Skip to main content

UToken Implementation Extending WebCenter Portal REST: Impl in 11g

I recently got an exciting opportunity my way i.e., to get my hands dirty implementing utoken which adds an additional security to your resources. This is a recommended then sending user's password in plain text using Basic authentication.

utoken is kind of a defacto which is used by out-of-box Webcenter Portal REST API to serve each request

These tokens are highly secured as they're both generated and validated by the server. Webcenter REST API uses Jersey to provide the REST interface Jersey 1.x was part of 11G stack and the latest 12.2.1.3 got upgraded to Jersey 2.



However 11g was sweet with kind of straight forward implementation as we had Webcenter Portal Framework Extension available for JDeveloper which provided the following libraries. This is very less spoken outside so I would like to share with you:


Now create your resource in PortalExtension project:

Add the following entries in web.xml:

<?xml version = '1.0' encoding = 'UTF-8'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">

    <servlet>
        <!-- Servlet Name will need to be - oracle.jaxrs.servlet  -->
        <servlet-name>oracle.jaxrs.servlet</servlet-name>
        <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
        <init-param>
            <param-name>com.sun.jersey.config.property.resourceConfigClass</param-name>
            <param-value>oracle.webcenter.jaxrs.framework.application.MultiPropertyResourceConfig</param-value>
        </init-param>
        <init-param>
            <!--
                This init param is very important. Please note that param name will need to in the format
                oracle.jaxrs.config.property.resources.[suffix].

                The value is a semi-colon seperated list of classes Jersey services - in this example it will be HelloWorldService
            -->
            <param-name>oracle.jaxrs.config.property.resources.example</param-name>
            <param-value>
               com.rdev.test.PeopleResource
            </param-value>
        </init-param>

        <!-- Enabled token manager security -->
        <init-param>
            <param-name>token.manager.enabled</param-name>
            <param-value>true</param-value>
        </init-param>

        <!-- Security token will be utoken -->
        <init-param>
           <param-name>token.names</param-name>
           <param-value>utoken</param-value>
        </init-param>
        <init-param>
           <param-name>token.location</param-name>
           <param-value>header</param-value>
        </init-param>
        <init-param>
           <param-name>token.compat.mode</param-name>
           <param-value>true</param-value>
        </init-param>
        <init-param>
           <param-name>disable.jca.encryption</param-name>
           <param-value>false</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
</web-app>
The Jersey Servlet mentioned in above entries gets registered by the webcenter-rest.war which is part of webcenter application. In 11g the war registers the app-context-root/rest and binds to url-pattern /api/* (This will change a little in 12c) so with appropriate entries in web.xml as above and referring our custom resource as below:

<param-name>oracle.jaxrs.config.property.resources.example</param-name>
            <param-value>
               com.rdev.test.PeopleResource
            </param-value>
Create a weblogic.xml if you don't have one already and add the following entry:

<library-ref>
    <library-name>jaxrs-framework-web-lib</library-name>
  </library-ref>

Now deploy the application to any of the managed servers and login which provides a utoken which you can capture using developer tools (F12) in browser. Append the utoken to the resource uri as below and hit for the expected output.

localhost:9101/myapi/api/users/hello?utoken=FIjCycGGttWFfwwsAX96i0Yw_w**


**** Following the same steps as above will not work in 12c and I'll blog about it in my next blog post ****






















Labels:

Comments

Post a Comment

Popular posts from this blog

Spring Boot - RestTemplate PATCH request fix

  In Spring Boot, you make a simple http request as below: 1. Define RestTemplate bean @Bean public RestTemplate restTemplate () { return new RestTemplate (); } 2. Autowire RestTemplate wherever you need to make Http calls @Autowire private RestTemplate restTemplate ; 3. Use auto-wired RestTemplate to make the Http call restTemplate . exchange ( "http://localhost:8080/users" , HttpMethod . POST , httpEntity , String . class ); Above setup works fine for all Http calls except PATCH. The following exception occurs if you try to make a PATCH request as above Exception: I / O error on PATCH request for \ "http://localhost:8080/users\" : Invalid HTTP method: PATCH ; nested exception is java . net . ProtocolException : Invalid HTTP method: PATCH Cause: Above exception happens because of the HttpURLConnection used by default in Spring Boot RestTemplate which is provided by the standard JDK HTTP library. More on this at this  bug Fix: This can b...
Post a Comment
Read more

RADUS#4 - Caching the response in REST API's

  Caching in spring boot app: Caching can be used to provide a performance boost to your application users by avoiding the business logic processing involved again and again, load on your DB, requests to external systems if the users request data that's not changed frequently Different types of caching: We'll be focusing more on in-memory caching in this post i listed other options available to have an idea. In-memory caching You'll have a key-value data stores that stores the response of the request after it is served for the first time There are multiple systems like Redis, Memcached that do this distributed caching very well By default Spring provides concurrent hashmap as default cache, but you can override CacheManager to register external cache providers. Database caching Web server caching Dependencies needed: Maven < dependency > < groupId > org . springframework . boot </ groupId > < artifactId > spring - boot - starter - cache ...
Post a Comment
Read more

Set BIND VARIABLE and EXECUTE QUERY programmatically in ADF

A very common scenario in ADF is to set a bind variable and execute query programmatically within AMImpl/ VOImpl classes. Here's a simple way to do this: To set bind variable for all rowsets:       ViewObjectImpl someVO = this.getSomeViewObject();       VariableValueManager vMngr = someVO.ensureVariableManager();        vMngr.setVariableValue("DefinedBindVariable",value);        someVO,executeQuery(); To set bind variable for default rowset:          ViewObjectImpl someVO = this.getSomeViewObject();          someVO.setNamedWhereClauseParam("DefinedBindVariable",value);          someVO,executeQuery();
2 comments
Read more