2 Replies Latest reply on Sep 28, 2011 9:00 AM by Luis

    Apex Listener authentication.

      I want to use Apex Listener for my pl/sql web application (now I use mod_plsql).
      How can I implement authentication in order to protect pages from unauthorized use (like OWA_CUSTOM does in nod_plsql)?
        • 1. Re: Apex Listener authentication.
          Hi Tullio,

          from your other post I assume you plan to use the APEX Listener in standalone mode, so you are limited to the features provided by the embedded Grizzly. If you consider using a "full-blown" JEE container, you could use means provided by that container. Of course you could add functionality, e.g. by adding a filter for Basic Authentication.

          • 2. Re: Apex Listener authentication.
            Hi Udo and Tullio,

            I am testing the listener against APEX 4.1. I would like to integrate the APEX applications in our SSO system. We are using SAML2, so I have configured a Weblogic Server for working as a Service Provider. In this server I have deployed the apex.war and I have registered the /apex/* pattern in my Identity Provider (Active Directory Federation Services). In this way, when I make a request of any of my APEX applications (apex/f?p=123:...), if I have not a valid session I am redirected to the Identity Provider Login page. This is working fine, more or less, I have to do more testing...

            My question is, do you think that is this the best approach for securing the APEX applications? In order to everything works ok, I have to declare a security constraint in the web.xml...

                      <web-resource-name>APEX Application Calls</web-resource-name>

            ...and in the weblogic.xml I just map the FederatedUsers against a principal:


            Also I have declared a filter for injecting some info in the headers request (needed for the APEX applications), but this is another story...

            Thanks in advance,