Skip to Main Content

ORDS, SODA & JSON in the Database

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

procedure.rest.preHook, create/attach ras session for sso user ?

PaavoJan 21 2020 — edited Jan 24 2020

APEX, ORDS 19.2+ in 12.2+ rdbms.

Apache-Tomcat(ords)-12.2+

sso -- prehook

Prerequisities working - based on this: https://www.doag.org/formes/pubfiles/11293573/2019-APEX-Dietmar_Aust-Oracle_ORDS_-New_Features_You_Need_to_Know_About-…

- ras configured + ras enabled apex application works with dynamic roles for SSO_USER via header variable from the Apache

- ords procedure.rest.preHook function works and I can log the environments the prehook function can see, especially interesting is the SSO_USER "leaks through" simply with OWA_UTIL.get_cgi_env('SSO_USER')

pastedImage_0.png

Now before starting furious rtfm-iterations with the RAS stuff, need to ask how to set the RAS properly and is there need to have some-sort-of posthook to clean the table?

And yes, I am looking sort of "ras enabled rest services on ords"-setup which I can easily toggle on by cloning ords setup for rest services from the ords serving apex and then prehooking it with the strict-ras.

Especially scheme with dynamic role style, where users are not managed inside the database but outside. In-case rbac would be needed then the prehook or the ras code could check the role if needed from external dir.serv..

nb. I sense that then RAS is trusting perhaps literally too much on Apache-sso and there will be need to add extra security on top-of the rest, but this sounds more like rtfm.

rgrds Paavo

Comments

Processing

Post Details

Added on Jan 21 2020
5 comments
859 views