1 Reply Latest reply on Sep 24, 2014 12:35 PM by JSmydo





      I'm testing a Restful Service running via a standalone rest data service listener, invoking it from a PL/SQL procedure. The aim is to determine whether the the PL/SQL source of the resource handler can decode the authentication string in the header that was inserted via the UTL_HTTP.SET_AUTHENTICATION procedure using the Basic scheme. I currently have the following code within the resource handler:


             l_auth := owa_util.get_cgi_env('AUTHORIZATION');

             l_decode := utl_encode.text_decode(buf => substr(l_auth,6),encode_charset => l_charset, encoding => UTL_ENCODE.BASE64);


      My assumption is that UTL_HTTP.SET_AUTHENTICATION uses a basic Base64 encoding for the username/password so have simply used the utl_encode.text_decode function hoping it was a straight text encoding. This isn't the case however and I can't uncover the original username/password text I've passed in. Are there further steps needed in the decoding process?





        • 1. Re: UTL_HTTP.SET_AUTHENTICATION encoding

          I think can see that I've misunderstood what the owa_util.get_cgi_env('AUTHORIZATION') actually returns - it returns the Authorization code that's exchanged for the username/password. Has anyone actually accessed the username/password string from a request header, perhaps in a pre-processing procedure or something? I'm aware an alternative is to create a parameter, effectively as an authorization string that I can encode/decode manually but I just need to be clear on whether the built in authorization in a request header can't possibly be used in this context first. Anyone?