Oracle 26ai Support for the Bequeath Protocol
Starting from Oracle AI Database Release 26ai, the JDBC thin driver supports the Bequeath protocol (BEQ) for applications running on Linux platforms, this protocol let applications, connect to Oracle database without Listener, however, other non-administrative users too can use this protocol.
To connect to the Database using the Bequeath Protocol, you must set the value of the ORACLE_HOME variable, so that the driver can locate the Oracle server process executable.
Typically, the ORACLE_HOME variable points to the database installation location, that is,
/var/lib/oracle/dbhome.
You can reset the location in the following two ways:
- In the connection URL
- In the environment of the current application
The second mandatory variable, which you must enable, is the ORACLE_SID. Similar to setting the ORACLE_HOME variable, you can set the ORACLE_SID in the connection URL or in the current application environment. To establish a bequeath connection, the BEQ protocol must be enabled, which is the default setting in the authentication services property.
The following example shows how you can set the ORACLE_HOME variable and the ORACLE_SID in the connection URL:
jdbc:oracle:thin:@(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq))
(ENVS=ORACLE_HOME=/var/lib/oracle/dbhome,ORACLE_SID=oraclesid))
JDBC OCI Driver or Type 2 Client Driver
You must use the JDBC OCI driver in your client-side Java applications only if your applications use any of the following features that are dependent on the platform-specific OCI libraries:
- Bequeath protocol:This procol lets you use the local connections without going through the listener, which is typically used by the Database Administrators to perform various administrative operations; however, other non-administrative users too can use this protocol.
- OS Authentication: The JDBC OCI driver supports OS Authentication on Linux when the client and the server are on the same computer. On Window domains, it supports OS Authentication even across multiple computers.
- Transparent Application Failover (TAF): that supports failover of read transactions.
Requirements for enabling BEQ protocol for Clients and Applications:
--Adding BEQ to oracle configuration files:
Update the Oracle sqlnet.ora configuration file
authentication_services = (BEQ, TCPS, NONE)
Note: BEQ requires a local OS user.
• The BEQ protocol bypasses listener/TCP and directly spawns a database server process ($ORACLE_HOME/bin/oracle) on the same host.
• This means the JDBC application must run on the same Linux machine as the database instance.
• The OS user running the application must have permission to execute the Oracle binary (oracle) inside $ORACLE_HOME/bin. That’s why Oracle recommends setting restrictive permissions like chmod 750 $ORACLE_HOME/bin/oracle.
• No remote network user is involved — it’s strictly local process spawning.
Ensure $ORACLE_HOME/bin/oracle is executable by the local application user.
Example:
chmod 750 $ORACLE_HOME/bin/oracle
Connection String sample:
jdbc:oracle:thin:@(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq))
(ENVS=ORACLE_HOME=/var/lib/oracle/dbhome,ORACLE_SID=oraclesid))
Default BEQ Enablement:
BEQ is enabled by default in Oracle 26ai unless explicitly restricted.
• If security policies require disabling BEQ, you can:
• Remove BEQ from authentication_services.
• Add a logon trigger to block BEQ sessions for non-SYS/SYSTEM users.
Use this Trigger to preventing BEQ connections:
CREATE OR REPLACE TRIGGER block_beq_logon
AFTER LOGON ON DATABASE
BEGIN
IF SYS_CONTEXT('USERENV','NETWORK_PROTOCOL') = 'beq'
AND SYS_CONTEXT('USERENV','SESSION_USER') NOT IN ('SYS','SYSTEM') THEN
RAISE_APPLICATION_ERROR(-20001, 'BEQ connections are not allowed');
END IF;
END;
/
Benefits of the Bequeath Protocol Solution
•Improved Performance of Local Connections:
The primary benefit of using the Bequeath protocol is enhanced performance for applications running on the same machine as the Oracle database. By bypassing the network listener and network stack, the connection is established more directly and efficiently.
•Simplified Configuration: Since the Bequeath protocol does not require a network listener for local connections, the configuration is simplified. This can be particularly advantageous in development and testing environments.
•Resource Efficiency: By avoiding the network layer, the Bequeath protocol can lead to more efficient use of system resources for local database connections.
Why Oracle Introduced Bequeath Protocol Support in the JDBC Thin Driver
Oracle’s introduction of Bequeath protocol support in the JDBC thin driver for Release 26ai is a strategic move to enhance the capabilities and performance of Java applications running on the same host as the database. Here’s why this is a significant development:
•Alignment with Modern Application Architectures:
Many modern application architectures, including microservices and containerized applications, often involve components running on the same host. Providing a high-performance, low-latency connection method for these scenarios is crucial.
•Completing the JDBC Thin Driver’s Capabilities: The JDBC thin driver is a pure Java, platform-independent driver that is widely used. Adding Bequeath protocol support makes it a more comprehensive solution, allowing it to handle both local and remote connections efficiently without requiring a different driver.
•Deprecation of the JDBC OCI Driver:
Oracle has deprecated the JDBC OCI (Type 2) driver in Oracle AI Database Release 26ai. The OCI driver was another way to achieve high-performance local connections.
By incorporating Bequeath support into the thin driver, Oracle is providing a modern and preferred alternative for the functionality that will be lost with the OCI driver’s deprecation.
Deprecated Features in 26ai
Deprecation of the JDBC OCI Driver
The JDBC OCI Driver or Type 2 Client Driver, is deprecated in Oracle AI Database Release 26ai. Most Java applications that use Open Database Connectivity (ODBC) with Oracle JDBC drivers use the Thin driver. To enable Oracle to allocate resources to better address customer requirements, Oracle is deprecating the JDBC-OCI driver.
Deprecation of Blob, Clob, and BFile Methods
Oracle is deprecating the methods open(), close(), and isClosed() in the interfaces oracle.jdbc.OracleBlob, oracle.jdbc.OracleClob, and oracle.jdbc.OracleBfile.
These methods are replaced with the openLob(), closeLob() and isClosedLob() methods. The method close() conflicts with the type java.lang.AutoCloseable. Removing the proprietary method close() makes it possible for OracleBlob, OracleClob, and OracleBfileinterfaces to extend the AutoCloseable interface at some future time. The open() and isClosed()methods will be removed and replaced to maintain rational names for these methods.
Same Machine Requirement and OS User needs
•Same Machine Requirement: Oracle database and the application using the Bequeath protocol must be on the same machine. The protocol is specifically designed for local inter-process communication and does not work over a network.
•OS User dependency: The introduction of the Bequeath protocol support in the JDBC thin driver does not eliminate the need for an operating system user. The connection process still operates within the security context of the OS. In fact, to use the Bequeath protocol, you must set the `ORACLE_HOME` environment variable so that the driver can locate the Oracle server process executable, which underscores the reliance on the underlying OS and its user environment.
#############################
No comments:
Post a Comment