How to Evaluate Oracle APEX Authorization Scheme using Execute Immediate

By
Here is something new and interesting work-around I found out while working on validating apex authorization scheme using my custom pl/sql function.

So, initially I used APEX_AUTHORIZATION.IS_AUTHORIZED function to evaluate my apex authorization scheme. But, I found a limitation with the use of is_authorized function. When my custom function refereed in SQL query it will end up with giving following error message.

ORA-14551: cannot perform a DML operation inside a query

Now, I still needs to evaluate apex authorization scheme but on my own way, without using is_authorized. Following is an self explanatory function I ended up writing for.

Please note that following block will only work for authorization type = "PL/SQL Function Returning Boolean", but it can be tweak around for other authorization type.

function validate_apex_auth(p_app_id in number, p_auth_scheme_name in varchar2) return number as
    l_return number := 0;
    l_result boolean;    
    l_plsql varchar2(4000) := '
declare
  function x return boolean is 
  begin 
    #APEX_AUTH_SCHEME#
  end; 
begin 
  :out := x;
end;';
  begin
    l_return := 0;
    for i in(select * from apex_application_authorization 
              where application_id = p_app_id
                and lower(trim(authorization_scheme_name)) = lower(trim(p_auth_scheme_name))
                and scheme_type_code = 'NATIVE_FUNCTION_BODY') loop
      
      l_expression := i.attribute_01;
      
      execute immediate replace(l_plsql, '#APEX_AUTH_SCHEME#', l_expression) using out l_result;
      
      if l_result then
        l_return := 1;
      else
        l_return := 0;
      end if;
    end loop;
    return l_return;
exception when others then
    l_return := 0;
    return l_return;

end validate_apex_auth;


Hope this helps!

Regards,
Jaydip Bosamiya

Comments

Post a Comment

My photo
Jaydip Bosamiya
I am Oracle APEX Consultant, Blogger and Integrator. All-rounder in building small, medium and enterprise applications. Extensive knowledge in various area of web-driven applications in Back-end (PL/SQL, SQL, Java), Front-end (Oracle APEX, HTML, JavaScript, CSS, jQuery, OracleJET, ReactJS), RESTful APIs, Third-party library integrations (Apex Office Print (AOP), Payment Gateways, Syncfusion, HighCharts) and APEX Plugins (HighChart, StarRating)

Popular posts from this blog

Oracle APEX - Interactive Report - Scrollbars on Top

By
Image
I have been came across an interested requirement ( which is very valid ) to add scrollbars on the top of the regions! I have seen many times when you want to scroll right to see further data of first few records, you will scroll vertically to get to the horizontal scroll-bars. And then you do horizontal scroll and then vertical scroll to go top of the region. Aren't you ??? :-) So, to ease the user interaction with IR - we should have a scrolling option somewhere on the top of the region ? - For Sure So, how can we add scrollbars on top of the report for an Interactive Report ? By default IR Fix the column headers to the page. This setting gives us an opportunity to add scroll-bars just below the column header as well. Just by adding following CSS line you should get a beautiful scroll-bars just below you header and it works really great as well. #MYIR .t-fht-thead{   overflow: auto !important; } I am also trying to find a way to add same function
Read more

How to create your own customized nested report regions using jQuery

By
Image
Here is how you can create cool nested reports in Oracle APEX and jQuery, which looks like below: For this example, I have used DEPT & EMP example where as a nested report it will show all the child records of employee under department record. To start with, first create a new classic report region with query like " select * from dept ". Add a new derived column of type = Link to that report and set following attributes: Link: javascript: void(0); Link Text: <i class="fa fa-users" alt="Employees" title="Employees"></i> Link Attribute: class="viewEmp" data-deptno="#DEPTNO#" Add new page item to hold deptno value and call it PX_DEPTNO Create new classic report region (this will be your nested region) and set query like " select * from emp where deptno = :PX_DEPTNO " and set following attributes: Static ID:  EMPLOYEES Custom Attributes:  style="display: none" Page Items t
Read more

Make your RESTful APIs Secured with OAuth2 - Basic, Simple and Easy Steps

By
Its been a while since my previous article. So, here is my first blog post of 2020. Oracle APEX has an out-of-box and declarative support to create RESTful Web Services using ORDS. Within no-time, you can build and publish your RESTful APIs. Use of ORDS has gradually increased with common standard across different technology strongly adopted via RESTful Web Services and JSON formatted input/output. With the flexibility of data sharing across the technology or within application, we must also think of how secure my RESTful APIs are. We do believe in strong security of our applications using Authentication and Authorization. But, many times we miss the level of security we should implement in our RESTful APIs. So, here is the very simple and basic steps to secure your ORDS RESTful APIs using OAuth2: We will use a default oracle.example.hr web service module to add OAuth2 for this blog. Navigate to SQL Workshop > RESTful Services. From the left side of tree - click on "Ro
Read more