Forum Stats

  • 3,851,925 Users
  • 2,264,053 Discussions
  • 7,904,906 Comments

Discussions

How to allow users of the apps to create their own application user?

Lingxi Ruan
Lingxi Ruan Member Posts: 8
edited Jul 18, 2014 5:20AM in APEX Discussions

Hi

I need to allow the users of  my application to be able to manage the access control of the application, which includes creating new users of the application.

I tried Access Control Page, although it can "Add User", but it doesn't allow you to input passwords. So it seems Access Control Page can only allow existing APEX users to access applications.

How can I accomplish my goal?

jariola

Best Answer

Answers

  • TexasApexDeveloper
    TexasApexDeveloper Member Posts: 7,967 Gold Crown

    Use a custom authentication process that is driven by a table or tables in your application..  Many examples available on the web..

    Thank you,

    Tony Miller
    LuvMuffin Software
    Ruckersville, VA

  • Hi, I created a custom authentication scheme.

    Here is the authentication function I created:

    create or replace function harbin_spatial_auth2(

    p_username  varchar2,

    p_password varchar2)

    return boolean

    is

      type refcur is ref cursor;

      passwd varchar2(200);

      cur refcur;

    begin

      open cur for ('select PASSWD from XUXUEHAN."harbin_spatial_users" where USERNAME='''||p_username||''' and PASSWD='''||p_password||'''');

      fetch cur into passwd;

      if cur%NOTFOUND then

        return false;

      end if;

      return true;

    end;

    I attached the authentication scheme to my application.

    Here is the content of my user table:

    ID     USERNAME     PASSWD

    1     admin               admin

    2     xxh                    xxh

    But when I tried to login with username "xxh" and password "xxh",  it failed.

    Why is this happening?  Thank you

  • I also tested the function from command line:

    declare

      res boolean;

    begin

      res := harbin_spatial_auth2('xxh', 'xxh');

      if res = true then

        dbms_output.put_line('true');

      else

        dbms_output.put_line('false');

      end if;

    end;

    The result is true.

    Why did the function return false when used for login?

  • AndyH
    AndyH Member Posts: 827 Bronze Trophy

    Perhaps APEX is sending the username in uppercase and you're only checking for exact case?

    AndyH
  • Ok, I got it. I only checked for exact ase.

    Thank you:-)

  • fac586
    fac586 Senior Technical Architect Member Posts: 21,203 Red Diamond
    Lingxi Ruan wrote:
    
    Hi, I created a custom authentication scheme.
    
    Here is the authentication function I created:
    
    create or replace function harbin_spatial_auth2(
    p_username  varchar2,
    p_password varchar2)
    return boolean
    is
      type refcur is ref cursor;
      passwd varchar2(200);
      cur refcur;
    begin
      open cur for ('select PASSWD from XUXUEHAN."harbin_spatial_users" where USERNAME='''||p_username||''' and PASSWD='''||p_password||'''');
      fetch cur into passwd;
      if cur%NOTFOUND then
        return false;
      end if;
      return true;
    end;
    
    
    

    And what happens when you enter

    ' union select 'x' from dual where 'x' = 'x

    as a password?

    Your authentication scheme needs much more work.

    jariola
This discussion has been closed.