Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

oAuth2 security token - query connection

user2018218May 3 2021

My company has created it's own java api to query a json file database. I have created a class to see if I can connect and query. That works, but it is not secure. It has my username and password in it.
A friend of mine created a python script to connect and query as well, however he is using oAuth2 with a token, and that works. I would like to use the oAuth2 token as well but in java.
Here is part of his code in python.

import requests
from requests import post, auth, exceptions
from json import loads
import pandas as pd
import time
from io import StringIO

client_id = 'CSI10BIRSTDEM_DEM~OrYZOp7y7aL3-OX__vvOi4tmBKHbabfK3UiI5d-rOEY'
client_secret = 'gETIknwsuCfFqvsHTKLsA79NQzakR1_2UMdJ0b0TlEQnKb9KzI64ytrPikwFSUGMPvVtBNELmU4AO8GV2HiTBQ'
user = 'CSI10BIRSTDEM_DEM#vRzhxJEjwyK5m6LSGfa5UykRbbaVj1KHWan7j0qz61PrAwezkCks0t3nrnSarLvvk5bh25GTIDGVzHj55C139Q'
password = 'cUKHtWFnjNrXJV7xznezG36c2LaNBYTv1nb9WIIsi-dAQBUfjOBGznCxOUOMKiIvYPYmGfnkivd2HV2toAA5uQ'

access_point = 'https://qac-sso.qac.awsdev.infor.com/CSI10BIRSTDEM_DEM/as/token.oauth2'
grant_type = 'password'
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
auth = auth.HTTPBasicAuth(client_id, client_secret)
data = {'grant_type': grant_type,
'username': user,
'password': password}
resp = None

try:
resp = post(access_point, auth=auth, data=data, headers=headers, timeout=5)
except exceptions.ConnectionError:
pass
#print('Error')

if resp.status_code == 200:
resp = loads(resp.text)
if 'access_token' in resp:
access_token = resp['access_token']

########################

url = 'https://qac-ionapi.qac.awsdev.infor.com/CSI10BIRSTDEM_DEM/IONSERVICES/datalakeapi/v1/compass/jobs'

query = "SELECT TOP 10 * FROM csi_pertot_mst"

response = requests.post(str(url),data = query.encode('utf-8'), headers={'Content-Type':'text/plain','Authorization': 'Bearer {}'.format(access_token)})

if response.status_code == 202:
json_data = response.json()

Comments

Gurjas
You should create a bitmap or btree index on the action_id of the history table depending on the cardinality of the column.
Which will fasten the checking of action usage in the history table.

As per my understanding the isused idea is not good.

Why don't you go for the foreign key in the table? If you have already implement the foreign key in the table then this problem should not be there.. now you have to check the existense manually in the table. If possible you can also implement the foreign key now.
668031
Thanks,
after all they did create a index. The problem of having a foreign key without having a index by that key is that it takes very long to check if it is used.
1 - 2

Post Details

Added on May 3 2021
0 comments
309 views