• Usually a user name and password are specified when connecting to a database.

  • Such configurations are considered being insecure as the passwords are stored in clear text in external files or in job parameters.
  • The Oracle Wallet® provides a means to connect to a database without specifying user and password.

Oracle Wallet


The Oracle Wallet® configuration is described in the Oracle documentation:

Using Oracle Wallet® for JobScheduler Master and JOC Cockpit


Consider that before JobScheduler release 1.13.9 you cannot use Oracle Wallet® when installing JobScheduler Master and JOC Cockpit, you can use it at run-time.

  • For installation a user/password has to be used.
  • Apply below changes after installation to the respective hibernate files.
  • Future releases will improve this behavior. However, the current behavior fits to a situation where you want to use a different DBMS accounts for installation and at run-time with different privileges.


JobScheduler Master and JOC Cockpit connect to the Oracle database without specifying a database account and password, instead the run-time account of the component is used.

  • Consider to update the hibernate files for Master and JOC Cockpit: 
    • Master
      • $SCHEDULER_DATA/config/hibernate.cfg.xml
      • $SCHEDULER_DATA/config/reporting.hibernate.cfg.xml
    • JOC Cockpit
      • $JETTY_BASE/resources/joc/jobscheduler.hibernate.cfg.xml
      • $JETTY_BASE/resources/joc/reporting.hibernate.cfg.xml
    • The hibernate configuration should look like this:
      • <?xml version="1.0" encoding="UTF-8" standalone="no"?>
        <property name="hibernate.connection.driver_class">oracle.jdbc.driver.OracleDriver</property>
        <property name="hibernate.connection.password"></property>
        <property name="hibernate.connection.url">jdbc:oracle:thin:/@jobscheduler</property>
        <property name="hibernate.connection.username"></property>
        <property name="hibernate.dialect">org.hibernate.dialect.Oracle10gDialect</property>
        <property name="hibernate.show_sql">false</property>
        <property name="hibernate.connection.autocommit">false</property>
        <property name="hibernate.format_sql">true</property>
        <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property>
    • Consider that empty elements are used for the account and password. Do not delete the respective elements from the hibernate configuration file.
    • The above example specifies the URL jdbc:oracle:thin:/@jobscheduler that indicates that the database alias name jobscheduler is configured with your tnsnames.ora file.
    • Alternatively the database connect string can be specified directly with the URL like this:
      • jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=minos.sos)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=jobscheduler)))
      • The above connect string specifies the database host minos.sos listening on port 1521 running a database jobscheduler.
      • When using the above URL syntax then no tnsnames.ora file is used.
  • Configure the location of the Oracle Wallet® by use of a Java define like this: This setting should point to the directory where the wallet files of the JobScheduler's run-time account are stored.
    • For JobScheduler Master
      • specify the Java define with the environment variable JAVA_OPTIONS before running the installer, e.g.
      • alternatively activate/modify the options setting in the [java] section of the ./config/factory.ini file like this:
        options = ...
    • For JOC Cockpit
      • specify the Java define with the jettyOptions setting of the installer response file joc_install_xml like this:
        <entry key="jettyOptions" value=""/>
      • alternatively create/modify the /etc/default/joc file to include the JAVA_OPTIONS environment variable like this:


  • No Oracle Client installation is used, however, you might need an Oracle Client to set up and to configure the Oracle Wallet®.
    • Typical commands to create a wallet include e.g.:
      • # create wallet in a directory that is accessible to the JobScheduler run-time account assumed to be "jobscheduler"
        mkstore -wrl /home/jobscheduler/wallet -create
        # add credentials to wallet; specify entry key, database account and password
        mkstore -wrl /home/jobscheduler/wallet/ -createCredential jobscheduler some_account some_password
    • Consider that the mkstore command might add the location of the wallet to your sqlnet.ora configuration file.
      • This file is used e.g. by SQL*Plus and therefore allows e.g. to execute: sqlplus /@jobscheduler by specifying the entry key for tnsnames.ora and sqlnet.ora
      • This file is not considered when using the Oracle JDBC Driver, therefore the above Java define has to be used.
  • JobScheduler makes use of the Oracle JDBC Driver:
    • Check the Oracle JDBC Driver version that ships with the JobScheduler release, see Which Database Management Systems are supported by JobScheduler? A newer Oracle JDBC Driver might be available for download as the Open Source JobScheduler might not be bundled with the latest Oracle JDBC Driver.
    • Oracle JDBC Drivers that ship for release 18c of the DBMS are reported to work. Previous JDBC Driver releases as e.g. 12c are reported not to work with Oracle Wallet® when used by JobScheduler.
  • The following Oracle Java libraries are required that should match the version of the Oracle JDBC Driver.
    • The .jar files are available from an Oracle Client installation and that are offered by Oracle for download:
      • $ORACLE_HOME/jlib/oraclepki.jar
      • $ORACLE_HOME/jlib/osdt_cert.jar
      • $ORACLE_HOME/jlib/osdt_core.jar
    • Store the libraries in the ./lib/user_lib directory of our JobScheduler Master and JOC Cockpit installation path respectively.

Using Oracle Wallet® for Jobs

See How to make JITL Jobs connect to an Oracle database using Wallet®

  • No labels