Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
APEX Behind the
Scenes
Scott Spendolini
President & Co-Founder
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Welcome
2
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ABOUT THE PRESENTER
• Scott Spendol...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ABOUT SUMNEVA
4
• Specializing in O...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AGENDA
• Overview
• Primer
• Behind...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Overview
6
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
OVERVIEW
7
• APEX is an amazing dev...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
• APEX is not magic
• There’s a met...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
KISS: KEEP IT SIMPLE, STUPID!
• For...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Primer
10
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PRIMER
11
• Before we begin, let’s ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Terminology
12
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
TERMINOLOGY
13
• Much of APEX’s int...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
TERMINOLOGY
14
Legacy Name Modern N...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
HTML Form Basics
15
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
HTML FORM BASICS
16
• HTML Forms ar...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
• Each HTML Form has to have a form...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
HTML FORM BASICS
• All HTML forms s...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET VS. POST
19
• All HTTP & HTTPS ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET
• Typically involves passing pa...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
POST
• When a web page “sends” form...
D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET vs. P...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_flow Overview
23
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
QUESTION
24
• What does “WWV” stand...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW
25
• wwv_flow is essentiall...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
BASIC HTML FORM
26
<form action="fo...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX HTML FORM
27
<form action="wwv...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT
• PL/SQL package.pr...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX_040000 SCHEMA
• A lot can be l...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX
Behind the Scenes
30
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
The f Procedure
31
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
THE f PROCEDURE
32
• Let’s start by...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
THE f PROCEDURE
• The string 181:1 ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
THE f PROCEDURE
• The f procedure w...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_flow.show
35
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW
36
• Procedure that h...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
• p_flow_id...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
• p_debug
...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
• p_arg_na...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
• p_trace
...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SAME THING
41
http://localhost/apex...
D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_flow.s...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Rendering
43
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE RENDERING
• APEX will render a...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS Parameters
45
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS PARAMETERS
• National Language ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS PARAMETERS
• Some NLS settings ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS PARAMETERS
• Built-in NLS setti...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
MANUALLY SETTING NLS PARAMETERS
• F...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
MANUALLY SETTING NLS PARAMETERS
50
...
D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS Param...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Session Management
52
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
• After NLS Para...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
• Debug log of an unauthenticated s...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
55
• By default,...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
• When a session...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
57
D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Session N...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE SENTRY & SESSION VERIFY
59
• A...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
60
Page Sentry
F...
D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Sent...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Authentication
62
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• What happen...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Since we ar...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Components
65
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET USERNAME COOKIE PROCESS
• Proce...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGIN_USERNAME_COOKIE
67
Username
H...
D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX User...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
DISPLAY REGIONS
69
• After attempti...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Processing
70
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE PROCESSING
• APEX will process...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE PROCESSING
• Let’s enter our u...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE PROCESSING
• When the Login bu...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
DISPLAY FORM DETAILS
74
APP_ID
APP_...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_flow.accept
75
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT
76
• Procedure that...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_requ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_inst...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_flow_...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_comp...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_flow_...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_arg_...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_arg_...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_t01 ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_v01 ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• f01 .....
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• x01 .....
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_debu...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_trac...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Item Mapping
90
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEMS
91
• APEX Page Items are name...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEM MAPPING
• Each APEX page item ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEM MAPPING
• p_arg_names values w...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEM MAPPING
• The ID of an input e...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Validations, Computations
& Process...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
VALIDATIONS, COMPUTATIONS & PROCESS...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SET USERNAME COOKIE
• Sets the LOGI...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGIN
• APEX API Call to the standa...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Authentication Schemes
99
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• APEX can us...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Regardless ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Pre-Authent...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Authenticat...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Post-Authen...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
105
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_CUSTOM-F COOKIE
• Upon successf...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
BREAKING IT DOWN
107
wwv_flow_sessio...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
CLEAR PAGE CACHE
• Clears the page ...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Logging Out
109
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
110
• There’s several w...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
• Close the Browser Tab...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
• APEX automatically sc...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
• The Logout URL is spe...
D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Logging O...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Summary
115
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SUMMARY
116
• There are a LOT of th...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
DOWNLOAD
• This and all other Sumne...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
FEEDBACK
• To provide feedback on t...
http://sumneva.com
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com119
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_acce...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• The ne...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_list...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_map1...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• The ne...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_md5_...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_page...
