This content has been marked as final. Show 3 replies
Tobias wrote:I think so.. as this requires adding data to the HTTP header which you can do using the utl_http.set_header command.
I need an example of how to communicate with xml-files using utl_http and digest Authentication?
Is it possible with utl_http?
The issue is calculating the MD5 hashes and dealing with the initial handshaking. This may be complex, but I do not see these offhand as being impossible to do in PL/SQL.
Examples?No Digest configured web server nearby or I would definitely have had a bash at this... If you look at http://en.wikipedia.org/wiki/Digest_access_authentication and scroll down to the example (what the browser sends and how the server reponds).
The digest is included with the GET request in the example. The following PL/SQL code snippet should generate the equivalent content:
.. variables and stuff .. begin ..code.. request := utl_http.begin_request( '/dir/index.html', 'GET', utl_http.HTTP_VERSION_1_1 ); utl_http.set_header( request, 'User-Agent', C_USER_AGENT ); utl_http.set_header( request, 'Authorization: Digest username="Mufasa", realm="firstname.lastname@example.org", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41"' );
What to send to the "name" parameter, have tried the name of the HTTP response header (www-authenticate)?
I will get ORA-29261: bad argument
r => req
,name => ??
,value => p_authorization_str_in
Hmm.. this writes the name and the 2nd parameter value into the HTTP header. In that case, you should be able to use "+Authorization+" as the name and the value as the auth string itself (minus that keyword of course).
The best would be to get the web server to trace/dump the entire request header to confirm the formatting is correct. You can even write your own little web server using Perl/Delphi/C/etc that simply accepts a TCP connection on port 80, do a socket read, display the text read, and then return a text error response (e.g. a HTTP 404).
It will be difficult to troubleshoot this authentication if you're not sure that the formatting on the PL/SQL side is correct. So I would first get that to work, before testing that against a real web for digest authentication.