甲骨文的技术合作计划的tomcat Thin驱动程序不能正常工作
我需要一个新的环境帮助,我建立甲骨文的技术合作计划的tomcat Thin驱动程序不能正常工作
的Tomcat(钱包+ JDBC Thin驱动程序) - > TCPS - >甲骨文12
我一直下面这篇文章(Oracle JDBC thin driver SSL),没有运气
当我尝试启动Tomcat时,显示
Caused by: java.security.SignatureException: Signature length not correct: got 256 but was expecting 128
at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189)
at java.security.Signature$Delegate.engineVerify(Signature.java:1219)
以下错误我觉得我失去了一些东西,但我不是k现在在哪里..
Oracle方面
的listener.ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet)
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 72795752816f)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = 72795752816f)(PORT = 2484))
)
)
ADR_BASE_LISTENER = /u01/app/oracle
SQLNET.ORA
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet)
)
)
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5)
SQLNET.WALLET_OVERRIDE = TRUE
Tomcat的侧面
的tnsnames.ora
TEST =
(DESCRIPTION =
(ADDRESS =
(PROTOCOL = TCPS)
(HOST = 72795752816f)
(PORT = 2484)
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = xe.oracle.docker)
)
)
的context.xml
<Resource name="jdbc/edorasone" auth="Container"
type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:/@TEST"
connectionProperties="javax.net.ssl.keyStore=/tomcat/wallet/cwallet.sso;\
javax.net.ssl.keyStoreType=PCKS12;\
oracle.net.ssl_version=1.0;\
oracle.net.ssl_cipher_suites=(SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5);\
oracle.net.authentication_services=(TCPS)"
/>
任何帮助将是非常赞赏ADVA
纳乔
感谢。
BTW:如果在Tomcat中使用sqlnet客户端与sqlnet.ora(= Oracle)& tnsnames.ora(= Tomcat)我可以连接没有问题。
(a)您是否有使用Oracle钱包需要额外的罐子? (oraclepki.jar,osdt_core.jar,osdt_cert.jar)?
(2)更正javax.net.ssl.keyStoreType = PKCS12。你在那里有一个错字。
(3)DB URL应该是“jdbc:oracle:thin:@TEST”,并且由于您使用的是别名,因此需要设置系统属性-Doracle.net.tns_admin =(a)是否需要额外的jar包使用Oracle钱包? (oraclepki.jar,osdt_core.jar,osdt_cert.jar)?
查看SSL with JDBC whitepaper了解更多详情。
非常感谢您的帮助。 一)是的,他们已经到位 B)它与PCKS12 C)TNS_ADMIN是到setenv.sh脚本
最后我得到了我的建立现在的工作。
SSL_CIPHER_SUITES必须双方匹配,所以我所做的就是给力相同的密码
SQLNET.ORA
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA)
SETENV。SH
CATALINA_OPTS+=" -Doracle.net.ssl_cipher_suites=TLS_RSA_WITH_AES_256_CBC_SHA "
(注意前缀是不一样的:在SSL_ Oracle方面,和TLS_到Tomcat/Java端)
对于具有类似配置的问题,那几件,,我让Tomcat的配置这里边
###############################
# DB CONNECTION CONFIGURATION #
###############################
# Oracle DB (JNDI)
CATALINA_OPTS+=" -Dspring.profiles.active=database-jndi "
CATALINA_OPTS+=" -Doracle.net.tns_admin=/tomcat/wallet "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStore=/tomcat/wallet/keystore.jks "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStoreType=JKS "
CATALINA_OPTS+=" -Djavax.net.ssl.keyStorePassword=Passw0rd "
CATALINA_OPTS+=" -Djavax.net.ssl.trustStore=/tomcat/wallet/truststore.jks "
CATALINA_OPTS+=" -Djavax.net.ssl.trustStorePassword=Passw0rd "
CATALINA_OPTS+=" -Doracle.net.authentication_services=TCPS "
CATALINA_OPTS+=" -Doracle.net.ssl_cipher_suites=TLS_RSA_WITH_AES_256_CBC_SHA "
的context.xml
<Resource name="jdbc/efdesone" auth="Container"
type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:/@TEST"
username="<username>" password="<password>" maxActive="20" maxIdle="10" maxWait="-1"
/>
亲切的问候
纳乔。