More Related Content
Similar to APEX Behind the Scenes by Scott Spendolini (20)
APEX Behind the Scenes by Scott Spendolini
- 2. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Welcome
2
- 3. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ABOUT THE PRESENTER
ā¢ Scott Spendolini
ā¢ scott@sumneva.com
ā¢ @sspendol
ā¢ Ex-Oracle Employee of 10 years
ā¢ Senior Product Manager for Oracle APEX
from 2002 through 2005
ā¢ Founded Sumner Technologies
in October 2005
ā¢ Co-Founded Sumneva in January 2010
ā¢ Oracle Ace Director
ā¢ Co-Author,
Pro Oracle Application Express
ā¢ āScottā on OTN Forums
3
- 4. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ABOUT SUMNEVA
4
ā¢ Specializing in Oracle Application Express
ā¢ Training
ā¢ Instructor Led On-Site or Online
ā¢ Private & Public
ā¢ Consulting
ā¢ Anything APEX-related
ā¢ Solutions/Products
ā¢ sumnevaSERT
ā¢ sumnevaFramework
- 5. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AGENDA
ā¢ Overview
ā¢ Primer
ā¢ Behind the Scenes
ā¢ Summary
5
- 6. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Overview
6
- 7. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
OVERVIEW
7
ā¢ APEX is an amazing development environment
ā¢ Few others are as fast & as robust
ā¢ But, do you really know what happens once you click
submit?
- 8. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ā¢ APEX is not magic
ā¢ Thereās a method to everything that goes on
ā¢ Most of which is more basic
than you may think
ā¢ Weāll dispel some of the
āmagicā today, so that you
truly understand how this
amazing technology works
BEHIND THE CURTAIN
8
- 9. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
KISS: KEEP IT SIMPLE, STUPID!
ā¢ For this session, weāre going to focus on the
internals of APEX, not the complexity of the
application
ā¢ This, our example will be extremely simple
ā¢ 2 Pages
ā¢ Login Page
ā¢ Blank Page
9
- 10. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Primer
10
- 11. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PRIMER
11
ā¢ Before we begin, letās review a couple of basic
concepts
ā¢ Terminology
ā¢ HTML Form Basics
ā¢ wwv_ļ¬ow Overview
- 12. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Terminology
12
- 13. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
TERMINOLOGY
13
ā¢ Much of APEXās internal APIs and variables still use the
older names
ā¢ Most of which is based on
Oracle Flows terminology
ā¢ Subsequent versions of APEX
include APIs & variables that start
with the APEX_ preļ¬x
ā¢ Thus, to understand the internals
of APEX, you need to be able
to map legacy term to
modern ones
- 14. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
TERMINOLOGY
14
Legacy Name Modern Name
Company Workspace
Flow Application
Step Page
Plug Region
Instance Session
Request Request
Debug Debug
- 15. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
HTML Form Basics
15
- 16. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
HTML FORM BASICS
16
ā¢ HTML Forms are used to pass data to a server
ā¢ Used by all web pages on the internet
ā¢ Regardless of the underlying technology
ā¢ Forms contain items which are passed as parameters
to the form action
ā¢ Text Field
ā¢ Radio Group
ā¢ Select List
ā¢ And so on...
- 17. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ā¢ Each HTML Form has to have a form tag and a way
to submit it
ā¢ Can optionally have input tags; most have several
ā¢ The form tag will have the following attributes:
ā¢ Name
ā¢ Action
ā¢ Method
ā¢ ID
HTML FORM BASICS
17
- 18. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
HTML FORM BASICS
ā¢ All HTML forms start like this:
18
<form action="form_action.asp" method="post"
name="my_form" id="myForm">
Procedure
Name
HTTP
Method
Form
Name
Form ID
- 19. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET VS. POST
19
ā¢ All HTTP & HTTPS transactions for every web site
ever fall into one of two categories:
ā¢ GET
ā¢ POST
- 20. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET
ā¢ Typically involves passing parameters over the URL to a procedure
ā¢ More āusableā than POST
ā¢ Can be:
ā¢ Bookmarked
ā¢ Cached
ā¢ Remain in browser history
ā¢ Distributed & shared
ā¢ Hacked
ā¢ In APEX-speak, this is also known as Page Rendering and
handled by wwv_ļ¬ow.show
20
- 21. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
POST
ā¢ When a web page āsendsā form data to the server
directly
ā¢ Using the attributes of the form to determine which server
process to execute
ā¢ Item names will also map to the form processās input parameters
ā¢ Typically used to change or update data on the
server
ā¢ Thus, POST requests are never cached
ā¢ In APEX-speak, this is also known as Page Processing
and handled by wwv_ļ¬ow.accept
21
- 22. D E M O N S T R A T I O N
Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET vs. POST
22
- 23. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_ļ¬ow Overview
23
- 24. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
QUESTION
24
ā¢ What does āWWVā stand for?
