Custom handling of authorization scheme failed errors

Is there a way I can catch when someone goes to a page they are not authorized to be on (Authorization Scheme used to enforce it) then instead of stopping cold redirect them to the public page of the application and use global notification to inform the user of the fact he or she is not authorized into the selected page instead of going to the red stop sign X page? I have used global notifications before but I am unsure if there is a way to keep my page secure applying the authorization scheme at the page level and do what I am talking about. Any ideas?

This only happens when the user tampers with the URL, but that does happen.
You can code your authorization scheme to return true when it detects unauthorized access to a page but first have it use owa_util.redirect_url to go to the notification page of your choosing.
Scott

Similar Messages

Web Composer Admin Customization:'Authorization check failed' error

Hi,
The purpose of Web Composer Admin Customization is to enable the administration link in the UI pages so that the administrator will be able to customize the pages.
The steps to be followed to enable admin customization in the required pages are given in the following link under the subheading 'Web Composer Admin Customization':
https://stbeehive.oracle.com/teamcollab/wiki/Fusion+Applications+Technical+Architecture:Enabling+Customizations
I ensured that:
The jazn-data.xml file has a privilege role "FND_VIEW_ADMIN_LINK_PRIV", and a grant to access the admin menu.
A duty role "FND_ADMINISTRATION_LINK_VIEW_DUTY" had been defined, and was a member of FND_VIEW_ADMIN_LINK_PRIV.
The FND_ADMINISTRATION_LINK_VIEW_DUTY is inherited by the administrator enterprise role.
A new privilege role (Customize <Family> UI) had been created.
I then granted the 'customize' and 'personalize' actions on the pages and the corresponding task flows (for which customization had to be enabled) to the new privilege role.
Also, ensured that:
A new app role (Customize <Family> UI) was created and was a member of the new privilege role. The app role was inherited by the administrator enterprise role.
The testing administrator role has both the administrator enterprise role and the enterprise role that has view access to the page.
Now, when i tried to run one of the pages (for which customize and personalize actions were granted to the new privilege role) from JDeveloper, i got the following error:
oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d94f3e' 'VIEW'.
at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:180)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:160)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:114)
at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:632)
at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:669)
at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:447)
at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:46)
at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:531)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:124)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:70)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:398)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:185)
When i granted the view action on the page ( in addition to the customize and personalize actions) to the new privilege role and ran the page from JDeveloper, the page came up fine but the administration link that is supposed to appear was not seen.
Can any of you please provide suggestions regarding the cause of the above error and how i should go about debugging it.
Thanks,
Rohan

Posted it in the forum suggested by Frank.

Order of evaluation - Authorization scheme or application computation

APEX 4.2.2
A page has a Evaluate for every page view authorizaton scheme of the type Value of item in Expression 1 = Expression 2 with Expression 1=G_ITEM and Expression 2=1. G_ITEM is set using a Before-Header application computation conditioned to fire when G_ITEM is null.
What I see is that the authorization scheme always returns false and the page is not rendered. Inspecting wwv_flow_data shows that G_ITEM is not there. So it would appear that the authorization scheme is evaluated before the application computation and since it returns false, the engine stops.
Does that sound right? Is this order of evaluation of components documented anywhere? There is a Utilities > Page Events screen but that doesn't include Authorization schemes.
Thanks

