Smplifying JDBC connection to Oracle Autonomous Database with Wallet Using mTLS Protocol

Introduction:

Oracle Autonomous Database (ADB) is a powerful cloud-based database service that offers a self-driving, self-securing, and self-repairing infrastructure. To establish a secure connection between ADB and client applications, Oracle recommends using wallets and the mutual Transport Layer Security (mTLS) protocol. However, configuring the wallet location in client applications can be challenging due to limitations with the TNS_ADMIN property. In this blog, we will explore an easier way to configure wallet location using the JDBC URL, eliminating the need for extensive application server or property file modifications.

Challenges with TNS_ADMIN Property:

The Oracle documentation suggests using the TNS_ADMIN property to specify the wallet location for client applications. However, this approach has several limitations. Firstly, the TNS_ADMIN property can be set in multiple places, such as environment variables, ojdbc property files, or application server (like Wildfly) property files. This multiplicity of configuration options can lead to confusion and inconsistencies, making it difficult to ensure that the correct wallet location is being utilized.

Another challenge with the TNS_ADMIN property is its limitation of allowing only a single value. This limitation means that connecting to multiple ADB instances, each with its own wallet, becomes problematic. As a result, users often find themselves needing to manage multiple TNS_ADMIN properties or resort to alternative complex configurations to overcome this limitation.

A Simpler Approach: Wallet Location in JDBC URL:

To overcome the limitations of the TNS_ADMIN property, Oracle introduced a more straightforward method to specify the wallet location directly in the JDBC URL. This approach simplifies the configuration process and ensures that users can connect to any number of ADB instances without the need for specific knowledge or multiple TNS_ADMIN properties.

Here’s an example of the JDBC URL syntax incorporating the wallet location:

jdbc:oracle:thin:@(DESCRIPTION= (ADDRESS= (PROTOCOL=tcps) (Host=hostname) (Port=1522)) (CONNECT_DATA= (SERVICE_NAME=myservicename)) (Security=(my_wallet_directory=/opt/wildfly/jnetadmin_c/)))

As seen in the example, the “my_wallet_directory” parameter is appended to the JDBC URL. By replacing “MY_WALLET_LOCATION” with the actual wallet directory path, applications can seamlessly connect to ADB without requiring changes to property files or environment variables.

Starting 19c JDBC Drivers: TNS_ADMIN in the URL:

Starting with the 19c JDBC drivers, an additional method has been introduced to set the TNS_ADMIN property directly in the JDBC URL This directory in the TNS_ADMIN url can now have additional configuration files and wallet. This allows for even more flexibility and convenience in configuring the wallet location.

Here’s an example of the JDBC URL syntax incorporating the TNS_ADMIN property:

jdbc:oracle:thin:@dbname_high?TNS_ADMIN=/Users/test/wallet_dbname

In the above example, the URL includes the “TNS_ADMIN” parameter, which specifies the location of the wallet file and the tnsnames.ora file. This approach enables users to have a single URL that encompasses all necessary connection information, simplifying the configuration process further.

Benefits of JDBC URL Approach:

1. Simplified Configuration: The JDBC URL approach eliminates the need for modifying application server properties or property files, reducing complexity and potential errors. There’s only one place to configure the wallet location, making it easier to manage.
2. Flexibility for Multiple ADB Instances: With the JDBC URL method, connecting to multiple ADB instances becomes hassle-free. Each instance can have its own wallet location specified in the JDBC URL, allowing applications to securely connect to diverse databases.
3. Streamlined Application Deployment: Developers and administrators no longer need to possess in-depth knowledge of the application server or property file configurations. This simplifies the deployment process and ensures consistency across different environments.

Conclusion:

Oracle Autonomous Database provides a robust and secure cloud-based solution for managing enterprise data. Connecting to ADB using mTLS protocol and wallets is highly recommended for ensuring data privacy and integrity. By leveraging the JDBC URL approach to specify the wallet location, application developers and administrators can simplify the configuration process and connect to multiple ADB instances without the limitations of the TNS_ADMIN property. This approach enhances flexibility, reduces potential errors, and streamlines the deployment of applications using Oracle Autonomous Database.