CON7844 RESTful Web Services and Oracle Database

RESTful Services & Oracle DatabaseOracle RESTful Data Services

Colm DivillyConsulting Member of Technical StaffOracle Database ToolsSeptember, 2014

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |


Safe Harbor StatementThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Program Agenda

Oracle REST Data Services Overview

New Features

Filtering REST Collections

Oracle NoSQL Database Support

Securing RESTful Services

1

2

3

4

5


Oracle REST Data ServicesOverview

Declaratively transform database data into JSON, and other Web interchange formats, and expose that data over HTTP with strong support for key principals of the REST style.• Uniform Methods: GET, POST, PUT, DELETE, PATCH• Hyperlinks As The Engine of Application of Application State (HATEOAS)• Entity Tags, Conditional Operations, Optimistic Locking• Secured with Industry Standard protocols: HTTPS, OAuth 2.0


New Features

• New JSON format–Based on JSON Schema.–All Oracle products converging on same syntax.• Improved Standalone Mode–Uses Jetty instead of Grizzly.–HTTPS support.–Well Proven


New Features

•Much Improved Install– java -jar ords.war, set’s everything up, db connections, db

schema install, launch standalone–Get to fully installed and configured ORDS in minutes.• Expose tables and views as REST collections with a couple of clicks

in SQL Developer.


New Features

• Filter and project within REST collections.• Protect REST Endpoints with OAuth 2.0 & first party cookie based

authentication.


Oracle NoSQL Database Support

•Expose NoSQL Tables as JSON REST Collections•Supports CRUD operations on tables•Supports query on tables•Secure access in same manner as other ORDS REST

Services


REST Collection Filtering

•Filter resource collections using a JSON based syntax•Sub select specific items in the collection•Project subset of columns in the collection•Modify ordering of items in the collection


Securing RESTful Services: OAuth 2.0

•OAuth 2.0 is an industry standard protocol for controlling third party access to REST APIs.•The short version:

Registered third party apps use an access token to prove they are authorised by a user to make

access on the user's behalf.


Securing RESTful Services: OAuth 2.0

•3 Steps:• Register client application• Start Approval Flow, approve access• Submit request with access token


Securing RESTful Services: Cookie Auth

•For first party applications only! Meaning the first party application MUST reside on the same origin as the REST API, so that the browser's 'Same Origin' Policy applies.•Third party origins are NOT permitted to use Cookie Auth, and we specifically prevent 3rd party origins using Cookie Auth, because of the security risks involved.•Cookies are ALWAYS sent by the browser, this is what makes web-apps susceptible to Cross Site Request Forgery (CSRF) attacks. OAuth access tokens are not sent automatically, the client needs to manually add the token to each request, this prevents CSRF attacks.


Oracle REST Data ServicesQuestions & Answers?


Date post:	12-Jul-2016
Category:	Documents
Upload:	suchai
View:	217 times
Download:	0 times

CON7844 RESTful Web Services and Oracle Database

Documents