10th Anniversary 1999 - 2009

Many-to-One: Managing Multiple APEX ApplicationsScott Spendolini, Sumner Technologies

2

General AnnouncementsGeneral Announcements

• Please turn off all cell phones/pagers

• If you must leave the session early, please do so as discreetly as possible

• Please avoid side conversations during the sessionThank you for your cooperation!

3

About Me About Me • Scott Spendolini

• scott@sumnertechnologies.com

• Ex-Oracle Employee of 10 years

• Senior Product Manager for Oracle APEXfrom 2002 through 2005

• Founded Sumner Technologiesin October 2005

• Oracle Ace Director

• Co-Author, Pro Oracle Application Express

• “Scott” on OTN Forums

4

AgendaAgenda

• Overview

• APEX Components

• Database Objects

• The Framework

• Demonstration

• Summary

5

OverviewOverview

6

Has This Happened to You?Has This Happened to You?• You’ve adopted APEX in your organization

• Based on a pilot project of a application or two

• It becomes successful. Wildly successful.

• APEX applications are popping up all over the place, leaving useless spreadsheets and desktop databases in their wake

• Others start to develop with APEX

• And start to release their own applications

• All of a sudden, your Access & Excel mess has simply moved from the client to the server

7

Common Early APEX Adoption Common Early APEX Adoption IssuesIssues• Multiple user accounts for the same person

• Some use APEX credentials, some use LDAP, others may use something else

• No single point of account management

• Because of the scattered nature of user accounts, it is difficult - if not impossible - to manage all accounts for a single user

• No centralized role management

• Impossible to tell which privileges a user has

• Each application deals with role management in its own different way

8

The SolutionThe Solution

• Develop and implement a centralized Framework which manages:

• Application Definitions

• Roles

• Users

• User to Role Mappings

• Other Components

• Themes/Templates

• Common Regions

• Navigation Bar Entries

9

Framework ComponentsFramework Components

• The Framework should provide:

• Single Sign On

• Single Point of User & Role Management

• Be extensible, yet simple

• Take advantage of APEX components as much as possible

• Easy to integrate

• New Development

• Existing Applications

10

Framework ComponentsFramework Components

• The Framework can also incorporate a number of other components useful for building multiple APEX applications

• Themes/Templates

• Associated Images & Cascading Style Sheets

• Navigation Bar Entries

• Lists of Values

• Shortcuts

11

Less is MoreLess is More

• Most importantly, the framework should also be easy for developers to use and extend as well as transparent to your users

12

APEX ComponentsAPEX Components

13

APEX ComponentsAPEX Components

• Most of what is required can be achieved with APEX components

• Very little custom code

• Which is almost 100% PL/SQL

• Important to understand how the APEX components work before trying to grasp the solution as a whole

14

APEX ComponentsAPEX Components• Shared Components

• Authentication Schemes

• Authorization Schemes

• Navigation Bar Entries

• Templates & Themes

• Page Zero

• APEX View

• APEX_APPLICATIONS

• Application Items & APEX_UTIL API

• APEX_UTIL.FETCH_APP_ITEM

15

Shared ComponentsShared Components

16

Shared ComponentsShared Components

• APEX components that can be shared:

• Within a single application

• In some cases, within multiple applications within a single workspace via Subscriptions

• Little known, less publicized underrated feature of APEX

• Subscriptions are the cornerstone of the Framework

17

SubscriptionsSubscriptions

• Feature of APEX that allow you to “link” shared components from one application to another within a workspace

• When changes are made to the “parent” component, they can be pushed (published) or pulled (refreshed) to/by the “child” component

• Allows changes of Shared Components to be centralized and easily synchronized amongst multiple applications

18

SubscriptionsSubscriptions

• Subscriptions work only within a single APEX Workspace

• Application IDs must be preserved when moving the framework from one instance of APEX to another

• Otherwise, all links will be broken

• But the applications will still work

19

““Subscribe-able” Shared Subscribe-able” Shared ComponentsComponents

20

Authentication SchemesAuthentication Schemes• APEX mechanism used to authenticate a user

• APEX contains a number of built-in schemes:

• LDAP

• Oracle Single Sign On

• APEX Credentials

• Database

• Open Door

• Custom

• None

21

Authentication SchemesAuthentication Schemes• The Framework uses a Custom Authentication

Scheme

• Stores usernames and hashed passwords in an Oracle table

• Easiest to demonstrate

• Does not require an additional server

• APEX Authentication is typically a one-time event

• APEX doesn’t care HOW you authenticate, just that you DO authenticate

• Thus, it would be trivial to change the Authentication Scheme to LDAP, for instance

• More robust approach for enterprise user management

22

Authorization SchemesAuthorization Schemes• What do you have access to?

