- Plan to use Apex 4.2 and call Apex from a Formsweb application.
- The Forms application uses updateable views and application context.
- The Apex app could use(not decided yet) database authorization.
- When calling Apex, instead of passing context and user info, i plan to insert all this info in a database table. For example a table that holds a unique session id (DBMS_RANDOM generated), probably forms user_id/password and most importantly, context info i will need in order to make my views work correctly on the Apex app).
- This way, the Forms app will only pass the session_id, and the Apex App, will call a procedure that picks up the correct info from the session table and go along.
So far, i think i can handle this. Now comes the part in which help or advise is needed:
- When calling the Apex page, this could be a public page. Meaning no authentication / authorization will be requested. Probably this procedure could be called earlier (an On Load Process???). The drawback of this solution is that this page is useless unless called from forms which will provide the required metadata to access the application views.
- The other way to go around, is to make the page not public. This will required authorization. And here is when it comes my main doubts:
- Every time i call a not public apex page, a redirect to the login application page will happened unless already authorized right?.
- Now, is there a way earlier on this login page, i can call the procedure that picks up the correct session info, and if success BYPASS (not show) this page and automatically redirect to the original page, and if it fails, display the login page?. Is this possible ...?
The whole idea here is not show the login page if not needed...
Please, i'm pretty much aware of better solution, LDAP, Oracle Access Manager, etc. Just want to know it this is technically possible.
Thanks in advance for anyone that might want to give me an invaluable hand ....!
I'm actually working on my solution based on that very useful link. Thanks a lot ....!
Please read carefully what i plan to do.
Basically is to go a little bit further from your proposal: Since my knowlegde of Apex is limited, i just want to know if, based on your idea, the page should not be public, but move the authorization procedure from the onload on requested page to say, an onload procedure on the Login Page, so if the procedure success, redirect (not show login page) to the page requested in the first place, and if it fails, then show login page.
Just want to know if this is possible, before going against the wheel.
Do you think this is possible? This way, Apex app / page can be accessed from both: Apex itself and Forms.
Best regards, and thanks a lot for you unvaluable feedback....!
Instead of using this as an On Load process, you can turn it into a Page Sentry Function for a Custom Authentication Scheme.
When you want to log in using Apex instead of Forms, you will need to set the custom session id too, the same way as you did in Forms. The sentry function will check your own generated session id, not the Apex session id.