More Related Content
Similar to APEX Behind the Scenes by Scott Spendolini
Similar to APEX Behind the Scenes by Scott Spendolini (20)
APEX Behind the Scenes by Scott Spendolini
- 2. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Welcome
2
- 3. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ABOUT THE PRESENTER
• Scott Spendolini
• scott@sumneva.com
• @sspendol
• Ex-Oracle Employee of 10 years
• Senior Product Manager for Oracle APEX
from 2002 through 2005
• Founded Sumner Technologies
in October 2005
• Co-Founded Sumneva in January 2010
• Oracle Ace Director
• Co-Author,
Pro Oracle Application Express
• “Scott” on OTN Forums
3
- 4. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ABOUT SUMNEVA
4
• Specializing in Oracle Application Express
• Training
• Instructor Led On-Site or Online
• Private & Public
• Consulting
• Anything APEX-related
• Solutions/Products
• sumnevaSERT
• sumnevaFramework
- 5. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AGENDA
• Overview
• Primer
• Behind the Scenes
• Summary
5
- 6. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Overview
6
- 7. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
OVERVIEW
7
• APEX is an amazing development environment
• Few others are as fast & as robust
• But, do you really know what happens once you click
submit?
- 8. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
• APEX is not magic
• There’s a method to everything that goes on
• Most of which is more basic
than you may think
• We’ll dispel some of the
“magic” today, so that you
truly understand how this
amazing technology works
BEHIND THE CURTAIN
8
- 9. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
KISS: KEEP IT SIMPLE, STUPID!
• For this session, we’re going to focus on the
internals of APEX, not the complexity of the
application
• This, our example will be extremely simple
• 2 Pages
• Login Page
• Blank Page
9
- 10. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Primer
10
- 11. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PRIMER
11
• Before we begin, let’s review a couple of basic
concepts
• Terminology
• HTML Form Basics
• wwv_flow Overview
- 12. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Terminology
12
- 13. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
TERMINOLOGY
13
• Much of APEX’s internal APIs and variables still use the
older names
• Most of which is based on
Oracle Flows terminology
• Subsequent versions of APEX
include APIs & variables that start
with the APEX_ prefix
• Thus, to understand the internals
of APEX, you need to be able
to map legacy term to
modern ones
- 14. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
TERMINOLOGY
14
Legacy Name Modern Name
Company Workspace
Flow Application
Step Page
Plug Region
Instance Session
Request Request
Debug Debug
- 15. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
HTML Form Basics
15
- 16. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
HTML FORM BASICS
16
• HTML Forms are used to pass data to a server
• Used by all web pages on the internet
• Regardless of the underlying technology
• Forms contain items which are passed as parameters
to the form action
• Text Field
• Radio Group
• Select List
• And so on...
- 17. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
• Each HTML Form has to have a form tag and a way
to submit it
• Can optionally have input tags; most have several
• The form tag will have the following attributes:
• Name
• Action
• Method
• ID
HTML FORM BASICS
17
- 18. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
HTML FORM BASICS
• All HTML forms start like this:
18
<form action="form_action.asp" method="post"
name="my_form" id="myForm">
Procedure
Name
HTTP
Method
Form
Name
Form ID
- 19. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET VS. POST
19
• All HTTP & HTTPS transactions for every web site
ever fall into one of two categories:
• GET
• POST
- 20. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET
• Typically involves passing parameters over the URL to a procedure
• More “usable” than POST
• Can be:
• Bookmarked
• Cached
• Remain in browser history
• Distributed & shared
• Hacked
• In APEX-speak, this is also known as Page Rendering and
handled by wwv_flow.show
20
- 21. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
POST
• When a web page “sends” form data to the server
directly
• Using the attributes of the form to determine which server
process to execute
• Item names will also map to the form process’s input parameters
• Typically used to change or update data on the
server
• Thus, POST requests are never cached
• In APEX-speak, this is also known as Page Processing
and handled by wwv_flow.accept
21
- 22. D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET vs. POST
22
- 23. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_flow Overview
23
- 24. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
QUESTION
24
• What does “WWV” stand for?
