java 实现oracle VPD 权限控制
2016-06-13 11:22
363 查看
实现思路和步骤:
业务数据有组织机构字段
ORACLE VPD 实现条件拼接
JAVA 拦截器实现那些方法需要实现VPD行数据过滤
利用OracleConnection setEndToEndMetrics() 传递用户权限,后台用userenv 获取
模拟实现
创建订单表
create table t_orders(
order_id number,
order_name varchar2(50),
org_id number
)
comment on table t_orders is ‘订单表’;
comment on column t_orders.order_id is ‘订单主键’;
comment on column t_orders.order_name is ‘订单名称’;
comment on column t_orders.org_id is ‘组织机构id’;
/[b]**************************[/b]/
insert into t_orders
select 1,’花生’,11 from dual
union all
select 2,’瓜子’,12 from dual
union all
select 3,’黄瓜’,11 from dual;
//赋予dmbs_pls 执行权限
grant execute on sys.DBMS_RLS to vpd_test;
/[b]****************[/b]/
create or replace function VPD_AUTHORITY_F(p_schema in varchar2 default NULL,
p_object in varchar2 default NULL)
RETURN varchar2 AS
begin
–拼接条件
return ‘1=1’;
end;
/*增加VPD策略***/
Begin
DBMS_RLS.ADD_POLICY ( OBJECT_SCHEMA => ‘vpd_test’,
OBJECT_NAME => ‘t_orders’,
POLICY_NAME => ‘t_orders’,
FUNCTION_SCHEMA => ‘vpd_test’,
POLICY_FUNCTION => ‘VPD_AUTHORITY_F’,
STATEMENT_TYPES => ‘SELECT’);
end;
/查询结果[b]*****[/b]/
1 1 花生 11
2 2 瓜子 12
3 3 黄瓜 11
/修改VPD策略函数*/
create or replace function VPD_AUTHORITY_F(p_schema in varchar2 default NULL,
p_object in varchar2 default NULL)
RETURN varchar2 AS
begin
–拼接条件
return ‘org_id=11’;
end;
/查询结果[b]*****[/b]/
1 1 花生 11
2 3 黄瓜 11
/[b]*[/b]整合JAVA程序[b]*********[/b]/
package cn.cowbt.vpd.test;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Types;
import oracle.jdbc.OracleConnection;
import oracle.jdbc.oracore.OracleType;
public class ConnectionTest {
public static void main(String[] args) throws SQLException {
String url = “jdbc:oracle:thin:@192.168.102.131:1521:orcl”;
String user = “vpd_test”;
String passwd = “tangxuhua”;
Connection connection = DriverManager.getConnection(url, user, passwd);
OracleConnection oCon = (OracleConnection) connection ;
String sql = “select * from t_orders”;
PreparedStatement ps = oCon.prepareStatement(sql);
String[] metrics = new String[4];
metrics[0] = “hello”;//action 后台可以用userenv 取得
metrics[1] = “org_id = 12”;//client_identifier 后台可以用userenv 取得
metrics[3] = “bobo”;//module 后台可以用userenv 取得
/**
* v_action := sys_context(‘userenv’, ‘action’);
v_module := sys_context(‘userenv’, ‘module’);
v_client_identifer := sys_context(‘userenv’, ‘client_identifier’);
}
2—瓜子—12
业务数据有组织机构字段
ORACLE VPD 实现条件拼接
JAVA 拦截器实现那些方法需要实现VPD行数据过滤
利用OracleConnection setEndToEndMetrics() 传递用户权限,后台用userenv 获取
模拟实现
创建订单表
create table t_orders(
order_id number,
order_name varchar2(50),
org_id number
)
comment on table t_orders is ‘订单表’;
comment on column t_orders.order_id is ‘订单主键’;
comment on column t_orders.order_name is ‘订单名称’;
comment on column t_orders.org_id is ‘组织机构id’;
/[b]**************************[/b]/
insert into t_orders
select 1,’花生’,11 from dual
union all
select 2,’瓜子’,12 from dual
union all
select 3,’黄瓜’,11 from dual;
//赋予dmbs_pls 执行权限
grant execute on sys.DBMS_RLS to vpd_test;
/[b]****************[/b]/
create or replace function VPD_AUTHORITY_F(p_schema in varchar2 default NULL,
p_object in varchar2 default NULL)
