Skip to Main Content

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Farshid.

Asked: March 10, 2021 - 12:20 pm UTC

Last updated: April 14, 2021 - 3:28 am UTC

Version: XE 18c

Viewed 100+ times

You Asked

Hello everyone

At first, I have an angular UI client and ORDS as API.

I'm going to use RAS(real application security) or VPD for row-level security. I read oracle RAS documentation and I didn't catch how to use it with ORDS(without apex) and this is true for using VPD, I created a user in ORDS.war but I can't find this user in the database and it's just created in the ORDS layer, I don't know how to find out which user connected to DB for applying VPD policies.

How can I do it?

thanks in advance

and we said...

ORDS since 18.3 has a "prehook" ability, ie, a function that will be called before every request. Within that function you can set context variables etc, or anything that needs to be set in order for VPD to work correctly in the scope of an ORDS request.

The function also be passed the ":current_user" bind variable from ORDS to have access to the current user.

It must return a boolean, and you activate it via defaults.xml

<entry key="procedure.rest.preHook">myPLSQLFunction</entry>


More details in the docs

https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/18.4/aelig/developing-REST-applications.html#GUID-1B081D04-39EC-4E3B-8902-AEB2A44EEF34

Rating

  (2 ratings)

Comments

overheads per requests

Farshid, March 27, 2021 - 4:45 am UTC

that's right, but in large systems that not work well, because it doubles requests count, and every time I should check user roles then set context variables.
I've another problem with ORDS, Why there is just one proxy user(ords_public_user) and we can't define other proxy users( as users to call API service and use in their application) to login?

Connor McDonald
March 31, 2021 - 4:34 am UTC

because it doubles requests count,

Not sure what you mean by this. We make an extra trip between ORDS and the database, but not an extra trip to the client.

We're running ORDS to support hundreds of thousands of users using our global COVID applications, so I'm pretty confident it scales well.

RAS

Farshid, March 31, 2021 - 6:13 am UTC

Thank you for clear it. I have several questions, If you reply to them, I'm grateful.

1- How to audit Auth2 clients?

2- You replied how to use VPD, now I also want to know how to use RAS in ORDS?

3- How to use application users created in RAS for login like Auth2 clients?

4- How is refresh Token in Ords?
Connor McDonald
April 14, 2021 - 3:28 am UTC

I know APEX can use RAS, and does so by attaching RAS application session to the APEX session, so I'd imagine a non-APEX application being accessed via ORDS will be able to do similar.

But I think for the detailed ORDS information you'll be better served by asking that in the ORDS forum

https://community.oracle.com/tech/developers/categories/oracle_rest_data_services