This site is currently read-only as we are migrating to Oracle Forums for an improved community experience. You will not be able to initiate activity until January 31st, when you will be able to use this site as normal.

    Forum Stats

  • 3,890,468 Users
  • 2,269,776 Discussions
  • 7,916,824 Comments

Discussions

public_check_authorization deprecated??

Peeteba
Peeteba Member Posts: 73
edited Mar 29, 2013 8:46AM in APEX Discussions
Hello experts,

While debugging an APEX 4.2 application today, I noticed a debug line
DEPRECATED: public_check_authorization
when using APEX_UTIL.public_check_authorization in a before header PL/SQL process.

Can anyone explain why this line appears?
The documentation doesn't point out that this function is deprecated or is going to be this in the near future.

Thanks in advance for the explanation!

Regards,
Bart

Best Answer

  • Christian Neumueller-Oracle
    Christian Neumueller-Oracle Member Posts: 849 Employee
    Hi Bart,

    we have a newer API, it's called apex_authorization.is_authorized. Unfortunately, the documentation for this package didn't make it into 4.2.

    Even in later releases, there are no plans to actually remove existing documented APIs. We just want to provide better encapsulated APIs and encourage people to use these, because apex_util is a bit unwieldy.

    Regards,
    Christian
«1

Answers

  • Peeteba
    Peeteba Member Posts: 73
    Let's bring this one up again.

    Anyone having an idea?
    APEX development team maybe? Patrick Wolf? ...

    I use this function very often so if I shouldn't do this anymore, it would be nice to know this.

    Regards,
    Bart
  • Christian Neumueller-Oracle
    Christian Neumueller-Oracle Member Posts: 849 Employee
    Hi Bart,

    we have a newer API, it's called apex_authorization.is_authorized. Unfortunately, the documentation for this package didn't make it into 4.2.

    Even in later releases, there are no plans to actually remove existing documented APIs. We just want to provide better encapsulated APIs and encourage people to use these, because apex_util is a bit unwieldy.

    Regards,
    Christian
  • partlycloudy
    partlycloudy Member Posts: 8,179 Silver Trophy
    Christian - Huh, didn't realize a new API had snuck into the distribution. apex_authorization looks very useful. Question about apex_authorization.reset_cache - Does including the APP keyword in the clear cache position of the f?p= URL do this as well? Or is using this new API the only way?
  • Hi Vikas,

    the APP keyword only resets session state, not the cached authorizations. Can you give a use case where this should also reset authorizations?

    Regards,
    Christian
  • partlycloudy
    partlycloudy Member Posts: 8,179 Silver Trophy
    Well, the APEX Builder has several declarative methods where we fill in various components of the f?p= URL and the engine constructs the f?p= URL. The use cases that come to mind are in apps that involve some sort of "emulate user" function which would basically do a "logout/login as some other user" but without actually logging out. In these cases, it would be handy if the APP keyword were to clear cached authorizations as well. Of course, there is almost always a page submit involved so it is just as easy to stick a call to apex_authorization.reset_cache in a after-submit component but I thought I would ask.

    So, if I understand you correctly, using this new (in 4.x?) API is the only way to reset cached authorizations?
  • For "emulate user", I would use apex_authentication.post_login. This overwrites the user in the session and automatically resets authorizations. I guess it does not hurt to also reset on an APP clear cache request, but I would have to test this.

    In releases before 4.2, the reset cached authorizations feature was already present via apex_util.reset_authorizations.

    Regards,
    Christian
  • Peeteba
    Peeteba Member Posts: 73
    Thanks Christian for the reply.
    This explains the debug line. Maybe it would be less confusing to point out to the new API instead of just mentioning the used function is deprecated.

    I took a quick look into the package specification and I'll start using the new API instead of APEX_UTIL.

    Regards,
    Bart
  • Anton Scheffer
    Anton Scheffer Senior Java Developer NieuwegeinMember Posts: 1,950 Gold Trophy
    Are there any more undocumented API's which people are encouraged to use, or is this the only one?
  • Hi,

    the deprecation messages were a bit premature, as I tried to explain above. They should not have been added without proper documentation of the newer APIs and you can just ignore them for now. Maybe we will include a reference to the newer APIs in the messages in 5.0, that sounds convenient.

    Regards,
    Christian
  • Anton Scheffer
    Anton Scheffer Senior Java Developer NieuwegeinMember Posts: 1,950 Gold Trophy
    My concern wasn't about premature deprication, but about your current advise to use undocumented API's
This discussion has been closed.