0 Replies Latest reply on Sep 2, 2016 9:19 AM by Mike Totemic

    ORDS Security - Protect an endpoint containing a bind parameter

    Mike Totemic

      How can I protect an endpoint that contains a bind parameter?

       

      i.e. I wish to protect end points /clients/:client_id/addresses/ and /clients/:client_id/payments/

       

      If i specify /clients/:client_id/addresses/ for the pattern when using ords.define_privilege I get a 500 error when I access the URI.

      I've tried /clients/.../addresses/ , which I believe is the method used by Oracle Access Manager. This results in the endpoint not being protected - I can access the data from the url /clients/1/addresses/ without specifying a token.

       

      pattern /clients/* isn't suitable.

       

      Thank you in advance.