Configuration¶
The configuration of the OData service is in the file <DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/classes/configuration.properties
.
In this file you can modify the following properties:
odataserver.address
: service name. For example, if you change this to/odata-interface.svc
, the URL to access the service will behttps://<denodo-server>:9443/denodo-odata4-service/odata-interface.svc/<database name>/
.odataserver.serviceRoot
(optional): root URI of the service. Set the value of this property if the service is going to be accessed through a gateway, so links within the OData response use this URI as root. For example, if the value of this property ishttps://gw.denodo.com:9000/ODATA/
, a request tohttp://server001:9090/denodo-odata4-service/denodo-odata.svc/movies
will return this URL in the response:https://gw.denodo.com:9000/ODATA/denodo-odata.svc/movies
.server.pageSize
: number of records returned per request. See more about this in the section Pagination section.enable.adminUser
: iffalse
the user accountadmin
(not other administrator accounts) will not be allowed to access this service. This functionality can be used only with Basic authentication, not with Kerberos authentication, nor OAuth.debug.enabled
: iftrue
, the responses to requests with the query parameter?odata-debug=json
will include debugging information, in addition to the data itself.disable.basicAuthentication
: set totrue
to disable HTTP Basic authentication in this service;false
to enable it.disable.kerberosAuthentication
: set totrue
to disable Kerberos authentication in this service;false
to enable it.enable.streaming
: set totrue
to support entity collection streaming;false
to disable it. Default value:true
.timestampTimezone
: time zone to format the datetime values. E.g.America/New_York
(see in this list the possible values for this parameter). If there is no value, the service usesUTC
.
To enable Kerberos authentication in this service, first you need to enable Kerberos authentication for the Denodo server. The section Kerberos Authentication explains how to do it.
disable.oauth2Authentication
: set totrue
to disable OAuth 2.0 authentication in this service.To enable OAuth authentication in this service, first you need to enable OAuth authentication for the Denodo server. The section OAuth Authentication explains how to do it.
forceSpecNullOrdering
: in some RDMBS (such as Oracle), the ordering ofnull
values is performed just in the opposite way as defined in the OData specification, that says thatnull
values must be placed first in anASC
ordination, as well as placed last in aDESC
ordination. Setting this property totrue
forces the ordination to conform the OData specification.
When you enable/disable the authentication mechanisms of this service, you need to leave at least one authentication mechanism enabled.
Restart the Virtual DataPort server for the changes on this file to take effect.
Enabling Kerberos Authentication in the OData Service¶
The OData Service supports Single Sign-On (using the Kerberos protocol). Follow these steps to enable this:
Perform the post-installation tasks described in the section Setting-up Kerberos Authentication of the Installation Guide.
Enable Kerberos in the Virtual DataPort Server, as described in the section Setting-Up the Kerberos Authentication in the Virtual DataPort Server of the Administration Guide.
In the file
<DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/classes/configuration.properties
, set the propertydisable.kerberosAuthentication
tofalse
.
Important
To access the Denodo OData 4.0 Service, use the Fully Qualified Domain Name of the Server Principal Name you
configured in the Virtual DataPort Server. For
example, if your Server Principal Name is
HTTP/denodo-prod.subnet1.contoso.com@CONTOSO.COM
, access the
Denodo OData 4.0 Service with the URL
http://denodo-prod.subnet1.contoso.com:9090/denodo-odata4-service/denodo-odata.svc
or
https://denodo-prod.subnet1.contoso.com:9443/denodo-odata4-service/denodo-odata.svc
.
Enabling Cross-Origin Resource Sharing (CORS)¶
This service supports Cross-origin resource sharing (CORS). The section Cross-origin Resource Sharing (CORS) (settings of published REST web services) explains what CORS is.
To enable the CORS support on the OData Service, follow these steps:
Do the steps of the section Initial Set-Up of CORS (you have done this already if you published a Denodo REST web service with CORS enabled).
Before starting any server of this Denodo installation, edit the file
<DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/web.xml
and add the following at the top of this file.<!DOCTYPE doc [ <!ENTITY cors_settings SYSTEM "cors_settings.xml"> ]>
The file has to end up looking like:
<!DOCTYPE doc [ <!ENTITY cors_settings SYSTEM "cors_settings.xml"> ]> <web-app ...
And add the reference in the filters section:
<!-- ******************* --> <!-- Filters --> <!-- ******************* --> &cors_settings;
Edit the file
cors_settings.xml
of the folder<DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/
.Uncomment the contents of the file.
By default, the value of the property
cors.allowed.origins
is *. With this, the service will allow CORS requests received from any domain.To limit the domains from which CORS requests are allowed, change the value of this property: replace * with the list of allowed URLs (separate each URL by a comma).
For example,
https://foo.com, http://foo.com, https://foo.bar.com
CORS requests from any other origin will be denied with the HTTP code 403 (Forbidden)
Important
For each URL, enter its protocol as well. URLs that not contain the protocol are invalid. E.g. foo.com is invalid.
Restart the Virtual DataPort server to apply the changes.
Supported HTTP Header Methods¶
The supported HTTP header methods in the Denodo OData4 Service are GET
and OPTIONS
. However, OPTIONS
is
disabled by default in the Tomcat web server included in Denodo. Follow these steps to enable it:
Edit the file
<DENODO_HOME>/resources/apache-tomcat/conf/web.xml
and comment or remove the following block:<security-constraint> <web-resource-collection> <web-resource-name>restricted methods</web-resource-name> <url-pattern>/*</url-pattern> <http-method>OPTIONS</http-method> </web-resource-collection> <auth-constraint/> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>restricted methods</web-resource-name> <url-pattern>/*</url-pattern> <http-method-omission>OPTIONS</http-method-omission> </web-resource-collection> </security-constraint>
Edit the file
<DENODO_HOME>/resources/apache-tomcat/webapps/denodo-odata4-service/WEB-INF/cors_settings.xml
. Change the value of thecors.allowed.methods
property toGET, OPTIONS
instead of the originalGET, POST, PUT, DELETE, HEAD, OPTIONS
. Like this:<param-value>GET, OPTIONS</param-value>