Hi Christian - I am referring to a page-level authorization scheme set to be evaluated For each page view
Here are some more details...the application has only one UI (Desktop) and Application XX > User Interfaces > User Interface Details > Home URL is set to f?p=&APP_ID.:30:&SESSION.
When I launch the app using f?p=181::::LEVEL9 this is what I get in apex_debug_messages
init cgi_var_name.count=>29
CGI: PATH_INFO = /f
HTTP://xxx/pls/xxx
QUERY_STRING=p=181::::LEVEL9
REQUEST_METHOD=GET
REMOTE_ADDR=xx.xx.xx.xx
REMOTE_USER=foobar
APEX_LISTENER_VERSION=
REFERER=
Cookies:
S H O W: application="181" page="" workspace="" request="" session=""
Reset NLS settings
alter session set NLS_LANGUAGE="AMERICAN"
alter session set NLS_TERRITORY="AMERICA"
alter session set NLS_CALENDAR="GREGORIAN"
alter session set NLS_SORT="BINARY"
alter session set NLS_COMP="BINARY"
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
no characterset conversion needed
...Setting session time_zone to -04:00
reset_nls_environment
reset
reset
Processing page view with session ID = 0
fetch_flow_info
set_html_escaping_mode p_mode=>E
Language derived from: FLOW_PRIMARY_LANGUAGE, current browser language: en-us
alter session set nls_language="AMERICAN"
alter session set nls_territory="AMERICA"
NLS: CSV charset=WE8MSWIN1252
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
Setting NLS_DATE_FORMAT to application date format: mm/dd/yyyy
...NLS: Set g_nls_date_format="mm/dd/yyyy"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
NLS: Language=en-us
fetch_flow_info
set_html_escaping_mode p_mode=>E
Application 181, Authentication: PLUGIN, Page Template: 12902619543947292
authenticate_and_init_session p_app_id=>181
fetch_flow_info
set_html_escaping_mode p_mode=>E
set_g_security_group_id p_security_group_id=>634111608319703,p_check_host_prefix=>true
does_host_prefix_match p_security_group_id=>634111608319703,p_host_prefix=>,c_path_info=>/f
detect_user_interface p_application_id=>181
... "Desktop" is the only UI - no autodetection necessary
... setting ui to "DESKTOP"
... authentication id=252985691712777759, sgid=634111608319703, curr flow sgid=634111608319703
... page is public:null
Authentication check: Login (NATIVE_CUSTOM)
... no page specified: failure
...fetch session state from database
get_current
... DOES NOT EXIST - ignore
fetch items (exact)
Redirecting to f?p=181:30:
Stop APEX Engine detected
Final commit
I am not sure why the engine stops rendering but I get the Access denied by Page security check error on the screen
Next experiment...launch f?p=181:30:::LEVEL9:
That gets me the following debug stack
init cgi_var_name.count=>28
CGI: PATH_INFO = /f
HTTP://xxx/pls/xxx.xx
QUERY_STRING=p=181:30:::LEVEL9:
REQUEST_METHOD=GET
REMOTE_ADDR=xx.xx.xx.xx
REMOTE_USER=foobar
APEX_LISTENER_VERSION=
REFERER=
Cookies:
S H O W: application="181" page="30" workspace="" request="" session=""
Reset NLS settings
alter session set NLS_LANGUAGE="AMERICAN"
alter session set NLS_TERRITORY="AMERICA"
alter session set NLS_CALENDAR="GREGORIAN"
alter session set NLS_SORT="BINARY"
alter session set NLS_COMP="BINARY"
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
no characterset conversion needed
...Setting session time_zone to -04:00
reset_nls_environment
reset
reset
Processing page view with session ID = 0
fetch_flow_info
set_html_escaping_mode p_mode=>E
Language derived from: FLOW_PRIMARY_LANGUAGE, current browser language: en-us
alter session set nls_language="AMERICAN"
alter session set nls_territory="AMERICA"
NLS: CSV charset=WE8MSWIN1252
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
Setting NLS_DATE_FORMAT to application date format: mm/dd/yyyy
...NLS: Set g_nls_date_format="mm/dd/yyyy"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
NLS: Language=en-us
fetch_flow_info
set_html_escaping_mode p_mode=>E
Application 181, Authentication: PLUGIN, Page Template: 12902619543947292
authenticate_and_init_session p_app_id=>181
fetch_flow_info
set_html_escaping_mode p_mode=>E
set_g_security_group_id p_security_group_id=>634111608319703,p_check_host_prefix=>true
does_host_prefix_match p_security_group_id=>634111608319703,p_host_prefix=>,c_path_info=>/f
get_login_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_home_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
... authentication id=252985691712777759, sgid=634111608319703, curr flow sgid=634111608319703