WebView
- 25. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW
25
ā¢ wwv_ļ¬ow is essentially APEX
ā¢ Contains many global variables, as well as several
functions & procedures
ā¢ Some of which you can use, other which are internal only
ā¢ Weāll focus on just a couple of them:
ā¢ accept
ā¢ show
- 26. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
BASIC HTML FORM
26
<form action="form_action.asp" method="post"
name="my_form" id="myForm">
Procedure
Name
HTTP
Method
Form
Name
Form ID
- 27. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX HTML FORM
27
<form action="wwv_flow.accept" method="post"
name="wwv_flow" id="wwvFlowForm">
Procedure
Name
HTTP
Method
Form
Name
Form ID
- 28. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT
ā¢ PL/SQL package.procedure that APEX calls when
POSTing pages
ā¢ Called for every APEX page thatās submitted
ā¢ Contains a number of parameters which are populated based
on a combination of system-deļ¬ned variables and
what the user enters into the form items
28
- 29. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX_040000 SCHEMA
ā¢ A lot can be learned about the internals of APEX by
browsing the APEX_040000 schema
ā¢ However, NEVER, EVER, EVER make any changes
to anything here!
ā¢ If you want to explore this schema,
its best done on an isolated,
private instance of APEX
ā¢ Oracle XE
ā¢ VMWare/Virtual Box/etc.
29
- 30. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX
Behind the Scenes
30
- 31. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
The f Procedure
31
- 32. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
THE f PROCEDURE
32
ā¢ Letās start by navigating to our URL:
ā¢ http://localhost:8080/apex/f?p=181:1
- 33. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
THE f PROCEDURE
ā¢ The string 181:1 is passed to the p parameter of the
f procedure
33
PROCEDURE f
Argument Name Type In/Out Default?
------------------------------ -----------------------
P VARCHAR2 IN DEFAULT
P_SEP VARCHAR2 IN DEFAULT
P_TRACE VARCHAR2 IN DEFAULT
C VARCHAR2 IN DEFAULT
PG_MIN_ROW VARCHAR2 IN DEFAULT
PG_MAX_ROWS VARCHAR2 IN DEFAULT
PG_ROWS_FETCHED VARCHAR2 IN DEFAULT
FSP_REGION_ID VARCHAR2 IN DEFAULT
SUCCESS_MSG VARCHAR2 IN DEFAULT
NOTIFICATION_MSG VARCHAR2 IN DEFAULT
CS VARCHAR2 IN DEFAULT
S VARCHAR2 IN DEFAULT
TZ VARCHAR2 IN DEFAULT
P_LANG VARCHAR2 IN DEFAULT
P_TERRITORY VARCHAR2 IN DEFAULT
181:1
- 34. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
THE f PROCEDURE
ā¢ The f procedure will then tokenize the p parameter
into its component parts and call the
wwv_ļ¬ow.show procedure
34
PROCEDURE SHOW
Argument Name Type In/Out Default?
