This discussion is archived
1 2 3 4 Previous Next 47 Replies Latest reply: Dec 21, 2011 9:29 AM by Patrick Wolf Go to original post RSS
  • 15. Re: 4.1 POST_LOGIN question
    VANJ Journeyer
    Currently Being Moderated
    Patrick - Did you get a chance to look into this? Any update? Thanks
  • 16. Re: 4.1 POST_LOGIN question
    VANJ Journeyer
    Currently Being Moderated
    Bump. Thanks.
  • 17. Re: 4.1 POST_LOGIN question
    Christian Neumueller Expert
    Currently Being Moderated
    Hi!

    Sorry for not responding earlier, I was sick and I'm still recovering.

    Vikas, your application http://apex.oracle.com/pls/apex/f?p=24317:500 uses a custom sentry for header variable authentication and at the end calls wwv_flow_custom_auth_std.post_login to set the session user. It is sufficient to remove the "-BUILTIN-" authentication function from your custom scheme and set that item to null. You are not authenticating against the APEX workspace repository anyway. A null authentication function passes, when called from a sentry (and fails, when called from a submit process). I thought that I'd mentioned that in our communications, but maybe I forgot that.

    In general, the posters in this thread are right. The current 4.1 wwv_flow_custom_auth_std.post_login() does call the authentication function and in short behaves like login(). I admit that this is a change in behaviour, caused by our more or less complete rewrite of the authentication parts. I'm sorry that this has been breaking your applications. We will provide a corrected version, maybe in 4.1.1, maybe in a one-off patch, that's still to be decided.

    Regards,
    Christian
  • 18. Re: 4.1 POST_LOGIN question
    VANJ Journeyer
    Currently Being Moderated
    It is sufficient to remove the "-BUILTIN-" authentication function from your custom scheme and set that item to null
    Sorry, you lost me there. Would you mind making the changes you recommend to my application on apex.oracle.com so that the Invalid Login Credentials message is not generated on first page view?
    The current 4.1 wwv_flow_custom_auth_std.post_login() does call the authentication function and in short behaves like login()
    Not sure I understand what means either. I must confess, I "stole" the page_sentry function from this forum a long time back, I don't really understand what it does, more than what the few comments explain. Could you please clarify the change in behaviour, if you don't mind?
    We will provide a corrected version, maybe in 4.1.1, maybe in a one-off patch
    I am confused again. It appears that this is a (undocumented/inadvertent) change in authentication scheme behaviour introduced between 4.0.2 and 4.1 that breaks certain custom/page sentry-based authentication schemes like mine. But if there is a workaround, as you suggest above, what do you plan to fix in the "corrected version"? i.e. is this a defect in the product or just missing documentation?

    [Hope you feel better]
  • 19. Re: 4.1 POST_LOGIN question
    Christian Neumueller Expert
    Currently Being Moderated
    Hi Vikas!

    I logged in to your workspace and removed the value "-BUILTIN-" for the "Authentication Function Name" of your application 24317's authentication scheme. Now it works as expected, i.e. it does not display "Invalid Login Credentials" anymore. This message was caused by post_login() working like login(), i.e. it called the builtin workspace authentication, which obviously failed to find the IP address and a null password as workspace users.

    According to the docs and 4.0 behaviour, you would expect post_login() to call the authentication scheme's post-authenticate function, set the session user, create an log entry and redirect. Due to our changes in 4.1, it currently also calls the pre-authentication function and the authentication function. The latter checks user/password and failed in your case.

    Since post_login() is a documented function, we will have to provide a version that is similar to the previous one, i.e. it should not call the pre authentication and authentication functions.
    [Hope you feel better]
    Thank you. Still working on that.

    Regards,
    Christian
  • 20. Re: 4.1 POST_LOGIN question
    VANJ Journeyer
    Currently Being Moderated
    OK I understand now, thanks for the explanation
    I logged in to your workspace and removed the value "-BUILTIN-" for the "Authentication Function Name"
    Since the ETA for 4.1.1 or a one-off patch to fix this is unknown, I don't want to hold up our upgrade to 4.1 just for this. But I am not looking forward to opening up all our apps to blank out that -BUILTIN- token. Is there a equivalent surgical SQL update you can recommend that our DBAs can do after the upgrade to 4.1? Thanks
  • 21. Re: 4.1 POST_LOGIN question
    Christian Neumueller Expert
    Currently Being Moderated
    Hi Vikas,

    I want to encourage you to develop your authentication scheme in a "template" application and subscribe from there in your actual apps, if you do not do that already.