... page is public:false
Authentication check: Login (NATIVE_CUSTOM)
get_current
... DOES NOT EXIST - ignore
builtin_cookie_sentry p_cookie_name=>ORA_WWV_APP_181
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=
... cookie is not set
... failure, session not found
set_db_session_info
...fetch session state from database
get_current
... DOES NOT EXIST - ignore
fetch items (exact)
execute_native_session_sentry p_type=>NATIVE_CUSTOM
...Execute Statement: begin declare
begin
wwv_flow.g_boolean := htmldb_public_user.Modntlm_Page_Sentry;
end;
~
get_cookie_properties 181 -> ORA_WWV_APP_181, ,
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=
... cookie is not set
get_cookie_properties 181 -> ORA_WWV_APP_181, ,
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=
... cookie is not set
generate_unique_session_id
remember_deep_link p_url=>f?p=181:30:::LEVEL9:
get_current
... DOES NOT EXIST - ignore
... insert into wwv_flow_sessions$: 7781513768577
create_new
Session created: 7781513768577 user: foobar
save_by_name p_item_name=>FSP_AFTER_LOGIN_URL,p_item_value=>***
set_builtin_global_item_value p_item_name=>FSP_AFTER_LOGIN_URL,p_value=>f?p=181:30:7781513768577::LEVEL9:
...Session State: Saved Item "FSP_AFTER_LOGIN_URL" New Value="f?p=181:30:7781513768577::LEVEL9:"
login p_uname=>foobar,p_password=>...,p_session_id=>7781513768577,p_flow_page=>181:30,p_entry_point=>POST-LOGIN,p_preserve_case=>false,p_use_secure_cookie=>false
execute_login p_username=>foobar,p_password=>...,p_current_app_id=>181,p_next_app_id=>181,p_next_page_id=>30,p_post_login=>true,p_builder_login_for_workspace=>
...delaying unrecoverable error to the end of execute_login
create_or_reuse_session
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from db)
...Session ID 7781513768577 can be used
...New Instance Detected -
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
get_login_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_home_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
... authentication id=252985691712777759, sgid=634111608319703, curr flow sgid=634111608319703
... page is public:false
... POST LOGIN shortcut, no pre-auth and auth process
... Authentication success
... running post_auth_240111674424380819
...Execute Statement: begin declare
procedure post_auth_240111674424380819 is
begin
post_auth_240111674424380819;
end;
end;
Collection - Begin create_collection_from_query_b, Collection Name: AD_GROUPS
Collection - Begin Create Collection, Collection Name: EM_ROLES
save_by_name p_item_name=>G_APP_USER,p_item_value=>***
find_item_by_name p_name=>G_APP_USER
set_substitution_cache p_id=>8993704979413505,p_value=>***,p_name=>G_APP_USER,p_filter=>Y,p_encrypted=>N
...Session State: Saved Item "G_APP_USER" New Value="foobar"
get_item_value p_item=>FSP_AFTER_LOGIN_URL,p_flow=>181,p_instance=>7781513768577
... l_instance=7781513768577,l_flow_id=181,l_sgid=634111608319703,p_item=FSP_AFTER_LOGIN_URL
get_builtin_global_item_value p_item_name=>FSP_AFTER_LOGIN_URL,p_session_id=>7781513768577
...value="f?p=181:30:7781513768577::LEVEL9:"
save_by_name p_item_name=>FSP_AFTER_LOGIN_URL,p_item_value=>***
set_builtin_global_item_value p_item_name=>FSP_AFTER_LOGIN_URL,p_value=>
...Session State: Saved Item "FSP_AFTER_LOGIN_URL" New Value=""
log_login p_username=>foobar,p_security_group_id=>634111608319703,p_owner=>foobar,p_application_id=>181,p_authentication_method=>Login,p_authentication_result=>0,p_custom_status_text=>
... update session user (foobar) and auth result ()
reset_cache
update_hashed_id -> ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1, sqlrowcount=1
send name=>ORA_WWV_APP_181,value=>ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1,expires=>,path=>,domain=>,secure=>,httponly=>HTTPONLY
Redirecting to f?p=181:30:7781513768577::LEVEL9:
...setting g_unrecoverable_error:=true again
Stop APEX Engine detected
Stop APEX Engine detected
Final commit
init cgi_var_name.count=>29
CGI: PATH_INFO = /f
HTTP://xxx/pls/xxx.xx
QUERY_STRING=p=181:30:7781513768577::LEVEL9:
REQUEST_METHOD=GET
REMOTE_ADDR=xx.xx.xx.xx
REMOTE_USER=foobar
APEX_LISTENER_VERSION=
REFERER=
Cookies:
S H O W: application="181" page="30" workspace="" request="" session="7781513768577"
Reset NLS settings
alter session set NLS_LANGUAGE="AMERICAN"
alter session set NLS_TERRITORY="AMERICA"
alter session set NLS_CALENDAR="GREGORIAN"
