2 Replies Latest reply on Mar 11, 2019 2:44 PM by calinm

    security.requestValidationFunction caches results in ORDS (and I don't think it should)

    Calin M

      Hi,

       

      We are migrating from mod_plsql / apex to ords / apex and we were using the authorize function to secure our system. It was checking among other things the source IP and some other headers. The problem is that in ORDS, the result of this function is cached. So, once it returns true for a URL, it will always return true.

       

      This is the parameter I'm referring to:

       

      <entry key="security.requestValidationFunction">our.custom.authorize</entry>

       

      Any idea if we can disable this caching behaviour, so the function gets executed for each HTTP request?

       

      I also see that there is a parameter called <entry key="security.validationFunctionType">plsql</entry> in ORDS. Does this imply that we could write an authorize function in Java?

       

      Thanks!

       

      Calin