5 Replies Latest reply on Apr 13, 2016 4:32 PM by jflack

    How to enable HTTP Basic Authentication

    user5817071

      Hi,

         is it possible to enable HTTP Basic Authentication when creating RESTful services in ORDS or APEX 5.0 ?

      Thanks in advance for your feedback

        • 1. Re: How to enable HTTP Basic Authentication
          Richard Soule

          I'm also curious about this.

           

          Here's some more details.

           

          Let's say we have a bunch of applications that were built using the OWA toolkit and accessed through a bunch of DADs configured with mod_plsql running on Oracle Application Server. Some of those DADs offer up unauthenticated applications and the username/passwords are stored in the DAD. Some of the DADs offer up secured applications where each user uses a database username and password through basic auth to connect to the application.

           

          Oracle Application Server and mod_plsql have been replaced with Oracle WebLogic and ORDS. We've configured an ORDS "database" that can serve up the public applications, but since the username/password combination is stored in the ORDS configuration we have yet to see how to configure ORDS so that it prompts for the database username and password the way a DAD/mod_plsql combination did in the past.

           

          Potentially an APEX application that used Database Authentication could be used to protect the OWA toolkit based applications, but before we go down that path we'd like to understand if we are missing something simple that we could do with ORDS to give us the same behavior we had with mod_plsql.

           

          Thanks,

           

          Rich

          • 2. Re: How to enable HTTP Basic Authentication
            Kris Rice-Oracle

            For REST calls, it's just automatically there.  If you set a REST call to secure, and have users configured in the webserver you can use that.

             

            >>   is it possible to enable HTTP Basic Authentication when creating RESTful services in ORDS or APEX 5.0 ?

             

            For mod_plsql style DB Auth , it's on our list but not there yet.

            >>DADs

            • 3. Re: How to enable HTTP Basic Authentication
              user5817071

              Hi,

              my initial question was about RESTful Services created in APEX 5.0, is there a way they can be protected through BASIC Authentication ?

               

              thanks

              • 4. Re: How to enable HTTP Basic Authentication
                Kris Rice-Oracle

                I just tested it to be sure and and REST calls built/defined in the APEX side can not be secured with Basic.  The ORDS plsql calls are pretty easy to use just look at the ORDS package or use SQL Developer for a GUI for defining the REST.

                 

                -kris

                • 5. Re: How to enable HTTP Basic Authentication
                  jflack

                  As for mod_plsql style DB Auth, I'm glad to hear it is on your list, Kris.  I hope it gets there soon, because mod_plsql itself has been deprecated.  I still have applications that rely on this.

                   

                  As for the original question:

                  What if you edit the web.xml in ords.war (or whatever you named your ords deployment) to configure BASIC authentication there - created roles and security constraints?  Of course, you'd need to do some application server configuration too to set up a security provider.

                   

                  If I try this myself, I'll let you all know if it works.