alter session set NLS_SORT="BINARY"
alter session set NLS_COMP="BINARY"
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
no characterset conversion needed
...Setting session time_zone to -04:00
reset_nls_environment
reset
reset
fetch_flow_info
set_html_escaping_mode p_mode=>E
Language derived from: FLOW_PRIMARY_LANGUAGE, current browser language: en-us
alter session set nls_language="AMERICAN"
alter session set nls_territory="AMERICA"
NLS: CSV charset=WE8MSWIN1252
...NLS: Set Decimal separator="."
...NLS: Set NLS Group separator=","
...NLS: Set g_nls_date_format="DD-MON-RR"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
Setting NLS_DATE_FORMAT to application date format: mm/dd/yyyy
...NLS: Set g_nls_date_format="mm/dd/yyyy"
...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"
...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"
NLS: Language=en-us
fetch_flow_info
set_html_escaping_mode p_mode=>E
Application 181, Authentication: PLUGIN, Page Template: 12902619543947292
authenticate_and_init_session p_app_id=>181
fetch_flow_info
set_html_escaping_mode p_mode=>E
set_g_security_group_id p_security_group_id=>634111608319703,p_check_host_prefix=>true
does_host_prefix_match p_security_group_id=>634111608319703,p_host_prefix=>,c_path_info=>/f
get_login_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_home_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
... authentication id=252985691712777759, sgid=634111608319703, curr flow sgid=634111608319703
... page is public:false
Authentication check: Login (NATIVE_CUSTOM)
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from db)
builtin_cookie_sentry p_cookie_name=>ORA_WWV_APP_181
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
... success, session id and security group id matches
... set user and session id in package globals
set_g_security_group_id p_security_group_id=>634111608319703,p_check_host_prefix=>true
does_host_prefix_match p_security_group_id=>634111608319703,p_host_prefix=>,c_path_info=>/f
set_db_session_info
...fetch session state from database
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
fetch items (exact)
... fetched 8993704979413505: name=G_APP_USER, value=foobar
execute_native_session_sentry p_type=>NATIVE_CUSTOM
...Execute Statement: begin declare
begin
wwv_flow.g_boolean := htmldb_public_user.Modntlm_Page_Sentry;
end;
~
get_cookie_properties 181 -> ORA_WWV_APP_181, ,
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
get_cookie_properties 181 -> ORA_WWV_APP_181, ,
get_by_cookie_name p_cookie_name=>ORA_WWV_APP_181
session cookie value for ORA_WWV_APP_181=ORA_WWV-PqmZTwhNdxkMTTqPlY88APZ1
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
... sentry success, no verification specified
... sentry+verification success
create_or_reuse_session
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
...Session ID 7781513768577 can be used
...New Instance Detected -
get_by_cookie_name p_cookie_name=>ORA_WWV_USER_61814286625969
session cookie value for ORA_WWV_USER_61814286625969=
... cookie is not set
get_builder_session_id: builder session=null
...Setting session time_zone to -04:00
...Check for session expiration:
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
get_builtin_global_item_value p_item_name=>FSP_SESSION_TIME,p_session_id=>7781513768577
NO_DATA_FOUND!
set_builtin_global_item_value p_item_name=>FSP_SESSION_TIME,p_value=>20130925091227::
...Session State: Saved Item "FSP_SESSION_TIME" New Value="20130925091227::"
Session: Fetch session header information
get_current
... session=7781513768577, user=foobar, sgid=634111608319703 (from cache)
fetch_step_info p_mode=>SHOW
get_home_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_login_url p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
get_theme_id p_user_interface_id=>12942041779151719,p_application_id=>181,p_security_group_id=>634111608319703
Branch point: Before Header
Authorization Check: "Administrator" Caching: "BY_USER_BY_PAGE_VIEW" Component: "PAGE"
... failed
setting g_primary_language := en-us
Add error onto error stack
...Error data:
......message: Must be Administrator
......additional_info: Access denied by Page security check
......display_location: ON_ERROR_PAGE
......is_internal_error: true
......apex_error_code: APEX.AUTHORIZATION.ACCESS_DENIED
......error_backtrace: ----- PL/SQL Call Stack -----
