oracle - oracle 19c apex 19.1 openid 连接配置错误 ORA-24247: 网络访问被访问控制列表 (ACL) 拒绝
问题描述
我通过选择Access Control Enable role-based user authorization功能创建了一个新应用程序是 APEX 19.1。默认的身份验证方案Application Express Authentication工作得很好。但是当我将其更改为 OpenID Connect 并运行该应用程序时,出现以下错误
- ora_sqlerrm: ORA-29273: HTTP request failed
ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 1283
ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 924
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1148
ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 902
ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 1136
ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 1473
ORA-06512: at "APEX_190200.WWV_FLOW_WEBSERVICES_API", line 416
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_SOCIAL", line 79
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_SOCIAL", line 145
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_SOCIAL", line 244
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_NATIVE", line 485
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_NATIVE", line 1256
ORA-06512: at "APEX_190200.WWV_FLOW_PLUGIN", line 2840
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION", line 1970
这是错误回溯
- error_backtrace: ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 1283
ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 924
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1148
ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 902
ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 1136
ORA-06512: at "APEX_190200.WWV_FLOW_WEB_SERVICES", line 1473
ORA-06512: at "APEX_190200.WWV_FLOW_WEBSERVICES_API", line 416
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_SOCIAL", line 79
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_SOCIAL", line 145
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_SOCIAL", line 244
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_NATIVE", line 485
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION_NATIVE", line 1256
ORA-06512: at "APEX_190200.WWV_FLOW_PLUGIN", line 2840
ORA-06512: at "APEX_190200.WWV_FLOW_AUTHENTICATION", line 1970
ORA-06512: at "APEX_190200.WWV_FLOW", line 4058
我尝试了以下方法来解决错误
BEGIN
DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
host => '*',
ace => xs$ace_type(privilege_list => xs$name_list('connect'),
principal_name => 'apex_db_user',
principal_type => xs_acl.ptype_db));
END;
/
该声明确实继续,但我得到了同样的错误。
然后我想可能是因为我没有使用 SSL。所以我更改了 default.xml 文件并添加了以下条目
<entry key="security.verifySSL">false</entry>
我是 APEX 的新手,所以可能我遗漏了一些东西。功能Access Control Enable role-based user authorization够不够?
解决方案
这是 Oracle 中的一个安全主题,默认情况下关闭模式的所有网络权限。
使用 sys 作为 sysdba 帐户,执行以下代码。不要忘记更改架构名称和域。
-- Execute as sysdba
DECLARE
l_acl VARCHAR2(100) := 'aclname.xml';
l_desc VARCHAR2(100) := 'description';
l_principal VARCHAR2(30) := 'APEX_SCHEMANAME'; -- UPPERCASE if applies
l_host VARCHAR2(100) := 'yourdomain.com'; --hostname to reach
BEGIN
-- Connection rights
dbms_network_acl_admin.create_acl(l_acl, l_desc, l_principal, TRUE, 'connect');
-- DNS resolution privilege
dbms_network_acl_admin.add_privilege(l_acl, l_principal, TRUE, 'resolve');
dbms_network_acl_admin.assign_acl(l_acl, l_host);
COMMIT;
END;
您可以知道执行下一个查询的架构名称。
SELECT TABLE_OWNER FROM all_synonyms
WHERE SYNONYM_NAME = 'WWV_FLOW' and OWNER = 'PUBLIC'
推荐阅读
- php - 提交表格以填写最近的 ID 行 [MySQL]
- powershell - powershell脚本根据文件名的开头删除文件
- reactive-programming - 在 Spring Boot 中对加盖的 mongodb 集合进行排序
- go - Bazel **BUILD**文件中的`importmap`和`importpath`有什么区别
- css - 在html中模拟latex \underbracket(即在句子的特定部分下方写文字)
- jquery - Bootsrap jquery Dropdown - 如何在内容区域中显示数据值
- apache-kafka - 带有 min.insync.replicas 的 NotEnoughReplicasException 的意外行为
- http - 谁负责 OSI 中的表示层和会话层?
- webpack - 如何在 Nextjs 中使用 Workbox 实现自定义 Service Worker
- symfony - Sylius:如何使用自定义控制器创建我自己的自定义资源而不会出现“无法自动装配”异常?