To protect the DAD in Oracle WebServer 3.x:
1. Connect to the Oracle Web Application Server Administration page.
2. Choose the Oracle Web Application Server link.
3. Choose the Authorization Server link.
4. Select either the Basic, Digest, or Database authentication scheme by choosing the appropriate link.
Basic authentication allows you to assign passwords to users, assign users to groups, and define sets of users and groups, called "realms." You can then assign the users, groups, and realms to specific files and directories, requiring requestors to provide a username and password to gain access. Basic authentication sends unencrypted passwords across the network, making this method subject to subversion. Basic authentication is not recommended when security is critical.
Digest authentication is the same as basic authentication except that it sends passwords encrypted across the network in the form of a cryptographic checksum, also called a "digest." You should use this scheme whenever authentication is required, although some older web browsers may not support it.
Database authentication allows you to authenticate the username and password pair against a database by using the username and password to logon to an Oracle RDBMS. The realm of database authentication consists of two parts: a Database Access Descriptor (DAD) and optionally a database role. The DAD identifies the database to check against. The username and password, if available in the DAD, is ignored. The database role allows that only a subset of database users (those who have the privilege to assume the role) be authenticated.
5. If you select either Basic or Digest authentication, enter usernames and passwords for your users, assign your users to a group, then assign the group to a realm for your authentication method.
If you select Database authentication, assign groups to a realm, then for each group, specify the DAD to check against, and optionally specify the roles to be authenticated.
6. Choose Modify to save your changes.
7. Navigate back to the Oracle Web Application Server Administration page.
8. Choose Cartridge Administration, then Cartridge Summary (Web Request Broker).
9. Choose the Protection link in the frame on the left side of the page to go to the Protecting Applications section.
10. Enter the following values in these fields to protect your realm:
Virtual Path Scheme Realm
<virtual_path> <Basic/Digest/ <realm_name>
Basic_Oracle>
<virtual_path> represents the virtual path of the PL/SQL cartridge's shared files, as defined in the Applications and Directories section of the Web Request Broker Administration page. Specify the scheme as either Basic, Digest, or Basic_Oracle (for the Database scheme). <realm_name> represents the realm name that you specified in Step 5.
11. Choose Modify WRB Configuration to save your changes.
12. Restart the listener.
See Also
Viewing Notifications from a Web Browser
