Edit D:\app\Administrator\product\11.2.0\dbhome_1\apex\images\doc\sec_auth_scratch.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <title>About Creating an Authentication Scheme from Scratch</title> <meta name="generator" content="Oracle DARB XHTML Converter (Mode = ohj/ohw) - Version 5.1" /> <meta name="date" content="2009-04-14T16:11:31Z" /> <meta name="robots" content="noarchive" /> <meta name="doctitle" content="About Creating an Authentication Scheme from Scratch" /> <meta name="relnum" content="Release 3.2" /> <meta name="partnum" content="E11947-01" /> <link rel="copyright" href="dcommon/html/cpyr.htm" title="Copyright" type="text/html" /> <link rel="stylesheet" href="dcommon/css/blafdoc.css" title="Oracle BLAFDoc" type="text/css" /> <link rel="contents" href="toc.htm" title="Contents" type="text/html" /> <link rel="up" href="preface.htm" title="Home" type="text/html" /> <link rel="up" href="sec.htm" title="Managing Application Security" type="text/html" /> <link rel="up" href="sec_authentication.htm" title="Establishing User Identity ..." type="text/html" /> <link rel="up" href="sec_auth_scratch.htm" title="About Creating an Authentic..." type="text/html" /> <link rel="prev" href="sec_auth_preconfig.htm" title="Previous" type="text/html" /> <link rel="next" href="sec_auth_rep.htm" title="Next" type="text/html" /> </head> <body> <p id="BREADCRUMBING"><a href="preface.htm" title="Home">Home</a> > <a href="sec.htm" title="Managing Application Security">Managing Application Security</a> > <a href="sec_authentication.htm" title="Establishing User Identity ...">Establishing User Identity ...</a> > About Creating an Authentic...</p> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr valign="bottom"> <td align="left"></td> <td align="center"><a href="sec_auth_preconfig.htm"><img src="dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="sec_auth_rep.htm"><img src="dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> <p><a id="BABFBCFJ" name="BABFBCFJ"></a></p> <div class="sect2"><!-- infolevel="all" infotype="General" --> <h1><a name="HTMDB25778" id="HTMDB25778"></a>About Creating an Authentication Scheme from <a id="sthref2002" name="sthref2002"></a>Scratch</h1> <p>Creating an authentication scheme from scratch gives you complete control over your authentication interface. This is the best approach for applications when any of the following is true:</p> <ul> <li> <p>Database authentication or other methods are not adequate.</p> </li> <li> <p>You want to develop your own login form and associated methods.</p> </li> <li> <p>You want to delegate all aspects of user authentication to external services such as Oracle 10<span class="italic">g</span>AS Single Sign-On.</p> </li> <li> <p>You want to control security aspects of session management.</p> </li> <li> <p>You want to record or audit activity at the user or session level.</p> </li> <li> <p>You want to enforce session activity or expiry limits.</p> </li> <li> <p>You want to program conditional one-way redirection logic before Oracle Application Express page processing.</p> </li> <li> <p>You want to integrate your application with non-Oracle Application Express applications using a common session management framework.</p> </li> <li> <p>Your application consists of multiple applications that operate seamlessly (for example, more than one application ID).</p> </li> </ul> <div align="center"> <div class="inftblnotealso"><br /> <table class="NoteAlso oac_no_warn" summary="" cellpadding="3" cellspacing="0"> <tbody> <tr> <td align="left"> <p class="notep1">See Also:</p> "APEX_CUSTOM_AUTH" in <a href="http://www.oracle.com/pls/db112/lookup?id=AEAPI218"><span class="italic">Oracle Application Express API Reference</span></a></td> </tr> </tbody> </table> <br /></div> <!-- class="inftblnotealso" --></div> <div class="sect3"><!-- infolevel="all" infotype="General" --><a id="sthref2003" name="sthref2003"></a> <h2><a name="HTMDB25779" id="HTMDB25779"></a>About Session Management Security</h2> <p>When running custom authentication, Oracle Application Express attempts to prevent two improper situations:</p> <ul> <li> <p>Intentional attempts by a user to access session state belonging to someone else. However, users can still type in an arbitrary application session ID into the URL.</p> </li> <li> <p>Inadvertent access to a stale session state (probably belonging to the same user from an earlier time). This would commonly result from using bookmarks to application pages.</p> </li> </ul> <p>Oracle Application Express checks that the user identity token set by the custom authentication function matches the user identity recorded when the application session was first created. If the user has not yet been authenticated and the user identity is not yet known, the session state being accessed does not belong to someone else. These checks determine whether the session ID in the request can be used. If not, the Application Express engine redirects back the same page using an appropriate session ID.</p> </div> <!-- class="sect3" --> <a id="CHDDIJDA" name="CHDDIJDA"></a> <div class="sect3"><!-- infolevel="all" infotype="General" --> <h2><a name="HTMDB25780" id="HTMDB25780"></a>Building a Login <a id="sthref2004" name="sthref2004"></a>Page</h2> <p>When you create an application in Oracle Application Express, a login page is created. The alias for the page is <code>'LOGIN'</code>. You can use this page as the "invalid session page" in an authentication scheme. The page is constructed with processes that call the Oracle Application Express login API to perform credentials verification and session registration.</p> <p>You can also build your own login pages using the pre-built pages as models and tailoring all of the user interface and processing logic to your requirements.</p> <p>To create a login page for your application:</p> <ol> <li> <p>On the Workspace home page, click the <span class="bold">Application Builder</span> icon.</p> </li> <li> <p>Select an application.</p> </li> <li> <p>Click <span class="bold">Create Page</span>.</p> </li> <li> <p>Select <span class="bold">Login Page</span>.</p> </li> <li> <p>Specify Login page attributes and click <span class="bold">Create</span>.</p> </li> </ol> </div> <!-- class="sect3" --> <div class="sect3"><!-- infolevel="all" infotype="General" --><a id="sthref2005" name="sthref2005"></a> <h2><a name="HTMDB25781" id="HTMDB25781"></a>About Deep <a id="sthref2006" name="sthref2006"></a><a id="sthref2007" name="sthref2007"></a>Linking</h2> <p>Deep linking refers to the ability to link to an Oracle Application Express page out of context (for example, from a hyperlink in an email or workflow notification). When you link to a page out of context and the application requires the user be authenticated, the user will be taken to the login page. After credentials verification, the Application Express engine automatically displays the page that was referenced in the original link. Deep linking is supported for applications that use authentication schemes.</p> </div> <!-- class="sect3" --></div> <!-- class="sect2" --> <!-- Start Footer --> <div class="footer"> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr> <td align="left"><span class="copyrightlogo">Copyright © 2003, 2009, Oracle and/or its affiliates. All rights reserved.</span><br /> <a href="dcommon/html/cpyr.htm"><span class="copyrightlogo">Legal Notices</span></a></td> <td align="center"><a href="sec_auth_preconfig.htm"><img src="dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="sec_auth_rep.htm"><img src="dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> </div> <!-- class="footer" --> </body> </html>
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de