oracle ords new features you can't ignore...rest enabled sql 28 rest enabled sql provides...
TRANSCRIPT
1
OracleORDSNewfeaturesyoucan'tignore
DietmarAustOpal-Consulting,Köln
www.opal-consulting.de
2AboutDietmar.
• Dipl.-Inform.DietmarAust,FreelanceConsultant• Master'sDegreeinComputerScience(MSCS)
• BuildingOraclebasedWebApplicationssince1997• Portal,Forms,Reports,OWAToolkit,nowAPEX!
• 1997-2000:ConsultantatOracleGermany
• Since09/2000:FreelanceConsultant,Since2006–APEXonly!
• AuthoroftheJasperReportsIntegrationtoolkit• http://www.opal-consulting.de/tools
• 2015DatabaseDeveloperoftheyearintheORDScategory
3AboutDietmar.
Haveaproblemyoucannotsolve?OracleAPEXOracleORDS
Scheduleacallwithme!
www.opal-consulting.de/contact
4Agenda
Coveringnewfeaturesfrom17.4to19.1• PreHook• mod_plsqlmigrationsupport• RESTenabledSQL• DatabaseRESTAPI• Smallerfeatures• Changed,deprecatedandremoved
5Versioninformationinlowerleftcorner
• Whenwasthatnewfeatureintroduced?
6
PreHook
7PreHook
APreHookimplementsapl/sqlhandlerBEFOREaRESTfulcallisprocessedAuthenticatingusers(firstpartyauthentication)hadchallengespreviously:• Hadtobedoneattheapplicationserverlevel
– toocomplicatedformanydevelopers– differentimplementationforeachapplicationserver(Tomcat/Weblogic/Glassfish)
ORDS18.3
8PreHook
MajorUseCases:• Setupuser/roleswithpl/sqlandnotintheapplicationserver
– APEXauthenticationschemesareeasytoimplementwithpl/sql• ImplementVPDrequirementsforRESTfulhandlers
– Collectionandcollectionitemquerieswithoutvpdcontext=>emptyresultset
• Autorestenabledobjectscanaccesstheuseridentity(:current_user)inatrigger
ORDS18.3
9PreHook
1. ConfigurationinORDS/defaults.xml:
– DefinedonconnectionpoollevelforallRESTenabledschemasinthatdatabase
2. Createplsqlfunction
– MustbeexecutablebyallRESTenabledschemasorglobally– ExceptionHandlerisREALLYIMPORTANT– Mayaffectperformance,iscalledbeforeEVERYrequest.
ORDS18.3
�<entrykey="procedure.rest.preHook">myPLSQLFunction</entry>
�FUNCTIONords_prehookRETURNBOOLEAN
10PreHook-Flowofevents
Oracle REST Data
Services
ORDSRunsinWLS,Tomcatcontainer
OracleDB5.DBreturnsJDBCResults
6.ReturnJSON/CSV
1./ords/<RESTfulURI>
2.CallpreHook()
3.Return(yes/no),headersX-ORDS-USERX-ORDS-USER_ROLES
4.CallRESTfulservice()
ORDS18.3
11
ORDS18.3
12PreHook-Flowofevents
Oracle REST Data
Services
ORDSRunsinWLS,Tomcatcontainer
OracleDB5.DBreturnsJDBCResults
6.ReturnJSON/CSV
1./ords/<RESTfulURI>
2.CallpreHook()
3.Return(yes/no),headersX-ORDS-USERX-ORDS-USER_ROLES
4.CallRESTfulservice()
UsesIDENTICALsessionfromconnectionpool
ORDS18.3
⇒ Detectthecallcontext⇒ parsingschema,⇒ URI,httpheaders,basicauth,...
