ORDS Create Basic Authentication for a RESTful Web Service

ORDS Basic Authentication

mobile-security-laptop-fingerprint-730x442.jpg

1. To protect the web service, we need to create a role with an associated privilege, then map the privilege to the web service

BEGIN
ORDS.create_role(
p_role_name => ‘boomi_role’
);

COMMIT;
END;
/

— Display the role.
COLUMN name FORMAT A20

SELECT id, name
FROM user_ords_roles
WHERE name = ‘boomi_role’;

ID NAME
———- ——————–
10063 boomi_role

DECLARE
l_arr OWA.vc_arr;
BEGIN
l_arr(1) := ‘boomi_role’;

ORDS.define_privilege (
p_privilege_name => ‘boomi_priv’,
p_roles => l_arr,
p_label => ‘Vehicle Data’,
p_description => ‘Allow access to the Vehicle data.’
);

COMMIT;
END;
/

— Display the privilege.
COLUMN name FORMAT A20

SELECT id, name
FROM user_ords_privileges
WHERE name = ‘boomi_priv’;

ID NAME
———- ——————–
10064 boomi_priv

— Display the privilege-role relationship.
COLUMN privilege_name FORMAT A20
COLUMN role_name FORMAT A20

SELECT privilege_id, privilege_name, role_id, role_name
FROM user_ords_privilege_roles
WHERE role_name = ‘boomi_role’;

PRIVILEGE_ID PRIVILEGE_NAME ROLE_ID ROLE_NAME
———— ——————– ———- ——————–
10064 boomi_priv 10063 boomi_role

 

 

2. To protect the web service, we associate the privilege directly to a URL pattern.
Refer : ORDS Basic Authentication Not Working (Doc ID 2375337.1)
Full REST URL : GET : https://hostname:8443/ords/moov/v1/

BEGIN
ORDS.create_privilege_mapping(
p_privilege_name => ‘boomi_priv’,
p_pattern => ‘/v1/*’
);

COMMIT;
END;
/

— Display mapping.
COLUMN name FORMAT A20
COLUMN pattern FORMAT A20

SELECT privilege_id, name, pattern
FROM user_ords_privilege_mappings
WHERE name = ‘boomi_priv’;

PRIVILEGE_ID NAME PATTERN
———— —————————————–
10064 boomi_priv /v1/*

Once this mapping is in place, we can no longer access the web service without authentication. We haven;t defined how we should authenticate, but only that we need some authentication to access this web service

3. Create a new ORDS user called “boomi_user” with access to the “boomi_role” role.

$ cd $CATALINA_HOME/webapps/ords

$ $JAVA_HOME/bin/java -jar ords.war user boomi_user boomi_role
Enter a password for user boomi_user: *******
Confirm password for user boomi_user: ********
Sep 03, 2018 12:06:34 AM oracle.dbtools.standalone.ModifyUser execute
INFO: Created user: boomi_user in file: /u01/conf/ords/credentials

Now access the web service from a client like POSTMAN or PAW and use basic authentication with username and password which you set earlier

username : boomi_user
password: ******

 

Leave a Reply