--------------------------------------------------------------
P_REQUEST VARCHAR2 IN DEFAULT
P_INSTANCE VARCHAR2 IN DEFAULT
P_FLOW_ID VARCHAR2 IN DEFAULT
P_FLOW_STEP_ID VARCHAR2 IN DEFAULT
P_DEBUG VARCHAR2 IN DEFAULT
P_ARG_NAMES TABLE OF VARCHAR2(32767) IN DEFAULT
P_ARG_VALUES TABLE OF VARCHAR2(32767) IN DEFAULT
P_CLEAR_CACHE TABLE OF VARCHAR2(32767) IN DEFAULT
P_BOX_BORDER VARCHAR2 IN DEFAULT
P_PRINTER_FRIENDLY VARCHAR2 IN DEFAULT
P_TRACE VARCHAR2 IN DEFAULT
P_COMPANY NUMBER IN DEFAULT
P_MD5_CHECKSUM VARCHAR2 IN DEFAULT
P_LAST_BUTTON_PRESSED VARCHAR2 IN DEFAULT
P_ARG_NAME VARCHAR2 IN DEFAULT
P_ARG_VALUE VARCHAR2 IN DEFAULT
181
1
- 35. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_ļ¬ow.show
35
- 36. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW
36
ā¢ Procedure that handles all APEX page rendering
or GETs
ā¢ Called most often by the f?p procedure in the URL
ā¢ Also used in Ajax transactions
ā¢ The f procedure will decompose p= to its
component parameters and then call
wwv_ļ¬ow.show
- 37. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
ā¢ p_ļ¬ow_id
ā¢ Application ID
ā¢ p_ļ¬ow_step_id
ā¢ Page ID
ā¢ p_instance
ā¢ Session ID
ā¢ p_request
ā¢ Request
37
- 38. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
ā¢ p_debug
ā¢ Debug Mode
ā¢ āYESā to enable;āNOā or NULL to disable
ā¢ p_clear_cache
ā¢ Clear Cache & Reset Pagination
38
- 39. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
ā¢ p_arg_names
ā¢ p_arg_name used when passing a single item
ā¢ p_arg_values
ā¢ p_arg_value used when passing a single value
ā¢ p_printer_friendly
ā¢ Printer Friendly mode
ā¢ āYESā to enable;āNOā or NULL to disable
39
- 40. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.SHOW PARAMETERS
ā¢ p_trace
ā¢ When passed āYESā,APEX will generate a SQL trace ļ¬le
based on the current page view
ā¢ Done in the background so that it does not slow down processing
ā¢ A SQL trace ļ¬le will be generated in $ORACLE_BASE/
admin/SID/udump
ā¢ The SQL trace ļ¬le can then be analyzed with TKPROF,
Proļ¬ler, SQL Developer or any number of other tools
ā¢ Note:You will need ļ¬lesystem access to get to the trace ļ¬le;
thus you may need to seek help from your DBA/system admin
40
- 41. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SAME THING
41
http://localhost/apex/wwv_flow.show?
p_flow_id=181
&p_flow_step_id=2
&p_instance=292381000
&p_arg_names=P2_EMPNO
&p_arg_values=7499
http://localhost/apex/f?
p=181:2:292381000::::P2_EMPNO:7499
- 42. D E M O N S T R A T I O N
Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_ļ¬ow.show
42
- 43. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Rendering
43
- 44. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE RENDERING
ā¢ APEX will render a page
ļ¬rst by display/render
position
ā¢ Multiple components within
the same display/render
position can be sequenced
accordingly
ā¢ At any point, any
component can be
conditional and may or
may not render
44
- 45. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS Parameters
45
- 46. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS PARAMETERS
ā¢ National Language Settings (NLS) parameters must be
set for each and every page view
ā¢ Seems inefļ¬cient, but there is no way to guarantee
that an APEX session will be linked to the same database
session from page view to page view
ā¢ Thus, we need to set these each and every time
46
- 47. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS PARAMETERS
ā¢ Some NLS settings can be managed from within
an APEX application
ā¢ Shared Components > Globalization
ā¢ All can be set from the value of an APEX item
ā¢ Allowing for ļ¬exibility between users of the same application
47
- 48. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS PARAMETERS
ā¢ Built-in NLS settings will show up in the APEX Debug
mode report at the very top of the report
ā¢ If needed, you can also manually set additional
NLS Parameters
48
- 49. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
MANUALLY SETTING NLS PARAMETERS
ā¢ For those not available in the Globalization options,
you will need to manually set them via:
ā¢ VPD Context
ā¢ Part of the Authentication Scheme
ā¢ Application Computation
ā¢ Before Header
ā¢ Application Process
ā¢ Before Header
49
EXECUTE IMMEDIATE 'alter session set
nls_date_format=''mm/dd/yyyy'' ';
- 50. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
MANUALLY SETTING NLS PARAMETERS
50
VPD Context
Computation
Process
- 51. D E M O N S T R A T I O N
Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
NLS Parameters
51
- 52. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Session Management
52
- 53. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
ā¢ After NLS Parameters are set,APEX checks to see if
you are logged in or not
ā¢ APEX will also check to see if you are also logged in a
developer in the same workspace as the application
which you are running
ā¢ If so, then you will also see the developerās toolbar:
53
- 54. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ā¢ Debug log of an unauthenticated session vs. an
authenticated session
SESSION MANAGEMENT
54
Unauthenticated Session
Authenticated Session
- 55. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
55
ā¢ By default, this functionality is built in to APEX
and does not need to be enabled
ā¢ You can override APEXās session management, but you
better know what you are doing!