13PreHook–Detectingthecallcontext
http://localhost:8080/ords/rest/ordstest/opal/nf/v1/user-info?x=1
ORDS18.3
14PreHook–DifferentHandlersperSchema
• ImplementingdifferenthandlersperRESTenabledschema?1. DifferentPL/SQLfunctionsperORDSenabledschema
• Globallyexecutableprehookfunctionwithpublicsynonym• Differentlocalfunction(withidenticalname)ineachschemaleveragingOraclenameresolution
2. Singleglobalfunctionwithdifferentcodebasedoncallcontext(parsingschema,module,etc.)
ORDS18.3
15PreHook–IntegrationwithActiveDirectory
• LeveragingSSOHeaderintegrationwithActiveDirectory– https://www.edocr.com/v/lv1rvxvx/nielsdebruijn/Single-Sign-On-for-Oracle-Application-Express-APEX
• BasicIdea:ConnectWebServer/ApplicationServertoActiveDirectoryandsethttpheadervariableSSO_USER
ORDS18.3
16PreHook–IntegrationwithActiveDirectory
• ImplementationinPreHook– worksacrossapplicationservers!
createorreplacefunctionords_prehookreturnbooleanisbeginowa_util.status_line(200,'OK',FALSE);htp.prn('X-ORDS-HOOK-USER:'||owa_util.get_cgi_env('SSO_USER'));returntrue;EXCEPTIONWHENOTHERSTHEN--THISISIMPORTANT!!!ElseORDSmightnotreturnonceanerroroccured.RETURNfalse;END;
ORDS18.3
17
mod_plsqlMigrationSupport
18mod_plsqlDesupport
• DeprecatedsinceOracleHTTPServer(OHS)12.1.3• RemovedinOracleHTTPServer12cversion12.2.1
19mod_plsqlMigrationSupport
• NewfeaturesaddedtoOracleORDStoease1:1migrationfrommod_plsql
• Upuntil17.4– somefeatureswerenotsupported(mainlyauthenticationchoices),
– somehadtoberewritten(e.g.fileupload)
20HTTPBasicauthenticationwithDBuser/pwd
Usingdatabaseaccounts(username/password)toauthenticatePL/SQLgatewaycalls.Inmod_plsqltheusername/pwdwasempty/plsql/logmeofftodeauthenticate
ORDS18.1
21HTTPBasicauthenticationwithDBuser/pwd
SetupinORDS1. Createadummyuserwhichhasnoexecuteprivilegeson
anything(oruseAPEX_PUBLIC_USERforexample)2. Createaplsqlconnectionpoolwiththisuser3. Definejdbc.auth.enabledinplsqlconnectionpool
ORDS18.1
<properties><comment>SavedonFriApr1210:52:47CEST2019</comment><entrykey="db.password">@058A4EE0DA652E95D5BCA4A0B55895AF3B</entry><entrykey="db.servicename">XE</entry><entrykey="db.username">APEX_PUBLIC_USER</entry><entrykey="jdbc.auth.enabled">true</entry></properties>
22HTTPBasicauthenticationwithDBuser/pwd
• Whencallingapublicprocedure– http://vm1/ords/basic_dyn_auth/apex_login– Itwilljustproceedandyouwillnotbeprompted
• Callingaprivateprocedurewilltriggerthechallenge– http://vm1/ords/basic_dyn_auth/opal_demo_ords.user_info
– Thenenterdbuser/pwdforthesession
ORDS18.1
23HTTPBasicauthenticationwithDBuser/pwd
ImportantConstraints• UserMUSTNOTbeREST-enabled• UserMUSTNOThaveexecuteprivilegesonthetargetprocedure
Restrictions• Logout(/pls/logmeoff)isnotsupported,browsermustbeclosed
• Anadditionalroundtripforloginrequired(connectionpoolcannotbeused),mightaffectinitialperformance
ORDS18.1
24CustomAuthentication
Customauthenticationwasusedinmod_plsqlapplicationstoauthenticateusersdynamicallyagainstusertables• Canusebasicauthenticationorloginform• Theauthorize()functioniscalledforeveryrequestImplementationinORDS• Addsettingtoconnectionpool
ORDS18.3
�<entrykey="security.requestAuthenticationFunction">custom_auth_authorize_simple</entry>
25PL/SQLGatewaysupportforcustomauthentication
ORDS18.3
26PerRequestvalidation
Cachingoftherequestvalidationfunctioncanbedisabled.Thefunctionlimitswhichpublicprocedurescanbecalled.
– Bydefaultthefunctionresultiscached(assumption:listofallowedprocsisfixed)
– ProvidemeanstodisablecachingofPL/SQLGatewayprocedurevalidation
• CustomersuseIPAddresses,Userinfoandheaderstoauthorizeeachrequest
<entrykey="security.requestValidationFunction">wwv_flow_epg_include_modules.authorize</entry>
<entrykey="security.maxEntries">0</entry>
ORDS18.3
27
RESTenabledSQL
28RESTenabledSQL
RESTenabledSQLprovidesaccesstotheSQLengineviaHTTPSUseCases
– Runsqlstatementsonthecloudviahttps(nosqlnet/jdbcaccess)
– AlternativetoJDBC/ODBCconnectivityand/ordatabaselinks– „Three-tier“APEXapplicationswherethedatatables/proceduresdon‘thavetoresideinAPEXDB.
