Posts

Showing posts from November, 2014

Logging in without user intervention

For this, I set up an authentication plugin and behind the scenes it's using a web service to check if the client is valid or not. To automate the login process, you need to make use of the sentry function that gets called every time you access a page in the application. This is what the item help says: Enter the name of the PL/SQL function the plug-in can use to perform the session sentry verification. It can reference a function of the anonymous PL/SQL code block, a package function or a stand alone function in the database. For example: check_ldap_session_sentry When referencing a database PL/SQL package or stand alone function, you can use the #OWNER# substitution string to reference the parsing schema of the current application. For example: #OWNER#.check_ldap_session_sentry There is however one caveat with this. It doesn't run on whatever you have defined as the login page (User interface attributes --> Desktop --> Login URL) - which is reasonable enough.

Exposing procedures for URL access with ORDS

Image
I had just been looking at exposing some procedure for URL access, using ORDS. ORDS offers the following configuration properties: security.inclusionList security.exclusionList security.disableDefaultExclusionList security.validationFunctionType security.requestValidationFunction Which you can see on the docs: https://docs.oracle.com/cd/E37099_01/doc.20/e25066/config_file.htm#AELIG7204   If you look at the administrator guide:  https://docs.oracle.com/cd/E37097_01/doc.42/e35129/adm_mg_service_set.htm#AEADM209 it suggests pointing the validation function to: wwv_flow_epg_include_modules.authorize, and modifying the function: wwv_flow_epg_include_mod_local, within the APEX schema to return true or false depending if you want your procedure to be accessible or not. This unwrapped function is effectively called at the end of wwv_flow_epg_include_modules.authorize if none of the apex procedures matched. If you leave the value of security.requestValidationFunction emp