1 Reply Latest reply on Sep 24, 2014 12:35 PM by JSmydo

    UTL_HTTP.SET_AUTHENTICATION encoding

    JSmydo

      Hi

       

      I'm testing a Restful Service running via a standalone rest data service listener, invoking it from a PL/SQL procedure. The aim is to determine whether the the PL/SQL source of the resource handler can decode the authentication string in the header that was inserted via the UTL_HTTP.SET_AUTHENTICATION procedure using the Basic scheme. I currently have the following code within the resource handler:

       

             l_auth := owa_util.get_cgi_env('AUTHORIZATION');

             l_decode := utl_encode.text_decode(buf => substr(l_auth,6),encode_charset => l_charset, encoding => UTL_ENCODE.BASE64);

       

      My assumption is that UTL_HTTP.SET_AUTHENTICATION uses a basic Base64 encoding for the username/password so have simply used the utl_encode.text_decode function hoping it was a straight text encoding. This isn't the case however and I can't uncover the original username/password text I've passed in. Are there further steps needed in the decoding process?

       

      Thanks

       

      John

        • 1. Re: UTL_HTTP.SET_AUTHENTICATION encoding
          JSmydo

          I think can see that I've misunderstood what the owa_util.get_cgi_env('AUTHORIZATION') actually returns - it returns the Authorization code that's exchanged for the username/password. Has anyone actually accessed the username/password string from a request header, perhaps in a pre-processing procedure or something? I'm aware an alternative is to create a parameter, effectively as an authorization string that I can encode/decode manually but I just need to be clear on whether the built in authorization in a request header can't possibly be used in this context first. Anyone?