ORDS17.4
29RESTenabledSQL–mechanics
HttpPOSTthestatement(s)andgettheresultinJSON
ORDS17.4
30RESTenabledSQL–mechanics
ORDS17.4
31RESTenabledSQL–SetupinORDS
1. Addentrytoconnectionpool
2. (optional)Limitmaxnumberofrows(default:500)
3. RESTenableallaccessibleschemas4. AccessschemaswithURL:https://server:port/ords/<schema_alias>/_/sql
<entrykey="restEnabledSql.active">true</entry>
<entrykey="misc.pagination.maxRows">1500</entry>
ORDS17.4
32RESTenabledSQL-Authentication
• Firstpartyauthentication– ORDScredentialsfile,grantrole„SQLDeveloper“
– AuthenticationinAppserver,grantrole„SQLDeveloper“– =>accesstoALLRESTenabledschemas
• OAuth2ClientCredentials– Grantrole„SQLDeveloper“
• Schemaauthentication(user/passwordforDBschema)– Role„SQLDeveloper“willbeassignedautomatically
ORDS17.4
java–jarords.waruserSQLDEV"SQLDeveloper"
33RESTenabledSQL–GettingStarted
• Documentation:– https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/18.4/aelig/rest-enabled-sql-service.html
• Commands:SQL,PL/SQL,SQLPlus,SQLclcommands– https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/18.4/aelig/rest-enabled-sql-service.html#GUID-AE7F4291-02B1-4608-B5B2-F783A15D8AEB
– Nocommandstoaccesshostornetwork
ORDS17.4
34RESTenabledSQL
SampleapplicationbyKrisRice• http://krisrice.io/2017-09-14-demo-app-for-rest-enabled-sql/
• https://github.com/oracle/oracle-db-tools/tree/master/ords/rest-sql
ORDS17.4
35
Database REST API
36DatabaseRESTAPI
RESTfulAPIforadministeringtheOracleDatabase.Supportsversions11gR2through19c.UseCases• YetanotherinterfaceformanagingyourenvironmentsandautomatingthingsinaDevOpsworldusingcURL,REST,andJSON
ORDS19.1
37DatabaseRESTAPI
CurrentlymostlyGETsPOST/DELETEonlyfor
– Creatingdatapumpjobs
– PluggableDBlifecyclemanagement
– Fleetpatching
ORDS19.1
38DatabaseRESTAPI–Setupindatabase
1. CreateDBAuser
2. RESTenableDBAuser
createuserdbadmin...;grantdbatodbadmin;grantPDB_DBAtodbadmin;--for>=12c
ORDS_ADMIN.ENABLE_SCHEMA(p_schema=>'DBADMIN',p_url_mapping_pattern=>'dbadmin');
ORDS19.1
39DatabaseRESTAPI–SetupinORDS
1. Addentrytoconnectionpool
2. (optional)EnabledatabaseauthenticationifusingDBSchemaauthentication(username/pwd)
or
<entrykey="database.api.enabled">true</entry>
<entrykey="jdbc.auth.enabled">true</entry>
<entrykey="restEnabledSql.active">true</entry>
ORDS19.1
40DatabaseRESTAPI-Authentication
• Firstpartyauthentication– ORDScredentialsfile,grantrole„SQLAdministrator“
– AuthenticationinAppserver,grantrole„SQLAdministrator“• OAuth2ClientCredentials• Schemaauthentication(user/passwordforDBschema)
– Role„SQLAdministrator“willbeassignedautomatically
java–jarords.waruserDBADMIN"SQLAdministrator"
ORDS19.1
41DatabaseRESTAPI–URLs
BaseURLfortheAPI(e.g.sampledbauserdbadmin)– https://server:port/ords/dbadmin/_/db-api/19.1.0/or– https://server:port/ords/dbadmin/_/db-api/latest/
UsequeryfilterinURL– https://server:port/ords/dbadmin/_/db-api/latest/database/
objects/indexes/?q={"$eq":{"table_owner":"MDSYS"}}
ORDS19.1
42DatabaseRESTAPI–Documentation
OpenAPI3.0documentation• https://server:port/ords/dbadmin/_/db-api/latest/metadata-catalog/openapi.json
• Copy/pastetohttps://editor.swagger.io/
ORDS19.1
43DatabaseRESTAPI–GettingStarted
• JeffSmith– https://www.thatjeffsmith.com/archive/2019/04/introducing-the-database-management-rest-api-for-your-oracle-database/
• OracleDocumentation
ORDS19.1
44
Smaller Features
45InternalHttp-HeaderNameChange
HeaderNameChange,X-APEX*Headersdeprecated– Internalheadersnotvisibletotheclient...justbetweendatabaseandmidtier
– Movingforward,ORDSsupportsOracleRDBMSindependentofAPEXinstallation
Implementation– X-APEX-STATUS-CODE=>X-ORDS-STATUS-CODE– X-APEX-FORWARD=>X-ORDS-FORWARD
ORDS18.3
46Newimplicitvariables
NewimplicitvariableshavebeenaddedtosimplifycodingofRESTfulhandlers.
