Post on 27-Mar-2015
10th Anniversary 1999 - 2009
Many-to-One: Managing Multiple APEX ApplicationsScott Spendolini, Sumner Technologies
2
General AnnouncementsGeneral Announcements
• Please turn off all cell phones/pagers
• If you must leave the session early, please do so as discreetly as possible
• Please avoid side conversations during the sessionThank you for your cooperation!
3
About Me About Me • Scott Spendolini
• scott@sumnertechnologies.com
• Ex-Oracle Employee of 10 years
• Senior Product Manager for Oracle APEXfrom 2002 through 2005
• Founded Sumner Technologiesin October 2005
• Oracle Ace Director
• Co-Author, Pro Oracle Application Express
• “Scott” on OTN Forums
4
AgendaAgenda
• Overview
• APEX Components
• Database Objects
• The Framework
• Demonstration
• Summary
5
OverviewOverview
6
Has This Happened to You?Has This Happened to You?• You’ve adopted APEX in your organization
• Based on a pilot project of a application or two
• It becomes successful. Wildly successful.
• APEX applications are popping up all over the place, leaving useless spreadsheets and desktop databases in their wake
• Others start to develop with APEX
• And start to release their own applications
• All of a sudden, your Access & Excel mess has simply moved from the client to the server
7
Common Early APEX Adoption Common Early APEX Adoption IssuesIssues• Multiple user accounts for the same person
• Some use APEX credentials, some use LDAP, others may use something else
• No single point of account management
• Because of the scattered nature of user accounts, it is difficult - if not impossible - to manage all accounts for a single user
• No centralized role management
• Impossible to tell which privileges a user has
• Each application deals with role management in its own different way
8
The SolutionThe Solution
• Develop and implement a centralized Framework which manages:
• Application Definitions
• Roles
• Users
• User to Role Mappings
• Other Components
• Themes/Templates
• Common Regions
• Navigation Bar Entries
9
Framework ComponentsFramework Components
• The Framework should provide:
• Single Sign On
• Single Point of User & Role Management
• Be extensible, yet simple
• Take advantage of APEX components as much as possible
• Easy to integrate
• New Development
• Existing Applications
10
Framework ComponentsFramework Components
• The Framework can also incorporate a number of other components useful for building multiple APEX applications
• Themes/Templates
• Associated Images & Cascading Style Sheets
• Navigation Bar Entries
• Lists of Values
• Shortcuts
11
Less is MoreLess is More
• Most importantly, the framework should also be easy for developers to use and extend as well as transparent to your users
12
APEX ComponentsAPEX Components
13
APEX ComponentsAPEX Components
• Most of what is required can be achieved with APEX components
• Very little custom code
• Which is almost 100% PL/SQL
• Important to understand how the APEX components work before trying to grasp the solution as a whole
14
APEX ComponentsAPEX Components• Shared Components
• Authentication Schemes
• Authorization Schemes
• Navigation Bar Entries
• Templates & Themes
• Page Zero
• APEX View
• APEX_APPLICATIONS
• Application Items & APEX_UTIL API
• APEX_UTIL.FETCH_APP_ITEM
15
Shared ComponentsShared Components
16
Shared ComponentsShared Components
• APEX components that can be shared:
• Within a single application
• In some cases, within multiple applications within a single workspace via Subscriptions
• Little known, less publicized underrated feature of APEX
• Subscriptions are the cornerstone of the Framework
17
SubscriptionsSubscriptions
• Feature of APEX that allow you to “link” shared components from one application to another within a workspace
• When changes are made to the “parent” component, they can be pushed (published) or pulled (refreshed) to/by the “child” component
• Allows changes of Shared Components to be centralized and easily synchronized amongst multiple applications
18
SubscriptionsSubscriptions
• Subscriptions work only within a single APEX Workspace
• Application IDs must be preserved when moving the framework from one instance of APEX to another
• Otherwise, all links will be broken
• But the applications will still work
19
““Subscribe-able” Shared Subscribe-able” Shared ComponentsComponents
20
Authentication SchemesAuthentication Schemes• APEX mechanism used to authenticate a user
• APEX contains a number of built-in schemes:
• LDAP
• Oracle Single Sign On
• APEX Credentials
• Database
• Open Door
• Custom
• None
21
Authentication SchemesAuthentication Schemes• The Framework uses a Custom Authentication
Scheme
• Stores usernames and hashed passwords in an Oracle table
• Easiest to demonstrate
• Does not require an additional server
• APEX Authentication is typically a one-time event
• APEX doesn’t care HOW you authenticate, just that you DO authenticate
• Thus, it would be trivial to change the Authentication Scheme to LDAP, for instance
• More robust approach for enterprise user management
22
Authorization SchemesAuthorization Schemes• What do you have access to?
