ORDS Create Basic Authentication for a RESTful Web Service

ORDS Basic Authentication
mobile-security-laptop-fingerprint-730x442.jpg
1. To protect the web service, we need to create a role with an associated privilege, then map the privilege to the web service

BEGIN
ORDS.create_role(
p_role_name => 'boomi_role'
);
COMMIT;
END;
/
-- Display the role.
COLUMN name FORMAT A20
SELECT id, name
FROM user_ords_roles
WHERE name = 'boomi_role';
ID NAME
---------- --------------------
10063 boomi_role
DECLARE
l_arr OWA.vc_arr;
BEGIN
l_arr(1) := 'boomi_role';
ORDS.define_privilege (
p_privilege_name => 'boomi_priv',
p_roles => l_arr,
p_label => 'Vehicle Data',
p_description => 'Allow access to the Vehicle data.'
);
COMMIT;
END;
/
-- Display the privilege.
COLUMN name FORMAT A20
SELECT id, name
FROM user_ords_privileges
WHERE name = 'boomi_priv';
ID NAME
---------- --------------------
10064 boomi_priv
-- Display the privilege-role relationship.
COLUMN privilege_name FORMAT A20
COLUMN role_name FORMAT A20
SELECT privilege_id, privilege_name, role_id, role_name
FROM user_ords_privilege_roles
WHERE role_name = 'boomi_role';
PRIVILEGE_ID PRIVILEGE_NAME ROLE_ID ROLE_NAME
------------ -------------------- ---------- --------------------
10064 boomi_priv 10063 boomi_role

2. To protect the web service, we associate the privilege directly to a URL pattern.

Refer : ORDS Basic Authentication Not Working (Doc ID 2375337.1)
Full REST URL : GET : https://hostname:8443/ords/moov/v1/
BEGIN
ORDS.create_privilege_mapping(
p_privilege_name => 'boomi_priv',
p_pattern => '/v1/*'
);
COMMIT;
END;
/
-- Display mapping.
COLUMN name FORMAT A20
COLUMN pattern FORMAT A20
SELECT privilege_id, name, pattern
FROM user_ords_privilege_mappings
WHERE name = 'boomi_priv';
PRIVILEGE_ID NAME PATTERN
------------ -----------------------------------------
10064 boomi_priv /v1/*

Once this mapping is in place, we can no longer access the web service without authentication. We haven;t defined how we should authenticate, but only that we need some authentication to access this web service
3. Create a new ORDS user called “boomi_user” with access to the “boomi_role” role.

$ cd $CATALINA_HOME/webapps/ords
$ $JAVA_HOME/bin/java -jar ords.war user boomi_user boomi_role
Enter a password for user boomi_user: *******
Confirm password for user boomi_user: ********
Sep 03, 2018 12:06:34 AM oracle.dbtools.standalone.ModifyUser execute
INFO: Created user: boomi_user in file: /u01/conf/ords/credentials

Now access the web service from a client like POSTMAN or PAW and use basic authentication with username and password which you set earlier
username : boomi_user
password: ******

Category: ApexUncategorized

Tags:

One comment

Leave a Reply

Article by: Shadab Mohammad