object      line object
handle    number name
0x2d7325bc0       556 package body APEX_040200.WWV_FLOW_ERROR
0x2d7325bc0       607 package body APEX_040200.WWV_FLOW_ERROR
0x2d7325bc0       911 package body APEX_040200.WWV_FLOW_ERROR
0x211e95470       488 package body APEX_040200.WWV_FLOW_AUTHORIZATION
0x2dbf01138      6000 package body APEX_040200.WWV_FLOW
0x2db632be8       249 procedure APEX_040200.F
0x267d27130        31 anonymous block
......component.type: APEX_APPLICATION_AUTHORIZATION
......component.id: 19813621888498766
......component.name: Administrator
...Show Error on Error Page
......Performing rollback
render_error_page
wwv_flow_init_htp_buffer
reset
reset
get_grid_template p_page_template_id=>12901127353947285
emit_page_header
Show page template header
handle_common_placeholders p_placeholder=>#TITLE#
get_title
handle_common_placeholders p_placeholder=>#IMAGE_PREFIX#
handle_common_placeholders p_placeholder=>#IMAGE_PREFIX#
handle_common_placeholders p_placeholder=>#APEX_CSS#
is_desktop_ui p_application_id=>181,p_page_id=>30,p_security_group_id=>634111608319703
get_ui_type p_application_id=>181,p_page_id=>30,p_security_group_id=>634111608319703
...initialize cache
... ui type name=DESKTOP
... true
handle_common_placeholders p_placeholder=>#TEMPLATE_CSS#
handle_common_placeholders p_placeholder=>#THEME_CSS#
handle_common_placeholders p_placeholder=>#PAGE_CSS#
handle_common_placeholders p_placeholder=>#APEX_JAVASCRIPT#
is_desktop_ui p_application_id=>181,p_page_id=>30,p_security_group_id=>634111608319703
get_ui_type p_application_id=>181,p_page_id=>30,p_security_group_id=>634111608319703
...use cache
... ui type name=DESKTOP
... true
handle_common_placeholders p_placeholder=>#TEMPLATE_JAVASCRIPT#
handle_common_placeholders p_placeholder=>#APPLICATION_JAVASCRIPT#
handle_common_placeholders p_placeholder=>#PAGE_JAVASCRIPT#
handle_common_placeholders p_placeholder=>#IMAGE_PREFIX#
handle_common_placeholders p_placeholder=>#IMAGE_PREFIX#
handle_common_placeholders p_placeholder=>#ONLOAD#
handle_common_placeholders p_placeholder=>#OUTDATED_BROWSER#
handle_common_placeholders p_placeholder=>#FORM_OPEN#
Rendering form open tag and internal values
clear_page_checksum
generate_unique_session_id
perform p_process_point=>AFTER_ERROR_HEADER
Processes - point: AFTER_ERROR_HEADER
handle_common_placeholders p_placeholder=>#REGION_POSITION_07#
handle_common_placeholders p_placeholder=>#HOME_LINK#
handle_common_placeholders p_placeholder=>#LOGO#
handle_common_placeholders p_placeholder=>#NAVIGATION_BAR#
handle_common_placeholders p_placeholder=>#REGION_POSITION_08#
handle_common_placeholders p_placeholder=>#REGION_POSITION_04#
handle_common_placeholders p_placeholder=>#REGION_POSITION_01#
handle_common_placeholders p_placeholder=>#SUCCESS_MESSAGE#
handle_common_placeholders p_placeholder=>#NOTIFICATION_MESSAGE#
handle_common_placeholders p_placeholder=>#GLOBAL_NOTIFICATION#
handle_common_placeholders p_placeholder=>#REGION_POSITION_02#
handle_common_placeholders p_placeholder=>#REGION_POSITION_03#
perform p_process_point=>BEFORE_ERROR_FOOTER
Processes - point: BEFORE_ERROR_FOOTER
emit_footer
Show page footer
Show page tempate footer
handle_common_placeholders p_placeholder=>#CUSTOMIZE#
handle_common_placeholders p_placeholder=>#REGION_POSITION_05#
handle_common_placeholders p_placeholder=>#APP_VERSION#
handle_common_placeholders p_placeholder=>#REGION_POSITION_08#
handle_common_placeholders p_placeholder=>#FORM_CLOSE#
Rendering form close tag and page checksum
handle_common_placeholders p_placeholder=>#DEVELOPER_TOOLBAR#
handle_common_placeholders p_placeholder=>#GENERATED_CSS#
handle_common_placeholders p_placeholder=>#GENERATED_JAVASCRIPT#
emit_generated_javascript
Logging exception in final_exception_handler:
Sqlerrm: ORA-20987: APEX - Must be Administrator - Access denied by Page security check
Backtrace: ORA-06512: at "APEX_040200.WWV_FLOW_ERROR", line 861
ORA-06512: at "APEX_040200.WWV_FLOW_ERROR", line 896
ORA-06512: at "APEX_040200.WWV_FLOW_AUTHORIZATION", line 501
ORA-06512: at "APEX_040200.WWV_FLOW", line 6000
Seems to me that the authorization scheme (which uses the value of the application item) is evaluated before the before-header/unconditional application computation sets the value of the application item and since the authorization scheme fails, show processing stops with an error.
What say you?

