1 2 3 Previous Next 225 Replies Latest reply on Jul 3, 2011 10:33 PM by 866384

    APEX Listener Feedback

    sbkenned-Oracle
      The Oracle Application Express architecture requires some form of Web server to proxy requests between a Web browser and the Oracle Application Express engine. In addition to Oracle HTTP Server/mod_plsql and the XDB HTTP protocol server/embedded PL/SQL gateway, there is now an alternative - the Oracle Application Express Listener. The Application Express Listener is currently an early adopters release and is not supported by Oracle Support. If you have downloaded the software and would like to provide feedback or ask questions, please do so in this thread.
        • 1. Re: APEX Listener Feedback
          jariola
          Hi,

          When I reboot/restart tomcat, I need do setup again for apex listener in http://localhost:8180/apex/Config.
          Meaning that I need give all connection parameters again.
          Is it feature or my mistake on setup ?

          Br, Jari
          • 2. Re: APEX Listener Feedback
            woodsmithnh
            I deployed this to OC4J running on OAS 10.1.3.1.1. The deployment went fine. I changed the context root to apexl (since I have an existing modplsql dad called apex). However, we I try to view the configuration page, I get the HTML/Javascript output as text (its like the mimetype isn't being set). Happens on both Firefox and Safari.
            • 3. Re: APEX Listener Feedback
              607350
              Is NTLM support possible with this?

              The only reason I was able to get Apex used here at all, was NTLM authentication. If it is not possible with this new listener, I hope Apex 4 is not tied to it..
              • 4. Re: APEX Listener Feedback
                steve.west
                Could you change the "Configure" servlet name and mapping to something a little more APex-specific for the next release please. I am embeddng the servlet into the R12 EBS tech stack using Autoconfig and "Configure" is too generic, the risk is that there will be another "Configure" servlet somewhere. There are scores of servlets in EBS and most of them have application-specific names & mappings to prevent nameing conflicts.

                Regards,

                Steve
                • 5. Re: APEX Listener Feedback
                  422402
                  Hi,

                  is there any more documentation available on the ApEx Listener? The war file includes some additional jar files and I assume they are not there for nothing :).

                  Now back to the apex_listener.0.09.278.16.23.zip file, beside the war and the install html file there are 2 more files: apex.jar and the apex-config.xml. What are these for and what has to be done with them, as I could not find anything about them in the install document.

                  Thanks,
                  Florin
                  • 6. Re: APEX Listener Feedback
                    MortenBraten
                    Tried this on an existing Tomcat 6.0.18 installation, and installation was a snap (literally in less than 2 minutes).

                    Some questions:

                    1) The configuration seems only to support a single Apex instance. What if we want to use a single web server (Tomcat) to serve up content from multiple Apex instances on different databases? In other words, we need to be able to configure multiple "DADs".

                    2) Is the Apex listener fully feature-compatible with mod_plsql (and EPG)? What about configuration parameters/features such as ExclusionList, DocumentTableName and PathAlias/PathAliasProcedure?

                    3) It has been mentioned on various blogs that the Apex Listener is "extensible". Please provide more information about this.

                    - Morten

                    http://ora-00001.blogspot.com
                    • 7. Re: APEX Listener Feedback
                      MortenBraten
                      I just discovered a serious security issue with the Apex listener: the apparent lack of sanitation of input.

                      I am able to run such statements as
                      http://localhost:8888/apex/sys.htp.p?cbuf=hello
                      and, even worse:
                      http://localhost:8888/apex/sys.dbms_job.remove?job=9999
                      The Tomcat debug console confirms that the SQL is executed:
                       declare
                              nm  owa.vc_arr := ?;
                              vl  owa.vc_arr := ?;
                       begin
                        owa.init_cgi_env( ?, nm, vl );
                         htp.init;   htp.HTBUF_LEN := 63;
                          ? :=  sys_context('USERENV','SID');
                       end;
                      SID:25
                      CALL:
                      begin
                       sys.dbms_job.remove(job=>?);
                      commit;
                        end;
                      BINDS
                      
                      job:9999
                       EXEC FAILED:ORA-23421: job number 9999 is not a job in the job queue
                      ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
                      ORA-06512: at "SYS.DBMS_IJOB", line 529
                      ORA-06512: at "SYS.DBMS_JOB", line 171
                      ORA-06512: at line 2
                      ORA-23421: job number 9999 is not a job in the job queue
                      ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
                      ORA-06512: at "SYS.DBMS_IJOB", line 529
                      ORA-06512: at "SYS.DBMS_JOB", line 171
                      ORA-06512: at line 2
                      Obviously, this security issue needs to be fixed before the Apex Listener can be used for anything other than local testing. :-(

                      - Morten

                      http://ora-00001.blogspot.com
                      • 8. Re: APEX Listener Feedback
                        S1M0N
                        Installation went well. I installed it on an Oracle AS 10.1.3.1, with OC4J and HTTP_Server.
                        One thing that was not clear was where to put the images. The install guide mentions "j2ee/home/default-web-app/i/" only this is partually true. ApExListener assumes the images are at the root-context/i/
                        Only our OAS configuration has the j2ee/home/default with servlet-context /j2ee, since it also has option HTTP-SERVER, the root-servlet would be Apache. And therefor the images has to be in Apache/Apache/htdocs/i/
                        According to me this doesn't make sence. Isn''t it an idea to include the images (and all) in the war-file. or be able to configure the image url within the ApExListener?

                        After figuring that out, first impression is good; tested a file-upload and an application. it works fine!

                        gr. Simon
                        • 9. Re: APEX Listener Feedback
                          Kris Rice-Oracle
                          The white list as well as the plsql validate function are being added. The next EA will have both of these in it. In general, I wouldn't grant execute on things to users that are setup as the connect user that you would not want exposed.
                          -kris
                          • 10. Re: APEX Listener Feedback
                            Kris Rice-Oracle
                            The config is stored in the temp directory by default. You can edit the web.xml and change this default to some other location.
                            -kris
                            • 11. Re: APEX Listener Feedback
                              Kris Rice-Oracle
                              I'm still working on getting NTLM working. It's coming just not quite there yet.
                              -kris
                              • 12. Re: APEX Listener Feedback
                                Kris Rice-Oracle
                                I'm not following why the name would conflict with anything. The full class is : oracle.dbtools.apex.config.Config
                                This is only available on the mount you choose i.e. hostname:port/apex/Config
                                -kris
                                • 13. Re: APEX Listener Feedback
                                  Kris Rice-Oracle
                                  The war file is just a thin wrapper for the J2EE related things. The jar is where the actual code lives. The apex-config.xml is a sample configuration file with some comments on each parameter in it.


                                  -kris
                                  • 14. Re: APEX Listener Feedback
                                    K Cannell
                                    When I get to the Config page, enter the correct criteria, hit either apply Changes or Run I get:

                                    ORA-01017: invalid username/password; logon denied

                                    Thogh I have confirmed the APEX_PUBLIC_USER and password are correct.
                                    Same happens for both of my APEX instances - separte database.

                                    What am I missing?
                                    1 2 3 Previous Next