Skip to Main Content

ORDS, SODA & JSON in the Database

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Apex tomcat too many redirection error

CaglarFeb 9 2025 — edited 3 days ago

Hello,

I build a website with Apex. I get the following error. What do you recommend? I use cloudflare in order to redirect the page to apex home page. In addition, no login need to use the website. Thanks for your support.

Apex: 24.2.0

ORDS: Oracle REST Data Services 24.3.1.r3061450

Tomcat: 9

Problems found:

  • Too many redirects. Please try to reduce your number of redirects for https://fonanalizim.com. Actually you use 19 Redirects. Ideally you should not use more than 3 Redirects in a redirect chain. More than 3 redirections will produce unnecessary load on your server and reduces speed, which ends up in bad user experience.
  • You use 301 and 302 redirect at the same time. This might be confusing for search engine. Generally, please do not use 301 and 302 redirects at the same time.
  • You use a 302 redirect. This means, that the actually content is temporary not reachable and will come back soon. To use a 302 redirection for generally moved pages is a bad idea. Search engine bot might not follow it or handle it as temporary. For SEO this is also a bad idea, because no link juice will be transferred to the linked page.
This post has been answered by jariola on Feb 10 2025
Jump to Answer

Comments

thatJeffSmith-Oracle Feb 13 2025

Your ENTRA users will get authenticated via JSON Web Tokens, and their Entra roles will determine which ORDS REST APIs they can hit.

When they hit an endpoint, it'll execute code in the database as the database user that owns the schema where the REST API is defined, not as Entra defiend end user. In fact, the Entra users won't have accounts in the database (they could, but wont' need to).

The :current_user field as far as ords is concerned would be the corresponding oauth2 client or JWT issued for the authorizied session.

Your prehook should be able to alter the session to set the context that would put your RLS/VPD security policy in play.

1 - 1

Post Details

Added on Feb 9 2025
10 comments
156 views