RETURN varchar2 AS
begin
–拼接条件
return ‘1=1’;
end;
/*增加VPD策略***/
Begin
DBMS_RLS.ADD_POLICY ( OBJECT_SCHEMA => ‘vpd_test’,
OBJECT_NAME => ‘t_orders’,
POLICY_NAME => ‘t_orders’,
FUNCTION_SCHEMA => ‘vpd_test’,
POLICY_FUNCTION => ‘VPD_AUTHORITY_F’,
STATEMENT_TYPES => ‘SELECT’);
end;
/查询结果[b]*****[/b]/
1 1 花生 11
2 2 瓜子 12
3 3 黄瓜 11
/修改VPD策略函数*/
create or replace function VPD_AUTHORITY_F(p_schema in varchar2 default NULL,
p_object in varchar2 default NULL)
RETURN varchar2 AS
begin
–拼接条件
return ‘org_id=11’;
end;
/查询结果[b]*****[/b]/
1 1 花生 11
2 3 黄瓜 11
/[b]*[/b]整合JAVA程序[b]*********[/b]/
package cn.cowbt.vpd.test;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Types;
import oracle.jdbc.OracleConnection;
import oracle.jdbc.oracore.OracleType;
public class ConnectionTest {
public static void main(String[] args) throws SQLException {
String url = “jdbc:oracle:thin:@192.168.102.131:1521:orcl”;
String user = “vpd_test”;
String passwd = “tangxuhua”;
Connection connection = DriverManager.getConnection(url, user, passwd);
OracleConnection oCon = (OracleConnection) connection ;
String sql = “select * from t_orders”;
PreparedStatement ps = oCon.prepareStatement(sql);
String[] metrics = new String[4];
metrics[0] = “hello”;//action 后台可以用userenv 取得
metrics[1] = “org_id = 12”;//client_identifier 后台可以用userenv 取得
metrics[3] = “bobo”;//module 后台可以用userenv 取得
/**
* v_action := sys_context(‘userenv’, ‘action’);
v_module := sys_context(‘userenv’, ‘module’);
v_client_identifer := sys_context(‘userenv’, ‘client_identifier’);
--后台取得用户的信息,拼接成vpd 语句 create or replace procedure test_p(v_action out varchar2, v_module out varchar2, v_client_identifer out varchar2) as begin v_action := sys_context('userenv', 'action'); v_module := sys_context('userenv', 'module'); v_client_identifer := sys_context('userenv', 'client_identifier'); null; end test_p; */ oCon.setEndToEndMetrics(metrics, (short)0); CallableStatement sts = connection.prepareCall("{call test_p(?,?,?)}"); sts.registerOutParameter(1,Types.VARCHAR); sts.registerOutParameter(2,Types.VARCHAR); sts.registerOutParameter(3,Types.VARCHAR); sts.execute(); /* System.out.println(sts.getObject(1)); System.out.println(sts.getObject(2)); System.out.println(sts.getObject(3));*/ ResultSet rs = ps.executeQuery(); ResultSetMetaData rm = rs.getMetaData(); //System.out.println(rm.getColumnCount()); while(rs.next()){ Object o1 = rs.getObject(1); Object o2 = rs.getObject(2); Object o3 = rs.getObject(3); System.out.print(o1); System.out.print("---"); System.out.print(o2); System.out.print("---"); System.out.print(o3); System.out.println(); } sts.close(); ps.close(); connection.close(); }
}
2—瓜子—12
相关文章推荐
- java对世界各个时区(TimeZone)的通用转换处理方法(转载)
- java-注解annotation
- java-模拟tomcat服务器
- java-用HttpURLConnection发送Http请求.
- java-WEB中的监听器Lisener
- Android IPC进程间通讯机制
- Android Native 绘图方法
- Android java 与 javascript互访(相互调用)的方法例子
- 介绍一款信息管理系统的开源框架---jeecg
- 聚类算法之kmeans算法java版本
- java实现 PageRank算法
- 基于 Red Hat 的发行版 Oracle Linux 正式发布Oracle Linux 7.1
- PropertyChangeListener简单理解
- c++11 + SDL2 + ffmpeg +OpenAL + java = Android播放器
- 插入排序
- 冒泡排序
- 堆排序
- 快速排序