APEX Basic REST authentication

July 25, 2017 at 2:00 pm | Posted in Oracle Developement | 8 Comments

To prevent unauthorized access to your REST modules, APEX provides an easy, declarative way of adding basic authentication. This method utilizes APEX user accounts and RESTful Service Privileges. In order not to expose passwords, you should make sure to enable SSL/HTTPS!

First edit an existing APEX user account, and add the RESTful Services group to that user.  In our example we’ll edit the APEX user SCOTT. To do this, navigate to Manage Users and Groups in the workspace where your REST modules are, edit a user, and assign the group in the Group Assignments region:

group_assignment

Next create the RESTful Service Privilege by navigating to RESTful Services in the SQL Workshop. In the Tasks sidebar on the right, click the RESTful Service Privilege link.

rsvc_priv

Fill out the form and select the modules you want to protect, by shuttling them to the right in Protected Modules.

rsvc_details

That’s it! Everything under the selected module now requires the username and password of the APEX user. You can test this with the following curl command (edit URI as needed):

curl -u scott:tiger http://servername/ords/workspace/hr/empinfo/

When testing with Postman, choose the Basic Auth from the authentication select list and enter the APEX user’s username and password.

postman

 

8 Comments »

RSS feed for comments on this post. TrackBack URI

  1. … providing you had register SCOTT previously as a user at ORDS level. This is what emerges from my tests.
    Patrick

    Comment by Patrick Monaco— July 28, 2017 #

    Reply

    • Hi Patrick,
      in my example user SCOTT is an APEX account.

      Comment by Christoph Ruepprich— July 28, 2017 #

      Reply

      • Christoph,
        are you using ORDS or embedded gateway? With standalone ORDS, I did again tests on my side, but I get a Unauthorized 401 If I just create a new user at APEX level, although I follow your cookbook.

        Comment by Patrick Monaco— July 28, 2017 #

  2. Hi Christoph,

    There should be a big warning at the top of this post: Only use basic authentication when SSL/HTTPS is enabled and enforced. Otherwise, you’re exposing passwords insecurely.

    Regards,
    Dan

    Comment by Dan McGhan— July 31, 2017 #

    Reply

  3. Hi Christoph,

    I have installed:
    Apex
    ords.3.0.11.180.12.34
    Apex 5.1.2.00.09
    Tomcat 9.0.0.M26

    And I’ve followed all your steps but still getting 401… Am I missing some extra step?

    Best regards,
    Jose.

    Comment by Jose Rodríguez Aróstegui— September 24, 2017 #

    Reply

    • Jose,
      it is difficult to troubleshoot for me. 401 means there is something wrong with the authorization. I can only suggest double checking everything.

      Comment by Christoph Ruepprich— September 25, 2017 #

      Reply

  4. Reblogged this on SimpleSQLDBA | Shadab Mohammad.

    Comment by easyoradba— May 16, 2018 #

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s


Entries and comments feeds.

%d bloggers like this: