java 实现oracle VPD 权限控制

实现思路和步骤:

业务数据有组织机构字段

ORACLE VPD 实现条件拼接

JAVA 拦截器实现那些方法需要实现VPD行数据过滤

利用OracleConnection setEndToEndMetrics() 传递用户权限,后台用userenv 获取

模拟实现

创建订单表

create table t_orders(

order_id number,

order_name varchar2(50),

org_id number

)

comment on table t_orders is ‘订单表’;

comment on column t_orders.order_id is ‘订单主键’;

comment on column t_orders.order_name is ‘订单名称’;

comment on column t_orders.org_id is ‘组织机构id’;

/[b]**************************[/b]/

insert into t_orders

select 1,’花生’,11 from dual

union all

select 2,’瓜子’,12 from dual

union all

select 3,’黄瓜’,11 from dual;

//赋予dmbs_pls 执行权限

grant execute on sys.DBMS_RLS to vpd_test;

/[b]****************[/b]/

create or replace function VPD_AUTHORITY_F(p_schema in varchar2 default NULL,

p_object in varchar2 default NULL)

RETURN varchar2 AS

begin

–拼接条件

return ‘1=1’;

end;

/*增加VPD策略***/

Begin

DBMS_RLS.ADD_POLICY ( OBJECT_SCHEMA => ‘vpd_test’,

OBJECT_NAME => ‘t_orders’,

POLICY_NAME => ‘t_orders’,

FUNCTION_SCHEMA => ‘vpd_test’,

POLICY_FUNCTION => ‘VPD_AUTHORITY_F’,

STATEMENT_TYPES => ‘SELECT’);

end;

/查询结果[b]*****[/b]/

1 1 花生 11

2 2 瓜子 12

3 3 黄瓜 11

/修改VPD策略函数*/

create or replace function VPD_AUTHORITY_F(p_schema in varchar2 default NULL,

p_object in varchar2 default NULL)

RETURN varchar2 AS

begin

–拼接条件

return ‘org_id=11’;

end;

/查询结果[b]*****[/b]/

1 1 花生 11

2 3 黄瓜 11

/[b]*[/b]整合JAVA程序[b]*********[/b]/

package cn.cowbt.vpd.test;

import java.sql.CallableStatement;

import java.sql.Connection;

import java.sql.DriverManager;

import java.sql.PreparedStatement;

import java.sql.ResultSet;

import java.sql.ResultSetMetaData;

import java.sql.SQLException;

import java.sql.Types;

import oracle.jdbc.OracleConnection;

import oracle.jdbc.oracore.OracleType;

public class ConnectionTest {

public static void main(String[] args) throws SQLException {

String url = “jdbc:oracle:thin:@192.168.102.131:1521:orcl”;

String user = “vpd_test”;

String passwd = “tangxuhua”;

Connection connection = DriverManager.getConnection(url, user, passwd);

OracleConnection oCon = (OracleConnection) connection ;

String sql = “select * from t_orders”;

PreparedStatement ps = oCon.prepareStatement(sql);

String[] metrics = new String[4];

metrics[0] = “hello”;//action 后台可以用userenv 取得

metrics[1] = “org_id = 12”;//client_identifier 后台可以用userenv 取得

metrics[3] = “bobo”;//module 后台可以用userenv 取得

/**

* v_action := sys_context(‘userenv’, ‘action’);

v_module := sys_context(‘userenv’, ‘module’);

v_client_identifer := sys_context(‘userenv’, ‘client_identifier’);

--后台取得用户的信息,拼接成vpd 语句
create or replace procedure test_p(v_action out varchar2,
v_module out varchar2,
v_client_identifer out varchar2)
as

begin
v_action := sys_context('userenv', 'action');
v_module := sys_context('userenv', 'module');
v_client_identifer := sys_context('userenv', 'client_identifier');
null;
end test_p;
*/
oCon.setEndToEndMetrics(metrics, (short)0);
CallableStatement sts = connection.prepareCall("{call test_p(?,?,?)}");
sts.registerOutParameter(1,Types.VARCHAR);
sts.registerOutParameter(2,Types.VARCHAR);
sts.registerOutParameter(3,Types.VARCHAR);
sts.execute();

/*  System.out.println(sts.getObject(1));
System.out.println(sts.getObject(2));
System.out.println(sts.getObject(3));*/

ResultSet rs  = ps.executeQuery();
ResultSetMetaData rm =  rs.getMetaData();
//System.out.println(rm.getColumnCount());
while(rs.next()){
Object o1 = rs.getObject(1);
Object o2 = rs.getObject(2);
Object o3 = rs.getObject(3);
System.out.print(o1);
System.out.print("---");
System.out.print(o2);
System.out.print("---");
System.out.print(o3);
System.out.println();
}
sts.close();
ps.close();
connection.close();

}

}

2—瓜子—12