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• The la...
Upcoming SlideShare
Loading in …5
×

APEX Behind the Scenes by Scott Spendolini

2,425 views

Published on

Published in: Technology
  • Be the first to comment

APEX Behind the Scenes by Scott Spendolini

  1. 1. APEX Behind the Scenes Scott Spendolini President & Co-Founder
  2. 2. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Welcome 2
  3. 3. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com ABOUT THE PRESENTER • Scott Spendolini • scott@sumneva.com • @sspendol • Ex-Oracle Employee of 10 years • Senior Product Manager for Oracle APEX from 2002 through 2005 • Founded Sumner Technologies in October 2005 • Co-Founded Sumneva in January 2010 • Oracle Ace Director • Co-Author, Pro Oracle Application Express • “Scott” on OTN Forums 3
  4. 4. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com ABOUT SUMNEVA 4 • Specializing in Oracle Application Express • Training • Instructor Led On-Site or Online • Private & Public • Consulting • Anything APEX-related • Solutions/Products • sumnevaSERT • sumnevaFramework
  5. 5. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com AGENDA • Overview • Primer • Behind the Scenes • Summary 5
  6. 6. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Overview 6
  7. 7. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com OVERVIEW 7 • APEX is an amazing development environment • Few others are as fast & as robust • But, do you really know what happens once you click submit?
  8. 8. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com • APEX is not magic • There’s a method to everything that goes on • Most of which is more basic than you may think • We’ll dispel some of the “magic” today, so that you truly understand how this amazing technology works BEHIND THE CURTAIN 8
  9. 9. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com KISS: KEEP IT SIMPLE, STUPID! • For this session, we’re going to focus on the internals of APEX, not the complexity of the application • This, our example will be extremely simple • 2 Pages • Login Page • Blank Page 9
  10. 10. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Primer 10
  11. 11. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com PRIMER 11 • Before we begin, let’s review a couple of basic concepts • Terminology • HTML Form Basics • wwv_flow Overview
  12. 12. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Terminology 12
  13. 13. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com TERMINOLOGY 13 • Much of APEX’s internal APIs and variables still use the older names • Most of which is based on Oracle Flows terminology • Subsequent versions of APEX include APIs & variables that start with the APEX_ prefix • Thus, to understand the internals of APEX, you need to be able to map legacy term to modern ones
  14. 14. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com TERMINOLOGY 14 Legacy Name Modern Name Company Workspace Flow Application Step Page Plug Region Instance Session Request Request Debug Debug
  15. 15. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com HTML Form Basics 15
  16. 16. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com HTML FORM BASICS 16 • HTML Forms are used to pass data to a server • Used by all web pages on the internet • Regardless of the underlying technology • Forms contain items which are passed as parameters to the form action • Text Field • Radio Group • Select List • And so on...
  17. 17. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com • Each HTML Form has to have a form tag and a way to submit it • Can optionally have input tags; most have several • The form tag will have the following attributes: • Name • Action • Method • ID HTML FORM BASICS 17
  18. 18. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com HTML FORM BASICS • All HTML forms start like this: 18 <form action="form_action.asp" method="post" name="my_form" id="myForm"> Procedure Name HTTP Method Form Name Form ID
  19. 19. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com GET VS. POST 19 • All HTTP & HTTPS transactions for every web site ever fall into one of two categories: • GET • POST
  20. 20. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com GET • Typically involves passing parameters over the URL to a procedure • More “usable” than POST • Can be: • Bookmarked • Cached • Remain in browser history • Distributed & shared • Hacked • In APEX-speak, this is also known as Page Rendering and handled by wwv_flow.show 20
  21. 21. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com POST • When a web page “sends” form data to the server directly • Using the attributes of the form to determine which server process to execute • Item names will also map to the form process’s input parameters • Typically used to change or update data on the server • Thus, POST requests are never cached • In APEX-speak, this is also known as Page Processing and handled by wwv_flow.accept 21
  22. 22. D E M O N S T R A T I O N Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com GET vs. POST 22
  23. 23. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com wwv_flow Overview 23
  24. 24. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com QUESTION 24 • What does “WWV” stand for? WebView
  25. 25. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW 25 • wwv_flow is essentially APEX • Contains many global variables, as well as several functions & procedures • Some of which you can use, other which are internal only • We’ll focus on just a couple of them: • accept • show