ā¢ If you choose to implement your own Page Session
Management, it is controlled via either the Page
Sentry Function or Session Verify Function
in the Authorization Scheme
- 56. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
ā¢ When a session is not valid,APEX will redirect to one
of two places:
ā¢ Session Not Valid Page
ā¢ If a page is selected here, that page will by default become accessible
by anyone, even if they are not authenticated
ā¢ Session Not Valid URL
ā¢ Can specify the Built In Login Page or SSO/Portal here, as well
as your own function or URL
56
- 57. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
57
- 58. D E M O N S T R A T I O N
Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Session NotValid
58
- 59. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE SENTRY & SESSION VERIFY
59
ā¢ APEX provides the ability to take over session
management entirely
ā¢ Page Sentry Function
ā¢ Executed before EVERY APEX page view
ā¢ Can check any criteria to determine if the session is valid
ā¢ Session Verify Function
ā¢ Determines whether or not a valid session exists
ā¢ Can only use one of these, not both
- 60. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SESSION MANAGEMENT
60
Page Sentry
Function
Session Verify
Function
- 61. D E M O N S T R A T I O N
Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Sentry Function
61
- 62. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Authentication
62
- 63. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
ā¢ What happens next depends on whether the user is
authenticated or not
63
Authenticated:
Continue to Display Page Requested
Unauthenticated:
Redirect to Login Page deļ¬ned in the
Authentication Scheme
- 64. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
ā¢ Since we are not yet authenticated,APEX will
redirect to the Login Page
ā¢ Which will run through the Page Rendering phase
ā¢ NLS Parameters
ā¢ Page Session Management
ā¢ Which will pass this time, as the Login Page will display to an
unauthenticated user
ā¢ Computations
ā¢ Processes
ā¢ Regions
64
- 65. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Components
65
- 66. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
GET USERNAME COOKIE PROCESS
ā¢ Process that will check to see if there is an APEX
username stored in the APEX session cookie
ā¢ If so, it will set the default value of P101_USERNAME to
this value
66
declare
v varchar2(255) := null;
c owa_cookie.cookie;
begin
c := owa_cookie.get('LOGIN_USERNAME_COOKIE');
:P101_USERNAME := c.vals(1);
exception when others then null;
end;
- 67. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGIN_USERNAME_COOKIE
67
Username
Hostname
DAD
Require SSL
Expiration
Cookie Name
- 68. D E M O N S T R A T I O N
Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
APEX User Cookie
68
- 69. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
DISPLAY REGIONS
69
ā¢ After attempting to set the cookie,APEX will render
the regions & items on the page in their
corresponding order
- 70. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Page Processing
70
- 71. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE PROCESSING
ā¢ APEX will process a page ļ¬rst by
process position
ā¢ Multiple components within the same
display/render position can be
sequenced accordingly
ā¢ At any point, any component can be
conditional and may or may not
render
71
- 72. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE PROCESSING
ā¢ Letās enter our username & password and click
Login to start processing our page
72
- 73. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
PAGE PROCESSING
ā¢ When the Login button is clicked,APEX will POST a
transaction to the server
ā¢ We can use Web Developer to see the
parameters it will pass to wwv_ļ¬ow.accept
73
- 74. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
DISPLAY FORM DETAILS
74
APP_ID
APP_PAGE_ID SESSION_ID
Form Name
- 75. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
wwv_ļ¬ow.accept
75
- 76. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT
76
ā¢ Procedure that handles all APEX page
processing or POSTs
ā¢ Have likely seen this before in error messages
- 77. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_request
ā¢ Typically set by the button clicked on a POST
ā¢ Can be passed via the URL in a GET
