JDBC Thin Connections Without a Wallet (TLS)

Autonomous Database mandates a secure connection that uses Transport Layer Security (TLSv1.2). Depending on the configuration options, Autonomous Database supports mTLS and TLS authentication. This section covers using JDBC Thin Connections with TLS authentication without a wallet.

JDBC Thin Driver Connection Prerequisites for TLS Connections Without a Wallet

Applications that use JDBC Thin driver support TLS and mutual TLS (mTLS) authentication. Connecting to an Autonomous Database instance with TLS authentication requires database credentials (username and password) and provides a secure connection, but does not require that you download Oracle wallets or Java KeyStore (JKS) files.

Note

See Update your Autonomous Database Instance to Allow both TLS and mTLS Authentication for information on allowing TLS connections.

Perform the following steps before connecting to the database:

  1. Provision Autonomous Database: Create a database and obtain your database credentials (username and password).

    See Provision an Autonomous Database Instance for more information.

  2. Verify your JDK version for security: If you are using JDK11, JDK10, or JDK9 then you don’t need to do anything for this step. If your JDK version is less than JDK8u162 then you need to download the JCE Unlimited Strength Jurisdiction Policy Files. Refer to the README file for installation notes. Download the JCE files from Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download.
  3. Check JDBC Driver Version: Download the latest 18.3 JDBC Thin driver (ojdbc8.jar and ucp.jar) from Oracle Database 18c (18.3) JDBC Driver & UCP Downloads. Use the latest 18.3 JDBC driver, or newer, to take advantage of recent enhancements that simplify connections and provide easy steps for configuration. You also need the additional jars: oraclepki.jar, osdt_core.jar, and osdt_cert.jar for use with Oracle wallets.

Using a JDBC URL TLS Connection String for JDBC Thin Driver Without a Wallet

To connect the database using JDBC Thin Driver with TLS without a wallet, you provide a connection string. Each database service has its own TNS Name and connection string.

To run an application using the JDBC Thin Driver with TLS authentication without a wallet:

  1. Copy a connection string for the Autonomous Database.

    To connect with TLS authentication copy a TLS connection string.

    1. From the Oracle Cloud Infrastructure Console, on the Autonomous Database details page click Database connection.

    2. Under TLS Authentication, select TLS to view the connection strings for connecting with TLS authentication.

    3. Copy a connection string.

    See View TNS Names and Connection Strings for an Autonomous Database Instance for information on viewing and copying connection stings.

    See Database Service Names for Autonomous Database for information on the different databases services for each connection string.

  2. Set the DB_URL parameter.

    Use the following format for the DB_URL parameter:

    DB_URL=jdbc:oracle:thin:@my_connect_string

    For example:

    DB_URL=jdbc:oracle:thin:@(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)
    (port=1521)(host=adb.region.oraclecloud.com))
    (connect_data=(service_name=u9adutfb2ba8x4d_database_medium.adb.oraclecloud.com))
    (security=(ssl_server_dn_match=yes)))