  26. 26. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com BASIC HTML FORM 26 <form action="form_action.asp" method="post" name="my_form" id="myForm"> Procedure Name HTTP Method Form Name Form ID
  27. 27. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com APEX HTML FORM 27 <form action="wwv_flow.accept" method="post" name="wwv_flow" id="wwvFlowForm"> Procedure Name HTTP Method Form Name Form ID
  28. 28. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT • PL/SQL package.procedure that APEX calls when POSTing pages • Called for every APEX page that’s submitted • Contains a number of parameters which are populated based on a combination of system-defined variables and what the user enters into the form items 28
  29. 29. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com APEX_040000 SCHEMA • A lot can be learned about the internals of APEX by browsing the APEX_040000 schema • However, NEVER, EVER, EVER make any changes to anything here! • If you want to explore this schema, its best done on an isolated, private instance of APEX • Oracle XE • VMWare/Virtual Box/etc. 29
  30. 30. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com APEX Behind the Scenes 30
  31. 31. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com The f Procedure 31
  32. 32. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com THE f PROCEDURE 32 • Let’s start by navigating to our URL: • http://localhost:8080/apex/f?p=181:1
  33. 33. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com THE f PROCEDURE • The string 181:1 is passed to the p parameter of the f procedure 33 PROCEDURE f Argument Name Type In/Out Default? ------------------------------ ----------------------- P VARCHAR2 IN DEFAULT P_SEP VARCHAR2 IN DEFAULT P_TRACE VARCHAR2 IN DEFAULT C VARCHAR2 IN DEFAULT PG_MIN_ROW VARCHAR2 IN DEFAULT PG_MAX_ROWS VARCHAR2 IN DEFAULT PG_ROWS_FETCHED VARCHAR2 IN DEFAULT FSP_REGION_ID VARCHAR2 IN DEFAULT SUCCESS_MSG VARCHAR2 IN DEFAULT NOTIFICATION_MSG VARCHAR2 IN DEFAULT CS VARCHAR2 IN DEFAULT S VARCHAR2 IN DEFAULT TZ VARCHAR2 IN DEFAULT P_LANG VARCHAR2 IN DEFAULT P_TERRITORY VARCHAR2 IN DEFAULT 181:1
  34. 34. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com THE f PROCEDURE • The f procedure will then tokenize the p parameter into its component parts and call the wwv_flow.show procedure 34 PROCEDURE SHOW Argument Name Type In/Out Default? -------------------------------------------------------------- P_REQUEST VARCHAR2 IN DEFAULT P_INSTANCE VARCHAR2 IN DEFAULT P_FLOW_ID VARCHAR2 IN DEFAULT P_FLOW_STEP_ID VARCHAR2 IN DEFAULT P_DEBUG VARCHAR2 IN DEFAULT P_ARG_NAMES TABLE OF VARCHAR2(32767) IN DEFAULT P_ARG_VALUES TABLE OF VARCHAR2(32767) IN DEFAULT P_CLEAR_CACHE TABLE OF VARCHAR2(32767) IN DEFAULT P_BOX_BORDER VARCHAR2 IN DEFAULT P_PRINTER_FRIENDLY VARCHAR2 IN DEFAULT P_TRACE VARCHAR2 IN DEFAULT P_COMPANY NUMBER IN DEFAULT P_MD5_CHECKSUM VARCHAR2 IN DEFAULT P_LAST_BUTTON_PRESSED VARCHAR2 IN DEFAULT P_ARG_NAME VARCHAR2 IN DEFAULT P_ARG_VALUE VARCHAR2 IN DEFAULT 181 1
  35. 35. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com wwv_flow.show 35
  36. 36. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.SHOW 36 • Procedure that handles all APEX page rendering or GETs • Called most often by the f?p procedure in the URL • Also used in Ajax transactions • The f procedure will decompose p= to its component parameters and then call wwv_flow.show
  37. 37. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.SHOW PARAMETERS • p_flow_id • Application ID • p_flow_step_id • Page ID • p_instance • Session ID • p_request • Request 37
  38. 38. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.SHOW PARAMETERS • p_debug • Debug Mode • “YES” to enable;“NO” or NULL to disable • p_clear_cache • Clear Cache & Reset Pagination 38
  39. 39. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.SHOW PARAMETERS • p_arg_names • p_arg_name used when passing a single item • p_arg_values • p_arg_value used when passing a single value • p_printer_friendly • Printer Friendly mode • “YES” to enable;“NO” or NULL to disable 39
  40. 40. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.SHOW PARAMETERS • p_trace • When passed “YES”,APEX will generate a SQL trace file based on the current page view • Done in the background so that it does not slow down processing • A SQL trace file will be generated in $ORACLE_BASE/ admin/SID/udump • The SQL trace file can then be analyzed with TKPROF, Profiler, SQL Developer or any number of other tools • Note:You will need filesystem access to get to the trace file; thus you may need to seek help from your DBA/system admin 40
  41. 41. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com SAME THING 41 http://localhost/apex/wwv_flow.show? p_flow_id=181 &p_flow_step_id=2 &p_instance=292381000 &p_arg_names=P2_EMPNO &p_arg_values=7499 http://localhost/apex/f? p=181:2:292381000::::P2_EMPNO:7499
  42. 42. D E M O N S T R A T I O N Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com wwv_flow.show 42
  43. 43. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Page Rendering 43
  44. 44. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com PAGE RENDERING • APEX will render a page first by display/render position • Multiple components within the same display/render position can be sequenced accordingly • At any point, any component can be conditional and may or may not render 44
  45. 45. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com NLS Parameters 45