WebView
- 25. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW
25
• wwv_flow is essentially APEX
• Contains many global variables, as well as several
functions & procedures
• Some of which you can use, other which are internal only
• We’ll focus on just a couple of them:
• accept
• show
- 26. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
BASIC HTML FORM
26
<form action="form_action.asp" method="post"
name="my_form" id="myForm">
Procedure
Name
HTTP
Method
Form
Name
Form ID
- 27. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX HTML FORM
27
<form action="wwv_flow.accept" method="post"
name="wwv_flow" id="wwvFlowForm">
Procedure
Name
HTTP
Method
Form
Name
Form ID
- 28. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT
• PL/SQL package.procedure that APEX calls when
POSTing pages
• Called for every APEX page that’s submitted
• Contains a number of parameters which are populated based
on a combination of system-defined variables and
what the user enters into the form items
28
- 29. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX_040000 SCHEMA
• A lot can be learned about the internals of APEX by
browsing the APEX_040000 schema
• However, NEVER, EVER, EVER make any changes
to anything here!
• If you want to explore this schema,
its best done on an isolated,
private instance of APEX
• Oracle XE
• VMWare/Virtual Box/etc.
29
- 30. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX
Behind the Scenes
30
- 31. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
The f Procedure
31
- 32. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
THE f PROCEDURE
32
• Let’s start by navigating to our URL:
• http://localhost:8080/apex/f?p=181:1
- 33. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
THE f PROCEDURE
• The string 181:1 is passed to the p parameter of the
f procedure
33
PROCEDURE f
Argument Name Type In/Out Default?
------------------------------ -----------------------
P VARCHAR2 IN DEFAULT
P_SEP VARCHAR2 IN DEFAULT
P_TRACE VARCHAR2 IN DEFAULT
C VARCHAR2 IN DEFAULT
PG_MIN_ROW VARCHAR2 IN DEFAULT
PG_MAX_ROWS VARCHAR2 IN DEFAULT
PG_ROWS_FETCHED VARCHAR2 IN DEFAULT
FSP_REGION_ID VARCHAR2 IN DEFAULT
SUCCESS_MSG VARCHAR2 IN DEFAULT
NOTIFICATION_MSG VARCHAR2 IN DEFAULT
CS VARCHAR2 IN DEFAULT
S VARCHAR2 IN DEFAULT
TZ VARCHAR2 IN DEFAULT
P_LANG VARCHAR2 IN DEFAULT
P_TERRITORY VARCHAR2 IN DEFAULT
181:1
- 34. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
THE f PROCEDURE
• The f procedure will then tokenize the p parameter
into its component parts and call the
wwv_flow.show procedure
34
PROCEDURE SHOW
Argument Name Type In/Out Default?
--------------------------------------------------------------
P_REQUEST VARCHAR2 IN DEFAULT
P_INSTANCE VARCHAR2 IN DEFAULT
P_FLOW_ID VARCHAR2 IN DEFAULT
P_FLOW_STEP_ID VARCHAR2 IN DEFAULT
P_DEBUG VARCHAR2 IN DEFAULT
P_ARG_NAMES TABLE OF VARCHAR2(32767) IN DEFAULT
P_ARG_VALUES TABLE OF VARCHAR2(32767) IN DEFAULT
P_CLEAR_CACHE TABLE OF VARCHAR2(32767) IN DEFAULT
P_BOX_BORDER VARCHAR2 IN DEFAULT
P_PRINTER_FRIENDLY VARCHAR2 IN DEFAULT
P_TRACE VARCHAR2 IN DEFAULT
P_COMPANY NUMBER IN DEFAULT
P_MD5_CHECKSUM VARCHAR2 IN DEFAULT
P_LAST_BUTTON_PRESSED VARCHAR2 IN DEFAULT
P_ARG_NAME VARCHAR2 IN DEFAULT
P_ARG_VALUE VARCHAR2 IN DEFAULT
181
1
- 35. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_flow.show
35
- 36. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW
36
• Procedure that handles all APEX page rendering
or GETs
• Called most often by the f?p procedure in the URL
• Also used in Ajax transactions
• The f procedure will decompose p= to its
component parameters and then call
wwv_flow.show
- 37. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
• p_flow_id
• Application ID
• p_flow_step_id
• Page ID
• p_instance
• Session ID
• p_request
• Request
37
- 38. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
• p_debug
• Debug Mode
• “YES” to enable;“NO” or NULL to disable
• p_clear_cache
• Clear Cache & Reset Pagination
38
- 39. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
• p_arg_names
• p_arg_name used when passing a single item
• p_arg_values
• p_arg_value used when passing a single value
• p_printer_friendly
• Printer Friendly mode
• “YES” to enable;“NO” or NULL to disable
39
- 40. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
• p_trace
• When passed “YES”,APEX will generate a SQL trace file
based on the current page view
• Done in the background so that it does not slow down processing
• A SQL trace file will be generated in $ORACLE_BASE/
admin/SID/udump
• The SQL trace file can then be analyzed with TKPROF,
Profiler, SQL Developer or any number of other tools
• Note:You will need filesystem access to get to the trace file;
thus you may need to seek help from your DBA/system admin
40
- 41. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SAME THING
41
http://localhost/apex/wwv_flow.show?
