Oracle REST Data Services: Determining the Authenticated User
Introduction
Oracle REST Data Services (ORDS) has a number of implicit parameters
which may be bound into Resource Module Handlers. One of which is
:current_user
which provides the identity of the user authenticated for the
current request. If a user has not been authenticated then value of
:current_user
will be null
.
Example
We can bind the value of :current_user into the context of a query as shown below:
begin
ords.define_service(
p_module_name => 'current.user.example',
p_base_path => '/greetings/',
p_pattern => 'example',
p_source_type => ords.source_type_collection_item,
p_source => 'select ''Hello '' || :current_user "greeting" from dual'
);
commit;
end;
This example will produce output like the following:
{
"greeting": "Hello ",
"links": [
{"rel": "collection", "href": "https://oow17.dbtools.local:8443/ords/tickets/greetings/"}
]
}
Note how the value of the greeting
property is just Hello
, the value of
the :current_user
implicit parameter is null
because no user has been
authenticated, since this resource is currently public.
Let’s make the resource protected, by defining a privilege to protect it:
declare
l_priv_roles owa.vc_arr;
l_priv_patterns owa.vc_arr;
begin
l_priv_patterns(1) := '/greetings/*';
ords.define_privilege(
p_privilege_name => 'protected.greetings',
p_roles => l_priv_roles,
p_patterns => l_priv_patterns
);
commit;
end;
- We declare two arrays to hold the role name and privilege patterns respectively.
- We want any authenticated user to be able to access the protected resource
so we leave the roles array (
l_priv_roles
) empty. An empty role set implies any authenticated user can access a privilege. - We want any resource under
/greetings/
to be protected so we add a single pattern:/greetings/*
to the privilege patterns array.
Let’s try accessing the protected resource again:
https://server:port/ords/<schema>/greetings/example
This time we access the resource we see a 401 Unauthorized status and a prompt to sign in. If we sign in the resource we see will look like the following:
{
"greeting": "Hello Colm",
"links": [
{ "rel": "collection", "href": "https://oow17.dbtools.local:8443/ords/tickets/greetings/"}
]
}
This time there is an authenticated user - Colm
in this case - and this
value is bound to the :current_user
implicit parameter, producing the
greeting: Hello Colm
.