• Can be associated with almost every APEX Component

• Application

• Page

• Region

• Item

• Report Column

• When scheme evaluates to TRUE, item renders or process executes

23

Authorization Scheme TypesAuthorization Scheme Types

• Several different types

• Exists/Not Exists SQL Query

• Item is NULL/NOT NULL

• Item Comparison

• PL/SQL Function

• Evaluation Point

• Per Page View vs. Per Session

24

Navigation Bar EntriesNavigation Bar Entries

• Links that appear on almost every page

• Typically used for common navigation control

• Home

• My Account

• Login/Logout

• Can link to either:

• Page

• URL

25

Themes & TemplatesThemes & Templates• Themes are collections of Templates

• Templates make up the UI of an application

• APEX ships with 20 pre-built Themes

• You can use one of them or make your own

• Less is More

• Recommend deleting 2/3 of the provided templates from any theme

• Will enforce consistency among your developers, causing your applications to look similar regardless of who developed them

26

Importance of Good DesignImportance of Good Design• Good design helps to convey credibility

• If you spend time on the design, then surely you also spent time on making the application work well

• Poor design leaves users wondering what other corners were cut

• If the design is bad, the application must be worse!

• Perception is reality, more often than not

• Phishing sites strive to look like those they are mimicing

27

Page ZeroPage Zero

• Page Zero is a special page

• Only contains Page Rendering UI components (Regions, Buttons & Items)

• Does not include Computations or Processes

• Items on Page Zero display on ALL pages in APEX unless conditionally restricted to do otherwise

28

Page ZeroPage Zero

• Common Uses:

• Breadcrumb Regions

• Lists

• Common Regions/Reports

• JavaScript Libraries

29

Page ZeroPage Zero

30

APEX ViewsAPEX Views• Set of pre-created views which provide access to

the APEX metadata

• Utilities > APEX Views

• List of all views and descriptions of their columns

• Can also be accessed via SQL Developer

• Views can be incorporated into your own applications

• Reuse APEX metadata to supplement your application's data

• Use to render a list of Applications and their properties rather than maintaining your own parallel list

31

APEX_UTIL APIAPEX_UTIL API

• Application Items cannot technically be subscribed to from other applications

• However, you can determine the value of any APEX Application Item in any application in the same workspace by using the API: APEX_UTIL.FETCH_APP_ITEM

• Not well documented, but definitely supportedAPEX_UTIL.FETCH_APP_ITEM( p_item IN VARCHAR2, p_app IN NUMBER DEFAULT NULL, p_session IN NUMBER DEFAULT NULL) RETURN VARCHAR2;

32

Database ObjectsDatabase Objects

33

Database ObjectsDatabase Objects• Application Definitions, Users, Roles and Role

Assignments are all managed in a set of tables

• Could use LDAP to do the same and retrofit into the framework relatively easily

• Schema Objects consist of:

• 1 Context

• 4 Tables

• 8 Triggers

• 2 Views

• 1 Package

• 4 Functions & 2 Procedures

34

ER DiagramER Diagram

ST_ROLE_USERSST_ROLE_USERSST_ROLE_USERSST_ROLE_USERS

ST_ROLESST_ROLESST_ROLESST_ROLES

ST_USERSST_USERSST_USERSST_USERS

ST_APPLICATIONSST_APPLICATIONSST_APPLICATIONSST_APPLICATIONS

35

ST_APPLICATIONSST_APPLICATIONS

• Stores metadata about each application that is a part of the framework

• Most data about an application will be derived from the APEX_APPLICATION view

ST_APPLICATIONS------------------------------------------------------APPLICATION_ID NOT NULL NUMBER ACTIVE_FLAG NOT NULL VARCHAR2(1) DESCRIPTION VARCHAR2(4000) CREATED_BY NUMBER CREATED_ON DATE UPDATED_BY NUMBER UPDATED_ON DATE

36

ST_USERSST_USERS

• Stores user information, such as USER_ID, USER_NAME and hashed PASSWORD

• Triggers will automatically hash the password and store the hash, not the actual password

ST_USERS-----------------------------------------------------USER_ID NOT NULL NUMBER USER_NAME NOT NULL VARCHAR2(255) PASSWORD NOT NULL VARCHAR2(255) EXPIRES_ON DATE CREATED_BY NUMBER CREATED_ON DATE UPDATED_BY NUMBER UPDATED_ON DATE

