Using Java Containers with Exadata Express Cloud Service (EECS)

Any of the Java EE containers such as Web Logic Server, Tomcat, WebSphere, and JBOSS can be used to connect to Oracle Database Exadata Express Cloud Service. Security is enforced by using TLS v1.2 and Java KeyStore (JKS) files which can be downloaded from the database service. Steps to achieve a successful connection using WebLogicServer and Tomcat  are mentioned here.  Other Java EE containers WebSphere, and JBOSS are coming soon.

1. Web Logic Server v12.2.1.3

  • Download and Install the WLS v12.2.1.3
    Download Fusion Middleware Infrastructure Installer and Install the WLS. While creating a domain, choose the correct JDK. Refer to Create and Deploy a Java Servlet using WLS blog for more details.
    Note: If you are using JDK9 or JDK8u162 then you **DO NOT** need JCE policy files.
    Otherwise,
    download the JCE Unlimited Strength Jurisdiction Policy Files. Refer to README for installation notes.

  • Disable FAN for WLS 12.2.1.3 
    The 12.2 JDBC driver auto enables FAN. So, disable FAN explicitly by adding
    -Doracle.jdbc.fanEnabled=false to the JAVA_OPTIONS in $MW_HOME/user_projects/domains/base_domain/bin/setDomainEnv.sh

  • Create an Oracle Datasource  
    After starting the weblogic server, login to WLS admin console (http://localhost:7001/console)

    (a) Services --> Data Sources --> Click on New --> a drop down menu is displayed as shown in Fig 1.1.

    Fig 1.1: List of data sources

    WebLogic Server Datasources

    (b) Choose Generic Data Source for (JDBC only) or UCP Data Source for UCP or Active Grid Link (AGL).  Enter the Name, JNDI Name and choose the Database Type. You can name it "EECS_DS"
    (c) Follow the screens to choose the driver and enter *dummy* values for 'Database Name', 'Host Name', and 'Port'. You will be changing these later in the next page. However, enter the correct  database username and password.
    (d) Update the database URL to "jdbc:oracle:thin:@dbaccess" as we will be using TNS alias. 
    (e) Unzip the contents of client_credentials.zip as described in Step 2 of "Initial Steps for using JDBC with EECS" to a location that is accessible. The client_credentials.zip contains tnsnames.ora, keystore.jks, truststore.jks files and the location of these files will be passed as connection properties as shown below in Fig 1.2.
    user=PDB_ADMIN
    oracle.net.ssl_server_dn_match=true        
    oracle.net.tns_admin=/Users/test/config/lib
    javax.net.ssl.keyStore=/Users/test/config/lib/keystore.jks
    javax.net.ssl.keyStorePassword=Welcome1
    javax.net.ssl.trustStore=/Users/test/config/lib/truststore.jks    
    javax.net.ssl.trustStorePassword=Welcome1        
    

    (f) Click on "Test Configuration" to verify the connection to the database. Make sure that the connection is successful before proceeding with using this datasource in the Java servlet.
    (g) Make sure to associate the Target for the new datasource created in the last step and click FINISH to save the datasource.

    Fig 1.2: Summary Page after adding the testing the data source
    WebLogic Server Datasources
  • Sample code to use the UCP datasource or JDBC data source in a Servlet

        /* 
         * Method that creates the datasource for the JNDI lookup
         */
        private DataSource getDataSource() throws NamingException {
          Context ctx = new InitialContext();
          // Look up for the JNDI datasource
          javax.sql.DataSource ds
            = (javax.sql.DataSource) ctx.lookup ("EECS_DS");
          return ds;
        } 
        //For JDBC: Get the Oracle Datasource 
        DataSource ds = getDataSource();
        try (Connection connection = ds.getConnection()) { ... }
        
        //For UCP : Use PoolDataSource to get the connection 
        PoolDataSource pds = (PoolDataSource) getDataSource();
        try (Connection connection = ds.getConnection()) { ... }
    

2. Tomcat

  • Create a UCP datasource as shown below in context.xml.

      <Resource 
       name="tomcat/UCPPool" 
       auth="Container" 
       factory="oracle.ucp.jdbc.PoolDataSourceImpl" 
       type="oracle.ucp.jdbc.PoolDataSource" 
       description="UCP Pool in Tomcat" 
       connectionfactoryclassname="oracle.jdbc.pool.OracleDataSource" 
       minpoolsize="5" maxpoolsize="50" initialpoolsize="15" autocommit="true" 
       user="clouduser" password="cloudpassword">     
       url="jdbc:oracle:thin:@dbaccess"
       connectionProperties="{javax.net.ssl.trustStore=/home/myuser/cloud/truststore.jks, 
       javax.net.ssl.trustStoreType=JKS, javax.net.ssl.trustStorePassword=welcome1, 
       javax.net.ssl.keyStore=/home/myuser/cloud/keystore.jks, javax.net.ssl.keyStoreType=JKS, 
       javax.net.ssl.keyStorePassword=welcome1, 
       oracle.net.ssl_version=1.2, oracle.net.ssl_server_dn_match=true}" />
    
     
  • Update TNS_ADMIN Java VM property in catalina.sh

        <TOMCAT_HOME>/bin/catalina.sh      
        #Added for connection to cloud database          
        JAVA_OPTS="$JAVA_OPTS -Doracle.net.tns_admin=/home/myuser/cloud" 
    

     

  • Sample code to use the UCP datasource in a Servlet

        // Get a context for the JNDI look up
        PoolDataSource pds = getPoolInstance();
        conn = pds.getConnection();
    
        public PoolDataSource getPoolInstance() throws NamingException {
          Context ctx;
          ctx = new InitialContext();
          Context envContext = (Context) ctx.lookup("java:/comp/env");
          // Look up a UCP data source
          javax.sql.DataSource ds
              = (javax.sql.DataSource) envContext.lookup ("tomcat/UCPPool");
          PoolDataSource pds=(PoolDataSource)ds;
          return pds; 
       }