OsIntegration.mount() failed error

I'm receiving an "osIntegration.mount() failed" error (see below) when trying to connect using my custom handler in Drive. This error only happens on the Mac. Connection to the same CMS through Windows 7 works perfectly. The error seems to be related to the URL entered in Drive. For example, if I enter
      icms://mobiledemo.flatironssolutions.com:8443/icmsserver/repo
I get the error. However, if I enter
     icms://mobiledemo:8443/icmsserver/repo
it works. So at first, it appears to be related to entering a fully qualified host name. However, I have also see it fail on a different host without a fully qualified name (e.g, icms://mtcdmtl601:8080/icmsserver/gpp_dev_repo01). It is consistent in that if a URL works, it will always work; if it fails, it will always fail.
Here's the error from the log file:
2012/01/24 14:43:22,392 [ConnectionHandler-Adobe Drive-20671] INFO GetServerInfoHandler - -->In()
2012/01/24 14:43:22,392 [ConnectionHandler-Adobe Drive-20671] INFO GetServerInfoHandler - -->Out()
2012/01/24 14:43:22,520 [ConnectionHandler-Adobe Drive-20671] INFO ConnectHandler - -->In()
2012/01/24 14:43:22,641 [ConnectionHandler-Adobe Drive-20671] INFO ConnectHandler - -->Out()
2012/01/24 14:43:22,641 [ConnectionHandler-Adobe Drive-20671] WARN DataManager - No IEventService for server ( | icms://mtcdmtl601:8080/icmsserver/gpp_dev_repo01 | icms://mtcdmtl601:8080/icmsserver/gpp_dev_repo01 | enableOfflineEditing: false | isOfflineEditing: false)
2012/01/24 14:43:22,642 [ConnectionHandler-Adobe Drive-20671] INFO GetAssetsHandler - -->In()
2012/01/24 14:43:22,642 [ConnectionHandler-Adobe Drive-20671] INFO GetAssetsHandler - -->Out()
2012/01/24 14:43:22,649 [ConnectionHandler-Adobe Drive-20671] INFO GetVolumeIconsHandler - -->In()
2012/01/24 14:43:22,650 [ConnectionHandler-Adobe Drive-20671] INFO GetVolumeIconsHandler - -->Out()
2012/01/24 14:43:22,819 [ConnectionHandler-Adobe Drive-20671] ERROR MountService - osIntegration.mount() failed
com.adobe.drive.data.model.DriveException: the server with uuid icms://mtcdmtl601:8080/icmsserver/gpp_dev_repo01 could not be mounted
    at com.adobe.drive.internal.biz.filesystem.mount.OperatingSystemIntegrationMac.mount(Operati ngSystemIntegrationMac.java:95)
    at com.adobe.drive.internal.biz.filesystem.mount.MountService.internalMount(MountService.jav a:144)
    at com.adobe.drive.internal.biz.filesystem.mount.MountService.mount(MountService.java:102)
    at com.adobe.drive.ui.ncomm.handler.MountServerHandler.mountServer(MountServerHandler.java:2 74)
    at com.adobe.drive.ui.ncomm.handler.AddServerHandler.handle(AddServerHandler.java:136)
    at com.adobe.csi.internal.ncomm.InvokeHandler.handle(InvokeHandler.java:88)
    at com.adobe.csi.internal.ncomm.NCommDelegate.execute(NCommDelegate.java:107)
    at com.adobe.versioncue.internal.nativecomm.host.Host.execute(Host.java:200)
    at com.adobe.versioncue.internal.nativecomm.host.ConnectionHandler.handleRequest(ConnectionH andler.java:162)
    at com.adobe.versioncue.internal.nativecomm.host.ConnectionHandler.run(ConnectionHandler.jav a:81)
    at java.lang.Thread.run(Thread.java:655)
2012/01/24 14:43:22,824 [ConnectionHandler-Adobe Drive-20671] INFO DataManager - java.lang.NullPointerException
Any help would be greatly appreciated.