37

ST_ROLESST_ROLES

• Stores the roles for a given application

• Roles are related via a parent-child relationship

• Not used in this demo, but could be activated

ST_ROLES------------------------------------------------------ROLE_ID NOT NULL NUMBER PARENT_ROLE_ID NUMBER APPLICATION_ID NOT NULL NUMBER ROLE_NAME NOT NULL VARCHAR2(255) ROLE_KEY NOT NULL VARCHAR2(255) DESCRIPTION VARCHAR2(4000) CREATED_BY NUMBER CREATED_ON DATE UPDATED_BY NUMBER UPDATED_ON DATE

38

ST_ROLE_USERSST_ROLE_USERS

• Intersect table that links Roles to Users

ST_ROLE_USERS----------------------------------------------ROLE_USER_ID NOT NULL NUMBER ROLE_ID NOT NULL NUMBER USER_ID NOT NULL NUMBER CREATED_BY NUMBER CREATED_ON DATE UPDATED_BY NUMBER UPDATED_ON DATE

39

PackagesPackages

• ST_FWK

• PROCEDURE logout

• PROCEDURE set_ctx

• FUNCTION hash_pw

• FUNCTION auth_user

• FUNCTION app_gatekeeper

• FUNCTION role_member

40

ViewsViews

• Two views that assist in simplifying the interaction with the data model

• ST_ROLE_USERS_V

• Lists all active roles for a the currently signed on user

• ST_USER_APPLICATIONS_V

• Lists all active applications that any user has at leastone active role in

41

ContextContext

• st_fwk_ctx

• Context created to store the G_USER_ID parameter

42

The FrameworkThe Framework

43

Framework ApplicationsFramework Applications• Four applications make up the core framework

• Shared Components Master (999)

• Will never be run, but its shared components are used by all other applications

• Starter Application (998)

• Will never be run, but used to clone all additional applications

• Launchpad (1000)

• Framework Access Control (1001)

• Any number of “child” applications can be easily added to the Framework

44

Shared Components Shared Components MasterMaster

Application 999

45

Shared Components Master - App Shared Components Master - App 999999• Sole purpose is to store all Shared

Components that will be subscribed to by all other applications

• There are no pages in this application, since no end user should ever need to (or be able to) login to it

• Any and all changes/additions to the subscribed shared components should be done here and published/subscribed to each subscriber

• Most changes will be done to the templates

46

Shared Components Master Shared Components Master ContentsContents• Authentication Scheme

• ST Child Authentication

• Authorization Scheme

• Application Gatekeeper

• Navigation Bar Entries

• Home

• Logout

• Themes/Templates

• SumnerTheme

47

Authentication SchemeAuthentication Scheme

• ST Child Authentication

• Acts as a pointer to the Launchpad application

• All authentication occurs only at the Launchpad

• Session Not Valid URL

• f?p=LAUNCHPAD:101

• Cookie Name

• ST

• Logout URL

• f?p=&G_LAUNCHPAD_APP_ID.:102:&SESSION.

48

Authorization SchemesAuthorization Schemes

• Application Gatekeeper

• Checks to see if a specific user has at least one active role for a specific application

• If so, then the user can access the application

• PL/SQL Function Returning BOOLEAN

• Evaluates for Every Page View

RETURN st_fwk.app_gatekeeper( p_app_id => :APP_ID, p_app_user => :APP_USER);

49

ST_FWK.APP_GATEKEEPERST_FWK.APP_GATEKEEPER

FUNCTION app_gatekeeper (p_app_id IN NUMBER, p_app_user IN VARCHAR2)RETURN BOOLEANIS l_user_id st_users.user_id%TYPE; l_count NUMBER;BEGINSELECT count(*) INTO l_count FROM st_role_users_v WHERE application_id = p_app_id;IF l_count > 0 THEN RETURN TRUE;ELSE RETURN FALSE;END IF;EXCEPTION WHEN NO_DATA_FOUND THEN RETURN FALSE;END app_gatekeeper;

50

Navigation Bar EntriesNavigation Bar Entries• Home

• Redirects to the home page of the Launchpad Application

• URL Target:

n f?p=ST:1:&APP_SESSION.

• Logout

• Logs out of the suite of applications

• URL Target:

• &LOGOUT_URL.

