Oracle SQL Developer Top 10+ Tips & Tricks Formerly Known as the APEX Listener There have been many...

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

ORDSDatabaseRESTAPI

https://oracle.com/rest

Jeff SmithSenior Principal Product [email protected] || @thatjeffsmithDatabase Tools, Oracle Corp

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |

Not just THAT SQLDev Guy…

• Blogs• Videos• GitHub Examples• Articles

– UKOUG Scene Why REST, and What’s in it or Me?– Oracle Mag AUTO REST & REST Enabled SQL

…I GET ORDS, too!

https://www.thatjeffsmith.com/oracle-rest-data-services-ords/

https://www.youtube.com/user/ThatJeffSmith/search?view_as=subscriber&query=ords

https://github.com/oracle/oracle-db-tools/tree/master/ords/rest-sql

http://viewer.zmags.com/publication/65666be2#/65666be2/10

http://www.oracle.com/technetwork/issue-archive/2017/17-mar/o27sqldev-3616183.html

https://blogs.oracle.com/oraclemagazine/get-your-rest;-post-your-sql


OracleRESTDataServices

3

Formerly Known as the APEX Listener

Presenter

Presentation Notes

There have been many many remote procedure call/distributed communication protocols. Many have been very deeply specified with thousands of pages of specifications, but in the end the industry moved away from these protocols to a much looser concept. So loose it cannot even deemed a protocol, rather REST is referred to as an architectural style. REST won not by being the most advanced, or the most capable, or the most efficient, but by being the easiest to get to grips with. Which is both a blessing and a curse. The world is full of less than optimal REST APIs. Because REST is so approachable folks quickly move to building and shipping APIs without considering some of the more thorny issues that every distributed application has to deal with How to manage concurrency, how to deal with lost updates, co-ordinate transactions How to deal with unavailability How to deal with massive scale Oracle REST Data Services is designed to deal with many of these issues, we’ve done the hard thinking and chosen approaches to deal with these issues so developers using ORDS don’t need to worry about them so much. I want to draw a comparison between REST and another foundational technology, UNIX. When I think of UNIX I picture big air conditioned rooms in data centres full of big iron servers. But that’s not the reality of UNIX today. It’s not just data centres and backend servers. The reality is UNIX is all around you, you wear it on your wrist, you carry it in your pocket, it powers the movies you watch when sat on an aeroplane, it controls the car you drive, it is literally everywhere. It is part of the fabric of our reality, but it’s not something out there in front of you. It’s a building block, something atop which much of the rest of the technology in our lives is built upon. I’m sure everyone in this room knows how to get around in UNIX, I’m sure that wasn’t always the case, there was a time when all I knew was MS-DOS and Windows. UNIX was a foreign land, and even seemed like something that was fading away under the march of Windows, but that time was so long ago and now I can’t picture a future where knowing and being comfortable using UNIX won’t be a valuable skill for at least another decade or two. I feel REST is following a similar trajectory. It is almost as old as the HTTP protocol itself, and it’s popularity and ubiquity has taken a considerable amount of time to build, but now that it’s value has been recognised, I don’t see it’s utility being displaced until the next paradigm shift in computing technology occurs. It has become one of the building blocks we take for granted. And thus everyone needs to know and understand REST and more importantly every piece of technology involved in distributed computing needs to be a good and competent REST citizen.


But First, a Brief Overview of REST

• RESTful web services are a way of providing interoperability between computer systems on the Internet

• REST often treated as a Religion, BUT…• …provides a predictable model for delivering services• We aim for pure REST, but don’t let that pursuit get in the way of

practicality

And Why a DB Professional Should Care

https://en.wikipedia.org/wiki/Representational_state_transfer


REpresentational State Transfer (REST)It relies on a stateless, client-server, cacheable communications protocol -- and in virtually all cases, the HTTP(S!) protocol is used.REST is an architecture style for designing networked applications. The idea is that, rather than using complex mechanisms such as CORBA, RPC or SOAP to connect between machines, simple HTTP is used to make calls between machines. (rest.elkstein.org)