p_flow_id=181
&p_flow_step_id=2
&p_instance=292381000
&p_arg_names=P2_EMPNO
&p_arg_values=7499
http://localhost/apex/f?
p=181:2:292381000::::P2_EMPNO:7499
- 42. D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_flow.show
42
- 43. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Rendering
43
- 44. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE RENDERING
• APEX will render a page
first by display/render
position
• Multiple components within
the same display/render
position can be sequenced
accordingly
• At any point, any
component can be
conditional and may or
may not render
44
- 45. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS Parameters
45
- 46. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS PARAMETERS
• National Language Settings (NLS) parameters must be
set for each and every page view
• Seems inefficient, but there is no way to guarantee
that an APEX session will be linked to the same database
session from page view to page view
• Thus, we need to set these each and every time
46
- 47. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS PARAMETERS
• Some NLS settings can be managed from within
an APEX application
• Shared Components > Globalization
• All can be set from the value of an APEX item
• Allowing for flexibility between users of the same application
47
- 48. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS PARAMETERS
• Built-in NLS settings will show up in the APEX Debug
mode report at the very top of the report
• If needed, you can also manually set additional
NLS Parameters
48
- 49. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
MANUALLY SETTING NLS PARAMETERS
• For those not available in the Globalization options,
you will need to manually set them via:
• VPD Context
• Part of the Authentication Scheme
• Application Computation
• Before Header
• Application Process
• Before Header
49
EXECUTE IMMEDIATE 'alter session set
nls_date_format=''mm/dd/yyyy'' ';
- 50. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
MANUALLY SETTING NLS PARAMETERS
50
VPD Context
Computation
Process
- 51. D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS Parameters
51
- 52. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Session Management
52
- 53. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
• After NLS Parameters are set,APEX checks to see if
you are logged in or not
• APEX will also check to see if you are also logged in a
developer in the same workspace as the application
which you are running
• If so, then you will also see the developer’s toolbar:
53
- 54. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
• Debug log of an unauthenticated session vs. an
authenticated session
SESSION MANAGEMENT
54
Unauthenticated Session
Authenticated Session
- 55. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
55
• By default, this functionality is built in to APEX
and does not need to be enabled
• You can override APEX’s session management, but you
better know what you are doing!
