oracle Wallet.

   For example,

   mkstore -wrl wallet.nonssl -createCredential orcl wcs

   The Oracle Wallet is now enabled to support automatic authentication of the wcs users to the orcl TNS name.

3. Update the AllDBConnector class configuration for establishing a database connection for WebSphere Commerce utilities to use the encrypted passwords in the Oracle Wallet.

   1. Go to the following directory and open the alldbconnector.xml configuration file for editing.

      • WCDE_installdir\WC\xml\config

   2. Update the alldbconnector.xml file to include an override configuration for how to authenticate users.

      For more information about the properties that we can include in your override configuration in the alldbconnector.xml file, see Database connection acquisition for utilities and Ant tasks.

      • If your Oracle database driver type is a thin driver, your updated AllDBConnector class configuration in the alldbconnector.xml file can resemble the following code snippet:

        <override identifier="nonsslwalletauth">
          <property name="oracle.jdbc.J2EE13Compliant" type="java.lang.Boolean" value="true"/>
          <property name="oracle.net.tns_admin" value="Oracle_installdir/db_1/network/admin" scope="system" />
          <property name="oracle.net.wallet_location" value="(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/home/oracle/wallet.nonssl)))" />
          <jdbcurl value="jdbc:oracle:thin:@orcl" />
          <security providername="oracle.security.pki.OraclePKIProvider" />
          <jar path="Oracle_installdir/db_1/jlib/oraclepki.jar" />
          <jar path="Oracle_installdir/db_1/jlib/osdt_cert.jar" />
          <jar path="Oracle_installdir/db_1/jlib/osdt_core.jar" />
          <ignoreuserpass/>
        </override>  

Related tasks
Configure utilities to authenticate users with an SSL certificate and client password
Configure utilities to authenticate users with a client and server SSL certificate
Configure the Oracle database connection for utilities to authenticate users with Oracle Wallet

Related reference
Utilities