– Variables:status_code=>HeaderX-ORDS-STATUS-CODE:forward_location=>HeaderX-ORDS-FORWARD:body_text=>implicitCLOBlike:body
ORDS18.3
47Newimplicitvariables
ORDS18.3
48Newimplicitvariables
InaPOSThandleryoucouldaccessthebodyofthepostasaBLOB
ORDS18.3
49Newimplicitvariables
Gettingstarted– https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/18.4/aelig/implicit-parameters.html
– https://www.thatjeffsmith.com/archive/2018/10/x-ords-forward-ords-response-forward-to-another-resource/
ORDS18.3
50DispatchPL/SQLGatewaycallsviaORDS_PUBLIC_USER
BUG:29197220-DispatchPL/SQLGatewaycallsviaORDS_PUBLIC_USERtominimizenumberofpoolsrequired
ORDS19.2(safe-harbor)
Previously:separatepools– apex_public_user– apex_listener– apex_rest_public_user– ords_public_user
>=19.2(presumably):unifiedpool– ords_public_user
Transparentproxyconnecttoapex_public_user
51DispatchPL/SQLGatewaycallsviaORDS_PUBLIC_USER
SetupinORDS1. Addtoconnectionpool(apex_pu.xml)ordefaults.xml
2. Deleteallconnectionpoolsbutapex_pu.xml(>=19.2thewizardswillchangeandnotcreatetheotherpoolsanymore)
<entrykey="plsql.gateway.enabled">true</entry>
ORDS19.2(safe-harbor)
52
Changes
53JDKRuntimeRequirement
• Runtimeenvironment– Java8(JDK)isarequirement(>=ORDS17.4)– Java9(JDK)issupported(>=ORDS18.1)
• SupportedforallJava9certifiedAppServers
54DeprecatedFeatures
• 17.4– DeprecationofGlassfishSupport
• 18.1– RemovalofNoSQLsupport– Parameterapex.docTabledeprecated
• =>insteaduseowa.docTable
• Emptycolumnsfixedin19.1
55DeprecatedFeatures
• 18.4– DeprecationofApacheFOPPDFSupport
• Willberemovedin19.2.0• FutureversionsofOracleApplicationExpresswillmovetoanewmechanismtogeneratePDFresources.
56DeprecatedFeatures
• 18.4– DeprecationofURITemplateSyntaxforORDSBasedRESTServices(e.g/employees/{p_empno})
• Willberemovedin19.4.0• =>usemoreexpressivenewersyntax:• (e.g/employees/:p_empno)• https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/18.3/ordjv/doc-files/route-patterns.html
57DeprecatedFeatures
• 18.4– DeprecationofRegularExpressionbasedURLMappings
• Willberemovedin19.4.0• SupportfordefiningURLmappingsusingusingregularexpressionsisdeprecated:
• Use--typebase-pathor--typebase-urlinstead.java-jarords.warmap-url--typeregex
58Questions?
Opal Consulting Zum Tilmeshof 11 50859 Köln Germany
Email / Website [email protected] www.opal-consulting.de
Haveaproblemyoucannotsolve?OracleAPEXOracleORDS
Scheduleacallwithme!
www.opal-consulting.de/contact