• Can be associated with almost every APEX Component
• Application
• Page
• Region
• Item
• Report Column
• When scheme evaluates to TRUE, item renders or process executes
23
Authorization Scheme TypesAuthorization Scheme Types
• Several different types
• Exists/Not Exists SQL Query
• Item is NULL/NOT NULL
• Item Comparison
• PL/SQL Function
• Evaluation Point
• Per Page View vs. Per Session
24
Navigation Bar EntriesNavigation Bar Entries
• Links that appear on almost every page
• Typically used for common navigation control
• Home
• My Account
• Login/Logout
• Can link to either:
• Page
• URL
25
Themes & TemplatesThemes & Templates• Themes are collections of Templates
• Templates make up the UI of an application
• APEX ships with 20 pre-built Themes
• You can use one of them or make your own
• Less is More
• Recommend deleting 2/3 of the provided templates from any theme
• Will enforce consistency among your developers, causing your applications to look similar regardless of who developed them
26
Importance of Good DesignImportance of Good Design• Good design helps to convey credibility
• If you spend time on the design, then surely you also spent time on making the application work well
• Poor design leaves users wondering what other corners were cut
• If the design is bad, the application must be worse!
• Perception is reality, more often than not
• Phishing sites strive to look like those they are mimicing
27
Page ZeroPage Zero
• Page Zero is a special page
• Only contains Page Rendering UI components (Regions, Buttons & Items)
• Does not include Computations or Processes
• Items on Page Zero display on ALL pages in APEX unless conditionally restricted to do otherwise
28
Page ZeroPage Zero
• Common Uses:
• Breadcrumb Regions
• Lists
• Common Regions/Reports
• JavaScript Libraries
29
Page ZeroPage Zero
30
APEX ViewsAPEX Views• Set of pre-created views which provide access to
the APEX metadata
• Utilities > APEX Views
• List of all views and descriptions of their columns
• Can also be accessed via SQL Developer
• Views can be incorporated into your own applications
• Reuse APEX metadata to supplement your application's data
• Use to render a list of Applications and their properties rather than maintaining your own parallel list
31
APEX_UTIL APIAPEX_UTIL API
• Application Items cannot technically be subscribed to from other applications
• However, you can determine the value of any APEX Application Item in any application in the same workspace by using the API: APEX_UTIL.FETCH_APP_ITEM
• Not well documented, but definitely supportedAPEX_UTIL.FETCH_APP_ITEM( p_item IN VARCHAR2, p_app IN NUMBER DEFAULT NULL, p_session IN NUMBER DEFAULT NULL) RETURN VARCHAR2;
32
Database ObjectsDatabase Objects
33
Database ObjectsDatabase Objects• Application Definitions, Users, Roles and Role
Assignments are all managed in a set of tables
• Could use LDAP to do the same and retrofit into the framework relatively easily
• Schema Objects consist of:
• 1 Context
• 4 Tables
• 8 Triggers
• 2 Views
• 1 Package
• 4 Functions & 2 Procedures
34
ER DiagramER Diagram
ST_ROLE_USERSST_ROLE_USERSST_ROLE_USERSST_ROLE_USERS
ST_ROLESST_ROLESST_ROLESST_ROLES
ST_USERSST_USERSST_USERSST_USERS
ST_APPLICATIONSST_APPLICATIONSST_APPLICATIONSST_APPLICATIONS
35
ST_APPLICATIONSST_APPLICATIONS
• Stores metadata about each application that is a part of the framework
• Most data about an application will be derived from the APEX_APPLICATION view
ST_APPLICATIONS------------------------------------------------------APPLICATION_ID NOT NULL NUMBER ACTIVE_FLAG NOT NULL VARCHAR2(1) DESCRIPTION VARCHAR2(4000) CREATED_BY NUMBER CREATED_ON DATE UPDATED_BY NUMBER UPDATED_ON DATE
36
ST_USERSST_USERS
• Stores user information, such as USER_ID, USER_NAME and hashed PASSWORD
• Triggers will automatically hash the password and store the hash, not the actual password
