Skip to main content

APEX 5 New Authorization Evaluation Point Features

In APEX 4 you can define Authorization Schemes. This is a very useful feature to prevent code repetition all over the place. For instance and Authorization Scheme "Is Admin" might use a select on one or more tables (or web service calls or whatever is necessary) to determine whether a user, the :APP_USER, has an Admin role or not. And you can use any value in session state, like :APP_ID or :APP_PAGE_ID in your query (or function call). The result of this call is usually pretty static. So you could specify when the code should be evaluated: Once per Page View or Once per Session. The latter is obviously more efficient as it will run only once from login to logout.
This works fine. Until you want to build your own fine-grained access control mechanism. As an example: If you have a page with three buttons on it, you can define an Authorization Scheme for this buttons and use that. So all three buttons use the same Authorization Scheme and are all visible on the page or not. As the Authorization Scheme will be evaluated once and only once for that Page. And if you need more fine grained controle you had to define three different Authorization Schemes, one for each button. And that will grow into a maintenance nightmare.

In APEX 5 this will be resolved. Next to the "old" options you can now specify an evaluation "Once per Component" and "Always".
"Once per Component" means the code is evaluated once per component for the duration of the session. So using this setting you can (re)use the same Authorization Scheme for the three buttons - as it will be evaluated three times. To make it even more useful : They also included three new bind variables (:APP_COMPONENT_TYPE, :APP_COMPONENT_ID and :APP_COMPONENT_NAME) that you can use in your query. So using these new bind vars (or one of them) you can create functionality that supports things like DYI fine grained access control - where a privileged user can grant or revoke access to certain elements on a page! 
Post a Comment

Popular posts from this blog

Dockerize your APEX development environment

Nowadays Docker is everywhere. It is one of the main components of Continuous Integration / Continuous Development environments. That alone indicates Docker has to be seen more as a Software Delivery Platform than as a replacement of a virtual machine.

However ...

If you are running an Oracle database using Docker on your local machine to develop some APEX application, you will probably not move that container is a whole to test and production environments. Because in that case you would not only deliver a new APEX application to the production environment - which is a good thing - but also overwrite the data in production with the data from your development environment. And that won't make your users very excited.
So in this set up you will be using Docker as a replacement of a Virtual Machine and not as a Delivery Platform.
And that's exactly the way Martin is using it as he described in this recent blog post. It is an ideal way to get up and running with an Oracle database …

Refresh selected row(s) in an Interactive Grid

In my previous post I blogged about pushing changed rows from the dabatase into an Interactive Grid. The use case I'll cover right here is probably more common - and therefore more useful!

Until we had the IG, we showed the data in a report (Interactive or Classic). Changes to the data where made by popping up a form page, making changes, saving and refreshing the report upon closing the dialog. Or by clicking an icon / button / link in your report that makes some changes to the data (like changing a status) and ... refresh the report.  That all works fine, but the downsides are: The whole dataset is returned from the server to the client - again and again. And if your pagination size is large, that does lead to more and more network traffic, more interpretation by the browser and more waiting time for the end user.The "current record" might be out of focus after the refresh, especially by larger pagination sizes, as the first rows will be shown. Or (even worse) while you…

Using multiple Authentication Schemes for your APEX application

Recently someone asked me how he could implement multiple authentication schemes for his APEX application. He would like to use (some kind of) Single Sign-on authentication and - as an alternative - an Application Express Authentication. The problem is ... you can only define one Authentication Scheme being "Current" for an application! So how can we solve this issue?

First, we need te be aware that multiple applications can share their authentication by using the same cookie. Thus if you specify "MYCOOKIE" as the Cookie Name in Application A as well as in Application B, you can switch from A to B and back without the need of logging in again. It doesn't matter what Authentication Scheme Type you are using!

Knowing this, we are halfway our solution. We need two Applications. One - the "real" application - using the Application Express Authentication, let's name this one "LAUNCHPAD". And another one using the Single Sign-on Authentication…