在 oracle apex 中禁用安全验证 SSL
Disable security verify SSL in oracle apex
我正在使用 Oracle Application Express 11g。
为了保护 RESTful services 我想为它创建 Third Party Authentication。
为了注册我的第三方用户,我需要访问此 url : https://server:port/ords/resteasy/ui/oauth2/clients/ 因为我每次遇到此错误时都没有 SSL(输入 url在 http) :
403-Forbidden
- This resource must be accessed over HTTPS only
问题是:如何在 apex 中禁用 "security verify SSL",以便我再也不会遇到此错误。
注意在其他页面中没有这样的错误,因为我没有被迫使用 https,我在进入 url 时收到此错误在 http.
https://docs.oracle.com/cd/E37099_01/doc.20/e25066/install.htm#AELIG7183
1.4.5 Using OAuth2 in Non HTTPS Environments
RESTful Services can be protected with the OAuth2 protocol to control access to nonpublic data. To prevent data snooping, OAuth2 requires all requests involved in the OAuth2 authentication process to be transported using HTTPS. The default behavior of Oracle REST Data Services is to verify that all OAuth2 related requests have been received using HTTPS. It will refuse to service any such requests received over HTTP, returning an HTTP status code of 403 Forbidden.
This default behavior can be disabled in environments where HTTPS is not available as follows:
Locate the folder where the Oracle REST Data Services configuration is stored.
Edit the file named defaults.xml.
Add the following setting to the end of this file just before the </properties> tag.
<entry key="security.verifySSL">false</entry>
Save the file.
Restart Oracle REST Data Services if it is running.
Note that it is only appropriate to use this setting in development or test environments. It is never appropriate to use this setting in production environments because it will result in user credentials being passed in clear text.
我正在使用 Oracle Application Express 11g。
为了保护 RESTful services 我想为它创建 Third Party Authentication。
为了注册我的第三方用户,我需要访问此 url : https://server:port/ords/resteasy/ui/oauth2/clients/ 因为我每次遇到此错误时都没有 SSL(输入 url在 http) :
403-Forbidden
- This resource must be accessed over HTTPS only
问题是:如何在 apex 中禁用 "security verify SSL",以便我再也不会遇到此错误。
注意在其他页面中没有这样的错误,因为我没有被迫使用 https,我在进入 url 时收到此错误在 http.
https://docs.oracle.com/cd/E37099_01/doc.20/e25066/install.htm#AELIG7183
1.4.5 Using OAuth2 in Non HTTPS Environments
RESTful Services can be protected with the OAuth2 protocol to control access to nonpublic data. To prevent data snooping, OAuth2 requires all requests involved in the OAuth2 authentication process to be transported using HTTPS. The default behavior of Oracle REST Data Services is to verify that all OAuth2 related requests have been received using HTTPS. It will refuse to service any such requests received over HTTP, returning an HTTP status code of 403 Forbidden.
This default behavior can be disabled in environments where HTTPS is not available as follows:
Locate the folder where the Oracle REST Data Services configuration is stored.
Edit the file named
defaults.xml.Add the following setting to the end of this file just before the
</properties>tag.<entry key="security.verifySSL">false</entry>Save the file.
Restart Oracle REST Data Services if it is running.
Note that it is only appropriate to use this setting in development or test environments. It is never appropriate to use this setting in production environments because it will result in user credentials being passed in clear text.