ST_USERS-----------------------------------------------------USER_ID NOT NULL NUMBER USER_NAME NOT NULL VARCHAR2(255) PASSWORD NOT NULL VARCHAR2(255) EXPIRES_ON DATE CREATED_BY NUMBER CREATED_ON DATE UPDATED_BY NUMBER UPDATED_ON DATE
37
ST_ROLESST_ROLES
• Stores the roles for a given application
• Roles are related via a parent-child relationship
• Not used in this demo, but could be activated
ST_ROLES------------------------------------------------------ROLE_ID NOT NULL NUMBER PARENT_ROLE_ID NUMBER APPLICATION_ID NOT NULL NUMBER ROLE_NAME NOT NULL VARCHAR2(255) ROLE_KEY NOT NULL VARCHAR2(255) DESCRIPTION VARCHAR2(4000) CREATED_BY NUMBER CREATED_ON DATE UPDATED_BY NUMBER UPDATED_ON DATE
38
ST_ROLE_USERSST_ROLE_USERS
• Intersect table that links Roles to Users
ST_ROLE_USERS----------------------------------------------ROLE_USER_ID NOT NULL NUMBER ROLE_ID NOT NULL NUMBER USER_ID NOT NULL NUMBER CREATED_BY NUMBER CREATED_ON DATE UPDATED_BY NUMBER UPDATED_ON DATE
39
PackagesPackages
• ST_FWK
• PROCEDURE logout
• PROCEDURE set_ctx
• FUNCTION hash_pw
• FUNCTION auth_user
• FUNCTION app_gatekeeper
• FUNCTION role_member
40
ViewsViews
• Two views that assist in simplifying the interaction with the data model
• ST_ROLE_USERS_V
• Lists all active roles for a the currently signed on user
• ST_USER_APPLICATIONS_V
• Lists all active applications that any user has at leastone active role in
41
ContextContext
• st_fwk_ctx
• Context created to store the G_USER_ID parameter
42
The FrameworkThe Framework
43
Framework ApplicationsFramework Applications• Four applications make up the core framework
• Shared Components Master (999)
• Will never be run, but its shared components are used by all other applications
• Starter Application (998)
• Will never be run, but used to clone all additional applications
• Launchpad (1000)
• Framework Access Control (1001)
• Any number of “child” applications can be easily added to the Framework
44
Shared Components Shared Components MasterMaster
Application 999
45
Shared Components Master - App Shared Components Master - App 999999• Sole purpose is to store all Shared
Components that will be subscribed to by all other applications
• There are no pages in this application, since no end user should ever need to (or be able to) login to it
• Any and all changes/additions to the subscribed shared components should be done here and published/subscribed to each subscriber
• Most changes will be done to the templates
46
Shared Components Master Shared Components Master ContentsContents• Authentication Scheme
• ST Child Authentication
• Authorization Scheme
• Application Gatekeeper
• Navigation Bar Entries
• Home
• Logout
• Themes/Templates
• SumnerTheme
47
Authentication SchemeAuthentication Scheme
• ST Child Authentication
• Acts as a pointer to the Launchpad application
• All authentication occurs only at the Launchpad
• Session Not Valid URL
• f?p=LAUNCHPAD:101
• Cookie Name
• ST
• Logout URL
• f?p=&G_LAUNCHPAD_APP_ID.:102:&SESSION.
48
Authorization SchemesAuthorization Schemes
• Application Gatekeeper
• Checks to see if a specific user has at least one active role for a specific application
• If so, then the user can access the application
• PL/SQL Function Returning BOOLEAN
• Evaluates for Every Page View
RETURN st_fwk.app_gatekeeper( p_app_id => :APP_ID, p_app_user => :APP_USER);
49
ST_FWK.APP_GATEKEEPERST_FWK.APP_GATEKEEPER
FUNCTION app_gatekeeper (p_app_id IN NUMBER, p_app_user IN VARCHAR2)RETURN BOOLEANIS l_user_id st_users.user_id%TYPE; l_count NUMBER;BEGINSELECT count(*) INTO l_count FROM st_role_users_v WHERE application_id = p_app_id;IF l_count > 0 THEN RETURN TRUE;ELSE RETURN FALSE;END IF;EXCEPTION WHEN NO_DATA_FOUND THEN RETURN FALSE;END app_gatekeeper;
50
Navigation Bar EntriesNavigation Bar Entries• Home
• Redirects to the home page of the Launchpad Application
• URL Target:
n f?p=ST:1:&APP_SESSION.
• Logout
• Logs out of the suite of applications
• URL Target:
• &LOGOUT_URL.
