我有一个文档管理系统,它是一个Tomcat servlet,具有单独的config.xml。DMS系统需要一个数据库才能正常工作。在本例中是Oracle 19c。出于安全原因,我希望加密Tomcat和Oracle之间的连接。为此,我在Oracle 19c下通过orapki创建了一个带有自签名证书的Wallet。之后,listener. ora、sqlnet.ora和tnsname.ora进行了相应的调整。在servlet的config.xml中,我将连接字符串更改为TNS。通过TCP,我正确地获得了到Oracle服务器的连接。根据标题,通过TCP显示错误消息。
通过SQLplus我可以正确地通过TCP建立连接。这里还有什么地方会出错呢?
我的环境:
Server1:
Linux Oracle Server 7.8
Oracle 19c
Hostname: oracleserver.localdomain
Server2:
Windows Server 2022 Datacenter
Apache Tomcat 9.0.37
OpenJDK 15.0.1+9-18
Hostname eloOracle服务器中的ORA-Files:
listener.ora
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracleserver.localdomain)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = oracleserver.localdomain)(PORT = 2484))
)
)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/product/19.0.0/dbhome_1/wallets/server_wallet)
)
)
SSL_CLIENT_AUTHENTICATION = FALSESQLnet.ora
SQLNET.AUTHENTICATION_SERVICES = (BEQ,TCPS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/product/19.0.0/dbhome_1/wallets/server_wallet)
)
)
SSL_CLIENT_AUTHENTICATION = FALSEtnsnames.ora
LISTENER =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracleserver.localdomain)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = oracleserver.localdomain)(PORT = 2484))
ELO =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracleserver.localdomain)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = elo)
)
)
ELOPDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = oracleserver.localdomain)(PORT = 2484))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = elopdb)
)
)对于Apache Tomcat,我设置了以下Java选项:
-Djava.net.preferIPv4Stack=true
-Doracle.net.ssl_cipher_suites=SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_ C4_128_MD5, SSL_DH_anon_WITH_DES_CBC_SHA我的JDBC连接字符串:
jdbc:oracle:thin:@(DESCRIPTION =(ADDRESS_LIST =(ADDRESS =(PROTOCOL=TCPS)(HOST=oracleserver)(PORT=2484)))(CONNECT_DATA=(SERVICE_NAME=ELOPDB)(SERVER=DEDICATED)))确切的错误消息:
19:45:25.690 WARN eloix-init-2 init-2 (DBConnection.java:486) - Could not establish connection using jdbcurl=jdbc:oracle:thin:@(DESCRIPTION =(ADDRESS_LIST =(ADDRESS =(PROTOCOL=TCPS)(HOST=oracleserver)(PORT=2484)))(CONNECT_DATA=(SERVICE_NAME=ELOPDB)(SERVER=DEDICATED))), I/O-Fehler: The Network Adapter could not establish the connection
19:45:25.695 WARN eloix-init-2 init-2 (IXServlet$InitThread.java:539) - Initialization error, retry after 10s
java.sql.SQLException: java.sql.SQLException: Cannot get connection from Driver Manager. DB[1] Command=""
at de.elo.ix.db.DBConnection.throwException(DBConnection.java:175)
at de.elo.ix.db.DBConnection.internalConnect(DBConnection.java:583)
at de.elo.ix.db.DBConnection.connect(DBConnection.java:357)
at de.elo.ix.data.DBFactory.createAndConnect(DBFactory.java:14)
at de.elo.ix.exec.ServerObject.init(ServerObject.java:1138)
at de.elo.ix.exec.ServerObjectHolderImpl.init(ServerObjectHolderImpl.java:47)
at de.elo.ix.IXServlet$InitThread.run(IXServlet.java:521)
Caused by: java.sql.SQLException: Cannot get connection from Driver Manager.
at de.elo.ix.db.DBConnection.internalConnect(DBConnection.java:551)
... 5 common frames omitted我希望你能看到我的错误...
作为一个可能的解决方案,我已经在Windows服务器上安装了Oracle客户端工具,并检查了别名作为连接字符串的规范。不幸的是,同样的错误。通过TCP的SQL Plus连接工作正常。还有openssl s_client-connect oracleserver:2484。
此外,我还将以下参数作为Java选项进行了检查,但不幸的是,结果相同
-Doracle.net.wallet_location=D:\App\Oracle\product\19.3.0\dbhome_1\network\admin
-Doracle.net.tns_admin=D:\App\Oracle\product\19.3.0\dbhome_1\network\admin
1条答案
按热度按时间cotxawn71#
如果使用Oracle Wallets,则类路径中还应包含oraclepki.jar、osdt_core. jar和osdt_cert. jar。有关TCPS的一些特定示例,请查看blog。