如何使用基本身份验证调用Oracle REST数据服务,以反映视图上的选择?
我可以在不使用身份验证的情况下正常运行,但是一旦我打开身份验证并将凭据添加到客户端的呼叫中,服务器就会返回404错误。
对于服务器,我正在使用Oracle云上托管的Oracle数据库。
select * from V$VERSION returns ...
BANNER BANNER_FULL BANNER_LEGACY CON_ID
-------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------- ----------
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production 0
Version 19.5.0.0.0
给定一个名为connect4
的目标模式,以及一个在对象上具有以下名称的对象对象game
和对象名称authentication required
已启用REST的视图,当该视图工作时,它将返回正确的数据集: $url = 'https://<redacted>.adb.ap-sydney-1.oraclecloudapps.com/ords/connect4/game'
$return = Invoke-RestMethod $url
$return | select -expandProperty Content | convertFrom-Json
在服务器上已关闭...
authentication required
但是,当我打开$user
时,以下powershell脚本应该起作用,但不起作用。而是返回404。此列表中的$url = 'https://<redacted>.adb.ap-sydney-1.oraclecloudapps.com/ords/connect4/game'
$user = 'connect4'
$pass = '<redacted>'
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential( $user, $secpasswd)
$return = Invoke-RestMethod $url -Credential $credential -headers @{'X-ID-TENANT-NAME' = '<redacted>'}
$return | select -expandProperty Content | convertFrom-Json
是connect4用户帐户密码。使用基本身份验证协议传递凭据。密码已正确验证。
GAME_VW
是否可能需要对connect4用户应用某种授权才能使其通过REST选择自己的对象? 还是我的客户打错电话了?
REST服务浮出水面的实际对象是视图game
。它具有REST对象别名oracle.dbtools.role.autorest.CONNECT4.GAME_VW
,并且所需的REST授权是ORDS角色ORDS role
。我相信DECLARE
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
ORDS.ENABLE_OBJECT(p_enabled => TRUE,
p_schema => 'CONNECT4',
p_object => 'GAME_VW',
p_object_type => 'VIEW',
p_object_alias => 'game',
p_auto_rest_auth => TRUE);
commit;
END;
与常规Oracle角色是一个不同的概念,因此不能以通常的方式授予/撤消。
该视图的REST设置的DDL是...
select NAME as ROLE_NAME, sys_context( 'userenv', 'current_schema' ) as CURRENT_SCHEMA, USER
from USER_ORDS_ROLES
where NAME = 'oracle.dbtools.role.autorest.CONNECT4.GAME_VW';
我认为此用户的ORDS角色设置正确。以下查询...
ROLE_NAME CURRENT_SCHEMA USER
-----------------------------------------------------------------------
oracle.dbtools.role.autorest.CONNECT4.GAME_VW CONNECT4 CONNECT4
...返回...
select NAME, SCHEMA_ID
from USER_ORDS_ROLES
where NAME like 'oracle.dbtools.role.autorest.CONNECT4%';
和该查询,使用相同的会话...
NAME SCHEMA_ID
--------------------------------------------------------
oracle.dbtools.role.autorest.CONNECT4 10011
oracle.dbtools.role.autorest.CONNECT4.GAME_VW 10011
...返回...
DECLARE
l_roles OWA.VC_ARR;
l_modules OWA.VC_ARR;
l_patterns OWA.VC_ARR;
BEGIN
ORDS.ENABLE_SCHEMA(
p_enabled => TRUE,
p_schema => 'CONNECT4',
p_url_mapping_type => 'BASE_PATH',
p_url_mapping_pattern => 'connect4',
p_auto_rest_auth => TRUE);
ORDS.CREATE_ROLE(p_role_name => 'oracle.dbtools.role.autorest.CONNECT4.GAME_VW');
l_roles(1) := 'oracle.dbtools.autorest.any.schema';
l_roles(2) := 'oracle.dbtools.role.autorest.CONNECT4.GAME_VW';
l_patterns(1):= '/game/*';
l_patterns(2):= '/metadata-catalog/game/*';
ORDS.DEFINE_PRIVILEGE(
p_privilege_name => 'oracle.dbtools.autorest.privilege.CONNECT4.GAME_VW',
p_roles => l_roles,
p_patterns => l_patterns,
p_modules => l_modules,
p_label => '',
p_description => '',
p_comments => NULL);
COMMIT;
END;
此特权的DDL是...
{{1}}
答案 0 :(得分:0)
确保已为用户授予适当的角色。使用以下以Sysdba身份运行的sql ...
SELECT name FROM user_ords_roles Where NAME like 'oracle.dbtools.role.autorest.%';
的特权SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTEE = 'CONNECT4';
GRANT 'oracle.dbtools.role.autorest.CONNECT4.game' TO CONNECT4;
在上述操作之后,尝试再次调用curl。
有关更多信息,请参见: https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-authentication