Skip to content

mod_owa and custom authentication

February 16, 2010
tags:

If you need to move from OWS (oracle web server using mod_plsql module)  to Apache http web server with mod_owa then there are some modifications required for basic authentication handled in a custom way.

In OHS we have the entry :

PlsqlAuthenticationMode CustomOwa

When we state “CustomOwa” -> This triggers the function named owa_custom.authorize in the user’s schema, or, if not found, in the OWA package schema.
For Mod_owa this is :

OwaAuth€€OWA_CUSTOM€€PACKAGE

If present, this signals mod_owa to build <package_name>.AUTHORIZE as the authorization code.

The difference is that in the authorize method you need to send the challenge for basic authentication back from authorize function itself in case of mod_owa module is used. (This is not the case of OHS). From the mod_owa documentation:

Users moving from OWS may find that their user authentication code doesn&apos;t work without some modification, because fundamentally mod_owa is an Apache driver for the OWA, not a replacement for OWS. In particular, the functions in OWA_SEC are not fully supported. The function OWA_SEC.SET_AUTHORIZATION_SCHEME is irrelevant; mod_owa passes all requests to your PL/SQL code and expects you to perform any necessary authentication operations. If you are using Basic authentication, you need to arrange for a challenge to be sent to browsers that haven&apos;t logged into your site; this can be done from your AUTHORIZE function or directly from each procedure, under conditions you determine.

The sample code to send back the challenge from the authorize function is as follows:

if (OWA.USER_ID is null) then      — Case where no username is present (first time from this client?)      — Basic challenge is issued by mod_owa in OWS-compatible mode      OWA_SEC.SET_PROTECTION_REALM(‘mod_owa’);      return(FALSE);

The option of using Basic Authentication in Apache along with custom login procedure code is only possible if we use an externally hosted module named mod_auth_external (not a built in apache module) – the built in modules of apache do not have this functionality. – they only have authentication from db,ldap or flat file.

Advertisements
4 Comments leave one →
  1. Radim Kolek permalink
    April 14, 2010 7:45 pm

    Dear techzen,

    I’m trying to figure out how the mod_owa works in reality, but unfortunately the site with mod_owa apache library is down at the moment (http://www.sharemation.com/~dmcmahon/modowa.htm). I would like to ask if there is another source where to get this piece of code. Or maybe you can send it to me via email just for testing purpose ? I’m running and apache 2 instance on Ubuntu linux platform.

    Thanks for your time and understanding.

    Have a nice day.

    • techzen permalink*
      April 20, 2010 9:55 am

      Hello Radim,

      Please check, the site is up now, in case you are not able to see it – it could be possibly be because of your Internet Service provider issue or proxy settings?.

  2. May 5, 2010 11:58 pm

    Hi There, the mentioned above http://www.sharemation.com/~dmcmahon/modowa.htm

    seems to be down again. I have been trying for a few days but it does not work.

    I would really like to use mod_owa with Oracle XE instead of dbms-epg.

    Darragh

  3. May 12, 2010 9:18 pm

    The project’s website appears to have moved to http://oss.oracle.com/projects/mod_owa/dist/documentation/modowa.htm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: