Forum Stats

  • 3,854,709 Users
  • 2,264,411 Discussions
  • 7,905,763 Comments

Discussions

Integrate Oracle BI Publisher with Oracle Form [Authentication]

KT-936969
KT-936969 Member Posts: 35
edited Jun 6, 2014 4:56PM in Forms

Oracle FMW Form & Report 11g R2 (11.1.2)

Oracle BI Publisher 11.1.1.6

Oracle Database 11g Release 11.2.0.4.0 - 64bit Production


With the help of below link, i want to integrating Oracle BI Publisher with Oracle form

http://www.pitss.eu/fileadmin/pitss/images/de/White_Papers/White_paper_BIPublisher_WebServices.pdf

But I need to know one thing, as mention in above link, weblogic user/pwd in the java code for authentication with BI Publisher,

My Question here, what is the best way to handle authentication with BI Publisher while integrating with Oracle Form?

Best Answer

  • sfr.farhan
    sfr.farhan Member Posts: 385
    Answer ✓

    I think, in a document, it just mention for example,

    it won't be good practice if keep the weblogic user/pwd in Java code, at the end this java code become a jar file and deployed on server and then downloaded on client machine. which completely in secure and values are hard-coded, if password change then again issue, it means having user/pwd in jar never be a good solution.

    For a quick view, I would advice keep the user/pwd in db in encrypted form and access on oracle form with decrypte and pass the value to the api ReportServiceClient.CallRunReport()

    if you feel, every time you need to access user/pwd from db and decypte it, what i would advise here, get user/pwd once and set in db context, and then get it from the context with decrypte.

    May other have better idea.

Answers

  • sfr.farhan
    sfr.farhan Member Posts: 385
    Answer ✓

    I think, in a document, it just mention for example,

    it won't be good practice if keep the weblogic user/pwd in Java code, at the end this java code become a jar file and deployed on server and then downloaded on client machine. which completely in secure and values are hard-coded, if password change then again issue, it means having user/pwd in jar never be a good solution.

    For a quick view, I would advice keep the user/pwd in db in encrypted form and access on oracle form with decrypte and pass the value to the api ReportServiceClient.CallRunReport()

    if you feel, every time you need to access user/pwd from db and decypte it, what i would advise here, get user/pwd once and set in db context, and then get it from the context with decrypte.

    May other have better idea.

  • Andreas Weiden
    Andreas Weiden Member Posts: 10,871 Gold Crown

    The code called from forms already gets the username and password as parameters, so you have to store them somewhere "on the forms-side".

    SOme options are:

    1- Hardcoded in forms

    2- stored in a table in the database

    3- stored in the .env-file of the forms-application

    I would tend to options 2 or 3 whereas i would store the values encrypted

    Andreas Weiden
  • KT-936969
    KT-936969 Member Posts: 35

    Thanks for your time and help.

    sfr.farhan.fani wrote:
    
    For a quick view, I would advice keep the user/pwd in db in encrypted form and access on oracle form with decrypte and pass the value to the api ReportServiceClient.CallRunReport()
    
    if you feel, every time you need to access user/pwd from db and decypte it, what i would advise here, get user/pwd once and set in db context, and then get it from the context with decrypte.
    

    @sfr.farhan.fani

    Sound better idea, common advise bu you and Andreas Weiden (2nd point).

    Andreas Weiden wrote:
    
    1- Hardcoded in forms
    2- stored in a table in the database
    3- stored in the .env-file of the forms-application
    

    @Andreas Weiden

    How could store user/pwd in the .env-file of the forms application and get access at form level. thanks.

    I

  • Andreas Weiden
    Andreas Weiden Member Posts: 10,871 Gold Crown
    How could store user/pwd in the .env-file of the forms application 
    

    Open the env-file with an editor of your choice. Create a new line and write something like

    BI_ACCESS=user/password

    and get access at form level.
    

    Use TOOL_ENV.GET_VAR('BI_ACCESS', variable) to read the data.

    To encrypt/decrypt you could use the db-packages DBMS_OBFUCSATION_TOOLKIT or DBMS_CRYPTO

    Andreas Weiden
  • KT-936969
    KT-936969 Member Posts: 35

    Thanks & @sfr.farhan.fani for your time and help.

    So, I have two ways to solve my problem.

    1. Store user/pwd in DB with encryption and access it in application.

    2. Define user/pwd in .env file with encryption and access it in application.

    I tried the solution with DB and successfully implemented, working fine.

    I need one more suggestion here,

    Which solution is more effective in all aspect, security, performance and maintainability wise.

    So that, I could go with best solution.

    Thanks for your advise

This discussion has been closed.