6 Replies Latest reply: Aug 13, 2012 10:29 AM by Udo RSS

    Does listener use wwv_flow_epg_include_mod_local

    895614
      Hello Everyone,

      I have this BIG doubt

      Does listener use wwv_flow_epg_include_mod_local? I tried using it but it didn't work. If listener actually uses it then what is the advantage of the Validate function and the Allowed functions section of the listener

      Regards
        • 1. Re: Does listener use wwv_flow_epg_include_mod_local
          Udo
          Hi,

          APEX Listener doesn't use it unless you tell it to. Similar to the "DAD"-configuration, there is no default validation enabled. This procedure is a kind of stub you can use, but you can start implementing your own procedures as well.
          By the way, it would be bad if APEX Listener relied on that function, because it is designed to support more than "just" APEX (though the name might hint at a different interpretation...).

          -Udo
          • 2. Re: Does listener use wwv_flow_epg_include_mod_local
            895614
            Hello Udo,

            thanks for the reply. I believe that wwv_flow_epg_include_mod_local is called from wwv_flow_epg_include_modules.authorize. wwv_flow_epg_include_modules.authorize proc is also called if we are using the DAD of APEX to call our own procedure. If wwv_flow_epg_include_mod_local proc returns true then our procedure is executed otherwise its not.

            Please correct if my understanding is incorrect

            My question really is, APEX listener is not a DAD so will the process of adding the function name to the IN list of wwv_flow_epg_include_mod_local and granting execute to Anonymous work even with APEX listener.

            Does Listener, like APEX DAD, call wwv_flow_epg_include_modules.authorize? If yes, then what is the use of Validate function section. If it does not then is wwv_flow_epg_include_modules.authorize useless in the listener configuration

            What do we have to do if we have to execute a custom procedure from the URL in Listener configuration

            Regards,
            • 3. Re: Does listener use wwv_flow_epg_include_mod_local
              Udo
              Hello,
              I believe that wwv_flow_epg_include_mod_local is called from wwv_flow_epg_include_modules.authorize.
              That's true.
              wwv_flow_epg_include_modules.authorize proc is also called if we are using the DAD of APEX to call our own procedure.
              That depends. You have to specify the validation function in your DAD-Configuration using the parameter [url http://docs.oracle.com/cd/E16764_01/web.1111/e10144/under_mods.htm#CHDBCACJ]PlsqlRequestValidationFunction.
              My question really is, APEX listener is not a DAD so will the process of adding the function name to the IN list of wwv_flow_epg_include_mod_local and granting execute to Anonymous work even with APEX listener.
              You have two options to achieve this in APEX Listener: You can configure it to use a validation function, or you can simply use the allowed/blocked procedures features to implement a whiteliste/blacklist. I consider the latter option the better approach if you just need a binary decision if a procedure call should be allowed or not. That way, you ommit an additional database request towards the validation function, because this is something APEX Listener does itself. If you need a more complex impelentation, e.g. you evaluate additional request parameters like client IP address or some ldap parameters or something similar, then the validation function has to be used.

              A side note: Though you can use the database user ANONYMOUS for APEX Listener, the recommended way to connect towards APEX is using APEX_PUBLIC_USER.
              What do we have to do if we have to execute a custom procedure from the URL in Listener configuration
              If you didn't enable the allowed/blocked procedures yet, you don't have to do anything - you can just all any procedure that is visible (synonym) to and executable (grant) by the user you've configured APEX Listener to connect to your database with. For example, if you have a procedure DO_SOMETHING in schema named DEMO and you use APEX_PUBLIC_USER for APEX Listener, you'll have to
              grant execute on DEMO.DO_SOMETHING to APEX_PUBLIC_USER;
              create synonym APEX_PUBLIC_USER.DO_SOMETHING for DEMO.DO_SOMETHING;
              and you can call http://<youhostname>:<yourport>/apex/do_something to execute the procedure.

              -Udo
              • 4. Re: Does listener use wwv_flow_epg_include_mod_local
                895614
                Hello Udo,

                Thanks a lot for a detail reply. I just have the following 2 questions before I mark this thread as answered

                1. Are wwv_flow_epg_include_modules.authorize and wwv_flow_epg_include_mod_local procedures useless in Listener configuration
                2. In the EPG configuration, if we use DBMS_EPG.get_dad_attribute to get the value of validation-function attribute for APEX DAD, we get wwv_flow_epg_include_modules.authorize. I believe validation-function attribute of the EPG is the PlsqlRequestValidationFunction equivalent of hTTP server. If this is true then where is the configuration for the use of wwv_flow_epg_include_mod_local done in case of EPG configuration.

                Thanks for all your help

                Regards
                • 5. Re: Does listener use wwv_flow_epg_include_mod_local
                  895614
                  Hello Udo,

                  Thanks a lot for a detail reply. I just have the following 2 questions before I mark this thread as answered

                  1. Are wwv_flow_epg_include_modules.authorize and wwv_flow_epg_include_mod_local procedures useless in Listener configuration
                  2. In the EPG configuration, if we use DBMS_EPG.get_dad_attribute to get the value of validation-function attribute for APEX DAD, we get wwv_flow_epg_include_modules.authorize. I believe validation-function attribute of the EPG is the PlsqlRequestValidationFunction equivalent of hTTP server. If this is true then where is the configuration for the use of wwv_flow_epg_include_mod_local done in case of EPG configuration.

                  Thanks for all your help

                  Regards
                  • 6. Re: Does listener use wwv_flow_epg_include_mod_local
                    Udo
                    1. Are wwv_flow_epg_include_modules.authorize and wwv_flow_epg_include_mod_local procedures useless in Listener configuration
                    No, as I mentioned before, you can configure APEX Listener to use it as validation function,.
                    2. In the EPG configuration, if we use DBMS_EPG.get_dad_attribute to get the value of validation-function attribute for APEX DAD, we get wwv_flow_epg_include_modules.authorize. I believe validation-function attribute of the EPG is the PlsqlRequestValidationFunction equivalent of hTTP server.
                    Right.
                    If this is true then where is the configuration for the use of wwv_flow_epg_include_mod_local done in case of EPG configuration.
                    I ask you a different question: How did you configure your DAD for EPG? My guess would be you either have an APEX instance that has been shipped with your database or you used the APEX installer and followed the installation guide that comes to the step "Configure the Embedded PL/SQL Gateway" where one of the tasks is to run apex_epg_config.sql .
                    Now, believe it or not, this configuration script calls a sub script that calls dbms_epg.set_dad_attribute for validation-function . ;)

                    -Udo