• REST is easy– Small uniform set of operations: GET, POST, PUT, DELETE (CRUD!)– Small set of uniform status codes: 200, 201, 404, 500, …– URLs & hyperlinks encourage stateless behavior– Text based protocol with simple request/response model

5

Presenter

Presentation Notes

There have been many many remote procedure call/distributed communication protocols. Many have been very deeply specified with thousands of pages of specifications, but in the end the industry moved away from these protocols to a much looser concept. So loose it cannot even deemed a protocol, rather REST is referred to as an architectural style. REST won not by being the most advanced, or the most capable, or the most efficient, but by being the easiest to get to grips with. Which is both a blessing and a curse. The world is full of less than optimal REST APIs. Because REST is so approachable folks quickly move to building and shipping APIs without considering some of the more thorny issues that every distributed application has to deal with How to manage concurrency, how to deal with lost updates, co-ordinate transactions How to deal with unavailability How to deal with massive scale Oracle REST Data Services is designed to deal with many of these issues, we’ve done the hard thinking and chosen approaches to deal with these issues so developers using ORDS don’t need to worry about them so much. I want to draw a comparison between REST and another foundational technology, UNIX. When I think of UNIX I picture big air conditioned rooms in data centres full of big iron servers. But that’s not the reality of UNIX today. It’s not just data centres and backend servers. The reality is UNIX is all around you, you wear it on your wrist, you carry it in your pocket, it powers the movies you watch when sat on an aeroplane, it controls the car you drive, it is literally everywhere. It is part of the fabric of our reality, but it’s not something out there in front of you. It’s a building block, something atop which much of the rest of the technology in our lives is built upon. I’m sure everyone in this room knows how to get around in UNIX, I’m sure that wasn’t always the case, there was a time when all I knew was MS-DOS and Windows. UNIX was a foreign land, and even seemed like something that was fading away under the march of Windows, but that time was so long ago and now I can’t picture a future where knowing and being comfortable using UNIX won’t be a valuable skill for at least another decade or two. I feel REST is following a similar trajectory. It is almost as old as the HTTP protocol itself, and it’s popularity and ubiquity has taken a considerable amount of time to build, but now that it’s value has been recognised, I don’t see it’s utility being displaced until the next paradigm shift in computing technology occurs. It has become one of the building blocks we take for granted. And thus everyone needs to know and understand REST and more importantly every piece of technology involved in distributed computing needs to be a good and competent REST citizen.

http://rest.elkstein.org/


• Model resources, not actions:– GET /ords/hr/employees/ - GOOD– GET /ords/hr/delete_emp/ - BAD– DELETE /ords/hr/employees/97 - GOOD

• Uniform operations on all resources:– GET, POST, PUT, DELETE, OPTIONS, HEAD– Mostly nouns, a few verbs

• Stateless requests, state transitions communicated via hyper-links.

The Architectural Style of the WebREpresentational State Transfer (REST)


Resource Collection Pattern• MASTER RESOURCE: called the Collection URI:https://example.com/ords/hr/employees/

• DETAIL RESOURCE; called the Item URI:https://example.com/ords/hr/employees/:id

7

Presenter

Presentation Notes

The Collection URI is the entry point to the API, it’s function is to list all the items in the collection and provide an endpoint for creating new resources. It is typically a concrete URI, without any wildcarding/patterning. The Item URI is parameterized/wildcarded, it represents the naming pattern for all Item Resources in the Collection. It’s function is to provide the detail of a resource, along with the means to update and/or delete the resource.


