This content has been marked as final. Show 225 replies
When I reboot/restart tomcat, I need do setup again for apex listener in http://localhost:8180/apex/Config.
Meaning that I need give all connection parameters again.
Is it feature or my mistake on setup ?
Is NTLM support possible with this?
The only reason I was able to get Apex used here at all, was NTLM authentication. If it is not possible with this new listener, I hope Apex 4 is not tied to it..
Could you change the "Configure" servlet name and mapping to something a little more APex-specific for the next release please. I am embeddng the servlet into the R12 EBS tech stack using Autoconfig and "Configure" is too generic, the risk is that there will be another "Configure" servlet somewhere. There are scores of servlets in EBS and most of them have application-specific names & mappings to prevent nameing conflicts.
is there any more documentation available on the ApEx Listener? The war file includes some additional jar files and I assume they are not there for nothing :).
Now back to the apex_listener.0.09.278.16.23.zip file, beside the war and the install html file there are 2 more files: apex.jar and the apex-config.xml. What are these for and what has to be done with them, as I could not find anything about them in the install document.
Tried this on an existing Tomcat 6.0.18 installation, and installation was a snap (literally in less than 2 minutes).
1) The configuration seems only to support a single Apex instance. What if we want to use a single web server (Tomcat) to serve up content from multiple Apex instances on different databases? In other words, we need to be able to configure multiple "DADs".
2) Is the Apex listener fully feature-compatible with mod_plsql (and EPG)? What about configuration parameters/features such as ExclusionList, DocumentTableName and PathAlias/PathAliasProcedure?
3) It has been mentioned on various blogs that the Apex Listener is "extensible". Please provide more information about this.
I just discovered a serious security issue with the Apex listener: the apparent lack of sanitation of input.
I am able to run such statements as
and, even worse:
The Tomcat debug console confirms that the SQL is executed:
Obviously, this security issue needs to be fixed before the Apex Listener can be used for anything other than local testing. :-(
declare nm owa.vc_arr := ?; vl owa.vc_arr := ?; begin owa.init_cgi_env( ?, nm, vl ); htp.init; htp.HTBUF_LEN := 63; ? := sys_context('USERENV','SID'); end; SID:25 CALL: begin sys.dbms_job.remove(job=>?); commit; end; BINDS job:9999 EXEC FAILED:ORA-23421: job number 9999 is not a job in the job queue ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86 ORA-06512: at "SYS.DBMS_IJOB", line 529 ORA-06512: at "SYS.DBMS_JOB", line 171 ORA-06512: at line 2 ORA-23421: job number 9999 is not a job in the job queue ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86 ORA-06512: at "SYS.DBMS_IJOB", line 529 ORA-06512: at "SYS.DBMS_JOB", line 171 ORA-06512: at line 2
Installation went well. I installed it on an Oracle AS 10.1.3.1, with OC4J and HTTP_Server.
One thing that was not clear was where to put the images. The install guide mentions "j2ee/home/default-web-app/i/" only this is partually true. ApExListener assumes the images are at the root-context/i/
Only our OAS configuration has the j2ee/home/default with servlet-context /j2ee, since it also has option HTTP-SERVER, the root-servlet would be Apache. And therefor the images has to be in Apache/Apache/htdocs/i/
According to me this doesn't make sence. Isn''t it an idea to include the images (and all) in the war-file. or be able to configure the image url within the ApExListener?
After figuring that out, first impression is good; tested a file-upload and an application. it works fine!
The white list as well as the plsql validate function are being added. The next EA will have both of these in it. In general, I wouldn't grant execute on things to users that are setup as the connect user that you would not want exposed.
The config is stored in the temp directory by default. You can edit the web.xml and change this default to some other location.
I'm still working on getting NTLM working. It's coming just not quite there yet.
I'm not following why the name would conflict with anything. The full class is : oracle.dbtools.apex.config.Config
This is only available on the mount you choose i.e. hostname:port/apex/Config
The war file is just a thin wrapper for the J2EE related things. The jar is where the actual code lives. The apex-config.xml is a sample configuration file with some comments on each parameter in it.
When I get to the Config page, enter the correct criteria, hit either apply Changes or Run I get:
ORA-01017: invalid username/password; logon denied
Thogh I have confirmed the APEX_PUBLIC_USER and password are correct.
Same happens for both of my APEX instances - separte database.
What am I missing?