Web Services Oracle APEX_WEB_服务MAKE_REST请求引发ORA-29273和ORA-24247

y0u0uwnf  于 2022-11-15  发布在  Oracle
关注(0)|答案(1)|浏览(228)

我正在处理Oracle Database 12 c企业版12.2.0.1.0版-64位生产,我需要开发一个访问API的存储过程,我必须检索端点

https://api.my.host:8443/rest/ec/617643

我已经设置了oracle Wallet并添加了证书,如下所示:

orapki wallet create -wallet /home/oracle/walletapi -pwd walletapi2022 -auto_login
orapki wallet add -wallet /home/oracle/walletapi -trusted_cert -cert /tmp/api.my.host.cer -pwd walletapi2022

我已设置ACE

DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
    host => 'api.my.host'
    ,lower_port => 8443
    ,upper_port => 8443
    ,ace => XS$ACE_TYPE(
                        privilege_list => XS$NAME_LIST('http')
                        ,principal_name => 'MYUSER'
                        ,principal_type => XS_ACL.ptype_db
                    )
);
DBMS_NETWORK_ACL_ADMIN.APPEND_WALLET_ACE (
    wallet_path    => 'file:/home/oracle/walletapi'
    ,ace            => XS$ACE_TYPE(
                        privilege_list => XS$NAME_LIST('use_client_certificates', 'use_passwords')
                        ,principal_name => 'MYUSER'
                        ,principal_type => XS_ACL.ptype_db
                    ));

文献
在我的商店里试试这个

... 
l_clob := APEX_WEB_SERVICE.make_rest_request(
               p_url         => 'https://api.my.host:8443/rest/ec/617643'
               ,p_http_method => 'GET'
               ,p_wallet_path => 'file:/home/oracle/walletapi'
               ,p_wallet_pwd  => 'walletapi2022'
);
...

文件
并引发此错误

ORA-29273: HTTP request failed
ORA-06512: at "APEX_210200.WWV_FLOW_WEB_SERVICES", line 1182
ORA-06512: at "APEX_210200.WWV_FLOW_WEB_SERVICES", line 782
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1127
ORA-06512: at "APEX_210200.WWV_FLOW_WEB_SERVICES", line 756
ORA-06512: at "APEX_210200.WWV_FLOW_WEB_SERVICES", line 1023
ORA-06512: at "APEX_210200.WWV_FLOW_WEB_SERVICES", line 1371
ORA-06512: at "APEX_210200.WWV_FLOW_WEBSERVICES_API", line 626
ORA-06512: at line 6
cgvd09ve

cgvd09ve1#

应用CREATE_ACLASSIGN_ACL的解决方案只会更改DBA_NETWORK_ACLSDBA_NETWORK_ACL_PRIVILEGES视图中ACL列的值。
回顾这个问题,我注意到这个错误是针对“APEX_210222”的,这是在Apex安装期间创建的模式之一。
我试过了

DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
    host => 'api.my.host'
    ,lower_port => 8443
    ,upper_port => 8443
    ,ace => XS$ACE_TYPE(
                    privilege_list => XS$NAME_LIST('http')
                    ,principal_name => 'APEX_210222'
                    ,principal_type => XS_ACL.ptype_db
                )

并且web_service_request现在可以正常工作。

相关问题