The Verbs

Method Purpose Classification Database Operation

GET Retrieve resource Safe, Idempotent SELECT

PUT Create or replace resource

Idempotent MERGE, UPDATE

DELETE Delete resource Idempotent DELETE

POST Anything. Normally create

Unsafe INSERT

Uniform Verbs for interacting with all resources


• Java JEE mid tier application, e.g., WebLogic, Tomcat, Glassfish

– Also supports “Standalone” mode for development• For input, maps/binds URI to SQL and PL/SQL• For output, transforms results to JSON and other formats

11

Oracle REST Data ServicesHTTP(S) client Oracle Database

SQLMap & BindURI

JSON Transform to JSON SQL Result Set

So How do we Marry this Cool, ‘New’, Hip Thing to the DB?


REST..DB..JSON

https://host/ords/human/peeps/10

SELECT …WHERE EMPLOYEE_ID = :id

Oracle DBBrowser

1. Browser GET request

2. Proxy connect HR, finds peeps SQL block defined

in the schema

ORDS Runs in WLS, Tomcat, or as a standalone process

Oracle REST Data

Services

Anatomy of a RESTful Service Transaction

Presenter

Presentation Notes

New with REST Data services 3.0 it does not require APEX to define your REST Data services. Oracle currently distributes “Oracle APEX Listener”, which will be renamed to Oracle REST Data Services. Delivered with Database 12.1.0.2 Java Based plugin replacement for Apache mod_plsql Formally known as Oracle APEX listener available on OTN Available today on our Database Cloud Schema Service


Oracle REST Data ServicesFlexible architecture

• Standard webserver layout• Implements Java Servlet• Deploys to WLS, Tomcat, Glassfish

• OR Embedded Jetty (standalone)

WLS, Glassfish,Tomcat

ORDS

Apache

Static Files-HTML, CSS, JS

/hr/empJSONBinaryHTML…

HTTP(s) Results

JDBC


And it’s Easy!

I had been looking for a chance to perform a POC, so I proposed I just provide him with a couple of web services. In under a day I had functioning web services in place for him to consume. There’s been refinements to them and new ones developed since then. We are now exploring where else we could leverage this technology.

- customer talking about ORDS


ORDS – How do I get started???Use SQL Developer to install & run. Use Hands On Labs to learn.


Command-Line or GUI Installs


Enable a Schema

• Services are EXECUTED as the USER via ORDS_PUBLIC_USER Proxy Connect

Services are Defined in the Schema


Define/Deploy RESTFul Services: GUI, PL/SQL, or RESTBEGINORDS.ENABLE_SCHEMA(

p_enabled => TRUE,p_schema => 'ORDS_DEMO',p_url_mapping_type => 'BASE_PATH',p_url_mapping_pattern => 'autodemo',p_auto_rest_auth => FALSE);

ORDS.DEFINE_MODULE(p_module_name => 'SPLAT',p_base_path => '/splat/',p_items_per_page => 25,p_status => 'PUBLISHED',p_comments => NULL);

ORDS.DEFINE_TEMPLATE(p_module_name => 'SPLAT',p_pattern => 'types',p_priority => 0,p_etag_type => 'HASH',p_etag_query => NULL,p_comments => NULL);

ORDS.DEFINE_HANDLER(p_module_name => 'SPLAT',p_pattern => 'types',p_method => 'GET',p_source_type => 'json/query',p_items_per_page => 25,p_mimes_allowed => '',p_comments => NULL,p_source =>

'select * from d_types');

COMMIT; END;


Code and No/Low Code RESTful Service Options

No need to know Java Database developers (PLSQL & SQL) get started quickly PL/SQL API GUI/IDE Support (SQL Developer!)