I worked around this issue. I removed the GetServerInfoHandler reference in my Factory. Something I was passing for either UIID or IpAddress was causing the problem.

Logout fails Authorization Scheme

I'm using the following logout url on the authentication scheme:
wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=140:12
On page 12 the authorization scheme is - No Page Authorization Required - and the Authentication is 'Page is Public'.
Page 12 fails on authentication. I get Access denied by Application security check and the error message for the authentication scheme.
I know it's happening because the authentication scheme is using a query to verify the user exists in a table:
Exists SQL Query
select 1
from Personnel
where upper(USERid) = :APP_USER
:APP_USER is now empty because they logged out.
My question is how can I get the application to skip the authentication scheme? I thought when I picked, 'no page authorization required' and 'page is public' the application no longer checks the authentication and authorization.
Thanks, Elizabeth

Sorry about that. I tried to write it from memory.
I'm using the following logout url on the Authentication Scheme:
wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=140:12
On page 12 the Authorization Scheme is - No Page Authorization Required - and the Authentication is 'Page is Public'.
Page 12 fails on authorization. I get Access denied by Application security check and the error message for the Authorization Scheme.
I know it's happening because the Authorization Scheme is using a query to verify the user exists in a table:
Exists SQL Query
select 1
from Personnel
where upper(USERid) = :APP_USER
:APP_USER is now empty because they logged out.
My question is how can I get the application to skip the Authorization Scheme? I thought when I picked, 'no page authorization required' and 'page is public' the application no longer checks the authentication and authorization.
Thanks, Elizabeth

Authorization Schemes always fails

I am trying to verify that the user has the correct access in the authorization scheme. No matter what I put it fails. I currently have it set to pl/sql function returning boolean and the code as:
begin
return true;
end;
I still get the error message for my Authorization Scheme every time. For my application settings I selected the {Not} option, and that fails as well.
Can someone point me in the right direction?
Thanks.

Johnnie,
If you made this an application level authorization then try checking the page. Frankly I don't know how it could have failed when it says always return true... But try something like the following:
DECLARE
   l_retval BOOLEAN;
BEGIN
   l_retval := nv('APP_PAGE_ID') = 101 OR v('APP_USER') IS NOT NULL;
   RETURN l_retval;
END;The first page is checking to see if the user is on the login page. The second condition is really nothing, you'll want to fix it for your application. If you're still having problems, please post an example application on apex.oracle.com so we can take a look under the hood.
Regards,
Dan