• Which will be replaced with the value of Logout URL from the current Authentication Scheme

51

Themes/TemplatesThemes/Templates• SumnerTheme

• Set of pre-built custom templates

• Could be a built-in APEX theme/templates as well

• Only a total of 26 templates are included in SumnerTheme as compared to about 70-80 for the APEX built-in themes

• Most templates in the built-in themes are not needed and can be safely and easily removed

• Additional templates can be added to this application and published/subscribed as needed

52

Starter ApplicationStarter ApplicationApplication 998

53

Starter Application - App 998Starter Application - App 998• The Starter Application will have all of the

Shared Component subscriptions established

• Thus, they are linked back to the Shared Components Master application

• This application will be the starting point for all NEW applications that will be a part of your suite

• No longer need to use Create Application

• Instead, start by Copying this application

54

Shared Component SubscriptionsShared Component Subscriptions

• Subscribe to and Associate the Authorization Scheme Application Gatekeeper at the Application Level

• Subscribe to and make the Authentication Scheme ST Child Authentication current and delete all others

• Subscribe to the Navigation Bar Entries Home and Logout and delete all others

55

Shared Component SubscriptionsShared Component Subscriptions• Subscribe to each of the Templates in the theme

SumnerTheme

• There is no easy way to do this

• You must do each one individually

• Best approach:

• Get a nice cup of coffee/tea

• Export the theme from the Subscription Master

• Import it into the Starter Application

• Edit each template in the Starter Application and subscribe it back to the corresponding one in the Subscription Master

56

ComponentsComponents• Page Zero

• Pre-created Page Zero for items residing on multiple pages

• “My Applications” Report

• Lists all applications a given user has access to

• Pre-created Breadcrumb for site navigation and placed it on Page Zero

• Page One also has an entry pre-created in the breadcrumb

• No Login Page

• Since all authentication will be done at the Launchpad, there is no need to preserve the login page in the Starter Application

57

ComponentsComponents

• Call to Set Security Context

• Used to set both G_USER_ID & G_LAUNCHPAD_APP_ID

• Called from Security Attributes of Application Properties

58

Additional ComponentsAdditional Components

• Any additional non-subscribe-able shared component or Page Zero items that you want all of your applications to have should be set up here

• Take the time to think this through, as its a lot easier to do it now verses when you have 20 applications up and running

59

LaunchpadLaunchpadApplication 1000

60

Launchpad Application - App 1000Launchpad Application - App 1000• The Launchpad will:

• Provide centralized authentication services for the suite of applications

• Any unauthenticated session will end up here

• All logins will occur on Page 101 of this application

• All logouts will occur on Page 102 of this application

• Provide a “home” page that users will see should they have access to more than one application

• Or automatically redirect the user to a single application, if that is all they have access to

61

Deep LinkingDeep Linking

• The Launchpad Application supports “deep linking”

• Linking to a specific APEX application & page, typically from a bookmark

• Done in the Login process on Page 101

• Uses the APEX item FSP_AFTER_LOGIN_PAGE

• Which is set automatically by the APEX engine

62

Login Process on Page 101Login Process on Page 101

DECLARE l_count NUMBER; l_flow_page VARCHAR2(4000);BEGINIF :FSP_AFTER_LOGIN_PAGE IS NULL THEN l_flow_page := :APP_ID || ':1';ELSE -- Count the number of |s in the FSP_AFTER_LOGIN_URL item SELECT INSTR(:FSP_AFTER_LOGIN_URL, '|', 1) INTO l_count FROM dual; IF l_count = 1 THEN -- Session ID is NOT included l_flow_page := REPLACE(SUBSTR(:FSP_AFTER_LOGIN_URL, 5),'|',':'); ELSE -- Session ID is included l_flow_page := REPLACE(SUBSTR(SUBSTR(:FSP_AFTER_LOGIN_URL, 1, INSTR(:FSP_AFTER_LOGIN_URL, '|',1,2)-1),5), '|', ':'); END IF;END IF;-- Perform the loginwwv_flow_custom_auth_std.login( P_UNAME => :P101_USERNAME, P_PASSWORD => :P101_PASSWORD, P_SESSION_ID => v('APP_SESSION'), p_flow_page => l_flow_page);END;

63

Creating the LaunchpadCreating the Launchpad

• The Launchpad will be unique in that it will be the only application in the Framework that has a login page

• It will also have a different authentication scheme than all other application in the framework

• Additional changes can be made to page 1, as this is the landing page for users who have access to more than 1 application

64

Application AliasApplication Alias

• Add the Application Alias “LAUNCHPAD” to Application 1000

• This way, we can refer to the LAUNCHPAD and not rely on the Application ID always being 1000

65

What is G_USER_ID?What is G_USER_ID?