ā¢ But it will only be good for the next page phase
ā¢ Can not get the value of p_request in Page Rendering if
the page is submitted/POSTed
77
- 78. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_instance
ā¢ Session ID
ā¢ Also referred to as :APP_SESSION or :SESSION_ID
ā¢ Automatically maintained by APEX
ā¢ Can not alter programmatically
78
- 79. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_ļ¬ow_id
ā¢ Application ID
ā¢ Also referred to as :APP_ID
ā¢ Automatically set by APEX based on which application youāre
running
ā¢ Can not alter programmatically
79
- 80. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_company
ā¢ Workspace ID
ā¢ Also referred to as :WORKSPACE_ID
ā¢ Not typically present in the HTML rendered by APEX
ā¢ But is calculated inside the wwv_ļ¬ow.accept procedure
ā¢ Can not alter programmatically
80
- 81. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_ļ¬ow_step_id
ā¢ Page ID
ā¢ Also referred to as :APP_PAGE_ID
ā¢ Returns the current Page ID
ā¢ Can not be altered otherwise
81
- 82. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_arg_names
ā¢ Array used to store the corresponding APEX Item IDs from
an APEX page
ā¢ Appears before each and every APEX page item
82
- 83. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_arg_values
ā¢ Used to protect hidden items from being manipulated
via JavaScript
ā¢ When a hidden & protected item is rendered, there will be a
corresponding p_arg_values item rendered as well
83
<input type="hidden" id="P2_EMPNO" name="p_t01" value="7369" />
<input type="hidden" name="p_arg_values" value="9DDE9C18F8337D..." />
- 84. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_t01 ... p_t100
ā¢ Set ofVARCHAR parameters used to receive APEX page
item values
ā¢ This is where the ā100 item per pageā limit comes from
ā¢ Which is not accurate, since itās really 100 enabled items per page
84
<input type="text" id="P1_ITEM" name="p_t01" value="" size="30"
maxlength="4000" class="text_field" />
APEX Item Parameter
Item
- 85. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_v01 ... p_v100
ā¢ Set of 100 arrays used to store results from items that
return potentially more than one value
ā¢ Multi-select Lists, Shuttle Regions, etc.
85
<select name="p_v01" id="P1_ITEM" size="1" multiple="multiple"
class="multi_selectlist">
Array Item APEX Item
- 86. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ f01 ... f50
ā¢ Group of 50 arrays, typically used in conjunction with
g_f01 ... g_f50
ā¢ Most often used with tabular forms & APEX_ITEM API calls
ā¢ Name used for PL/SQL; ID used for JavaScript
86
<input type="text" name="f03" size="12" value="" id="f03_0001" />
<input type="text" name="f03" size="12" value="" id="f03_0002" />
<input type="text" name="f03" size="12" value="" id="f03_0003" />
Array
Name
Array
Element ID
- 87. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ x01 ... x20
ā¢ Group of 20VARCHARs, typically used in conjunction with
the global variables g_x01 ... g_x10
ā¢ Difference between the parameter count & global variable count can
be attributed to APEX itself needing extras
ā¢ Most often used with Ajax transactions to pass
parameters
87
- 88. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_debug
ā¢ When passed āYESā,APEX will run in DEBUG mode
ā¢ No value or āNOā will disable DEBUG mode
88
- 89. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_trace
ā¢ When passed āYESā,APEX will generate a SQL trace ļ¬le
based on the current page view
ā¢ Done in the background so that it does not slow down processing
ā¢ A SQL trace ļ¬le will be generated in $ORACLE_BASE/
admin/SID/udump
ā¢ The SQL trace ļ¬le can then be analyzed with TKPROF,
Proļ¬ler, SQL Developer or any number of other tools
ā¢ Note:You will need ļ¬lesystem access to get to the trace ļ¬le;
thus you may need to seek help from your DBA/system admin
89
- 90. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Item Mapping
90
- 91. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEMS
91
ā¢ APEX Page Items are named p_t01 through p_t100
ā¢ The PX_ITEM_NAME is never directly sent back to the
database
ā¢ Used for client-side JavaScript interactions
ā¢ Thus, if all APEX pages items are named the same,
then how does it map them to the corresponding
page item in an application when submitting a page?