• Which will be replaced with the value of Logout URL from the current Authentication Scheme
51
Themes/TemplatesThemes/Templates• SumnerTheme
• Set of pre-built custom templates
• Could be a built-in APEX theme/templates as well
• Only a total of 26 templates are included in SumnerTheme as compared to about 70-80 for the APEX built-in themes
• Most templates in the built-in themes are not needed and can be safely and easily removed
• Additional templates can be added to this application and published/subscribed as needed
52
Starter ApplicationStarter ApplicationApplication 998
53
Starter Application - App 998Starter Application - App 998• The Starter Application will have all of the
Shared Component subscriptions established
• Thus, they are linked back to the Shared Components Master application
• This application will be the starting point for all NEW applications that will be a part of your suite
• No longer need to use Create Application
• Instead, start by Copying this application
54
Shared Component SubscriptionsShared Component Subscriptions
• Subscribe to and Associate the Authorization Scheme Application Gatekeeper at the Application Level
• Subscribe to and make the Authentication Scheme ST Child Authentication current and delete all others
• Subscribe to the Navigation Bar Entries Home and Logout and delete all others
55
Shared Component SubscriptionsShared Component Subscriptions• Subscribe to each of the Templates in the theme
SumnerTheme
• There is no easy way to do this
• You must do each one individually
• Best approach:
• Get a nice cup of coffee/tea
• Export the theme from the Subscription Master
• Import it into the Starter Application
• Edit each template in the Starter Application and subscribe it back to the corresponding one in the Subscription Master
56
ComponentsComponents• Page Zero
• Pre-created Page Zero for items residing on multiple pages
• “My Applications” Report
• Lists all applications a given user has access to
• Pre-created Breadcrumb for site navigation and placed it on Page Zero
• Page One also has an entry pre-created in the breadcrumb
• No Login Page
• Since all authentication will be done at the Launchpad, there is no need to preserve the login page in the Starter Application
57
ComponentsComponents
• Call to Set Security Context
• Used to set both G_USER_ID & G_LAUNCHPAD_APP_ID
• Called from Security Attributes of Application Properties
58
Additional ComponentsAdditional Components
• Any additional non-subscribe-able shared component or Page Zero items that you want all of your applications to have should be set up here
• Take the time to think this through, as its a lot easier to do it now verses when you have 20 applications up and running
59
LaunchpadLaunchpadApplication 1000
60
Launchpad Application - App 1000Launchpad Application - App 1000• The Launchpad will:
• Provide centralized authentication services for the suite of applications
• Any unauthenticated session will end up here
• All logins will occur on Page 101 of this application
• All logouts will occur on Page 102 of this application
• Provide a “home” page that users will see should they have access to more than one application
• Or automatically redirect the user to a single application, if that is all they have access to
61
Deep LinkingDeep Linking
• The Launchpad Application supports “deep linking”
• Linking to a specific APEX application & page, typically from a bookmark
• Done in the Login process on Page 101
• Uses the APEX item FSP_AFTER_LOGIN_PAGE
• Which is set automatically by the APEX engine
62
Login Process on Page 101Login Process on Page 101
DECLARE l_count NUMBER; l_flow_page VARCHAR2(4000);BEGINIF :FSP_AFTER_LOGIN_PAGE IS NULL THEN l_flow_page := :APP_ID || ':1';ELSE -- Count the number of |s in the FSP_AFTER_LOGIN_URL item SELECT INSTR(:FSP_AFTER_LOGIN_URL, '|', 1) INTO l_count FROM dual; IF l_count = 1 THEN -- Session ID is NOT included l_flow_page := REPLACE(SUBSTR(:FSP_AFTER_LOGIN_URL, 5),'|',':'); ELSE -- Session ID is included l_flow_page := REPLACE(SUBSTR(SUBSTR(:FSP_AFTER_LOGIN_URL, 1, INSTR(:FSP_AFTER_LOGIN_URL, '|',1,2)-1),5), '|', ':'); END IF;END IF;-- Perform the loginwwv_flow_custom_auth_std.login( P_UNAME => :P101_USERNAME, P_PASSWORD => :P101_PASSWORD, P_SESSION_ID => v('APP_SESSION'), p_flow_page => l_flow_page);END;
63
Creating the LaunchpadCreating the Launchpad
• The Launchpad will be unique in that it will be the only application in the Framework that has a login page
• It will also have a different authentication scheme than all other application in the framework
• Additional changes can be made to page 1, as this is the landing page for users who have access to more than 1 application
64
Application AliasApplication Alias
• Add the Application Alias “LAUNCHPAD” to Application 1000
• This way, we can refer to the LAUNCHPAD and not rely on the Application ID always being 1000
65
What is G_USER_ID?What is G_USER_ID?
