This content has been marked as final. Show 5 replies
Thanks for the pointer. Yes, I had seen this, looked at the PDFs and tried to use the doAuthentcation() approach without success.
What isn't clear to me is whether this customAuth scheme is intended to cover Servlets - the docs reference the XDB Repository and mappings appear to refer to documents in the repository (pattern in addAuthenticationMapping()) rather than dynamic URIs (pattern in addServletMapping()).
I tried blending these together but always need an HTTP Basic Auth to access the servlet - even with the doAuthentication() always returning the positive custom_authenticate response as per the example.
If this approach is intended to work on Servlets it would be good to get a pointer to a worked example.
As per the post you linked, documentation is (still) not readily available - if I google "dbms_xdb.enableCustomAuthentication" I get 3 hits and two of which are the PDFs (and the other isn't useful) !.
CustomAuthentication is designed to work with Resources stored in the XML DB repository and protected by XML DB ACLS.. Anything else is not covered by the XML Custom Authentication scheme.
So, as I was suspecting. That's a pity - back to the other options!
Hi Can you confirm the return text that the XMLDB custom authentication function has to return?
I've got this:
create or replace function doAuthenticate(URL varchar2, AUTHINFO VARCHAR2) return varchar2
Just to fake a successful application authentication, but the webdav client and browser still says i'm not authenticated for the particular resource ive linked custom authentication to:
I'm running 18.104.22.168
I can confirm i've done:
grant all on doAuthenticate to public;
description=> 'Test authentication method',
exec dbms_xdb.addAuthenticationMapping( PATTERN=>'/repository/test/*', NAME => 'HTTP_REPO2');
When I delete the authentication mapping using exec dbms_xdb.deleteAuthenticationMapping( PATTERN=>'/repository/test/*', NAME => 'HTTP_REPO2') , my normal Oracle user based login works fine, so I know that Oracle is recognising that I want to use the custom auth for this folder, it just doesnt seem to like the response, or maybe it cant find the function, even though it exists and ive ran "grant all on doAuthenticate to public".
I've written it up at my site:
Any help would be much appreciated