There are a couple of ways to protect the standard iSQL*Plus URL. One way is to use the default setup for the DBA URL and extend this to also protect the standard URL. The other way is to create a new role which protects just the standard URL. You will need to do this setup manually, and here's the instructions on how to do it.
I've written this using a Windows install, but the process is the same for other operating systems. Just change the % to $, and switch the to / in the paths.
Protect both the standard and DBA URLs using the webDba role
The webDba role is already configured in an Oracle database install to protect the DBA URL using basic authentication. To extend this same authentication to include the iSQL*Plus standard URL, perform the following steps:
- Edit %ORACLE_HOME%oc4jj2eeoc4j_applicationsapplicationsisqlplusisqlplusWEB-INFweb.xml to add another
element: * Your
element should now look like this:
dba.uix
/dba.uix
/dbA.uix
/dBa.uix
/dBA.uix
/Dba.uix
/DbA.uix
/DBa.uix
/DBA.uix
*
DynamicDba
/dba/dynamic
webDba
NONE
- From the directory %ORACLE_HOME%oc4jj2eeisqlplusapplication-deploymentsisqlplus, run the following commands:
set ORACLE_HOME=
set JAVA_HOME=%ORACLE_HOME%jdk
cd %ORACLE_HOME%oc4jj2eeisqlplusapplication-deploymentsisqlplusChange
to the location of your Oracle Home, for example, C:oracleprogramsora10g. - Use JAZN to add a user and assign it a role to access the iSQL*Plus URLs. This is the same as setting up the DBA URL described in the SQL*Plus documentation.
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -adduser "iSQL*Plus DBA" plusdba plusdba
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -grantrole webDba "iSQL*Plus DBA" plusdba
If you want to use the JAZN shell, here's the equivalent commands:
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -shellJAZN>adduser "iSQL*Plus DBA" plusdba plusdba
JAZN>grantrole webDba "iSQL*Plus DBA" plusdba
JAZN>exitA little handy hint that I discovered while setting this up. If you use the JAZN shell, you need to exit the shell before any changes take place. I had a lot of frustration figuring out this procedure until I worked out this little feature!
I didn't have to restart iSQL*Plus for this to take effect, but I did have to exit the JAZN shell.
- Test this has now been set up. Open a browser window and enter the iSQL*Plus URL:
http://<;machine_name>:5560/isqlplus
You should see an authentication dialog displayed. Enter plusdba/plusdba as your login. The iSQL*Plus login screen should be displayed. Close your browser (to remove the basic authentication), and do the same to test the iSQL*Plus DBA login:
http://<;machine_name>:5560/isqlplus/dba
Protect the standard URL using a new role, and the DBA URL using the webDba role
The other way of setting up basic authentication for the iSQL*Plus standard URL, is to have two roles, one for the DBA URL, and one for the standard URL. So you can have one login for the DBA URL, which can also access the standard URL, and another login that can only access the standard URL.
As before, we reuse the webDba role which is already configured in an Oracle database install to protect the DBA URL. Then we create a new role to protect the iSQL*Plus standard URL. Here are the steps you need to perform:
- Edit %ORACLE_HOME%oc4jj2eeoc4j_applicationsapplicationsisqlplusisqlplusWEB-INFweb.xml to add the another
element:
login.uix
*
webUser
webDba
NONE
And add another
element:
Privileged access to iSQL*Plus URL.
webUser
- From the directory %ORACLE_HOME%oc4jj2eeisqlplusapplication-deploymentsisqlplus, run the following commands:
set ORACLE_HOME=C:ora102
set JAVA_HOME=%ORACLE_HOME%jdk
cd %ORACLE_HOME%oc4jj2eeisqlplusapplication-deploymentsisqlplus- Add a the role webUser to the "iSQL*Plus DBA" realm.
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -addrole "iSQL*Plus DBA" webUserAdd a user to the "iSQL*Plus DBA" realm.
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -adduser "iSQL*Plus DBA" plususer plususer
Grant the role webUser to the plususer user.
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -grantrole webUser "iSQL*Plus DBA" plususer
If you want to use the JAZN shell, here's the equivalent commands:
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -shell
JAZN>adduser "iSQL*Plus DBA" plususer plususer
JAZN>addrole "iSQL*Plus DBA" webUser
JAZN>grantrole webUser "iSQL*Plus DBA" plususer
JAZN>exit
I didn't have to restart iSQL*Plus for this to take effect, but I did have to exit the JAZN shell.- Test this has now been set up. Open a browser window and enter the iSQL*Plus URL:
http://<;machine_name>:5560/isqlplus
You should see an authentication dialog displayed. Enter plususer/plususer as your login. The iSQL*Plus login screen should be displayed. Close your browser (to remove the basic authentication), and do the same to test the iSQL*Plus DBA login:
http://<;machine_name>:5560/isqlplus/dba
The user you have just created, plususer, should be able to login to standard iSQL*Plus URL, but should not have access to the iSQL*Plus DBA URL.
When you create a user to access the iSQL*Plus DBA URL (as described in the SQL*Plus User's Guide and Reference), you should also grant the webUser role so it can access the standard iSQL*Plus URL.
Some Handy Commands
Just to add to this topic, I thought I'd add a few extra commands, to save you some typing, that you might need while setting all this up.
To stop iSQL*Plus:
%ORACLE_HOME%binisqlplusctl stop
To start iSQL*Plus:
%ORACLE_HOME%binisqlplusctl start
To remove the user plususer using JAZN:
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -remuser "iSQL*Plus User" plususer
To list the users using JAZN:
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -listusers
To list the realms using JAZN:
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -listrealms
To create the user plusdba in the "iSQL*Plus DBA" realm using JAZN:
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -adduser "iSQL*Plus DBA" plusdba plusdba
To grant the role webDba to the plusdba user using JAZN:
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -grantrole webDba "iSQL*Plus DBA" plusdba
To grant the role webUser to the plusdba user using JAZN:
%JAVA_HOME%binjava -Djava.security.properties=%ORACLE_HOME%oc4jj2eehomeconfigjazn.security.props -jar %ORACLE_HOME%oc4jj2eehomejazn.jar -user "iSQL*Plus DBA/admin" -password welcome -grantrole webUser "iSQL*Plus DBA" plusdba
alıntıdır. kaynak :Alison Holloway's Blog :
No comments:
Post a Comment