3 Replies Latest reply: Nov 7, 2013 12:02 PM by Roadling RSS

    Create ACL for APEX_040200

    fb1967bf-fa4c-4cd3-97e7-3ad61d256137

      Hi,

          I have created ACL in APEX_040200 user to use url region in APEX by executing the following steps:

       

      APEX Version=4.2.2

      Database Version=11.2.0.3.0

       

      1. created ACL in APEX_040200 user.

      begin

      dbms_network_acl_admin.create_acl (

                acl => 'aluat.xml', -- or any other name

                description => 'HTTP Access',

                principal => 'APEX_040200', -- the user name trying to access the network resource

                is_grant => TRUE,

                privilege => 'connect',

                start_date => null,

                end_date => null

      );

       

       

      end;

      /

      commit;

       

       

      2. Granted connect privilege to APEX_040200 user.

       

      begin

      DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'http_permissions.xml',

                principal => 'APEX_040200',

                is_grant => true,

                privilege => 'connect');

      end;

      /

      commit;

       

       

       

       

      3. Granted resolve privilege to APEX_040200 user.

       

      begin

      DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'http_permissions.xml',

                principal => 'APEX_040200',

                is_grant => true,

                privilege => 'resolve');

      end;

      /

      commit;

       

       

       

       

      4. Assigned the acl to a target HOST

       

       

      BEGIN

      dbms_network_acl_admin.assign_acl (

      acl => 'http_permissions.xml',

      host => 'servername.domainname.com'

      lower_port => 9001,

      upper_port => 9001

      );

       

       

      END;

      /

      commit;

       

       

       

       

      5. I then executed the following query which is giving me the following result.

       

      SQL> select utl_http.request('http://aluat.adamjeelife.com:9001') from dual;

       

      UTL_HTTP.REQUEST('HTTP://ALUAT

      --------------------------------------------------------------------------------

      <html>

        <head>

          <meta http-equiv="refresh" content="0;url=apex">

        </head>

        <body>

        </body>

      </html>

       

       

       

       

      Problem:

      ========

         Now when i try to create a url region in APEX using the mentioned link i get the following error message:

      http://aluat.adamjeelife.com:9001

       

       

       

       

       

       

      Error during rendering of region "asd".

      ======================================

      ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1819 ORA-24247: network access denied by access control list (ACL)

      Technical Info (only visible for developers)

      is_internal_error: true

      apex_error_code: APEX.REGION.UNHANDLED_ERROR

      ora_sqlcode: -29273

      ora_sqlerrm: ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1819 ORA-24247: network access denied by access control list (ACL)

      component.type: APEX_APPLICATION_PAGE_REGIONS

      component.id: 4425813561009787

      component.name: asd

      error_backtrace:

      ORA-06512: at "SYS.UTL_HTTP", line 1819

      ORA-06512: at "APEX_040200.WWV_FLOW_DISP_PAGE_PLUGS", line 4613

      ORA-06512: at "APEX_040200.WWV_FLOW_DISP_PAGE_PLUGS", line 3220

        • 1. Re: Create ACL for APEX_040200
          Roadling

          Hi,

          Change the principal value in your ACL definition to the parsing schema of your application rather than 'APEX_040200'

           

          Regards,

          Brad

          • 2. Re: Create ACL for APEX_040200
            fb1967bf-fa4c-4cd3-97e7-3ad61d256137

            Hi Brad

             

            Can you please explain the parsing schema. My understanding is that, it should be user like scott.

             

            Regards

            Nadir

            • 3. Re: Create ACL for APEX_040200
              Roadling

              Each workspace has one ore more schemas associated to it. These are assigned in the workspace manager (INTERNAL). The parsing schema is used to provide context (roles and privileges) for calls made to the database from your application.

              Also in each application, in the application preferences / security tab there is a parsing schema selector.  If you use any of the wizards in APEX to build reports etc.... you will often see the substitution string #OWNER# used in the FROM clause of SQL expressions. This practice provides portability when moving an application from one workspace to another where associated schema names might be different.

               

              In the case of ACL issues. Depending on what you are asking the database to do on behalf of some database user, you might need build ACL entries for that user.

               

              Regards,

              Brad