APEX
Thursday, 13. October 2022., 12:25
Hall B
45'
When designing and creating Restful services we should start with security in mind.That should definitely not stop at creating a client-ID and client-Secret. Sure they are the first hurdle in strengthening your services.Oracle APEX offers role-based authorisation on components. You can hide and prevent certain components from being displayed or executed.This functionality can (and should) also be applied to ORDS services.This session explains and shows best-practices when publishing with security and authorisation in mind:- Securing through OAUTH2- Create Rest-clients through APEX pages within an application- Role based authorisation within a Restful service. Some clients are allowed to only select, others should be able to do insert, updates or deletes. The technique described will also allow fine-grained authorisation on what a client gets to see. Some clients are allowed to see more data (columns) than others.- Some glimpse and short demos consuming the described services to show the technique