This content has been marked as final. Show 3 replies
APEX Listener sets the REMOTE_USER header value passed to OWA applications (including APEX) to the value returned by the HttpServletRequest.getRemoteUser() method, OR if that returns null to the value of the database user used to connect to the database.
You need to configure mod_jk to pass the authenticated user id to your servlet container so that getRemoteUser() will return this value (at the moment your environment is setting the REMOTE_USER header instead). To do this set the value of the mod_jk request.tomcatAuthentication property to false. How you do this depends on the version of mod_jk and the servlet container you are using, you'll have to research that for your specific environment.
BTW The APEX Listener server does this configuration automatically when running in standalone mode, so you just need to specify the AJP listen port when running it and the user identity will be propagated automatically:
java -Dapex.ajp=8009 -jar apex.war
I should have RTFM.
From the docs :
"When you configure either of these two options, Oracle Application Express Listener can honor any Security Constraint values specified in the Resource Template. Note that the identity of the authenticated user is available to the Resource Template using the X-APEX-USER header that is passed with the request"
The X-APEX-USER header is available even in standalone mode with no http server in front I've found out.
For instance,even if your browser is passing a Basic Authorization to a resource template, the user in that basic auth is available to the template in the X-APEX-USER header.