Manual – You Define Modules/URIs/Handlers/the Code


Automatic

Pick the Database objects to PUBLISH TABLEs and VIEWs

GET, POST, PUT, DELETE handlers avail for CRUD Stored Procedures, Functions, Packages (PL/SQL)

POST handler avail for RPC



Auto enablement of RESTful request modules – User Interface

Exposes these operations

• Schema level Metadata

• Table Metadata

• Get ( Select )• Query ( Filtering/Order/ASOF )

• Insert

• Update

• Delete

• Load CSV


Update a Row

24

METHOD : PUT /:PKREQUEST BODY : JSONRESPONSE: 200 OK

• Location (Header)• JSON (Body)

Presenter

Presentation Notes

Perform a GET on the Collection URI to retrieve the resource In ORDS the response is a JSON document with two main elements: items: lists the items in the collection links: provides hyperlinks to help navigate the collection (next) and to identify the URI to use to POST new Items to the Collection


Remote Procedure Call over HTTP(S) via POST

ORDS takes parameters as JSON, executes PL/SQL, grabs output, sends back down as JSON

OUT INTEGER & SYS_REFCURSOR{"total_payroll": 631230,"peeps_numbers": [{"id": 81,"name": "Dummy4","salary": 0,"hire_date": "2017-06-20T13:29:00Z"

},{"id": 65,"name": "Bart","salary": 0,"hire_date": "2017-06-20T13:29:00Z"

},{"id": 79,…

}


Execute PL/SQL TABLE APIExecute, REFCURSOR RETURN


Metadata Catalog

• Catalog of all REST enabled Objects• /ords/<schema>/metadata-catalog/

Show me what’s available for SCHEMA ‘X’

Presenter

Presentation Notes

http://localhost:9999/ords/klrice/objects/emp/?q={%20%22ENAME%22:%20{%22$ne%22:%22SMITH%22}%20} http://localhost:9999/ords/klrice/objects/emp/?q={%22ENAME%22:{%22$instr%22:%22SM%22}} http://localhost:9999/ords/klrice/objects/emp/?q={%22$orderby%22:{%22ENAME%22:%22DES%22}}

http://localhost:8080/ords/demonstration/metadata-catalog/


New for 17.4 - /open-api-catalog/{Swagger}


• Disabled by default• AUTH by user with sql dev priv or via DBcurl -X POST \http://localhost:8080/ords/hr/_/sql \-H 'authorization: Basic SFI6b3JhY2xl’ \-H 'cache-control: no-cache’ \-H 'content-type: application/sql’ \-H 'postman-token: 23a49622-a195-cb76-0606-358f3e371cdd’ \-d 'SELECT first_name, last_name, department_name

FROM hr.employees, hr.departmentswhere employees.department_id = departments.department_id'

Execute SQL via POSTNew for 17.4 - _/sql/


Securing REST APIs

30


ORDS is Flexible - Security

Caveats• Almost all dev/demo/blog is done with security off & with HTTP• Always, always, always secure REST services and run with HTTPS


First Party Authentication• Oracle REST Data Services specific solution• Only available to the author of the API, application must be deployed on

same origin as API• https://example.com/api & https://example.com/app ✓• https://api.example.com & https://app.example.com ✗

• User enters credentials in sign-in form, ORDS issues cookie, cookie is only validated by ORDS if the request is determined to originate from the from the same origin as the REST Service.

32

https://example.com/api

https://example.com/app

https://api.example.com/

https://app.example.com/


About OAuth 2.0• IETF standard for securing access to REST APIs• Comes in two forms:

• Two Legged - For Business to Business, server to server applications• Example: Sync HR data between internal applications

• Three Legged - For Business to Consumer, app to end-user applications• Example: Share subset of HR data with external benefits provider after

employee approves access.• Third party registers client, issued credentials, uses credentials to

acquire access token, uses access token with request to prove authorization

33


External Authentication• Comes in many flavors, for example:

• Oracle Access Manager - SSO cookie at Oracle OHS server level authenticates users stored in Oracle Identity Manager

• ORDS does not perform authentication, just authorization. • Usually relies on HTTP cookies, need to restrict CORS allowed Origins to

avoid CSRF

34

Date post:	09-Mar-2019
Category:	Documents
Upload:	phamdang
View:	223 times
Download:	0 times

Oracle SQL Developer Top 10+ Tips & Tricks Formerly Known as the APEX Listener There have been many...

Documents