• If you choose to implement your own Page Session
Management, it is controlled via either the Page
Sentry Function or Session Verify Function
in the Authorization Scheme
- 56. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
• When a session is not valid,APEX will redirect to one
of two places:
• Session Not Valid Page
• If a page is selected here, that page will by default become accessible
by anyone, even if they are not authenticated
• Session Not Valid URL
• Can specify the Built In Login Page or SSO/Portal here, as well
as your own function or URL
56
- 57. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
57
- 58. D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Session NotValid
58
- 59. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE SENTRY & SESSION VERIFY
59
• APEX provides the ability to take over session
management entirely
• Page Sentry Function
• Executed before EVERY APEX page view
• Can check any criteria to determine if the session is valid
• Session Verify Function
• Determines whether or not a valid session exists
• Can only use one of these, not both
- 60. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
60
Page Sentry
Function
Session Verify
Function
- 61. D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Sentry Function
61
- 62. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Authentication
62
- 63. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• What happens next depends on whether the user is
authenticated or not
63
Authenticated:
Continue to Display Page Requested
Unauthenticated:
Redirect to Login Page defined in the
Authentication Scheme
- 64. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Since we are not yet authenticated,APEX will
redirect to the Login Page
• Which will run through the Page Rendering phase
• NLS Parameters
• Page Session Management
• Which will pass this time, as the Login Page will display to an
unauthenticated user
• Computations
• Processes
• Regions
64
- 65. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Components
65
- 66. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET USERNAME COOKIE PROCESS
• Process that will check to see if there is an APEX
username stored in the APEX session cookie
• If so, it will set the default value of P101_USERNAME to
this value
66
declare
v varchar2(255) := null;
c owa_cookie.cookie;
begin
c := owa_cookie.get('LOGIN_USERNAME_COOKIE');
:P101_USERNAME := c.vals(1);
exception when others then null;
end;
- 67. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGIN_USERNAME_COOKIE
67
Username
Hostname
DAD
Require SSL
Expiration
Cookie Name
- 68. D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX User Cookie
68
- 69. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
DISPLAY REGIONS
69
• After attempting to set the cookie,APEX will render
the regions & items on the page in their
corresponding order
- 70. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Processing
70
- 71. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE PROCESSING
• APEX will process a page first by
process position
• Multiple components within the same
display/render position can be
sequenced accordingly
• At any point, any component can be
conditional and may or may not
render
71
- 72. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE PROCESSING
• Let’s enter our username & password and click
Login to start processing our page
72
- 73. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE PROCESSING
• When the Login button is clicked,APEX will POST a
transaction to the server
• We can use Web Developer to see the
parameters it will pass to wwv_flow.accept
73
- 74. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
DISPLAY FORM DETAILS
74
APP_ID
APP_PAGE_ID SESSION_ID
Form Name
- 75. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_flow.accept
75
- 76. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT
76
• Procedure that handles all APEX page
processing or POSTs
• Have likely seen this before in error messages
- 77. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_request
• Typically set by the button clicked on a POST
• Can be passed via the URL in a GET
• But it will only be good for the next page phase
• Can not get the value of p_request in Page Rendering if
the page is submitted/POSTed
77
- 78. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_instance
• Session ID
• Also referred to as :APP_SESSION or :SESSION_ID
• Automatically maintained by APEX
• Can not alter programmatically
78
- 79. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_flow_id
• Application ID
• Also referred to as :APP_ID
• Automatically set by APEX based on which application you’re
running
• Can not alter programmatically
79
- 80. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_company
• Workspace ID
• Also referred to as :WORKSPACE_ID
• Not typically present in the HTML rendered by APEX
• But is calculated inside the wwv_flow.accept procedure
• Can not alter programmatically
80
- 81. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_flow_step_id
• Page ID
• Also referred to as :APP_PAGE_ID
• Returns the current Page ID
• Can not be altered otherwise
81
- 82. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_arg_names
• Array used to store the corresponding APEX Item IDs from
an APEX page
• Appears before each and every APEX page item
82
- 83. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_arg_values
• Used to protect hidden items from being manipulated
via JavaScript
• When a hidden & protected item is rendered, there will be a
corresponding p_arg_values item rendered as well
83
<input type="hidden" id="P2_EMPNO" name="p_t01" value="7369" />
<input type="hidden" name="p_arg_values" value="9DDE9C18F8337D..." />
- 84. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_t01 ... p_t100
• Set ofVARCHAR parameters used to receive APEX page
item values
• This is where the “100 item per page” limit comes from
• Which is not accurate, since it’s really 100 enabled items per page
84
<input type="text" id="P1_ITEM" name="p_t01" value="" size="30"
maxlength="4000" class="text_field" />
APEX Item Parameter
Item
- 85. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_v01 ... p_v100
• Set of 100 arrays used to store results from items that
return potentially more than one value
• Multi-select Lists, Shuttle Regions, etc.
