ORDS 2.0.6
APEX 4.2.6
Glassfish 3.1.2
Oracle 11gXE
I have a hardware device (basically a web cam) that has the ability to POST images via HTTP requests. As far as authorization, the camera only supports Basic.
The camera's initial request includes the following header:
Expect: 100-continue
Using wireshark, I have determined that ORDS automatically responds with 100. At this point, the camera continues with POSTing the photo and my web service handler is called.
Here's where I'm stuck. The camera will not send the Authorization header unless I respond with status 401 and some other headers (see RFC#2617 if curious). I have attempted to do so within my web service (setting X-APEX-STATUS-CODE as well as using htp.prn to send the additional WWW-Authenticate header, but the camera will not send the Authorization header at that point.
Sequence of events:
- Camera POSTs to https://..../my/web/service. The request includes "Expect: 100-continue"
- ORDS responds with 100
- Camera resumes POST
- My web service is called. I return 401.
- No additional response from camera
I think what I need is to stop ORDS from sending 100 prematurely, or to make ORDS send 401 and allow my web service to handle authorization (since ORDS does not allow Basic auth).
- Camera POSTs to https://..../my/web/service. The request includes "Expect: 100-continue"
- ORDS does not interfere, and passes the request to my web service
- My web service is called. I return 401
- Camera responds with new request including Authorization header.
- My web service is called. I return the expected 100, and eventually 201 when the resource is created (when I consume the photo).
The question is how can I accomplish that? Can ORDS handle basic auth? Is there a way to make it not respond with 100 so that I may interject a 401 first?
Thank you,
-Kris
Message was edited by: krissco - typo 401 not 405.