Skip to Main Content

Oracle Database Discussions

Announcement

For appeals, questions and feedback, please email oracle-forums_moderators_us@oracle.com

ORA-24247: network access denied by access control list (ACL) when makin call through trigger

TomislavJan 25 2024

Hi,

I have a strange problem.

I have a procedure that makes HTTP request to some webservice.

Procedure is marked with PRAGMA AUTONOMOUS TRANSACTION (that shouldn't matter, I tried removing it and still same problem)

parts regarding the HTTP request from the procedure:

utl_http.set_transfer_timeout(l_server_timeout);
utl_http.set_wallet('file:' || l_wallet_path);
http_req := utl_http.begin_request(url          => l_url
                                  ,method       => l_ws_method
                                  ,http_version => 'HTTP/1.1');
UTL_HTTP.SET_AUTHENTICATION_FROM_WALLET(http_req, l_acl_alias);                                  
utl_http.set_header(http_req, 'Content-Type', 'application/json'); 
http_resp:= utl_http.get_response(http_req);                                

And then when I call this procedure from a client (anonymous PL/SQL block) it works as expected.

HTTP request is made to webservice and request is received.

The problem is that when I add call to this procedure to a trigger on a table (idea is that when we process interface record we send status over to sending system over webservice) it fails with error:

ORA-24247: network access denied by access control list (ACL)

To make case as simple as possible.

I created a simple table in the same schema where my procedure is and created a demo trigger on it that calls exactly the same code with same values that works when called from anonymous PL/SQL block.

And it fails.

I tried checking ACLs and they all seem fine:

DBA_HOST_ACLS shows

HOST: server that is part of url being called

LOWER_PORT=UPPER_PORT: port that ws is accessible over (check with telnet from DB server and it works)

DBA_NETWORK_ACL_PRIVILEGES shows for above ACL

PRINCIPAL: schema in which procedure, table and trigger reside

PRIVILEGE: resolve, connect, http

IS_GRANT: true

INVERT: false

Same thing happens if I create a procedure in that same schema and paste this call that works from anonymous code and then call a procedure from same schema. Again it doesn't work.

What am I missing here?

Comments
Post Details
Added on Jan 25 2024
2 comments
53 views