• Surrogate Key for the USERS table
• Also an Application Item in the Launchpad
• Could have opted to use APP_USER, as that is typically a unique key
• However, as people change their names, there would be more maintenance involved in preserving auditing records or role reports
• Thus, the surrogate key will never change
• Allowing for variance in APP_USER, should it be desired
66
Setting G_USER_IDSetting G_USER_ID
• Set via the Application Attribute VPD PL/SQL Call to Set Security Context
• Not actually using VPD, but any code there is executed at the proper place to set the context for any purpose
st_fwk.set_ctx (p_user_name => :APP_USER, p_app_session => :APP_SESSION);
67
DBMS_SESSION.SET_CONTEXTDBMS_SESSION.SET_CONTEXT
dbms_session.set_context( namespace => 'ST_FWK_CTX', attribute => 'G_USER_ID', value => l_user_id, username => p_user_name, client_id => p_app_session);
68
G_USER_ID as a ContextG_USER_ID as a Context
• More efficient to use a Context in WHERE clauses
• Will only be evaluated once for X number of rows
• v('G_USER_ID') will be evaluated once per row for X number of rows
• Usage:WHERE user_id = SYS_CONTEXT('ST_FWK_CTX', 'G_USER_ID')
69
G_LAUNCHPAD_APP_IDG_LAUNCHPAD_APP_ID
• Also set with st_fwk.set_ctx
• Refers to the Launchpad Application ID
• Set as a variable to allow for a different ID to be used if 1000 is not available
70
Authentication SchemeAuthentication Scheme• The Launchpad will have its own Authentication Scheme
• ST Parent Authentication
• Session Not Valid Page
• 101
• Authentication Function
• RETURN st_fwk.auth_user
• Cookie Name
• ST
• Logout URL
• wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=&G_LAUNCHPAD_APP_ID.:1
71
Custom Authentication FunctionCustom Authentication Function
• Must have the following signature:
• p_username VARCHAR2
• p_password VARCHAR2
• And it must return a BOOLEAN
• Can be used for more than just a custom table that stores usernames & password
• Multiple LDAP servers
• Multiple authentication mechanisms based on username
72
st_fwk.auth_userst_fwk.auth_user
FUNCTION auth_user (p_username IN VARCHAR2, p_password IN VARCHAR2)RETURN BOOLEAN AS l_password_hash VARCHAR2(4000); l_stored_password_hash VARCHAR2(4000); l_expires_on DATE; l_count NUMBER;BEGINSELECT count(*) INTO l_count FROM st_users WHERE UPPER(user_name) = UPPER(p_username);if l_count > 0 then SELECT password, expires_on INTO l_stored_password_hash, l_expires_on FROM st_users WHERE user_name = p_username;
73
st_fwk.auth_userst_fwk.auth_user
IF l_expires_on > SYSDATE OR l_expires_on IS NULL THEN l_password_hash := hash_pw(p_password); IF l_password_hash = l_stored_password_hash THEN RETURN TRUE; ELSE RETURN FALSE; END IF; ELSE RETURN FALSE; END IF;ELSE RETURN FALSE;END IF;END auth_user;
74
Authorization SchemeAuthorization Scheme
• The Launchpad application has no authorization scheme associated with it
• Users with no roles will simply get a message stating such and will not be able to login to any other application
75
BranchesBranches• Create a Before Header Branch on Page 1
• Checks to see how many applications a user has access to
• Will branch directly to that application if the user only has access to a single application
• Otherwise, it will stay on Page 1 and display the Welcome page, allowing the user to choose which application to run
• Possible Enhancements:
• Remove this; always end up on Page 1
• Allow the user to choose and save a Default Application to branch to and go there
76
Logout PageLogout Page
• Page 102 is the Framework Logout Page
• Clears the context
• Logs the users out of the Framework
• More actions can occur here, is desired
-- Unset the contextdbms_session.clear_context( namespace => 'ST_FWK_CTX', client_id => v('APP_SESSION')); -- Process the logoutwwv_flow_custom_auth_std.logout( p_this_flow => v('G_LAUNCHPAD_APP_ID'), p_next_flow_page_sess => v('G_LAUNCHPAD_APP_ID') || ':1');
77
Framework FlowFramework Flow
App App 10001000App App 10001000
Page Page 101101
Page Page 101101
Page Page 11
Page Page 11
App App 10021002App App 10021002
11111111PagesPagesPagesPages
App App 10031003App App 10031003
11111111PagesPagesPagesPagesAuthenticateAuthenticate
78
Framework FlowFramework Flow
App App 10001000App App 10001000
Page Page 101101
