Tech, Oracle, user experience, coffee, design standards, and shameless ranting

Oracle XMLDB custom authentication for webdav / http

Oh what joy Oracle has brought me today!!

I’ve been struggling for a few days trying to work out how best to integrate Oracle and Active Directory to allow users to map a drive letter to Oracle XMLDB to use it as a file store, extract EXIF, lat / lon and so on…

I’d finally conceded that integrating Oracle and AD via OID was not feasible given the constraints in the organisations, so was about to write some scripts to create new Oracle users whenever AD was updated. (800 users) when I came across a PDF from Mark Drake, product manager at Oracle.

http://www.oracle.com/in/javaonedevelop/h3-2-levaraging-full-power-oracle-400288-en-in.pdf

Turns out you can (seems to be a beta feature at the moment, but carry on regardless!!) write a custom authentication scheme and tell XMLDB to use it whenever a particular resource path is requested.

Anyway, the PDF had quite a few typos and wasn’t complete, so here is my attempt at it.

Pseudo code:
1) Create a function that returns
Marky
or
Wrong username

2) Call addAuthenticationMethod to register the function

3) Call addAuthenticationMapping to link the scheme to a path in XMLDB

4) Run a little bit of code to enable the whole thing (temporary fix for now seemingly)

So here is the detail of my implementation:

1)

1
2
3
4
5
6
7
8
9
10
create or replace function myschema.doAuthenticate(URL varchar2, AUTHINFO VARCHAR2) return varchar2
is
V_USERNAME VARCHAR2(300);
V_PASSWORD VARCHAR2(300);
begin
--Id look at the AUTHINFO variable and compare the values against a table in my app, but for here I'm just pretending I've done that
return '<custom_authenticate><user>Sparky</user></custom_authenticate>';
end;
 
Grant execute on myschema.doAuthenticate to public;

2)

1
2
3
4
5
6
7
8
begin dbms_xdb.addAuthenticationMethod(
NAME=>'HTTP_REPO',
description=> 'Test authentication method, always return success',
implement_schema =>'MYSCHEMA',
implement_method =>'doauthenticate',
language =>'PL/SQL'
);
end;

3)

1
exec dbms_xdb.addAuthenticationMapping( PATTERN=>'/repository/*', NAME => 'HTTP_REPO');

–/repository is a folder I created on the root of XMLDB with the ‘/sys/acls/all_all_acl.xml’ ACL

4)

1
2
3
 
--Run this as SYS
alter system set event='31098 trace name context forever, level 0x8000' scope=spfile

In the middle of debugging it, will let you know if I have any other problems.

Loving it, but wish it were documented somewhere, or a good complete example given.

This will save a load of effort maintaining and synchronising between AD and Oracle, although if you already implement this syncing, then obviously ignore everything i’ve just said!!!

Good luck
Mark

Share

You can follow any responses to this entry through the RSS 2.0 feed.

Switch to our mobile site