• Surrogate Key for the USERS table

• Also an Application Item in the Launchpad

• Could have opted to use APP_USER, as that is typically a unique key

• However, as people change their names, there would be more maintenance involved in preserving auditing records or role reports

• Thus, the surrogate key will never change

• Allowing for variance in APP_USER, should it be desired

66

Setting G_USER_IDSetting G_USER_ID

• Set via the Application Attribute VPD PL/SQL Call to Set Security Context

• Not actually using VPD, but any code there is executed at the proper place to set the context for any purpose

st_fwk.set_ctx (p_user_name => :APP_USER, p_app_session => :APP_SESSION);

67

DBMS_SESSION.SET_CONTEXTDBMS_SESSION.SET_CONTEXT

dbms_session.set_context( namespace => 'ST_FWK_CTX', attribute => 'G_USER_ID', value => l_user_id, username => p_user_name, client_id => p_app_session);

68

G_USER_ID as a ContextG_USER_ID as a Context

• More efficient to use a Context in WHERE clauses

• Will only be evaluated once for X number of rows

• v('G_USER_ID') will be evaluated once per row for X number of rows

• Usage:WHERE user_id = SYS_CONTEXT('ST_FWK_CTX', 'G_USER_ID')

69

G_LAUNCHPAD_APP_IDG_LAUNCHPAD_APP_ID

• Also set with st_fwk.set_ctx

• Refers to the Launchpad Application ID

• Set as a variable to allow for a different ID to be used if 1000 is not available

70

Authentication SchemeAuthentication Scheme• The Launchpad will have its own Authentication Scheme

• ST Parent Authentication

• Session Not Valid Page

• 101

• Authentication Function

• RETURN st_fwk.auth_user

• Cookie Name

• ST

• Logout URL

• wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=&G_LAUNCHPAD_APP_ID.:1

71

Custom Authentication FunctionCustom Authentication Function

• Must have the following signature:

• p_username VARCHAR2

• p_password VARCHAR2

• And it must return a BOOLEAN

• Can be used for more than just a custom table that stores usernames & password

• Multiple LDAP servers

• Multiple authentication mechanisms based on username

72

st_fwk.auth_userst_fwk.auth_user

FUNCTION auth_user (p_username IN VARCHAR2, p_password IN VARCHAR2)RETURN BOOLEAN AS l_password_hash VARCHAR2(4000); l_stored_password_hash VARCHAR2(4000); l_expires_on DATE; l_count NUMBER;BEGINSELECT count(*) INTO l_count FROM st_users WHERE UPPER(user_name) = UPPER(p_username);if l_count > 0 then SELECT password, expires_on INTO l_stored_password_hash, l_expires_on FROM st_users WHERE user_name = p_username;

73

st_fwk.auth_userst_fwk.auth_user

IF l_expires_on > SYSDATE OR l_expires_on IS NULL THEN l_password_hash := hash_pw(p_password); IF l_password_hash = l_stored_password_hash THEN RETURN TRUE; ELSE RETURN FALSE; END IF; ELSE RETURN FALSE; END IF;ELSE RETURN FALSE;END IF;END auth_user;

74

Authorization SchemeAuthorization Scheme

• The Launchpad application has no authorization scheme associated with it

• Users with no roles will simply get a message stating such and will not be able to login to any other application

75

BranchesBranches• Create a Before Header Branch on Page 1

• Checks to see how many applications a user has access to

• Will branch directly to that application if the user only has access to a single application

• Otherwise, it will stay on Page 1 and display the Welcome page, allowing the user to choose which application to run

• Possible Enhancements:

• Remove this; always end up on Page 1

• Allow the user to choose and save a Default Application to branch to and go there

76

Logout PageLogout Page

• Page 102 is the Framework Logout Page

• Clears the context

• Logs the users out of the Framework

• More actions can occur here, is desired

-- Unset the contextdbms_session.clear_context( namespace => 'ST_FWK_CTX', client_id => v('APP_SESSION')); -- Process the logoutwwv_flow_custom_auth_std.logout( p_this_flow => v('G_LAUNCHPAD_APP_ID'), p_next_flow_page_sess => v('G_LAUNCHPAD_APP_ID') || ':1');