  46. 46. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com NLS PARAMETERS • National Language Settings (NLS) parameters must be set for each and every page view • Seems inefficient, but there is no way to guarantee that an APEX session will be linked to the same database session from page view to page view • Thus, we need to set these each and every time 46
  47. 47. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com NLS PARAMETERS • Some NLS settings can be managed from within an APEX application • Shared Components > Globalization • All can be set from the value of an APEX item • Allowing for flexibility between users of the same application 47
  48. 48. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com NLS PARAMETERS • Built-in NLS settings will show up in the APEX Debug mode report at the very top of the report • If needed, you can also manually set additional NLS Parameters 48
  49. 49. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com MANUALLY SETTING NLS PARAMETERS • For those not available in the Globalization options, you will need to manually set them via: • VPD Context • Part of the Authentication Scheme • Application Computation • Before Header • Application Process • Before Header 49 EXECUTE IMMEDIATE 'alter session set nls_date_format=''mm/dd/yyyy'' ';
  50. 50. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com MANUALLY SETTING NLS PARAMETERS 50 VPD Context Computation Process
  51. 51. D E M O N S T R A T I O N Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com NLS Parameters 51
  52. 52. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Session Management 52
  53. 53. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com SESSION MANAGEMENT • After NLS Parameters are set,APEX checks to see if you are logged in or not • APEX will also check to see if you are also logged in a developer in the same workspace as the application which you are running • If so, then you will also see the developer’s toolbar: 53
  54. 54. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com • Debug log of an unauthenticated session vs. an authenticated session SESSION MANAGEMENT 54 Unauthenticated Session Authenticated Session
  55. 55. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com SESSION MANAGEMENT 55 • By default, this functionality is built in to APEX and does not need to be enabled • You can override APEX’s session management, but you better know what you are doing! • If you choose to implement your own Page Session Management, it is controlled via either the Page Sentry Function or Session Verify Function in the Authorization Scheme
  56. 56. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com SESSION MANAGEMENT • When a session is not valid,APEX will redirect to one of two places: • Session Not Valid Page • If a page is selected here, that page will by default become accessible by anyone, even if they are not authenticated • Session Not Valid URL • Can specify the Built In Login Page or SSO/Portal here, as well as your own function or URL 56
  57. 57. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com SESSION MANAGEMENT 57
  58. 58. D E M O N S T R A T I O N Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Session NotValid 58
  59. 59. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com PAGE SENTRY & SESSION VERIFY 59 • APEX provides the ability to take over session management entirely • Page Sentry Function • Executed before EVERY APEX page view • Can check any criteria to determine if the session is valid • Session Verify Function • Determines whether or not a valid session exists • Can only use one of these, not both
  60. 60. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com SESSION MANAGEMENT 60 Page Sentry Function Session Verify Function
  61. 61. D E M O N S T R A T I O N Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Page Sentry Function 61
  62. 62. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Authentication 62
  63. 63. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com AUTHENTICATION SCHEME • What happens next depends on whether the user is authenticated or not 63 Authenticated: Continue to Display Page Requested Unauthenticated: Redirect to Login Page defined in the Authentication Scheme
  64. 64. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com AUTHENTICATION SCHEME • Since we are not yet authenticated,APEX will redirect to the Login Page • Which will run through the Page Rendering phase • NLS Parameters • Page Session Management • Which will pass this time, as the Login Page will display to an unauthenticated user • Computations • Processes • Regions 64
  65. 65. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Page Components 65
  66. 66. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com GET USERNAME COOKIE PROCESS • Process that will check to see if there is an APEX username stored in the APEX session cookie • If so, it will set the default value of P101_USERNAME to this value 66 declare v varchar2(255) := null; c owa_cookie.cookie; begin c := owa_cookie.get('LOGIN_USERNAME_COOKIE'); :P101_USERNAME := c.vals(1); exception when others then null; end;
  67. 67. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com LOGIN_USERNAME_COOKIE 67 Username Hostname DAD Require SSL Expiration Cookie Name
  68. 68. D E M O N S T R A T I O N Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com APEX User Cookie 68
  69. 69. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com DISPLAY REGIONS 69 • After attempting to set the cookie,APEX will render the regions & items on the page in their corresponding order
  70. 70. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Page Processing 70
