14 Replies Latest reply: Mar 27, 2013 8:10 PM by jrimblas RSS

    controlling authorization flow

    Gor_Mahia
      All,

      i have my login page and ive 2 user groups but i want page1 to be the startup page after login for users in group1; page2 to be the startup page for users in group2. ie if i belong to group1 and i login i should be directed to page1 otherwise i should see page2 .what is the best way to implement this requirement?

      thanks & regards,
        • 1. Re: controlling authorization flow
          swesley_perth
          Probably a number of ways.

          You could have on-load branches on your landing page that are conditional based on user group.
          • 2. Re: controlling authorization flow
            jrimblas
            I would recommend you go with the "Post-Authentication Procedure".

            You create a procedure that checks your users group and determines the page and then redirects to that page.
            Kinda like this:
            procedure post_proc
            is
            begin
            if v('APP_USER') = 'SPECIAL_USER' then
              -- this user goes to page 2
              owa_util.redirect_url('f?p=' || v('APP_ID') || ':2:' || v('SESSION') ':');
            else
              -- everybody else goes to page 1
              owa_util.redirect_url('f?p=' || v('APP_ID') || ':1:' || v('SESSION') ':');
            end if;
            end;
            Then for your auth scheme you enter your procedure name in the "Post-Authentication Procedure Name" field.

            Hey, please remember to post your APEX version on your questions. On previous versions of APEX I would have done this a little different.
            Thanks
            -Jorge
            • 3. Re: controlling authorization flow
              Gor_Mahia
              Jorge
              good idea I'll create a proc as backend object in the DB and call it schemaname.proc_authorization from "Post-Authentication Procedure" then let you know,

              iam using apex 4.1.1,

              thank you.
              • 4. Re: controlling authorization flow
                Gor_Mahia
                Jorge
                Ive used the V('') expression before in DB triggers but in the below code i created my procedure in the database side(no apex side) and the expression v('') cannot be recognized it failed the compilation why so?
                procedure post_proc
                is
                begin
                if v('APP_USER') = 'SPECIAL_USER' then 
                v('APP_ITEM_STATUS') := 1;
                
                  owa_util.redirect_url('f?p=' || v('APP_ID') || ':2:' || v('SESSION') ':');
                else
                v('APP_ITEM_STATUS') := 2;
                . . . . 
                end if;
                end;
                thank you.
                • 5. Re: controlling authorization flow
                  swesley_perth
                  It's not the v() function, is your missing concatenator which was picked up here:
                  Re: How to determine landing page based upon a page item value in login page..?
                  || v('SESSION') || ':');
                  • 6. Re: controlling authorization flow
                    jrimblas
                    The v function is well a function and cannot be used for assignments.
                    So
                    v('APP_ITEM_STATUS') := 1;

                    is just invalid.

                    If you want to set an apex item there's an API for that.
                    Do something like this:
                    apex_util.set_session_state('APP_ITEM_STATUS', '1');
                    This is in addition to the concatenation error that Scott pointed out already.

                    Thanks
                    -Jorge

                    Edited by: jrimblas on Mar 26, 2013 8:52 PM
                    • 7. Re: controlling authorization flow
                      swesley_perth
                      twice I didn't bother reading the entire code block - and missed the obvious!
                      • 8. Re: controlling authorization flow
                        Gor_Mahia
                        scott,
                        well now iam getting another error, when i put my procedure call in the "Post-Authentication Procedure Name" section in Apex
                        part of the procedure code is like,
                        
                        IF ..... THEN
                            owa_util.redirect_url('f?p=' || v('APP_ID') || ':1:' || v('SESSION')|| ':');
                        
                        .....
                        
                        then when i log out and back in to run my application iam now getting this error,
                        
                        *The page isn't redirecting properly*
                              
                          *Firefox has detected that the server is redirecting the request for this address in a way that will never complete.*
                             
                        
                          *This problem can sometimes be caused by disabling or refusing to accept*
                            *cookies.*
                        what could be the problem again....

