Forum Stats

  • 3,757,034 Users
  • 2,251,188 Discussions
  • 7,869,696 Comments

Discussions

utl_http, digest Authentication

Tobias
Tobias Member Posts: 65
edited Feb 16, 2010 4:16AM in SQL & PL/SQL
Hi!

I need an example of how to communicate with xml-files using utl_http and digest Authentication?
Is it possible with utl_http?
Examples?

Regards
Tobias
Tagged:

Answers

  • Billy Verreynne
    Billy Verreynne Software Engineer Member Posts: 28,570 Red Diamond
    Tobias wrote:

    I need an example of how to communicate with xml-files using utl_http and digest Authentication?
    Is it possible with utl_http?
    I think so.. as this requires adding data to the HTTP header which you can do using the utl_http.set_header command.

    The issue is calculating the MD5 hashes and dealing with the initial handshaking. This may be complex, but I do not see these offhand as being impossible to do in PL/SQL.
    Examples?
    No Digest configured web server nearby or I would definitely have had a bash at this... If you look at http://en.wikipedia.org/wiki/Digest_access_authentication and scroll down to the example (what the browser sends and how the server reponds).

    The digest is included with the GET request in the example. The following PL/SQL code snippet should generate the equivalent content:
    .. variables and stuff ..
    begin
            ..code..
    
            request := utl_http.begin_request( '/dir/index.html', 'GET', utl_http.HTTP_VERSION_1_1 );
            utl_http.set_header( request, 'User-Agent', C_USER_AGENT );
            utl_http.set_header(
                    request,
                    'Authorization: Digest username="Mufasa",
                    realm="[email protected]",
                    nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                    uri="/dir/index.html",
                    qop=auth,
                    nc=00000001,
                    cnonce="0a4f113b",
                    response="6629fae49393a05397450978507c4ef1",
                    opaque="5ccc069c403ebaf9f0171e9517f40e41"'
            );
  • Tobias
    Tobias Member Posts: 65
    Hi,

    What to send to the "name" parameter, have tried the name of the HTTP response header (www-authenticate)?

    I will get ORA-29261: bad argument

    utl_http.set_header (
    r => req
    ,name => ??
    ,value => p_authorization_str_in
    );

    Regards
    Tobias
  • Billy Verreynne
    Billy Verreynne Software Engineer Member Posts: 28,570 Red Diamond
    edited Feb 16, 2010 4:16AM
    Hmm.. this writes the name and the 2nd parameter value into the HTTP header. In that case, you should be able to use "+Authorization+" as the name and the value as the auth string itself (minus that keyword of course).

    The best would be to get the web server to trace/dump the entire request header to confirm the formatting is correct. You can even write your own little web server using Perl/Delphi/C/etc that simply accepts a TCP connection on port 80, do a socket read, display the text read, and then return a text error response (e.g. a HTTP 404).

    It will be difficult to troubleshoot this authentication if you're not sure that the formatting on the PL/SQL side is correct. So I would first get that to work, before testing that against a real web for digest authentication.
This discussion has been closed.