Tomcat无法创建TCPS Oracle JDBC连接

Question

我在tomcat中通过JDBC使用数据库连接。我们的环境是Tomcat 7+ JDK 8和Oracle 12c。

因为我只能通过TCPS连接到Oracle数据库(我们使用的是Oracle的钱包)，所以我必须修改我当前的Tomcat来创建到Oracle的server.xml连接。我更新的配置片段

    <Resource auth="Container" driverClassName="oracle.jdbc.driver.OracleDriver"
        initialSize="10"
        jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReportJmx(threshold=10000)"
        jmxEnabled="true" logAbandoned="true" maxActive="100" maxIdle="100"
        maxWait="10000" 
        name="jdbc/jndiconnection" password="XXXXXX" removeAbandoned="true"
        type="javax.sql.DataSource" url=""jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname)(PORT=1234))(CONNECT_DATA=(SERVICE_NAME=servicename)))"
        username="XXXXXXXX" validationInterval="30000" validationQuery="SELECT 1 FROM DUAL" />

我添加了truststore/trusttypey/keystore/keytype作为参数，但是我得到了错误：

Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.
    at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:296)
    at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:117)
    at oracle.net.nt.ConnOption.connect(ConnOption.java:133)
    at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:370)
    ... 73 more
Caused by: oracle.net.ns.NetException: Unable to initialize the key store.
        at oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:369)
        at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:279)
        ... 76 more
Caused by: java.security.KeyStoreException: SSO not found
        at java.security.KeyStore.getInstance(KeyStore.java:851)
        at oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:357)
        ... 77 more
Caused by: java.security.NoSuchAlgorithmException: SSO KeyStore not available
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
        at java.security.Security.getImpl(Security.java:695)
        at java.security.KeyStore.getInstance(KeyStore.java:848)
        ... 78 more

然后，我遵循了https://sysapp.wordpress.com/2010/08/31/how-to-oracle-wallet-with-jdbc-thin-driver-datasource-tomcat/的说明，但是在本文中，它使用协议作为TCP，而不是TCPS。

<Resource
        name="jdbc/confluence"
        auth="Container"
        type="javax.sql.DataSource"
        driverClassName="oracle.jdbc.OracleDriver"
        url="jdbc:oracle:thin:/@mywallet"
        connectionProperties=”oracle.net.wallet_location=/opt/wallet"/>

然后我得到了错误：

Caused by: oracle.net.ns.NetException: The method specified in wallet_location is not supported. Location: /opt/wallet
    at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:219)
    at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:117)
    at oracle.net.nt.ConnOption.connect(ConnOption.java:133)
    at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:370)
    ... 73 more

我已经编写了通过TCPS进行连接的Java示例代码，连接工作正常。我是否遗漏了配置文件中的一些关键点？还有其他方法可以通过JDBC创建Oracle的TCPS连接吗？

Answer 1

“oracle.net.wallet_location=/opt/wallet”

这不是属性应该是什么。它应该是：

(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/wallet)))

您得到的错误消息是因为它在您提供的METHOD=中找不到“one”。

Answer 2

您需要遵循以下几个步骤。(1)确保类路径中有oraclepki.jar、osdt_core.jar、osdt_cert.jar

(2)另外，通过以下系统属性指定cwallet.sso文件的位置。您可以创建setenv.sh并添加所需的系统属性。另外，启用另一个系统属性，如下所示。export -Doracle.net.wallet_location='(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/test/wallet/)))'“JAVA_OPTS="$CATALINA_OPTS -Doracle.net.wallet_location=‘(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/test/wallet/)))’”export JAVA_OPTS="$CATALINA_OPTS -Doracle.net.ssl_server_dn_match=true“

(3)确保您的URL中包含如下所示的证书信息。请从您的证书中复制URL的“security”部分。(数据库(address=(protocol=tcps)(port=1522)(host=myorclhostname)) (connect_data=(service_name=myorcldb)) (security=(ssl_server_cert_dn= "CN=CMAN，O=Oracle description=，C=US“) (4)需要激活oracle PKI provider。静态启用:修改JRE (jre_HOME/jre/lib/ java.security /java.security)的安全文件: security.provider.7=oracle.security.pki.OraclePKIProvider

有关详细信息，请参阅"SSL with JDBC driver“。