Overview
There’s plenty to talk about in this release. However, I’m most excited about the performance improvements, ORDS sample applications, and documentation changes. Read on to get the whole story.
Enhancements
API Performance
REST API responses from either AutoREST or customer based modules could see as much as a 30% improvement in response times.
About a year ago, we introduced (we owe all our progress to Orla though) an internal program to track performance changes/improvements across ORDS APIs quantitatively. I can’t go into too much detail, but here is what I can divulge:
- Although we use K6 for our performance testing, we are not promoting its use over any other available performance testing solution. There are other great tools available (e.g., Artillery, JMeter, and, of course, k6).
- Testing is performed nightly against a 23ai database (installed in a PDB); we also include APEX in these tests.
- For the tests, 250 schemas are created and then populated with various database objects (e.g., Functions, Materialized Views, PLSQL Packages, Sequences, Tables, Triggers, JSON Relational Duality Views, etc.)
- These schemas are then absolutely hammered with Virtual Users. Users perform actions such as auto-REST enabling objects, creating custom Resource Modules, creating JSON Relational Duality Views, interrogating ORDS Metadata, and performing bulk inserts (BATCHLOAD) GETs, POSTs, etc.
- These metrics are what we use to track the ORDS quantitative metrics longitudinally.
So, that’s what we mean by “performance improvements.” Pretty cool, eh?
NOTE: I don't know if that 30% average is mean or median. So, for all you stat nerds, don't ask 🤣!
ORDS Sample applications
We have not one but TWO sample ORDS applications for you 😍!
Flask/Python
The first is a fully contained LiveLabs sandbox workshop, which can be found here. But if you want to remix the code, check out my repo here (everything is heavily commented; hopefully, this will ease your pain).
Node.js/React
Secondly, our development team has created a brand new advanced application. Details are here.
NOTE: We'll continue to iterate and improve on both, so please share with us your feedback!
OAuth2.0 changes
A consolidation and streamlining of the OAUTH and OAUTH_ADMIN PLSQL packages. The details:
- We’ve consolidated those mentioned above into these two new packages:
ORDS_SECURITY
ORDS_SECURITY_ADMIN
- The
OAUTH
andOAUTH_ADMIN
PL/SQL Packages have been deprecated by royal decree. However, they’ll still be included until ORDS version 25.3 (this time next year). - Creating a client and receiving your Client ID and Client Secret is now streamlined, and Client Secrets can now be rotated (by supporting two active Client Secrets while in rotation).
Locating the new PL/SQL Packages:
23ai Boolean
ORDS now returns BOOLEAN types as JSON TRUE|FALSE properties instead of 0|1.
What this looks like in practice with various configurations1:
Oracle Database 23ai + ORDS 24.3
Oracle Database 23ai + ORDS 24.2
Oracle DB 21c Enterprise Edition + ORDS 24.3
1Thank you internet stranger for providing us with this juicy bit of code.
Mong[ooohhh, no, you didn’t?!] DB API
- Support for even more Database Administration commands:
- listIndexes
- dropIndexes, and
- optional parameter expireAfterSeconds (which applies to the createIndexes command)
- The following MongoDB Aggregation Stages are now supported:
- $external
- $lookup
- $sample, and
- $lookup (see docs for details)
- Users may now specify a JSON Schema validator when creating a collection
- You may now create MongoDB API connections without TLS connections (Oracle Database 19c and later) can now be made.
- Users can now set the createIndexes’ “online” option to TRUE to allow DML operations at index creation time.
To-Do: More details will come from the MongoDB API team as they publish new content.
In the meantime, here are some resources I found:
- MongoDB API article from Julian
- Medium article from Hermann
- Oracle blogs from Hermann:
Documentation
Introduced the following new sections:
- 6.2.4 Using OCI Monitoring Service with Oracle REST Data Services
- This new section details the configuration of the recently added
ords-metrics
utility. You can find details on how to set up this monitoring service (to communicate with OCI) here.
- This new section details the configuration of the recently added
- 3.2 Deploying ORDS with Central Configuration Server
- Officially introduced documentation for deploying ORDS using a central configuration server (introduced in the last release notes blog). Docs here.
- Appendix D ORDS Central Configuration OpenAPI
- Along with the updated docs, we’ve included the OpenAPI spec for creating the endpoints required for a central configuration server (and a special video clip of me retrieving the PL/SQL definitions and the OpenAPI spec in Database Actions).
- OpenAPI spec doc here.
Java notes
In our Release Notes, we claim support for the following JDKs:
- Oracle Java 11, 17, or 21
- Oracle GraalVM Enterprise Edition for Java 11
- Oracle GraalVM Enterprise Edition for Java 17
- Oracle GraalVM Enterprise Edition for Java 21
However, this may be confusing regarding Oracle GraalVM Enterprise Editions. You should know that there are currently TWO Oracle GraalVM Enterprise Edition JDKs:
- Oracle GraalVM Enterprise Edition 20
- Oracle GraalVM Enterprise Edition 21
Instead of how we’ve presented, here is another, cleaner presentation of these JDKs:
Oracle GraalVM Enterprise Edition 20 | Oracle GraalVM Enterprise Edition 21 |
---|---|
Linux (x86-64): Java 8, 11 | Linux (x86-64 and aarch64): Java 8, 11, 17 |
macOS (x86-64): Java 8, 11 | macOS (x86-64 only): 8, 11, 17 |
Windows (x86-64): Java 8, 11 | Windows (x86-64 only): 8, 11, 17 |
So when you are choosing your JDK (to use with ORDS), make sure you consider your platform and use cases. Details on using GraalVM with ORDS here.
fin
This concludes the release notes supplement.
This space ⬇️ left intentionally blank.
Follow
And don’t forget to follow, like, subscribe, share, taunt, troll, or stalk me!
Hi
I know it’s not documented but oauth.revoke_token was really handy for revoking individual tokens. Is there anything equivalent in the new method? If not, what’s Oracle’s position on revoking individual tokens?
Thanks
Howdy. I’m not sure if this is the same, but if you take a look at the Spec for ORDS_METADATA.OAUTH and then search for “function revoke_token” or “function revoke_bearer_token” is that what you mean? These were both around Line 655 in the spec. It looks to be the same, but I haven’t tested toyed with it yet.