  71. 71. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com PAGE PROCESSING • APEX will process a page first by process position • Multiple components within the same display/render position can be sequenced accordingly • At any point, any component can be conditional and may or may not render 71
  72. 72. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com PAGE PROCESSING • Let’s enter our username & password and click Login to start processing our page 72
  73. 73. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com PAGE PROCESSING • When the Login button is clicked,APEX will POST a transaction to the server • We can use Web Developer to see the parameters it will pass to wwv_flow.accept 73
  74. 74. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com DISPLAY FORM DETAILS 74 APP_ID APP_PAGE_ID SESSION_ID Form Name
  75. 75. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com wwv_flow.accept 75
  76. 76. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT 76 • Procedure that handles all APEX page processing or POSTs • Have likely seen this before in error messages
  77. 77. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_request • Typically set by the button clicked on a POST • Can be passed via the URL in a GET • But it will only be good for the next page phase • Can not get the value of p_request in Page Rendering if the page is submitted/POSTed 77
  78. 78. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_instance • Session ID • Also referred to as :APP_SESSION or :SESSION_ID • Automatically maintained by APEX • Can not alter programmatically 78
  79. 79. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_flow_id • Application ID • Also referred to as :APP_ID • Automatically set by APEX based on which application you’re running • Can not alter programmatically 79
  80. 80. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_company • Workspace ID • Also referred to as :WORKSPACE_ID • Not typically present in the HTML rendered by APEX • But is calculated inside the wwv_flow.accept procedure • Can not alter programmatically 80
  81. 81. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_flow_step_id • Page ID • Also referred to as :APP_PAGE_ID • Returns the current Page ID • Can not be altered otherwise 81
  82. 82. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_arg_names • Array used to store the corresponding APEX Item IDs from an APEX page • Appears before each and every APEX page item 82
  83. 83. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_arg_values • Used to protect hidden items from being manipulated via JavaScript • When a hidden & protected item is rendered, there will be a corresponding p_arg_values item rendered as well 83 <input type="hidden" id="P2_EMPNO" name="p_t01" value="7369" /> <input type="hidden" name="p_arg_values" value="9DDE9C18F8337D..." />
  84. 84. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_t01 ... p_t100 • Set ofVARCHAR parameters used to receive APEX page item values • This is where the “100 item per page” limit comes from • Which is not accurate, since it’s really 100 enabled items per page 84 <input type="text" id="P1_ITEM" name="p_t01" value="" size="30" maxlength="4000" class="text_field" /> APEX Item Parameter Item
  85. 85. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_v01 ... p_v100 • Set of 100 arrays used to store results from items that return potentially more than one value • Multi-select Lists, Shuttle Regions, etc. 85 <select name="p_v01" id="P1_ITEM" size="1" multiple="multiple" class="multi_selectlist"> Array Item APEX Item
  86. 86. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • f01 ... f50 • Group of 50 arrays, typically used in conjunction with g_f01 ... g_f50 • Most often used with tabular forms & APEX_ITEM API calls • Name used for PL/SQL; ID used for JavaScript 86 <input type="text" name="f03" size="12" value="" id="f03_0001" /> <input type="text" name="f03" size="12" value="" id="f03_0002" /> <input type="text" name="f03" size="12" value="" id="f03_0003" /> Array Name Array Element ID
  87. 87. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • x01 ... x20 • Group of 20VARCHARs, typically used in conjunction with the global variables g_x01 ... g_x10 • Difference between the parameter count & global variable count can be attributed to APEX itself needing extras • Most often used with Ajax transactions to pass parameters 87
  88. 88. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_debug • When passed “YES”,APEX will run in DEBUG mode • No value or “NO” will disable DEBUG mode 88
  89. 89. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_trace • When passed “YES”,APEX will generate a SQL trace file based on the current page view • Done in the background so that it does not slow down processing • A SQL trace file will be generated in $ORACLE_BASE/ admin/SID/udump • The SQL trace file can then be analyzed with TKPROF, Profiler, SQL Developer or any number of other tools • Note:You will need filesystem access to get to the trace file; thus you may need to seek help from your DBA/system admin 89
  90. 90. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Item Mapping 90
  91. 91. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com ITEMS 91 • APEX Page Items are named p_t01 through p_t100 • The PX_ITEM_NAME is never directly sent back to the database • Used for client-side JavaScript interactions • Thus, if all APEX pages items are named the same, then how does it map them to the corresponding page item in an application when submitting a page?
