For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!
Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.
Hi All! Is there a way to use ORDS in standalone mode with kerberos authentication?
If yes - please give me link to howto... If NO - please give me link saying that...
Thanks a lot!
Is there a way - theoretically yes.
standalone ords means you're using an embedded Jetty, so as you start to google...
https://stackoverflow.com/questions/27427654/how-to-use-embedded-jetty-server-9-with-kerberos-authentication
once you start to look at doing this kind of stuff, the more we encourage you to to move 'up' to Tomcat/Apache
Jeff, thanks a lot!
So recommended approach is to use Oracle WebLogic or Apache Tomcat, because GlassFish Server will be desupported as mentioned here:
https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/18.3/aelig/installing-REST-data-services.html#GUID-5F7A8DB0-B0D2-48FF-A99B-7ABCA7DFF9DAGlassFish Server support will be desupported in a future release. Oracle recommends that you use the following alternatives instead:
https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/18.3/aelig/installing-REST-data-services.html#GUID-5F7A8DB0-B0D2-48FF-A99B-7ABCA7DFF9DA
GlassFish Server support will be desupported in a future release. Oracle recommends that you use the following alternatives instead:
If yes:
1) are Oracle WebLogic and Apache Tomcat the only servers known as compatible/supported for ORDS ank Kerberos?
2) What is better option between Oracle WebLogic and Apache Tomcat to use with Kerberos auth and why (maybe there is huge difference in options)&
3) Is there a step-by-step guide for Oracle WebLogic and Apache Tomcat - how to configure them + ords + kerberos together?
Found this https://community.oracle.com/thread/3637062 but it is 3 years old...
WLS and Tomcat are the only servers we support, period.
WLS isn't free. Tomcat is free. That's usually the biggest factor for choosing which way to go. Spending $ on WLS JUST for ORDS, doesn't make sense. But if you already have it...sure, why not.
I think you might enjoy this slide deck from Colm, one of our developers - it's all about securing your REST services.
https://www.slideshare.net/ColmDivilly1/openworld-2017-con-6667-securing-your-rest-services
Hey Jeff, That deck you reference above from Colm is literally the only hit in Google that mentions these security parameter in defaults.xml: - security.externalUserHeader - The name of the header that identifies the user - security.externalRolesHeader - The name of the header that identifies user roles ( comma delimited ) - security.externalSessionTrustedOrigins - The set of Origins trusted to make cross-origin requests to this server I first found out about them in Connor McDonald's response to my AskTom question here: Customizing the ORDS web.xml file in ords.war - Ask TOM (oracle.com) Why aren't these parameters documented in the formal ORDS documentation? I did find this in Oracle Support: Documentation Bug 30507241 - No reference to security.externalUserHeader parameter in the documentation Are they safe to use or are they truly undocumented and "use at your own risk" status? Thanks, Jack