About
This page makes part of the security theme and talks authentication implementation in Apex.
Articles Related
Process
Once a user has been identified, the Application Express engine keeps track of each user by setting:
- the value of the variable Oracle Apex - User
- a new session id
See Session state scope to understand why.
Login
Login processing has the following steps:
- Run authentication scheme's pre-authentication procedure.
- Run authentication scheme's authentication function to check the user credentials (p_username, p_password), returning true on success.
- If result=true:
- run post-authentication procedure.
- save username in session table.
- set redirect url to deep link.
- If result=false:
- set redirect url to current page, with an error message in the notification_msg parameter.
- Log authentication result.
- Redirect.
Procedure
sentry
See IS_SESSION_VALID function
API
Custom Authentication
APEX_CUSTOM_AUTH
You can use the APEX_CUSTOM_AUTH package to perform various operations related to authentication and session management.
- APEX_CUSTOM_AUTH.GET_SESSION_ID
- APEX_CUSTOM_AUTH.GET_SESSION_ID_FROM_COOKIE;
APEX_UTIL
The status set using this procedure is visible in the apex_user_access_log view and in the reports on this view available to workspace and site administrators.
CREATE OR REPLACE FUNCTION MY_AUTH(
p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN BOOLEAN
IS
BEGIN
APEX_UTIL.SET_CUSTOM_AUTH_STATUS(p_status=>'User:'||p_username||' is back.');
IF UPPER(p_username) = 'GOOD' THEN
APEX_UTIL.SET_AUTHENTICATION_RESULT(24567);
RETURN TRUE;
ELSE
APEX_UTIL.SET_AUTHENTICATION_RESULT(-666);
RETURN FALSE;
END IF;
END;