[Oracle] 如何使用觸發器實現IP限制用戶登錄

在Oracle裡，不像MySQL那樣方便，可以直接在用戶上進行IP限制，Oracle要實現用戶級別的IP限制，可以使用觸發器來迂回實現,以下就是示例，需要的朋友可以參考下  

下面是一個觸發器的例子：

復制代碼 代碼如下:
create or replace trigger logon_ip_control
after logon on database
declare
  ip STRING(30);
  user STRING(30);
begin
SELECT SYS_CONTEXT('USERENV','SESSION_USER') into user from dual;
SELECT SYS_CONTEXT('USERENV','IP_ADDRESS') into ip from dual;
if user='EPAY_USER'
  THEN
      IF ip not in ('192.168.219.20','192.168.219.22') 
      THEN raise_application_error(-20001,'User '||user||' is not allowed to connect from '||ip);
      END IF;
END IF;
end;
/

該觸發器對用戶EPAY_USER進行了IP限制（只允許'192.168.219.20','192.168.219.22'，如果需要設置IP段，用%或?代替即可，如'192.168.219.%‘）。
下面看幾個例子測試一下：
1）從非允許IP地址登陸 （192.168.219.21），連接失敗

復制代碼 代碼如下:
[oracle@lxdb2 ~]$ sqlplus epay_user@pri
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 19:23:48 2013
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Enter password:
ERROR:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: User EPAY_USER is not allowed to connect from 192.168.219.21
ORA-06512: at line 10

2）從允許IP地址登陸（192.168.219.22），連接成功

復制代碼 代碼如下:
[oracle@lxdb1 ~]$ sqlplus epay_user
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 11:24:25 2013
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

3）從本地登陸(192.168.219.23）不受IP限制影響，連接成功

復制代碼 代碼如下:

[oracle@lxdb1 ~]$ sqlplus epay_user
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 11:24:25 2013
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options