    Please understand that I can not recommend writing DML against the APEX metadata. We cleaned up the data model a bit, but you might miss something and get a broken, unsupported instance. Also, any DML that I post here will probably be invalid in future versions and somebody might copy/paste it, breaking stuff. That being said, nobody can prevent you from having a look at the source of the APEX views and determine the relevant table. Just don't ask for help from Oracle if something goes wrong ;-)

    Regards,
    Christian
  • 22. Re: 4.1 POST_LOGIN question
    VANJ Journeyer
    Currently Being Moderated
    Christian - Unfortunately, we have not been using the subscription feature for any of our apps so retrofitting them to do this would involve as much clicking as just blanking out the field (although the subscription would have a better long-term payoff).

    I can understand your reluctance to recommend DML against Apex metadata, just thought it wouldn't hurt to ask, looks like a simple enough update, maybe you can consider sending me a private email.

    Oh well, I guess I will just wait for the 4.1.1 or one-off-patch to fix this.

    Thanks for your time.
  • 23. Re: 4.1 POST_LOGIN question
    mobra Journeyer
    Currently Being Moderated
    Christian Neumueller wrote:
    Since post_login() is a documented function, we will have to provide a version that is similar to the previous one, i.e. it should not call the pre authentication and authentication functions.
    Has this issue been assigned a bug number?

    - Morten

    http://ora-00001.blogspot.com
  • 24. Re: 4.1 POST_LOGIN question
    Patrick Wolf Employee ACE
    Currently Being Moderated
    Hi Morten,

    yes, it's bug# 13045147 and we are currently preparing a one-off.

    Regards
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf
  • 25. Re: 4.1 POST_LOGIN question
    896661 Newbie
    Currently Being Moderated
    Hello Patrick,

    We are facing this issue too.
    Is there any workaround for this and do you know when can we expect the one-off?

    Kind regards,
    Joost
  • 26. Re: 4.1 POST_LOGIN question
    896661 Newbie
    Currently Being Moderated
    Hello Patrick,

    In bug# 13050560 ( Status 96 - Closed, Duplicate Bug ) bug# 13045147 is mentioned as base bug.
    But when I click on the reference link bug# 13045147 cannot be found.

    Kind regards,
    Joost
  • 27. Re: 4.1 POST_LOGIN question
    Patrick Wolf Employee ACE
    Currently Being Moderated
    Hi Joost,

    please get in contact with Oracle Support, they will be able to change the visibility of the bug so that you can see it.

    Regards
    Patrick
    -----------
    My Blog: http://www.inside-oracle-apex.com
    APEX Plug-Ins: http://apex.oracle.com/plugins
    Twitter: http://www.twitter.com/patrickwolf
  • 28. Re: 4.1 POST_LOGIN question
    VANJ Journeyer
    Currently Being Moderated
    Christian - Our DBAs upgraded to 4.1 and now there is another error. The authentication scheme has a Post Auth block of code with something like
     :G_APP_USER := :APP_USER;
    When I run the application (you can follow along at http://apex.oracle.com/pls/apex/f?p=24317:500 ), it throws an error
    Error     ERR-1002 Unable to find item ID for item "APP_USER" in application "24317".
    Unexpected error, unable to find item name at application or page level.
    Looks like another bug. This is getting to be annoying.

    I am not looking forward to going around changing :APP_USER to v('APP_USER') in dozens of applications so hopefully there is another workaround.

    How is the one-off patch to fix this bug coming along?

    Please advise. Thanks
  • 29. Re: 4.1 POST_LOGIN question
    Arie Geller Guru
    Currently Being Moderated
    Hello Vikas,

    >> Error     ERR-1002 Unable to find item ID for item "APP_USER" in application "24317".

    It’s possible that the error you encountered has nothing to do with the Authentication bug. I’ve encountered a similar error message, in a “regular” PL/SQL process, when I tried to assign a value to a packaged variable using the bind variable notation. In my case it was *:request* instead of apex_application.g_request. Is it possible that somewhere in your code you are assigning a value to *:APP_USER* ?

    I suspect that the error occurred when the APEX engine tries to set Session State for a specific item, and not while resolving its value. Hence, I’m not sure that using the v() function will help.

    Regards,
    Arie.

    -------------------------------------------------------
    ♦ Please remember to mark appropriate posts as correct/helpful. For the long run, it will benefit us all.

    ♦ Author of Oracle Application Express 3.2 – The Essentials and More

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points