  92. 92. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com ITEM MAPPING • Each APEX page item will have a corresponding p_arg_names entry: 92 <input type="hidden" name="p_arg_names" value="8295929934913911" /> <input type="text" id="P101_USERNAME" name="p_t01" value="admin" size="40" maxlength="100" class="text_field" /> ... <input type="hidden" name="p_arg_names" value="8296003745913912" /> <input type="password" name="p_t02" size="40" maxlength="100" value="" id="P101_PASSWORD" class="password" onkeypress="return submitEnter(this,event)" />
  93. 93. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com ITEM MAPPING • p_arg_names values will map back to the internal item ID in the wwv_flow_step_items table: 93
  94. 94. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com ITEM MAPPING • The ID of an input element does not get submitted back to the server • Thus, the need for the p_arg_names array • It provides the mapping from the p_txx elements to the corresponding APEX page items 94 Item Name Parameter P101_USERNAME p_t01 P101_PASSWORD p_t02 ID p_arg_name 1 8295929934913911 2 8296003745913912
  95. 95. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Validations, Computations & Processes 95
  96. 96. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com VALIDATIONS, COMPUTATIONS & PROCESSES 96 • After validating that the session is still valid,APEX will process all Validations, Computations & Processes according to their execution point and corresponding sequence • Nothing in this phase will ever be output to the screen • All “Built In” APEX Processes are merely calls to underlying PL/SQL procedures • Application Builder abstracts this concept to keep things simple
  97. 97. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com SET USERNAME COOKIE • Sets the LOGIN_USERNAME_COOKIE based on the value of the username entered • Regardless of whether it successfully authenticated or not • Can be disabled for security purposes 97 begin owa_util.mime_header('text/html', FALSE); owa_cookie.send( name => 'LOGIN_USERNAME_COOKIE', value => lower(:P101_USERNAME)); exception when others then null; end;
  98. 98. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com LOGIN • APEX API Call to the standard login procedure: wwv_flow_custom_auth_std.login • Will use the current authentication scheme and determine whether or not a user should be logged in 98 wwv_flow_custom_auth_std.login( P_UNAME => :P101_USERNAME, P_PASSWORD => :P101_PASSWORD, P_SESSION_ID => v('APP_SESSION'), P_FLOW_PAGE => :APP_ID||':1' ); Determines the initial page of your application
  99. 99. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Authentication Schemes 99
  100. 100. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com AUTHENTICATION SCHEME • APEX can use a number of different Authentication Schemes • APEX Credentials • Custom • SSO • LDAP • Database Schema Users • Open Door • None 100
  101. 101. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com AUTHENTICATION SCHEME • Regardless of which one you choose, the method which APEX uses to validate credentials is largely the same • Pre-Authentication Process • Authentication Function • Post-Authentication Process 101
  102. 102. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com AUTHENTICATION SCHEME • Pre-Authentication Process • Executes just before credentials are verified • However, it looks like there may be a bug here, as it seems like is executes just AFTER credentials are verified 102
  103. 103. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com AUTHENTICATION SCHEME • Authentication Function • Can be one of the following: • -BUILTIN- • APEX User Credentials • -DBACCOUNT- • Database Credentials • -LDAP- • LDAP using parameters defined in LDAP section • Custom • Custom PL/SQL Function returning Boolean 103
  104. 104. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com AUTHENTICATION SCHEME • Post-Authentication Process • Executes just after credentials are verified 104
  105. 105. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com AUTHENTICATION SCHEME 105
  106. 106. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_CUSTOM-F COOKIE • Upon successful authentication,APEX will send another cookie to the client • This cookie’s sole purpose is to map your browser to your APEX session 106
  107. 107. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com BREAKING IT DOWN 107 wwv_flow_sessions$ wwv_flow_companies
