2 Replies Latest reply: Mar 17, 2008 3:32 AM by 472559 RSS

    Question about consuming OCS Web Services from a web application

    472559
      We currently have an application developed with Ruby on Rails that access web services exposed by OCS :
      @@loginManagerUrl = "http://hera.domain:7777/content/ws/RemoteLoginManager"
      @@commonManagerUrl = "http://hera.domain:7777/content/ws/CommonManager"
      @@s2sLoginManagerUrl = "http://hera.domain:7777/content/ws/ServiceToServiceLoginManager"
      @@sessionManagerUrl = "http://hera.domain:7777/content/ws/SessionManager"
      @@fileManagerUrl = "http://hera.domain:7777/content/ws/FileManager"
      @@searchManagerUrl = "http://hera.domain:7777/content/ws/SearchManager"
      @@groupManagerUrl = "http://hera.domain:7777/content/ws/GroupManager"
      @@securityManagerUrl = "http://hera.domain:7777/content/ws/SecurityManager"
      @@workspaceManagerUrl = "http://hera.domain:7777/content/ws/WorkspaceManager"
      @@userManagerUrl = "http://hera.domain:7777/content/ws/UserManager"

      But today, when i check what has been done
      , what i see :
      - the OID password is saved encrypted (cf encrypting procedure in PL at the end of this post) in a table in our datamodel (for our application) ... it's a problem as we plan later to sync OID with an ActiveDirectory LDAP server (AD -> OID) .. in this case, we should have to provision password in the table, and it's crappy two have passwords in three places... :-(
      - the password is decrypted after user authentication and saved in session in cleartext.. crappy
      - then, when displaying for example a user workspace from OCS Content , a call to the web service is done, passing this password.

      My question(s):
      As we use SSO for authentication, is there a a possibility to avoid :
      - saving a copy (crypted) of the user password (OID) in a table of our application's datamodel.
      - how could we benefit from the SSO session, to access Content.. this to avoid to keep a copy of the password (in cleartext) in session.. do the WebServices only accept the cleartext password?

      My Idea is also to come back on RoR with JRuby to benefit from Oracle Java API for OCS Content

      Here is the PL code for encrypt/decrypt :

      /*
      grant execute on dbms_crypto to myspg;
      */
      l_ccn_raw RAW(128) := utl_raw.cast_to_raw(p_value);
      l_key RAW(128) := utl_raw.cast_to_raw('<my key>');

      l_encrypted_raw RAW(2048);
      l_decrypted_raw RAW(2048);
      v_result varchar2(255);
      BEGIN
      if p_flag='E' then
      l_ccn_raw := utl_raw.cast_to_raw(p_value);
      l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw, dbms_crypto.des_cbc_pkcs5, l_key);
      v_result := utl_raw.cast_to_varchar2(l_encrypted_raw);
      else
      l_decrypted_raw := dbms_crypto.decrypt(src => utl_raw.cast_to_raw(p_value), typ => dbms_crypto.des_cbc_pkcs5, key => l_key);
      v_result := utl_raw.cast_to_varchar2(l_decrypted_raw);
      end if;
      return v_result;
      EXCEPTION
      WHEN OTHERS THEN
      return 'crypto_error';
      Thanks

      Laurent

      Message was edited by:
      laurent.bois

      Message was edited by:
      laurent.bois

      Message was edited by:
      laurent.bois

      Message was edited by:
      laurent.bois

      Message was edited by:
      laurent.bois