- 92. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEM MAPPING
ā¢ Each APEX page item will have a corresponding
p_arg_names entry:
92
<input type="hidden" name="p_arg_names"
value="8295929934913911" />
<input type="text" id="P101_USERNAME" name="p_t01"
value="admin" size="40" maxlength="100" class="text_field" />
...
<input type="hidden" name="p_arg_names"
value="8296003745913912" />
<input type="password" name="p_t02" size="40" maxlength="100"
value="" id="P101_PASSWORD" class="password"
onkeypress="return submitEnter(this,event)" />
- 93. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEM MAPPING
ā¢ p_arg_names values will map back to the internal
item ID in the wwv_ļ¬ow_step_items table:
93
- 94. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
ITEM MAPPING
ā¢ The ID of an input element does not get submitted
back to the server
ā¢ Thus, the need for the p_arg_names array
ā¢ It provides the mapping from the p_txx elements to
the corresponding APEX page items
94
Item Name Parameter
P101_USERNAME p_t01
P101_PASSWORD p_t02
ID p_arg_name
1 8295929934913911
2 8296003745913912
- 95. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Validations, Computations
& Processes
95
- 96. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
VALIDATIONS, COMPUTATIONS & PROCESSES
96
ā¢ After validating that the session is still valid,APEX will
process all Validations, Computations &
Processes according to their execution point and
corresponding sequence
ā¢ Nothing in this phase will ever be output to the screen
ā¢ All āBuilt Inā APEX Processes are merely calls to underlying
PL/SQL procedures
ā¢ Application Builder abstracts this concept to keep things simple
- 97. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SET USERNAME COOKIE
ā¢ Sets the LOGIN_USERNAME_COOKIE based
on the value of the username entered
ā¢ Regardless of whether it successfully authenticated or not
ā¢ Can be disabled for security purposes
97
begin
owa_util.mime_header('text/html', FALSE);
owa_cookie.send(
name => 'LOGIN_USERNAME_COOKIE',
value => lower(:P101_USERNAME));
exception when others then null;
end;
- 98. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGIN
ā¢ APEX API Call to the standard login procedure:
wwv_ļ¬ow_custom_auth_std.login
ā¢ Will use the current authentication scheme and
determine whether or not a user should be logged in
98
wwv_flow_custom_auth_std.login(
P_UNAME => :P101_USERNAME,
P_PASSWORD => :P101_PASSWORD,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':1'
);
Determines the initial
page of your application
- 99. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Authentication Schemes
99
- 100. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
ā¢ APEX can use a number of different
Authentication Schemes
ā¢ APEX Credentials
ā¢ Custom
ā¢ SSO
ā¢ LDAP
ā¢ Database Schema Users
ā¢ Open Door
ā¢ None
100
- 101. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
ā¢ Regardless of which one you choose, the method
which APEX uses to validate credentials is largely
the same
ā¢ Pre-Authentication Process
ā¢ Authentication Function
ā¢ Post-Authentication Process
101
- 102. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
ā¢ Pre-Authentication Process
ā¢ Executes just before credentials are veriļ¬ed
ā¢ However, it looks like there may be a bug here, as it seems like is
executes just AFTER credentials are veriļ¬ed
102
- 103. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
ā¢ Authentication Function
ā¢ Can be one of the following:
ā¢ -BUILTIN-
ā¢ APEX User Credentials
ā¢ -DBACCOUNT-
ā¢ Database Credentials
ā¢ -LDAP-
ā¢ LDAP using parameters deļ¬ned in LDAP section
ā¢ Custom
ā¢ Custom PL/SQL Function returning Boolean
103
- 104. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
ā¢ Post-Authentication Process
ā¢ Executes just after credentials are veriļ¬ed
104
- 105. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
AUTHENTICATION SCHEME
105
- 106. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_CUSTOM-F COOKIE
ā¢ Upon successful authentication,APEX will send
another cookie to the client
ā¢ This cookieās sole purpose is to map your browser to your
APEX session
106
- 107. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
BREAKING IT DOWN
107
wwv_ļ¬ow_sessions$
wwv_ļ¬ow_companies
- 108. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
CLEAR PAGE CACHE
ā¢ Clears the page cache for Page 101
ā¢ Thus, removing the username from the APEX session state
108
- 109. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Logging Out
109
- 110. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
110
ā¢ Thereās several ways to ālog outā of an APEX
application
ā¢ Click the Logout link
ā¢ Close the Browser Tab/Window
ā¢ Quit the Browser
ā¢ Let the session expire
ā¢ Not all of these truly logs you out
- 111. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
ā¢ Close the Browser Tab/Window
ā¢ Does NOTHING to log you out
ā¢ Quit the Browser
ā¢ Expires the Session Cookie
ā¢ Let the session expire
ā¢ Expires the Session Cookie
ā¢ Click the Logout link
ā¢ Expires the Session Cookie
ā¢ Deletes the Session from wwv_ļ¬ow_sessions$
111
- 112. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
ā¢ APEX automatically schedules a job -
ORACLE_APEX_PURGE_SESSIONS - which
will remove stale session data
ā¢ By default, it is set to run hourly
ā¢ You can alter the duration to make it run more or less
frequently
112
- 113. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
LOGGING OUT
ā¢ The Logout URL is speciļ¬ed in the Authentication
Scheme
ā¢ When clicked, it will expire the session cookie and also
purge the session state from the database
113
wwv_flow_custom_auth_std.logout?