  108. 108. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com CLEAR PAGE CACHE • Clears the page cache for Page 101 • Thus, removing the username from the APEX session state 108
  109. 109. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Logging Out 109
  110. 110. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com LOGGING OUT 110 • There’s several ways to “log out” of an APEX application • Click the Logout link • Close the Browser Tab/Window • Quit the Browser • Let the session expire • Not all of these truly logs you out
  111. 111. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com LOGGING OUT • Close the Browser Tab/Window • Does NOTHING to log you out • Quit the Browser • Expires the Session Cookie • Let the session expire • Expires the Session Cookie • Click the Logout link • Expires the Session Cookie • Deletes the Session from wwv_flow_sessions$ 111
  112. 112. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com LOGGING OUT • APEX automatically schedules a job - ORACLE_APEX_PURGE_SESSIONS - which will remove stale session data • By default, it is set to run hourly • You can alter the duration to make it run more or less frequently 112
  113. 113. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com LOGGING OUT • The Logout URL is specified in the Authentication Scheme • When clicked, it will expire the session cookie and also purge the session state from the database 113 wwv_flow_custom_auth_std.logout? p_this_flow=&APP_ID.&amp;p_next_flow_page_sess=&APP_ID.:1 The Current Application Which Application to Run Next
  114. 114. D E M O N S T R A T I O N Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Logging Out 114
  115. 115. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com Summary 115
  116. 116. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com SUMMARY 116 • There are a LOT of things that go on when rendering or processing an APEX page • Fortunately,APEX abstracts most of the complexity, making it easy & efficient to use • Understanding the discrete steps will help make you a better and more secure APEX developer
  117. 117. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com DOWNLOAD • This and all other Sumneva presentations can be downloaded for free from: 117 http://sumneva.com/presentations
  118. 118. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com FEEDBACK • To provide feedback on this session: 118 http://kscope.ezsession.com Session ID: 242796
  119. 119. http://sumneva.com Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com119
  120. 120. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_accept_processing • NEED TO RESEARCH 120
  121. 121. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • The next five parameters have to do with the management of tabular forms, and should not be altered • fcs • <input type="hidden" id="fcs_0003" name="fcs" value="989EDF72FEF5A40D4F36854921FBBC34"> • fmap • <input type="hidden" name="fmap" value="ENAME" id="fmap_003" /> • fhdr • <input type="hidden" name="fhdr" value="Ename" id="fhdr_003" /> • fcud • <input type="hidden" id="fcud_0003" name="fcud" value="U" /> • frowid • <input type="hidden" id="frowid_0003" name="frowid" value="AAANCNAAHAAAAAeAAC" /> 121
  122. 122. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_listener • Used to communicate with the APEX listener 122
  123. 123. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_map1, p_map2, p_map3 & p_survey_map • NEED TO RESEARCH 123
  124. 124. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • The next three parameters control report pagination, and are relatively self-explanatory • p_flow_current_min_row • p_flow_current_max_rows • p_flow_current_rows_fetched 124
  125. 125. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_md5_checksum • Used to store the MD5 checksum for data in an APEX form • Will also be used to compare to the current MD5 checksum before data is updated • Always present in the HTML; may not contain a value, if the current page does not have a Automatic Row Fetch process 125 <input type="hidden" name="p_md5_checksum" value="BF258D46D..." /> MD5 Hash
  126. 126. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • p_page_submission_id • Internal ID used to track individual page submissions within a session • Found close to the top of the page • Should not alter or modify 126
  127. 127. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com WWV_FLOW.ACCEPT PARAMETERS • The last three parameters have to do with NLS Settings: • p_time_zone • Current Time Zone • p_lang • Current Language • p_territory • Current Country/Region 127

×