                        thank you.
                        • 9. Re: controlling authorization flow
                          jrimblas
                          I think we need to see the procedure.
                          AND very important, is there old code from a previous attempt to do the branch/redirect? Like for example Branch on the page your landing on?

                          Thanks
                          -Jorge
                          • 10. Re: controlling authorization flow
                            Gor_Mahia
                            Jorge

                            This is all i have in procedure and looks straight forward i dont understand why iam getting this error above,
                             PROCEDURE PROC_ACCESS_LEVEL IS
                                v_access_level number := 0 ;
                                BEGIN
                                
                                    select count(*) into v_access_level
                                    from emp where deptno = 20;
                                      
                            
                            IF v_access_level >= 1 THEN
                            
                                owa_util.redirect_url('f?p=' || v('APP_ID') || ':1:' || v('SESSION')|| ':');
                            
                                ELSE
                            
                               owa_util.redirect_url('f?p=' || v('APP_ID') || ':3:' || v('SESSION')|| ':');
                                END IF;
                            
                            
                              EXCEPTION
                                      WHEN OTHERS THEN
                              NULL;
                                
                                END;
                            then i called it from Authentication scheme section ==> Post-Authentication Procedure Name : SCHEMANAME.PROC_ACCESS_LEVEL .


                            thank you.
                            • 11. Re: controlling authorization flow
                              jrimblas
                              So is this the procedure you're placing in the "Post-Authentication Procedure Name" field?

                              Not that it has anything to do with the error, but don't you want the user (as v('APP_USER') for example) somewhere in there?

                              Also remove the
                              EXCEPTION
                                        WHEN OTHERS THEN
                                NULL;
                              It's bad practice and there's some problem you won't know about it.

                              -Jorge
                              • 12. Re: controlling authorization flow
                                Gor_Mahia
                                Jorge,
                                Yes i do i was just making it simple and clear to understand its something like this in my query.... others as i gave before
                                        select count(*) into v_access_level
                                        from employee s where s.deptid = '20' and UPPER(s.empid) =UPPER(v('APP_USER')) ;
                                thank you.
                                • 13. Re: controlling authorization flow
                                  Gor_Mahia
                                  Jorge,
                                  can you take a look at my sample

                                  if i apply the proc call under authentication scheme i cant even run the application now. it doesn't allow login at run-time and no error displayed?
                                  app id=760
                                  wkspace/userid/pswd=proj2010/demo123/demo123


                                  thank you.
                                  • 14. Re: controlling authorization flow
                                    jrimblas
                                    Ok, very weird, but it's working now.
                                    After lots of poking, I simply change the procedure to
                                    create or replace PROCEDURE PROC_ACCESS_LEVEL IS
                                        v_access_level number := 0 ;
                                        BEGIN
                                        
                                            select count(*) into v_access_level
                                            from emp where deptno = 120;
                                              
                                     
                                    IF v_access_level >= 1 THEN
                                     
                                    --    owa_util.redirect_url('f?p=' || v('APP_ID') || ':1:' || v('SESSION')|| ':');
                                       apex_util.set_session_state('FSP_AFTER_LOGIN_URL','f?p=' || v('APP_ID') || ':1:' || v('SESSION')|| ':');
                                     
                                        ELSE
                                     
                                       apex_util.set_session_state('FSP_AFTER_LOGIN_URL','f?p=' || v('APP_ID') || ':3:' || v('SESSION')|| ':');
                                        END IF;
                                    
                                     
                                    END;
                                    The FSP_AFTER_LOGIN_URL is used for deep linking to send a user to a given page after login.
                                    The nice thing about using FSP_AFTER_LOGIN_URL here is that if you still want to allow deep linking you can check IF FSP_AFTER_LOGIN_URL is null or not null and override it if needed.

                                    There you go! Hope this helps.
                                    Thanks
                                    -Jorge