In previous blogs we have created REST APIs using SQL Developer & ORDS without any authorization for learning. These APIs are accessible without any authorization. In real world scenarios this is not the case, we have to secure our rest services APIs, so that only authorized person/application can access. Refer below links for previous blog: (without any authorization)
- Building REST APIs using SQL Developer & ORDS | GET
- Building REST APIs | SQL Developer | POST & DELETE
In this blog we will explore how we can secure our Oracle REST Services APIs for database tables using BasicAuth (username & password). Refer below video.
When you enable the schema for REST. Go to SQL Developer. Connect your schema. Right click on connection name-> Rest Services -> “Enable Rest Service”. Check the ‘Authorization required’.
Same thing you have to enable for the object level. Enable the Rest Services on the object level using the ‘Authorization required’.
You will notice some Roles & Privileges got automatically created by the REST services.
If you explore these Privileges, you will get to know that be default some pattern got restricted. It means now you cannot access the REST service url normally. You will got 401 status as pattern got protected. You need to create the user with some role. Assigned that role to these privileges in order to access the REST services. See below example protected resources i.e. URI pattern.
User – Roles – Privileges
See below reference image. How user, roles & privilege are connected. See below reference – User is assigned to roles. You can assign roles to privileges. Privileges actually protects the patterns & modules.
I have created the role API_ROLE & assigned to privileges for Customer Table.
###Creating User with role "API_ROLE" cd C:\ords20\ords-188.8.131.52.1804 java -jar ords.war user api_user "API_ROLE"
User can access the APIs using BasicAuth (username & password) if its role is assigned to right privileges.
Accessing the protecting REST service without any authorization keys.
Accessing the REST Service with BasicAuth (username & password).
Happy Learning! Your feedback would be appreciated!Follow @shobhitsinghIN