关于 Oracle Proxy Authentication问题？

swgsw

数据库版本：oracle 10.2.0.5  Rac(4节点)

操作系统：hp-ux 11.31


遇到的问题：

oracle 有如下用户：

business 业务用户

bxproxy 代理用户

原来开发链接数据库是通过business链接数据库

现在想通过用户代理的方式 用 bxproxy 用户 链接数据库 不开放business的用户名和密码。


alter user business grant connect through bxproxy;

conn  bxproxy/xxxx

select * from tab;

为空



有几点疑问的向大家请教一下：

1、为什么看不到任何 business的对象？

2、代理用户是用来做什么的呢？

3、适合用来解决上述问题的吗？

Liu Maclean(刘相兵

Proxy authentication is the fifth method that can be used in Oracle databases to help deal with some of the potential issues around middle tier connections.

Oracle Proxy Authentication Options

If the user is either a database user or an enterprise user (maintained via Oracle Internet Directory with a distinguished name) then Oracle offers a solution based on the fact that the end user is actually known to the database. In either of these cases, a pass-through approach or re-authentication approach can be used.

Oracle also has a proxy method that can be used for situations where the end user is known only to the application and not directly to the database. This method is known as an application user model. In this case, the user is tracked via an assigned identifier and the activities can be audited using that identifier rather than end user information.

我的理解 在三层应用中 ，通过proxy user可以实现 只有应用程序识别用户 而不让database直接关联用户。

1. SQL> create user          proxy_user
   
2.   2  identified by        pw_proxy
   
3.   3  default tablespace   users
   
4.   4  temporary tablespace temp;
   
5. 
   
6. User created.
   
7. 
   
8. SQL> create user          target_user
   
9.   2  identified by        pw_target
   
10.   3  default tablespace   users
    
11.   4  temporary tablespace temp
    
12.   5  quota unlimited on   users;
    
13. 
    
14. User created.
    
15. 
    
16. SQL> alter user target_user grant connect through proxy_user;
    
17. 
    
18. User altered.
    
19. 
    
20. SQL> grant create session,
    
21.   2        create table
    
22.   3  to    target_user;
    
23. 
    
24. Grant succeeded.
    
25. 
    
26. SQL> connect target_user/pw_target
    
27. Connected.
    
28. select instance_name from v$instance
    
29.                           *
    
30. ERROR at line 1:
    
31. ORA-00942: table or view does not exist
    
32. 
    
33. 
    
34. SQL> create table targets_table (
    
35.   2    col  varchar2(10)
    
36.   3  );
    
37. 
    
38. Table created.
    
39. 
    
40. SQL> insert into targets_table values ('foo');
    
41. 
    
42. 1 row created.
    
43. 
    
44. SQL> commit;
    
45. 
    
46. Commit complete.
    
47. 
    
48. SQL> connect proxy_user[target_user]/pw_proxy
    
49. Connected.
    
50. select instance_name from v$instance
    
51.                           *
    
52. ERROR at line 1:
    
53. ORA-00942: table or view does not exist
    
54. 
    
55. 
    
56. SQL> select * from targets_table;
    
57. 
    
58. COL
    
59. ----------
    
60. foo
    
61. 
    
62. SQL> conn proxy_user/pw_proxy
    
63. ERROR:
    
64. ORA-01045: user PROXY_USER lacks CREATE SESSION privilege; logon denied
    
65. 
    
66. 
    
67. Warning: You are no longer connected to ORACLE.
    
68. SQL> conn / as sysdba
    
69. Connected.
    
70. 
    
71. INSTANCE_NAME
    
72. ----------------
    
73. VRAC1
    
74. 
    
75. SQL> grant dba to proxy_user;
    
76. 
    
77. Grant succeeded.
    
78. 
    
79. SQL> conn proxy_user/pw_proxy
    
80. \Connected.
    
81. 
    
82. INSTANCE_NAME
    
83. ----------------
    
84. VRAC1
    
85. 
    
86. SQL> \
    
87. 
    
88. 
    
89. SQL> SQL> SQL> SQL> SQL>
    
90. SQL>
    
91. SQL>
    
92. SQL> select  * from tab;
    
93. 
    
94. no rows selected
    

复制代码

swgsw

谢谢您了！