Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Retrieving session key on service side

843810Feb 19 2008 — edited Sep 1 2010
I have got most of my SOAP framework with kerberos going. The last part, however, is proving to be really difficult.

Basically, the SOAP message is signed at the client side using the session key in the service ticket. The GSS token is passed via the SOAP header, and on the server side an acceptSecContext() call is successfully made.

The trouble is that in order to verify the message signature I need to get the session key (which from reading the Kerberos spec) should have been in the GSS token that was passed to acceptSecContext(). However I cannot find any API methods for getting this session key on the server side, and the ticket and/or session key is not put into my Subject during the acceptSecContext() call - so I have no way of accessing this session key.

Does anyone know how to get the session key on the service side? Note that it is the client-service session key that is in the service ticket when it is first given to the client.

Comments

Dude!

There's no problem to have copies of the same control files in different directories and ideally on different media and independent storage controllers. It's called control file multiplexing and very common.

Yes, you can use the alter system command according to  your needs. There are many examples on the web, For instance: https://oracle-base.com/articles/misc/renaming-or-moving-oracle-files#controlfiles

EdStevens

Sorry, in my quick-scan first read I saw your opening statement:

We have created a new 11gR2 instance on Windows 2012 R2. By mistake

As

We have created a new 11gR2 instance on Windows 2012 R2 by mistake

And thought to myself, "yes, creating it on a Windows machine is certainly a mistake!"

Seriously,though, many would consider installing a new 11g to be a mistake regardless of platform.  It is effectively at end of life, going into sustaining support by the end of this year.

As for your actual question, Oracle doesn't care if the individual file names are the same.  It is using the fully-qualified name (complete directory path) to identify all files.  But from a human management perspective, it seems to make more sense to name them as you want (control01, control02, etc.).  And your procedure is essentially correct.  I say 'essentially' because it is one of several minor variations on the theme, all of which will get you there in the end.  The common theme being 'alter database' to change the entry in the spfile', stop the database, move/rename the file at the OS level, start the database.

EdStevens
Joerg.Sobottka

Yes, it works as you have described it, if you run with spfile. If you run with the old init.ora you need to specify the right names in there, shutdown immediate the database, rename/copy your controlfiles to the right names/places and startup the database again.

That's easy. You could also use rman to mirror the controlfiles, but stay at the easy path...

1 - 4
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Sep 29 2010
Added on Feb 19 2008
6 comments
667 views