85
<select name="p_v01" id="P1_ITEM" size="1" multiple="multiple"
class="multi_selectlist">
Array Item APEX Item
- 86. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• f01 ... f50
• Group of 50 arrays, typically used in conjunction with
g_f01 ... g_f50
• Most often used with tabular forms & APEX_ITEM API calls
• Name used for PL/SQL; ID used for JavaScript
86
<input type="text" name="f03" size="12" value="" id="f03_0001" />
<input type="text" name="f03" size="12" value="" id="f03_0002" />
<input type="text" name="f03" size="12" value="" id="f03_0003" />
Array
Name
Array
Element ID
- 87. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• x01 ... x20
• Group of 20VARCHARs, typically used in conjunction with
the global variables g_x01 ... g_x10
• Difference between the parameter count & global variable count can
be attributed to APEX itself needing extras
• Most often used with Ajax transactions to pass
parameters
87
- 88. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_debug
• When passed “YES”,APEX will run in DEBUG mode
• No value or “NO” will disable DEBUG mode
88
- 89. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_trace
• When passed “YES”,APEX will generate a SQL trace file
based on the current page view
• Done in the background so that it does not slow down processing
• A SQL trace file will be generated in $ORACLE_BASE/
admin/SID/udump
• The SQL trace file can then be analyzed with TKPROF,
Profiler, SQL Developer or any number of other tools
• Note:You will need filesystem access to get to the trace file;
thus you may need to seek help from your DBA/system admin
89
- 90. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Item Mapping
90
- 91. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEMS
91
• APEX Page Items are named p_t01 through p_t100
• The PX_ITEM_NAME is never directly sent back to the
database
• Used for client-side JavaScript interactions
• Thus, if all APEX pages items are named the same,
then how does it map them to the corresponding
page item in an application when submitting a page?
- 92. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEM MAPPING
• Each APEX page item will have a corresponding
p_arg_names entry:
92
<input type="hidden" name="p_arg_names"
value="8295929934913911" />
<input type="text" id="P101_USERNAME" name="p_t01"
value="admin" size="40" maxlength="100" class="text_field" />
...
<input type="hidden" name="p_arg_names"
value="8296003745913912" />
<input type="password" name="p_t02" size="40" maxlength="100"
value="" id="P101_PASSWORD" class="password"
onkeypress="return submitEnter(this,event)" />
- 93. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEM MAPPING
• p_arg_names values will map back to the internal
item ID in the wwv_flow_step_items table:
93
- 94. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEM MAPPING
• The ID of an input element does not get submitted
back to the server
• Thus, the need for the p_arg_names array
• It provides the mapping from the p_txx elements to
the corresponding APEX page items
94
Item Name Parameter
P101_USERNAME p_t01
P101_PASSWORD p_t02
ID p_arg_name
1 8295929934913911
2 8296003745913912
- 95. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Validations, Computations
& Processes
95
- 96. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
VALIDATIONS, COMPUTATIONS & PROCESSES
96
• After validating that the session is still valid,APEX will
process all Validations, Computations &
Processes according to their execution point and
corresponding sequence
• Nothing in this phase will ever be output to the screen
• All “Built In” APEX Processes are merely calls to underlying
PL/SQL procedures
• Application Builder abstracts this concept to keep things simple
- 97. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SET USERNAME COOKIE
• Sets the LOGIN_USERNAME_COOKIE based
on the value of the username entered
• Regardless of whether it successfully authenticated or not
• Can be disabled for security purposes
97
begin
owa_util.mime_header('text/html', FALSE);
owa_cookie.send(
name => 'LOGIN_USERNAME_COOKIE',
value => lower(:P101_USERNAME));
exception when others then null;
end;
- 98. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGIN
• APEX API Call to the standard login procedure:
wwv_flow_custom_auth_std.login
• Will use the current authentication scheme and
determine whether or not a user should be logged in
98
wwv_flow_custom_auth_std.login(
P_UNAME => :P101_USERNAME,
P_PASSWORD => :P101_PASSWORD,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':1'
);
Determines the initial
page of your application
- 99. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Authentication Schemes
99
- 100. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• APEX can use a number of different
Authentication Schemes
• APEX Credentials
• Custom
• SSO
• LDAP
• Database Schema Users
• Open Door
• None
100
- 101. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Regardless of which one you choose, the method
which APEX uses to validate credentials is largely
the same
• Pre-Authentication Process
• Authentication Function
• Post-Authentication Process
101
- 102. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Pre-Authentication Process
• Executes just before credentials are verified
