ORDS Basic Authentication
1. To protect the web service, we need to create a role with an associated privilege, then map the privilege to the web service
BEGIN ORDS.create_role( p_role_name => 'boomi_role' ); COMMIT; END; / -- Display the role. COLUMN name FORMAT A20 SELECT id, name FROM user_ords_roles WHERE name = 'boomi_role'; ID NAME ---------- -------------------- 10063 boomi_role DECLARE l_arr OWA.vc_arr; BEGIN l_arr(1) := 'boomi_role'; ORDS.define_privilege ( p_privilege_name => 'boomi_priv', p_roles => l_arr, p_label => 'Vehicle Data', p_description => 'Allow access to the Vehicle data.' ); COMMIT; END; / -- Display the privilege. COLUMN name FORMAT A20 SELECT id, name FROM user_ords_privileges WHERE name = 'boomi_priv'; ID NAME ---------- -------------------- 10064 boomi_priv -- Display the privilege-role relationship. COLUMN privilege_name FORMAT A20 COLUMN role_name FORMAT A20 SELECT privilege_id, privilege_name, role_id, role_name FROM user_ords_privilege_roles WHERE role_name = 'boomi_role'; PRIVILEGE_ID PRIVILEGE_NAME ROLE_ID ROLE_NAME ------------ -------------------- ---------- -------------------- 10064 boomi_priv 10063 boomi_role
2. To protect the web service, we associate the privilege directly to a URL pattern.
Refer : ORDS Basic Authentication Not Working (Doc ID 2375337.1) Full REST URL : GET : https://hostname:8443/ords/moov/v1/ BEGIN ORDS.create_privilege_mapping( p_privilege_name => 'boomi_priv', p_pattern => '/v1/*' ); COMMIT; END; / -- Display mapping. COLUMN name FORMAT A20 COLUMN pattern FORMAT A20 SELECT privilege_id, name, pattern FROM user_ords_privilege_mappings WHERE name = 'boomi_priv'; PRIVILEGE_ID NAME PATTERN ------------ ----------------------------------------- 10064 boomi_priv /v1/*
Once this mapping is in place, we can no longer access the web service without authentication. We haven;t defined how we should authenticate, but only that we need some authentication to access this web service
3. Create a new ORDS user called “boomi_user” with access to the “boomi_role” role.
$ cd $CATALINA_HOME/webapps/ords $ $JAVA_HOME/bin/java -jar ords.war user boomi_user boomi_role Enter a password for user boomi_user: ******* Confirm password for user boomi_user: ******** Sep 03, 2018 12:06:34 AM oracle.dbtools.standalone.ModifyUser execute INFO: Created user: boomi_user in file: /u01/conf/ords/credentials
Now access the web service from a client like POSTMAN or PAW and use basic authentication with username and password which you set earlier
username : boomi_user
password: ******
One comment
How to create the user in OCI instance?