Certificates in lieu of Oracle connection Manager for our Applets -- Help!!
I support an application named IDEA out of New York. The IDEA application is an INTRANET application for use within our company Firewall.
Currently, the IDEA application's front end resides on a Windows 2000 Server running IIS 5 and JRun 3.0. The back-end runs on Oracle 8.1.7 database on a UNIX Database Hosting Utility (DHU). Our applets communicate with the back-end database using Oracle Connection Manager that is installed on the Web Host.
We are trying to migrate to the DWeb environment (Linux cluster). The linux cluster is running Apache Tomcat. We have been told that installing Oracle connection manager is not a viable solution (our company does not support it). Because of this our applets cannot communicate with our database. Below is a brief description of this limitation and also the work-around.
====================================================================================================================================================
Connecting to the Database through the Applet
The most common task of an applet using the JDBC driver is to connect to and query a database. Because of applet security restrictions, unless particular steps are taken an applet can open TCP/IP sockets only to the host from which it was downloaded (this is the host on which the Web server is running). This means that without these steps, your applet can connect only to a database that is running on the same host as the Web server.
If your database and Web server are running on the same host, then there is no issue and no special steps are required. You can connect to the database as you would from an application.
As with connecting from an application, there are two ways in which you can specify the connection information to the driver. You can provide it in the form of host:port:sid or in the form of a TNS keyword-value syntax.
For example, if the database to which you want to connect resides on host prodHost, at port 1521, and SID ORCL, and you want to connect with user name scott with password tiger, then use either of the two following connect strings:
using host:port:sid syntax:
String connString="jdbc:oracle:thin:@prodHost:1521:ORCL";
conn = DriverManager.getConnection(connString, "scott", "tiger");
using TNS keyword-value syntax:
String connString = "jdbc:oracle:thin:@(description=(address_list=
(address=(protocol=tcp)(port=1521)(host=prodHost)))
(connect_data=(sid=ORCL)))";
conn = DriverManager.getConnection(connString, "scott", "tiger");
If you use the TNS keyword-value pair to specify the connection information to the JDBC Thin driver, then you must declare the protocol as TCP.
However, a Web server and an Oracle database server both require many resources; you seldom find both servers running on the same machine. Usually, your applet connects to a database on a host other than the one on which the Web server runs. There are two possible ways in which you can work around the security restriction:
You can connect to the database by using the Oracle8 Connection Manager.
or:
You can use a signed applet to connect to the database directly.
These options are discussed in the next section, "Connecting to a Database on a Different Host Than the Web Server".
Connecting to a Database on a Different Host Than the Web Server
If you are connecting to a database on a host other than the one on which the Web server is running, then you must overcome applet security restrictions. You can do this by using either the Oracle8 Connection Manager or signed applets. ====================================================================================================================================================
It was suggested that we implement signed applets (it is our only alternative at this time). This is where, hopefully, you can help me. We are unfamiliar with using certificates and signing applets. We need to obtain certificates that will allow our applets to connect to our oracle database on the DHU. What kind of certificates do we use? Are their coding examples of how to use these certificates? We have a CA within our company but they cannot tell us what kind of certificates we need. How many certificates do we need? Do we install any certificates on the backend database server? Any information would be greatly appreciated. We are basically trying to get our applet to work outside the sandbox by establishing a connection to the database server.Thanks in advance for your time.