• However, it looks like there may be a bug here, as it seems like is
executes just AFTER credentials are verified
102
- 103. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Authentication Function
• Can be one of the following:
• -BUILTIN-
• APEX User Credentials
• -DBACCOUNT-
• Database Credentials
• -LDAP-
• LDAP using parameters defined in LDAP section
• Custom
• Custom PL/SQL Function returning Boolean
103
- 104. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
• Post-Authentication Process
• Executes just after credentials are verified
104
- 105. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
105
- 106. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_CUSTOM-F COOKIE
• Upon successful authentication,APEX will send
another cookie to the client
• This cookie’s sole purpose is to map your browser to your
APEX session
106
- 107. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
BREAKING IT DOWN
107
wwv_flow_sessions$
wwv_flow_companies
- 108. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
CLEAR PAGE CACHE
• Clears the page cache for Page 101
• Thus, removing the username from the APEX session state
108
- 109. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Logging Out
109
- 110. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
110
• There’s several ways to “log out” of an APEX
application
• Click the Logout link
• Close the Browser Tab/Window
• Quit the Browser
• Let the session expire
• Not all of these truly logs you out
- 111. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
• Close the Browser Tab/Window
• Does NOTHING to log you out
• Quit the Browser
• Expires the Session Cookie
• Let the session expire
• Expires the Session Cookie
• Click the Logout link
• Expires the Session Cookie
• Deletes the Session from wwv_flow_sessions$
111
- 112. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
• APEX automatically schedules a job -
ORACLE_APEX_PURGE_SESSIONS - which
will remove stale session data
• By default, it is set to run hourly
• You can alter the duration to make it run more or less
frequently
112
- 113. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
• The Logout URL is specified in the Authentication
Scheme
• When clicked, it will expire the session cookie and also
purge the session state from the database
113
wwv_flow_custom_auth_std.logout?
p_this_flow=&APP_ID.&p_next_flow_page_sess=&APP_ID.:1
The Current Application Which Application to Run Next
- 114. D E M O N S T R A T I O N
Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Logging Out
114
- 115. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Summary
115
- 116. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SUMMARY
116
• There are a LOT of things that go on when rendering
or processing an APEX page
• Fortunately,APEX abstracts most of the complexity,
making it easy & efficient to use
• Understanding the discrete steps will help make you a
better and more secure APEX developer
- 117. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
DOWNLOAD
• This and all other Sumneva presentations can
be downloaded for free from:
117
http://sumneva.com/presentations
- 118. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
FEEDBACK
• To provide feedback on this session:
118
http://kscope.ezsession.com
Session ID: 242796
- 120. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_accept_processing
• NEED TO RESEARCH
120
- 121. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• The next five parameters have to do with the management of tabular
forms, and should not be altered
• fcs
• <input type="hidden" id="fcs_0003" name="fcs"
value="989EDF72FEF5A40D4F36854921FBBC34">
• fmap
• <input type="hidden" name="fmap" value="ENAME" id="fmap_003" />
• fhdr
• <input type="hidden" name="fhdr" value="Ename" id="fhdr_003" />
• fcud
• <input type="hidden" id="fcud_0003" name="fcud" value="U" />
• frowid
• <input type="hidden" id="frowid_0003" name="frowid"
value="AAANCNAAHAAAAAeAAC" />
121
- 122. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_listener
• Used to communicate with the APEX listener
122
- 123. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_map1, p_map2, p_map3 & p_survey_map
• NEED TO RESEARCH
123
- 124. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• The next three parameters control report pagination,
and are relatively self-explanatory
• p_flow_current_min_row
• p_flow_current_max_rows
• p_flow_current_rows_fetched
124
- 125. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_md5_checksum
• Used to store the MD5 checksum for data in an APEX form
• Will also be used to compare to the current MD5 checksum
before data is updated
• Always present in the HTML; may not contain a value, if the
current page does not have a Automatic Row Fetch process
125
<input type="hidden" name="p_md5_checksum" value="BF258D46D..." />
MD5 Hash
- 126. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• p_page_submission_id
• Internal ID used to track individual page submissions within a
session
• Found close to the top of the page
• Should not alter or modify
126
- 127. Copyright © 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
• The last three parameters have to do with NLS
Settings:
• p_time_zone
• Current Time Zone
• p_lang
• Current Language
• p_territory
• Current Country/Region
127