77

Framework FlowFramework Flow

App App 10001000App App 10001000

Page Page 101101

Page Page 101101

Page Page 11

Page Page 11

App App 10021002App App 10021002

11111111PagesPagesPagesPages

App App 10031003App App 10031003

11111111PagesPagesPagesPagesAuthenticateAuthenticate

78

Framework FlowFramework Flow

App App 10001000App App 10001000

Page Page 101101

Page Page 101101

Page Page 11

Page Page 11

App App 10021002App App 10021002

11111111PagesPagesPagesPages

App App 10031003App App 10031003

11111111PagesPagesPagesPagesAuthenticateAuthenticate

79

Framework FlowFramework Flow

App App 10001000App App 10001000

Page Page 101101

Page Page 101101

Page Page 11

Page Page 11

AuthenticateAuthenticate

App App 10021002App App 10021002

11111111PagesPagesPagesPages

App App 10031003App App 10031003

11111111PagesPagesPagesPages

80

Framework Framework Access ControlAccess Control

Application 1001

81

Access Control Application - App Access Control Application - App 10011001• Access to Framework Application is managed

by an APEX Application

• Mostly made up of out-of-the-box APEX components

• Born from cloning the Starter Application

• Subscriptions and Authentication/Authorization schemes are still in tact

• Access to the Access Control application is managed via the Access Control application

• Thus, you will need to seed the first application, user, role & role mapping with SQL*Plus

82

Access Control - OverviewAccess Control - Overview

• 8 Pages

• One of which is Page Zero

• 4 Reports

• Applications, Roles, Users, User Roles

• 4 Forms

• Applications, Roles, Users, User Roles

83

Additional Additional ApplicationsApplications

84

Additional ApplicationsAdditional Applications• As new applications are needed, the Starter

Application is cloned and used as a starting point

• All subscriptions to the Shared Components Master are preserved this way

• Development can then begin on the cloned application as normal

• Caution:

• If a developer removes or alters the Framework Authentication or Authorization Schemes, things will likely stop working

85

Retro-fitting an Existing Retro-fitting an Existing ApplicationApplication• Retro-fitting existing applications is just as simple

• Subscribe to the ST Child Authentication Scheme

• Make Current

• Subscribe to the App Gatekeeper Authorization Scheme

• Associate it at the application level

• Subscribe to Home & Logout Navigation Bar Entrires

• Configure application via the Framework Access Control application

• Add Application & Roles

• Assign Users to Roles

86

Mapping Existing Authorization Mapping Existing Authorization SchemesSchemes• Existing Authorization Schemes can be

mapped to Roles in the Framework

• Use the Member of Role: Demo example Authorization Scheme as a model

• PL/SQL Function Returning Boolean

• Passing in a Role Key will return TRUE if the currently signed on user is a member of the associated role defined in the Framework

• Otherwise, it will return FALSERETURN st_fwk.role_member( p_role_key => 'DEMO')

87

ST_FWK.ROLE_MEMBERST_FWK.ROLE_MEMBER

FUNCTION role_member (p_role_key IN VARCHAR2, p_app_id IN NUMBER DEFAULT nv('APP_ID'))RETURN BOOLEANIS l_count NUMBER;BEGINSELECT count(*) INTO l_count FROM st_role_users_v WHERE role_key = p_role_key AND application_id = p_app_id; IF l_count > 0 THEN RETURN TRUE;ELSE RETURN FALSE;END IF;EXCEPTION WHEN NO_DATA_FOUND THEN RETURN FALSE;END role_member;

88

DemonstrationDemonstration

89

DemonstrationDemonstration• Overview of the Access Control

application

• Creating a New Application

• Integrating it Into the Framework

• Changing a Template

• Pushing Changes to All Applications

• Integrating the APEX Sample Application

• Authentication Scheme

• Authorization Schemes

• Navigation Bar Entry

90

Practical Framework ApplicationsPractical Framework Applications• Manage Multiple Applications

• Module-based application

• Release and manage (and charge for) components individually

• Multiple code lines for multiple developers

• Easier to release a subset of functionality

• APEX does this

• White-listed Subset of Functionality

• Easier to secure a small application entirely than a small portion of a large application

91

SummarySummary

92

SummarySummary

• Consider implementing some sort of centralized framework in your APEX environment

• Sooner than Later

• It will pay for itself by means of:

• Centralized User & Role Management

• Better auditing capabilities

• Flexibility to adapt to both new and existing APEX investments

93

Download FilesDownload Files

http://sumnertechnologies.com/framework

http://sumnertechnologies.com

Copyright © 2009 Sumner Technologies - All Rights Reserved