Page Page 101101
Page Page 11
Page Page 11
App App 10021002App App 10021002
11111111PagesPagesPagesPages
App App 10031003App App 10031003
11111111PagesPagesPagesPagesAuthenticateAuthenticate
79
Framework FlowFramework Flow
App App 10001000App App 10001000
Page Page 101101
Page Page 101101
Page Page 11
Page Page 11
AuthenticateAuthenticate
App App 10021002App App 10021002
11111111PagesPagesPagesPages
App App 10031003App App 10031003
11111111PagesPagesPagesPages
80
Framework Framework Access ControlAccess Control
Application 1001
81
Access Control Application - App Access Control Application - App 10011001• Access to Framework Application is managed
by an APEX Application
• Mostly made up of out-of-the-box APEX components
• Born from cloning the Starter Application
• Subscriptions and Authentication/Authorization schemes are still in tact
• Access to the Access Control application is managed via the Access Control application
• Thus, you will need to seed the first application, user, role & role mapping with SQL*Plus
82
Access Control - OverviewAccess Control - Overview
• 8 Pages
• One of which is Page Zero
• 4 Reports
• Applications, Roles, Users, User Roles
• 4 Forms
• Applications, Roles, Users, User Roles
83
Additional Additional ApplicationsApplications
84
Additional ApplicationsAdditional Applications• As new applications are needed, the Starter
Application is cloned and used as a starting point
• All subscriptions to the Shared Components Master are preserved this way
• Development can then begin on the cloned application as normal
• Caution:
• If a developer removes or alters the Framework Authentication or Authorization Schemes, things will likely stop working
85
Retro-fitting an Existing Retro-fitting an Existing ApplicationApplication• Retro-fitting existing applications is just as simple
• Subscribe to the ST Child Authentication Scheme
• Make Current
• Subscribe to the App Gatekeeper Authorization Scheme
• Associate it at the application level
• Subscribe to Home & Logout Navigation Bar Entrires
• Configure application via the Framework Access Control application
• Add Application & Roles
• Assign Users to Roles
86
Mapping Existing Authorization Mapping Existing Authorization SchemesSchemes• Existing Authorization Schemes can be
mapped to Roles in the Framework
• Use the Member of Role: Demo example Authorization Scheme as a model
• PL/SQL Function Returning Boolean
• Passing in a Role Key will return TRUE if the currently signed on user is a member of the associated role defined in the Framework
• Otherwise, it will return FALSERETURN st_fwk.role_member( p_role_key => 'DEMO')
87
ST_FWK.ROLE_MEMBERST_FWK.ROLE_MEMBER
FUNCTION role_member (p_role_key IN VARCHAR2, p_app_id IN NUMBER DEFAULT nv('APP_ID'))RETURN BOOLEANIS l_count NUMBER;BEGINSELECT count(*) INTO l_count FROM st_role_users_v WHERE role_key = p_role_key AND application_id = p_app_id; IF l_count > 0 THEN RETURN TRUE;ELSE RETURN FALSE;END IF;EXCEPTION WHEN NO_DATA_FOUND THEN RETURN FALSE;END role_member;
88
DemonstrationDemonstration
89
DemonstrationDemonstration• Overview of the Access Control
application
• Creating a New Application
• Integrating it Into the Framework
• Changing a Template
• Pushing Changes to All Applications
• Integrating the APEX Sample Application
• Authentication Scheme
• Authorization Schemes
• Navigation Bar Entry
90
Practical Framework ApplicationsPractical Framework Applications• Manage Multiple Applications
• Module-based application
• Release and manage (and charge for) components individually
• Multiple code lines for multiple developers
• Easier to release a subset of functionality
• APEX does this
• White-listed Subset of Functionality
• Easier to secure a small application entirely than a small portion of a large application
91
SummarySummary
92
SummarySummary
• Consider implementing some sort of centralized framework in your APEX environment
• Sooner than Later
• It will pay for itself by means of:
• Centralized User & Role Management
• Better auditing capabilities
• Flexibility to adapt to both new and existing APEX investments
93
Download FilesDownload Files
http://sumnertechnologies.com/framework
http://sumnertechnologies.com
Copyright © 2009 Sumner Technologies - All Rights Reserved