1 Reply Latest reply on Oct 12, 2015 3:43 PM by Charly_Z

    ORDS 3.0 on WLS with OAuth2: WLS-Basic-Challenges?


      Hi all!


      I have ords3.0 up and running and registered a client application for OAuth2 - Client-credentials flow as given in the documentation.

      In the standalone-mode I can successfully get a token and issue a GET to a secured resource by giving this token. (all without SSL/TLS).

      Works fine!


      Now I want to deploy ords on WLS.

      This works for http and https on unprotected resources.


      But when I want to go for a token, I get 401 :


      POST https://server:port/ords/ordstest/oauth/token HTTP/1.1

      Accept-Encoding: gzip,deflate

      Content-Type: application/x-www-form-urlencoded

      Authorization: Basic Vk1xczVYR1VCTnBtblZ5UUE5cXh1US4uOnJTZ1VoVVQ2UENTUFM4RzZvTmVUUWcuLiA=

      Content-Length: 29

      Host: server:port

      Connection: Keep-Alive

      User-Agent: Apache-HttpClient/4.1.1 (java 1.5)




      The Response is:

      HTTP/1.1 401 Unauthorized

      Date: Thu, 08 Oct 2015 15:42:22 GMT

      Server: Oracle-Application-Server-11g

      Content-Length: 1468

      WWW-Authenticate: Basic realm="WebLogic Server"

      X-Powered-By: Servlet/2.5 JSP/2.1

      Keep-Alive: timeout=5, max=97

      Connection: Keep-Alive

      Content-Type: text/html; charset=UTF-8

      Content-Language: en


      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">



      <TITLE>Error 401--Unauthorized</TITLE>


      This is from WLS as it seems.

      I didn't do this step (1.5.6)  in the configuration:



      I'm afraid this change will affect other applications which are deployed on this WLS!


      Is there a way to set this only for the ords-application on WLS?

      Any other ways to bring OAuth2 to work on WLS without affecting other apps?


      Thanks for your help!


        • 1. Re: ORDS 3.0 on WLS with OAuth2: WLS-Basic-Challenges?



          Here is a way how it works on WLS (by using the WLS-Authentication for getting the tokens):


          Create these Roles in WLS:

            OAuth Client Application

            OAuth Client Developer

            << the role you defined in ords.create_role() >>


          (I'm not sure why you also need OAuth Client Developer)



          Create a WLS-user named exactly like given with  oauth.create_client(). See the user and password with

              select client_id,client_secret from user_ords_clients



          Grant the 3 roles from Step1 to the new user.


          Now you can get a token by calling ords over the wls by giving the username and password from create_client().


          Here's a screenshot from an SOAPUI-Request for getting an token:

          2015-10-12 17_38_50-SoapUI 5.2.0.png


          It is an additional step to define the user in WLS too, but I don't need to change the WLS-Configuration.

          Maybe someone can find this useful.