8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | Misc | PL/SQL | SQL | RAC | WebLogic | Linux

Home » Misc » Here

Comments for Oracle REST Data Services (ORDS) : Database Authentication


Pierre said...

Hi Tim,

Do you know how to make basic Authentication using a Table where Username and Password are save?
My Table example:
username password
paul . paul
pierre . pierre
tim . pierre


Regards

Pierre

Tim... said...

Hi.

I'll write something to show you and put it out as an article today hopefully.

Cheers

Tim...

Tim... said...

Hi.

Here is an example of custom authentication scheme. I would advise against it though. :)

https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-custom-authentication-schemes

Cheers

Tim...

Pierre said...

Hi Team,

Thanks for the Useful infos. Do you have experience by Configuring Tomcat's JDBCRealm with Oracle DB? I have a Oracle 12 C Database, Tomcat 9 my Users, Rolle and Password are in Table in the Oracle DB How can i configure a JDBCRealm for Oracle Database?

I want to use the JDBCRealm for basic and Oauth2 Authentication. Is that possible?

Thanks

Pierre

Tim... said...

Hi.

Not for ORDS. I'm not sure if it supports it. It definitely supports the entries in the "tomcat_users.xml" file. I'm not sure if I will get time to try it with the JDBCRealm for the next couple of week (conferences), but I'll try when I'm back.

Cheers

Tim...

Pierre said...

Hi Tim,

already try the JDBCRealm?

Regards

Pierre

Pierre said...

Hi Tim,

some update about JDBCRealm with Users Table?

Thanks

Pierre

Tim... said...

Hi.

It is on my list. I did a quick run though and the JDBCRealm seems to work fine on it's own, but in the test I did I couldn't get it to work with ORDS. The ORDS developers don't test it specifically, as they are not responsible to the authentication models of the app servers, but they thought it should work.

Cheers

Tim...

Pierre said...

Hi Tim,

thanks for the Feedback. The issue is that we have migrated a Application from one Customer from mod_pl_SQL to ORDS. in MOD_PLSQL the App used http basic Authentication with Users Table. We don't know how to make it with ORDS. The Application was completely develop with mod_PLSQL and htp.p to render html in pl/SQL. Any Idea to make it using ORDS


Thanks

Pierre

Tim... said...

Hi.

The quick answer is switch to Tomcat users.

https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-authentication#tomcat-users

It will feel identical, but of course it is no longer using the DB user as the credential. Credentials can be made to match.

Cheers

Tim...

Tim said...

Hi Tim,

Thanks. We already try to use Tomcat User. But the Problem is that in the Application the user must be able to create or update a existing account.

Any Idea How to update/ Create a Tomcat User using a GUI?

Regards

Pierre

Tim... said...

Hi.

Not really. You could try writing a Java app running under Tomcat, but that sounds risky. It would need a restart to take effect also.

Basically, I have no solution for this unless you can get the JDBCRealm to work. You might want to raise an SR against ORDS for it and explain your requirement.

Cheers

Tim...


Michael said...

Hi Tim.
I've also played around with the JDBCRealm and tested the JDBCRealm successfully with the Tomcat build in Example (http://localhost:8080/examples/jsp/security/protected/index.jsp) Users and roles are resolved well...
When activating SingleSignOn in the Tomcat Server.xml I'm able to Login with the example Application and use ORDS in my Chrome without a second authentication...

Michael said...

... sadly I din't get it working with CURL or OAUTH ... and using it with SSO isn't an option for me....
I've activated extended logging and the log tells me, that I was successfully authenticated by the JDBCRealm but ORDS - Sign in - mechanism still refuses... the username/password login. I've also opened Oracle support case on this ... In my opinion the problem is in the ords.war file ...

Michael said...

... which overrides my defaults...
Kind regards
Michael

Tim... said...

Hi.

It's been a while since I tried, but I could get the JDBCRealm working on its own, but never got it to work with ORDS.

Cheers

Tim...

Michael said...

Hi Tim.
I'll keep you up to date (if you want) when I get feedback from oracle support and a fix or workaround is avail.
Did you also try to get it work using AD authentication (tomcat + ORDS in combination )?
Cheers
Michael

Tim... said...

Hi.

Yes. Please keep me updated.

No. I've not tried AD. Nearly every web service we have uses basic authentication or OAuth2.

Cheers

Tim...

Marcel Boermann said...

Hey ho, just tested successfully, JDBCRealm works only if You make a little change to the web.xml
The thing is that the Oracle Servlet Filter tries to manage Authentication by itself and in the tomcat case only seems to use the UserDatabaseRealm, no other configured realm. To solve this, You have to force authentication in WEB-INF/web.xml or use the SSO valve in tomcat.

Rob said...

I'm not sure how old this post is. Marcel Boermann, if you're out there, would you provide some more details about your "little change"to the web.xml?

Tim... said...

Hi.

I spoke to Marcel Boermann and he gave me a heads-up of what he did. I also added in the Digest authentication.

https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-basic-authentication-on-tomcat-using-jdbcrealm

Cheers

Tim...

Rob said...

Thanks very much Tim. That article was very helpful! Do you have any informationabout using a JDBCRealm ala the article you provided in conjunction with the Implicit OAuth Flow for ORDS? I would like to use OAuth with ORDS and authenticate to my own User Database using JDBC. Many thanks for your assistance.

Tim... said...

Hi.

I don't see how that could work. The "web.xml" forces basic authentication, even when we don't want it. Maybe you can define a pattern that works, but I don't think that's a good idea as it will require a lot of work are your web service catalog grows.

Cheers

Tim...

DO NOT ask technical questions here! They will be deleted!

These comments should relate to the contents of a specific article. Constructive criticism is good. Advertising and offensive comments are bad and will be deleted!

If you post personal information (name, email address etc.) you are agreeing to them being stored and displayed. Feel free to remain anonymous.