2 Replies Latest reply on May 18, 2016 2:37 PM by PeeZu

    ORDS 3.x on Tomcat - Basic Auth.

    PeeZu

      Hello,

       

      In order to secure my Restfull services with Tomcat, I need to :

       

      - update web.xml to add security-constraint

      - update tomcat-users.xml to add role/user mapping

       

      There is any other way to do these actions ?

       

      As Oracle said:

       

      Is it supported to modify the contents of ORDS / the APEX Listener ords,war / apex.war file and redeploy it?

      No. This is not supported by Oracle Support.

       

      So, How to configure Basic Auth ?

       

      Regards

        • 1. Re: ORDS 3.x on Tomcat - Basic Auth.
          Kris Rice-Oracle

          Mark the REST calls in ORDS as needing security.  Then just setup your users in TomCat.  No need to hack the ords.war file.

           

          -kris

          • 2. Re: Re: ORDS 3.x on Tomcat - Basic Auth.
            PeeZu

            Hi Kris,

             

            Thank you for your response, unfortunately my issue  is not solved (or my understanding about authentication ).

             

            Here a concrete example, any help welcome:

             

            ORDS version: 3.0.5.124.10.54

             

            My ORDS definition:

            DECLARE
            
              l_module       VARCHAR2(100);
              l_resource     VARCHAR2(100);
              l_roles        owa.vc_arr;
              l_privilege    VARCHAR2(100);
            
            BEGIN
            
              l_module := 'MY-MODULE';
              l_roles(1) := 'my-role';
              l_privilege := 'all';
            
              -- delete all REST services and disable REST services for this schema
              ords.drop_rest_for_schema();
            
              -- enable REST for this schema
              ords.enable_schema();
            
              -------------------------------------------------------------------------------------------------
            
              -- delete module if exist
              ords.delete_module(p_module_name => l_module);
            
              -- define module
              ords.define_module(p_module_name    => l_module,
                                 p_base_path      => '/',
                                 p_items_per_page => 0,
                                 p_status         => 'PUBLISHED',
                                 p_comments       => NULL);
            
              -------------------------------------------------------------------------------------------------
            
              -- define role
              ords.delete_role(p_role_name => l_roles(1));
              ords.create_role(p_role_name => l_roles(1));
            
              -- define privilege
              ords.create_privilege(p_name => l_privilege, p_roles => l_roles);
            
              -- define privilege mapping
              ords.set_module_privilege(p_module_name => l_module, p_privilege_name => l_privilege);
            
              -------------------------------------------------------------------------------------------------
              l_resource := 'whoami/';
            
              -- define resource template   
              ords.define_template(p_module_name => l_module,
                                   p_pattern     => l_resource,
                                   p_priority    => 0,
                                   p_etag_type   => 'NONE',
                                   p_etag_query  => NULL,
                                   p_comments    => NULL);
            
              -- define resource handler
              ords.define_handler(p_module_name    => l_module,
                                  p_pattern        => l_resource,
                                  p_method         => 'GET',
                                  p_source_type    => ords.source_type_query_one_row,
                                  p_source         => q'[SELECT sys_context('USERENV', 'CURRENT_SCHEMA') AS "current_schema",
                                                                sys_context('USERENV', 'PROXY_USER') AS "proxy_user",
                                                                sys_context('USERENV', 'SESSION_USER') AS "session_user",
                                                                sys_context('USERENV', 'OS_USER') AS "os_user",
                                                                sys_context('USERENV', 'SESSIONID') AS "session_id",
                                                                sys_context('USERENV', 'SID') AS "sid",
                                                                USER AS "user"
                                                           FROM DUAL
                                                         ]',
                                  p_items_per_page => 0,
                                  p_mimes_allowed  => NULL,
                                  p_comments       => NULL);
            
              COMMIT;
            
            END;
            /
            
            

             

            My tomcat-users.xml

             

            <tomcat-users xmlns="http://tomcat.apache.org/xml"
                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                          xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
                          version="1.0">
            
              <user username="ords" password="ords" roles="my-role"/>
            
            </tomcat-users>
            
            

             

             

            Try-it: http://your-server/your-context/whoami/

             

            Result is http 401 as expected but credential is not valid, from sign-in page nor by setting Basic Auth in HTTP request header.

             

            NB: Work fine with Stand-Alone application server  (credentials files).

             

            Any suggestion ?

             

            Regards