0 Replies Latest reply on Sep 1, 2016 7:59 AM by dmdamiyo

    ORDS - RESTful Authentication without OAuth in Weblogic. Privileges, groups?


      Hi, I followed this nice tutorial:


      Developing Oracle REST Data Services Applications


      So I created a service, then a privilege. At the end I created a privilege mapping.

      So imagine I have a priviledge with p_name=>"ords.test" and p_role_name=>"Test Role" mapped to pattern /test/example/*.


      Now in the tutorial it's shown that we should execute command:

      java -jar ords.war user "user" "Test Role"


      to create a user with that role to bo able to access the REST service.



      Now my question. As I don't want to run the command above (it's not suitable for production). I would like to use weblogic users/groups.

      But when I create a weblogic user called "testuser" (with Creating a WebLogic Server User) and don't assign him any roles I'm able to access the above REST service (and all others).

      I thought it would work in a way that I create a weblogic group called "Test Role" and then add my "testuser" to that role - and I am able to access the REST service using this user only if he belongs to group "Test Role".

      But it turns out that even withour this role I'm able to access this service..


      I would appreciate any hints that would point me to right direction (I don't want to use OAuth for now).