APEX Listener – ODTUG June 2011

Apex Listener
Tim St. Hilaire
June 2011
General Point of View
What is the APEX Listener?
How does it work?
Who would Use it?
System Architect’s Point of View
Developer’s Point of View
Tim St. Hilaire
Updated Slides will be available on WPHillTech.com
Tim St. Hilaire
What is the APEX Listener?
Oracle HTTP
Apache mod_plsql
PL/SQL Gateway
Inside Database
APEX Listener
Java Application
Tim St. Hilaire
More Details..
Tim St. Hilaire
How Does it Work?
Using the DAD syntax a /pls/DAD_NAME was required (default behavior)
Web Server then can pass traffic using that Java application passing all of
the parameters on to the APEX database
Tim St. Hilaire
How Does it Work?
Web Application can connect to Database Directly using JDBC
Tim St. Hilaire
Connection Definition
The Database user for
connection is required
Different options for
Connection Type are
• Basic – Server Port SID
• TNS – using a library file
• Advanced – Custom
Connection String
Tim St. Hilaire
Tim St. Hilaire
Internal Exclusion List
Internal Exclusion List
The APEX Listener contains an internal exclusion list which will block users
from accessing the following:
sys.*, dbms_*, utl_*, owa_*, owa.*, htp.*,
htf.*, wpg_docload.*
The option is available to disable the default internal exclusion list, but is
not recommended. If this is disabled, it should only be used for debugging
Tim St. Hilaire
Security is Hard
• Inclusion or Exclusion
owner, table_name, grantee, grantor,
PRIVILEGE, grantable
FROM dba_tab_privs
ORDER BY owner, table_name, grantor, grantee;
• Depending on system and use case – it may be simpler to do one vs.
the other.
• For APEX ONLY intentions – Allowing only apex, f may be preferable
Tim St. Hilaire
Security Processing
If the user entered data for Allowed Procedures, Database Validation
Function and/or Blocked Procedures, the APEX Listener determines if the
entered procedure name is valid by checking the security information in the
following order:
1. Database Validation Function
Checks if the procedure name is valid.
2. Allowed Procedures
Checks if the procedure name is in the inclusion list.
3. Blocked Procedures
Checks if the procedure is NOT in the exclusion list.
Tim St. Hilaire
Tim St. Hilaire
Pre & Post Processing
Tim St. Hilaire
Behavior Options
Tim St. Hilaire
Tim St. Hilaire
Developers Desires
Tim St. Hilaire
Developer Option
As a developer – the SERVER which APEX is running is little concern.
Local Run Option is possible
(assumption that Java is available on the server)
Quick Start Syntax:
java –jar apex.war
Follow Prompts…
This starts a LOCAL web server that allows communication directly with
Tim St. Hilaire
What You Need
Public APEX Account and Password
Database Connection (more than one option)
Port: 1521
SID: oraApex
Images Directory Location
Referenced from the listener host
Tim St. Hilaire
Don’t Forget the Images
Tim St. Hilaire
Use Case
Custom Theme Development
Complex CSS
Image Layouts
Tim St. Hilaire
Not Just Logins
Tim St. Hilaire
Resource Templates
Representational State Transfer (REST) has gained widespread
acceptance across the Web as a simpler alternative to SOAP- and Web
Services Description Language (WSDL)-based Web services. Key
evidence of this shift in interface design is the adoption of REST by
mainstream Web 2.0 service providers—including Yahoo, Google, and
Facebook—who have deprecated or passed on SOAP and WSDLbased interfaces in favor of an easier-to-use, resource-oriented model
to expose their services….
-- IBM
Tim St. Hilaire
Resource Templates
Tim St. Hilaire
Many thanks to all those that have come before me, and for those that take the
time to help others grow and improve their skills by sharing their time an
On-Line References
Kris Rice - http://krisrice.blogspot.com/2010/10/restjson-access-to-your-data-in-2.html
Colm – http://cdivilly.wordpress.com/2010/10/18/apex-listener-resource-templates/
Listener Product Page - http://www.oracle.com/technetwork/developer-tools/apexlistener/overview/index.html
APEX Listener Forum - http://forums.oracle.com/forums/forum.jspa?forumID=858
http://apex.oracle.com – Forum, Docs, Hosted Workspace
Updated and corrected presentation will be available on my blog
Tim St. Hilaire – [email protected]
Marks, Brands, and Images are the property of their respective owners. Usage is for
discussion purposes only. No ownership assumed or implied.
The comments and opinions expressed here are sole responsibility of the author and not
of his employer or any other party
No trees were harmed during the creation of this presentation. However, a great number
of electrons were terribly inconvenienced.
Apex Listener
Please Fill Out Evaluations
Tim St. Hilaire
June 2011

similar documents