Thanks for the question, Jack.
Asked: December 07, 2020 - 3:01 pm UTC
Last updated: December 08, 2020 - 6:04 am UTC
Version: ORDS 20.3
Viewed 100+ times
Do the ords.war command line functions support customizing the embedded web.xml file contained inside the war file?
I am able to successfully configure ORDS to integrate with Kerberos on the Tomcat server it's hosted on. Doing so enables SSO for all our APEX and PLSQL Gateway-based apps in a smooth and seamless way (because Tomcat automatically populates the "REMOTE_USER" CGI environment variable and HTTP header at runtime).
The configuration of Kerberos requires adding a <security-constraint> section to the end of the web.xml file that is inside the Oracle supplied ords.war file. To do this, I manually edit that file after the war file is deployed to the $CATALINA_HOME/webapps/ directory (where Tomcat automatically extracts the war file contents into a new subdirectory named $CATALINA_HOME/webapps/ords).
But there's a potential problem doing this because Tomcat monitors all WAR files in $CATALINA_HOME/webapps/ for changes. If I ever modify or "touch" the ords.war file, Tomcat will automatically and silently remove the $CATALINA_HOME/webapps/ords directory and recreate it from the WAR thereby overwriting my modifications to the web.xml file. Moreover, Tomcat seems to do this every time Tomcat is bounced!
So to avoid losing the modifications, I just remove the ORDS war file from the $CATALINA_HOME/webapps/ directory while Tomcat is shutdown (if Tomcat is running, removing the ords.war file will automatically delete the ords directory). This way there is no danger of inadvertently re-creating the ords directory.
Is there a better way to do this? I know I could unpack the ords.war file, make changes to the web.xml file, and repack it back into a war file, but I'm concerned this wouldn't officially be supported by Oracle. A nicer way to handle this would be if the ORDS command line functions supported adding customizations to the embedded web.xml file. Is this possible?
and Connor said...
Is this answer out of date? If it is, please let us know via a Comment
To my knowledge, there is not a supported way to manipulate web.xml.
We do have these parameters for connecting ORDS to external security mechanisms, eg SSO. I found this in an ORDS slide deckConfiguring External Session Authentication
Add 3 settings to defaults.xml:
- security.externalUserHeader - The name of the header that identifies the user
- security.externalRolesHeader - The name of the header that identifies user roles ( comma delimited )
- security.externalSessionTrustedOrigins - The set of Origins trusted to make cross-origin requests to this server
but I can't find any other information on them at all :-(
I think you might need to throw this question at the ORDS forum to see if the ORDS devs have any additional info here. https://community.oracle.com/tech/developers/categories/oracle_rest_data_services