Tuesday, June 13, 2023

Back to the basics: How to connect Autonomous Database using java JDBC with or without a wallet

Sometimes it is good to go back to the basics. Connection between Autonomous database and the client is always encrypted with TLS. Depending on the network access type, either it has to be mutual (mTLS) or TLS only. Why this is important? Well, I can think of couple good reasons. If I allow "secure access from everywhere" to my database then I would want to ensure only the clients that I shared necessary information (in this case a wallet) should be able to access it. Other logical options are allowing access only from the network addresses that I know, like my own IP address or from private network that I trust.

So I will be writing a small piece of java code to test it. It is all about setting my environment and constructing JDBC connection string. So at the minimum I add jdbc driver to my pom file. You might want to use UCP for your applications, it will be the same. I will be following official documentation

1 In order to connect with a Wallet, I download the wallet from console, unzip it then use the folder as my TNS_ADMIN. Connection string looks like

jdbc:oracle:thin:@{CONNECT_DENTIFIER}?{TNS_ADMIN}
As you will see there are different ways to construct it: Wallet folder can be set as a system property or passed as a query string. Here is a small sample code

2 If I can restrict access to my autonomous database with an access controll list (ACL) or connect with a private endpoint in a private subnet then I can uncheck Require mutual TLS (mTLS) authentication checkbox then I can connect to this database without a wallet. Connection is still encrypted with TLS.

No comments:

Post a Comment

Featured

Putting it altogether: How to deploy scalable and secure APEX on OCI

Oracle APEX is very popular, and it is one of the most common usecases that I see with my customers. Oracle Architecture Center offers a re...