7 Replies Latest reply on May 3, 2013 1:50 PM by Scott Wesley

    Help on creating a custom authorization procedure

      Hi all.

      I hope someone can help me with these:

      - Plan to use Apex 4.2 and call Apex from a Formsweb application.

      - The Forms application uses updateable views and application context.

      - The Apex app could use(not decided yet) database authorization.

      - When calling Apex, instead of passing context and user info, i plan to insert all this info in a database table. For example a table that holds a unique session id (DBMS_RANDOM generated), probably forms user_id/password and most importantly, context info i will need in order to make my views work correctly on the Apex app).

      - This way, the Forms app will only pass the session_id, and the Apex App, will call a procedure that picks up the correct info from the session table and go along.

      So far, i think i can handle this. Now comes the part in which help or advise is needed:

      - When calling the Apex page, this could be a public page. Meaning no authentication / authorization will be requested. Probably this procedure could be called earlier (an On Load Process???). The drawback of this solution is that this page is useless unless called from forms which will provide the required metadata to access the application views.

      - The other way to go around, is to make the page not public. This will required authorization. And here is when it comes my main doubts:

      - Every time i call a not public apex page, a redirect to the login application page will happened unless already authorized right?.

      - Now, is there a way earlier on this login page, i can call the procedure that picks up the correct session info, and if success BYPASS (not show) this page and automatically redirect to the original page, and if it fails, display the login page?. Is this possible ...?

      The whole idea here is not show the login page if not needed...

      Please, i'm pretty much aware of better solution, LDAP, Oracle Access Manager, etc. Just want to know it this is technically possible.

      Thanks in advance for anyone that might want to give me an invaluable hand ....!

      Best regards, Luis ...:)

      Any update or comments from the community????

      Thanks ...!

      Edited by: myluism on 02-may-2013 6:49