Search code examples
oracle-databasesecuritygrailsjdbcgrails-orm

Grails with Oracle thick OCI driver authenticate to Oracle with wrong user

I have set up authenticate Oracle using certificates stored in an Oracle wallet by having the following lines in

sqlnet.ora. sqlnet.ora is located in my Linux home directory. 

 WALLET_LOCATION =
    (SOURCE =
      (METHOD = FILE)
      (METHOD_DATA =
        (DIRECTORY = my_wallet_location)
      )
     )

 SQLNET.WALLET_OVERRIDE = TRUE

And set the username and password to "" in DataSource.groovy

 username=""
 password=""

However, after I started up my grails app, I found my app did os authentication which logged me into Oracle as ops$john as supposed to john and completely disregarded my wallet set up.

Please advise.

Update :

Here is the rest of the DataSource.groovy

dataSource {
    pooled = true
    jmxExport = true
    driverClassName = "oracle.jdbc.driver.OracleDriver"
    username=""
    password=""
}
hibernate {
    cache.use_second_level_cache = true
    cache.use_query_cache = true
//    cache.region.factory_class = 'net.sf.ehcache.hibernate.EhCacheRegionFactory' // Hibernate 3
    cache.region.factory_class = 'org.hibernate.cache.ehcache.EhCacheRegionFactory' // Hibernate 4
    singleSession = true // configure OSIV singleSession mode
    flush.mode = 'manual' // OSIV session flush mode outside of transactional context
}

// environment specific settings
environments {
    development {
        dataSource {
            dbCreate = "update" // one of 'create', 'create-drop', 'update', 'validate', ''
            url = "jdbc:oracle:oci:@//myhost:myport/myinstance"
            properties {
                // See http://grails.org/doc/latest/guide/conf.html#dataSource for documentation
                jmxEnabled = true
                initialSize = 5
                maxActive = 50
                minIdle = 5
                maxIdle = 25
                maxWait = 10000
                maxAge = 10 * 60000
                timeBetweenEvictionRunsMillis = 5000
                minEvictableIdleTimeMillis = 60000
                validationQuery = "SELECT 1"
                validationQueryTimeout = 3
                validationInterval = 15000
                testOnBorrow = true
                testWhileIdle = true
                testOnReturn = false
                jdbcInterceptors = "ConnectionState"
                defaultTransactionIsolation = java.sql.Connection.TRANSACTION_READ_COMMITTED
             }
        }
    }
}
Solution

  • You should use a url with this format: jdbc:oracle:oci:/@alias where alias is the wallet alias in your tnsnames.ora file.

    This option is documented in several places for example here and here. Most documentation is referencing the thin driver but it works the same way with the OCI driver. This post describes the complete process of creating and using a wallet with the OCI driver