Oracle Apex - (Authentication|Identity)

About

This page makes part of the security theme and talks authentication implementation in Apex.

Process

Once a user has been identified, the Application Express engine keeps track of each user by setting:

See Session state scope to understand why.

Login

Login processing has the following steps:

  • Run authentication scheme's pre-authentication procedure.
  • Run authentication scheme's authentication function to check the user credentials (p_username, p_password), returning true on success.
  • If result=true:
    • run post-authentication procedure.
    • save username in session table.
    • set redirect url to deep link.
  • If result=false:
    • set redirect url to current page, with an error message in the notification_msg parameter.
  • Log authentication result.
  • Redirect.

Procedure

sentry

See IS_SESSION_VALID function

API

Custom Authentication

APEX_CUSTOM_AUTH

You can use the APEX_CUSTOM_AUTH package to perform various operations related to authentication and session management.

  • APEX_CUSTOM_AUTH.GET_SESSION_ID
  • APEX_CUSTOM_AUTH.GET_SESSION_ID_FROM_COOKIE;

APEX_UTIL

The status set using this procedure is visible in the apex_user_access_log view and in the reports on this view available to workspace and site administrators.

CREATE OR REPLACE FUNCTION MY_AUTH(
    p_username IN VARCHAR2, 
    p_password IN VARCHAR2)
RETURN BOOLEAN
IS
BEGIN
    APEX_UTIL.SET_CUSTOM_AUTH_STATUS(p_status=>'User:'||p_username||' is back.');
    IF UPPER(p_username) = 'GOOD' THEN
        APEX_UTIL.SET_AUTHENTICATION_RESULT(24567);
        RETURN TRUE;
    ELSE
        APEX_UTIL.SET_AUTHENTICATION_RESULT(-666);
        RETURN FALSE;
    END IF;
END;

Documentation / Reference


Powered by ComboStrap