Connect to Okta Data from a Connection Pool in Jetty

The CData JDBC driver for Okta is easy to integrate with Java Web applications. This article shows how to efficiently connect to Okta data in Jetty by configuring the driver for connection pooling. You will configure a JNDI resource for Okta in Jetty.

Configure the JDBC Driver for Salesforce as a JNDI Data Source

Follow the steps below to connect to Salesforce from Jetty.

1. Enable the JNDI module for your Jetty base. The following command enables JNDI from the command-line:

   java -jar ../start.jar --add-to-startd=jndi
2. Add the CData and license file, located in the lib subfolder of the installation directory, into the lib subfolder of the context path.

3. Declare the resource and its scope. Enter the required connection properties in the resource declaration. This example declares the Okta data source at the level of the Web app, in WEB-INF\jetty-env.xml.

   <Configure id='oktademo' class="org.eclipse.jetty.webapp.WebAppContext"> <New id="oktademo" class="org.eclipse.jetty.plus.jndi.Resource"> <Arg><Ref refid="oktademo"/></Arg> <Arg>jdbc/oktadb</Arg> <Arg> <New class="cdata.jdbc.okta.OktaDriver"> <Set name="url">jdbc:okta:</Set> <Set name="Domain">dev-44876464.okta.com</Set> <Set name="InitiateOAuth">GETANDREFRESH</Set> </New> </Arg> </New> </Configure>

   To connect to Okta, set the Domain connection string property to your Okta domain.

   You will use OAuth to authenticate with Okta, so you need to create a custom OAuth application.

   Creating a Custom OAuth Application

   From your Okta account:

   1. Sign in to your Okta developer edition organization with your administrator account.
   2. In the Admin Console, go to Applications > Applications.
   3. Click Create App Integration.
   4. For the Sign-in method, select OIDC - OpenID Connect.
   5. For Application type, choose Web Application.
   6. Enter a name for your custom application.
   7. Set the Grant Type to Authorization Code. If you want the token to be automatically refreshed, also check Refresh Token.
   8. Set the callback URL:
      • For desktop applications and headless machines, use http://localhost:33333 or another port number of your choice. The URI you set here becomes the CallbackURL property.
      • For web applications, set the callback URL to a trusted redirect URL. This URL is the web location the user returns to with the token that verifies that your application has been granted access.
   9. In the Assignments section, either select Limit access to selected groups and add a group, or skip group assignment for now.
   10. Save the OAuth application.
   11. The application's Client Id and Client Secret are displayed on the application's General tab. Record these for future use. You will use the Client Id to set the OAuthClientId and the Client Secret to set the OAuthClientSecret.
   12. Check the Assignments tab to confirm that all users who must access the application are assigned to the application.
   13. On the Okta API Scopes tab, select the scopes you wish to grant to the OAuth application. These scopes determine the data that the app has permission to read, so a scope for a particular view must be granted for the driver to have permission to query that view. To confirm the scopes required for each view, see the view-specific pages in Data Model < Views in the Help documentation.

4. Configure the resource in the Web.xml:

   jdbc/oktadb javax.sql.DataSource Container

5. You can then access Okta with a lookup to java:comp/env/jdbc/oktadb: InitialContext ctx = new InitialContext(); DataSource myokta = (DataSource)ctx.lookup("java:comp/env/jdbc/oktadb");

More Jetty Integration

The steps above show how to configure the driver in a simple connection pooling scenario. For more use cases and information, see the Working with Jetty JNDI chapter in the Jetty documentation.