p_this_flow=&APP_ID.&p_next_flow_page_sess=&APP_ID.:1
The Current Application Which Application to Run Next
- 114. D E M O N S T R A T I O N
Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Logging Out
114
- 115. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
Summary
115
- 116. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
SUMMARY
116
ā¢ There are a LOT of things that go on when rendering
or processing an APEX page
ā¢ Fortunately,APEX abstracts most of the complexity,
making it easy & efļ¬cient to use
ā¢ Understanding the discrete steps will help make you a
better and more secure APEX developer
- 117. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
DOWNLOAD
ā¢ This and all other Sumneva presentations can
be downloaded for free from:
117
http://sumneva.com/presentations
- 118. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
FEEDBACK
ā¢ To provide feedback on this session:
118
http://kscope.ezsession.com
Session ID: 242796
- 120. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_accept_processing
ā¢ NEED TO RESEARCH
120
- 121. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ The next ļ¬ve parameters have to do with the management of tabular
forms, and should not be altered
ā¢ fcs
ā¢ <input type="hidden" id="fcs_0003" name="fcs"
value="989EDF72FEF5A40D4F36854921FBBC34">
ā¢ fmap
ā¢ <input type="hidden" name="fmap" value="ENAME" id="fmap_003" />
ā¢ fhdr
ā¢ <input type="hidden" name="fhdr" value="Ename" id="fhdr_003" />
ā¢ fcud
ā¢ <input type="hidden" id="fcud_0003" name="fcud" value="U" />
ā¢ frowid
ā¢ <input type="hidden" id="frowid_0003" name="frowid"
value="AAANCNAAHAAAAAeAAC" />
121
- 122. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_listener
ā¢ Used to communicate with the APEX listener
122
- 123. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_map1, p_map2, p_map3 & p_survey_map
ā¢ NEED TO RESEARCH
123
- 124. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ The next three parameters control report pagination,
and are relatively self-explanatory
ā¢ p_ļ¬ow_current_min_row
ā¢ p_ļ¬ow_current_max_rows
ā¢ p_ļ¬ow_current_rows_fetched
124
- 125. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_md5_checksum
ā¢ Used to store the MD5 checksum for data in an APEX form
ā¢ Will also be used to compare to the current MD5 checksum
before data is updated
ā¢ Always present in the HTML; may not contain a value, if the
current page does not have a Automatic Row Fetch process
125
<input type="hidden" name="p_md5_checksum" value="BF258D46D..." />
MD5 Hash
- 126. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ p_page_submission_id
ā¢ Internal ID used to track individual page submissions within a
session
ā¢ Found close to the top of the page
ā¢ Should not alter or modify
126
- 127. Copyright Ā© 2010 Sumneva - All Rights Reserved - http://sumneva.com - info@sumneva.com
WWV_FLOW.ACCEPT PARAMETERS
ā¢ The last three parameters have to do with NLS
Settings:
ā¢ p_time_zone
ā¢ Current Time Zone
ā¢ p_lang
ā¢ Current Language
ā¢ p_territory
ā¢ Current Country/Region
127