Error in executing authorization scheme code

I run my application on APEX.ORACLE.COm and I immediatly get the following error:
ORA-06550: line 13, column 28: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line 12, column 14: PL/SQL: SQL Statement ignored ORA-06550: line 16, column 19: PLS-00364: loop index variable 'C1' use is invalid ORA-06550: line 16, column 5: PL/SQL: Statement ignored ORA-06550: line 17, column 15: PLS-00364: loop index variable 'C1' use is invalid ORA-06550: line 17, column 5: PL/SQL: Statement ignored ORA-06550: line 25, column 28: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line
Error ERR-1082 Error in executing authorization scheme code.
Here are the login credentials:
Workspace: RGWORK
Application: Online Certification Application Prototype - 21405
User: TESTER
Password: test123
The application s/b public . I am not able to identify the invalid authorization scheme. I checked all the authorization schemes in the Shared Components > Security > Authorization Schemes and can't find the culprit.
Can someone assist please?
Thank you,
Robert
My Blog: http://apexjscss.blogspot.com

Your Authorization Scheme "Access control - administrator" has this line of code that uses a table that isn't there (or RGTEST has no access to):
select id, application_mode
from apex_adm.apex_access_setup
This Authorization Scheme is used in the Admin tab.
If you run the page in debug mode you'll see (amongst a lot of other stuff):
0.19: Authorization Check: "11204012643155257465" User: "nobody" Component: "tab"
0.20: Show ERROR page...
That pointed me to the Tab section...and there it was!

Authorization Scheme - Getting handle on which object is calling the scheme

Hi
I'm currently trying to write a custom authorization scheme using a plsql returning boolean. What I'm wondering is whether there is a way to reference the application object (e.g. page, region, page item, button etc) that has triggered the authorization plsql to run.
What I'm ultimately wanting to do is to create a generic authorization scheme that can be applied to any object, and that auth scheme will look up a database table containing what users can access what object. I can only do this if I know at run-time which object the plsql is currently checking authorization for. (I can get the user from :APP_USER.
For example I have an authorization scheme "test_scheme". I have applied test_scheme to the button "CREATE" on page 1. This button has a button_id which I can find from APEX_APPLICATION_PAGE_BUTTONS view.
During page rendering the buttons authorization scheme will be checked (and so the plsql returning boolean will be triggered). When the plsql is triggered I want to reference the fact that the CREATE button on page 1 (or better the button_id) has triggered the plsql, from within the plsql itself.
I hope this makes sense.
Many thanks in advance.

Hi Scott,
Looks like there are a few others out there encountering the limiatations of authorization schemes.
Hopefully there will be an enhancement at some point to enable referencing the component id which has triggered the authorization scheme to run.
Until then I will go down the route of creating an authorization scheme for each component that needs one.
Many thanks for pointing me to that discussion.
Jimbo

ERR-1082 Error in executing authorization scheme code.

Hi All,
i have a different problem in apex....
I am using below function to authenticate the apex users after SSO login. I have created authentication schemes for admin and users separately depending on that users will have access to the specific tabs.
Now users are facing below error
ORA-01403: no data found Error ERR-1082 Error in executing authorization scheme code.
while they log in or submit the page. And the weired thing is randomly they are getting this error. 2 or 3 times in a week. and when i compile the authentication function that error will be resolved.
this is function structure. Inside the function validation code is written.
function F_auth_user( muser_name in varchar2, mauth_level in number, mgroup_name in varchar2) return boolean
Some of the details: application users : 200 application size : 30MB
May i know that how can i prevent this occurrence of error.

Yes that is authorization schemes .
Evidence is user can be able to login properly after compiling the function. otherwise the same error happening while navigating through out the applications.
Function code:
create or replace function F_auth_user(
muser_name in varchar2,
mauth_level in number,
mgroup_name in varchar2) return boolean is
ct number;
muser_id number;
begin
select id into muser_id from t_employees where upper(email)=upper(muser_name);
if muser_id is null or mauth_level is null or mgroup_name is null then
return false;
end if;
if upper(mgroup_name) = 'ANY' then
select count(*) into ct from t_employees emp, t_positions pos,
t_employee_groups eg
where emp.position = pos.id and
pos.MgtLevel >= mauth_level and
emp.position = pos.id and
emp.id = muser_id;
elsif upper(mgroup_name) = 'USER' then
select count(*) into ct from t_employees emp, t_positions pos,
t_employee_groups eg
where emp.position = pos.id and
pos.MgtLevel >= mauth_level and pos.MgtLevel!=6 and pos.MgtLevel!=4 and
emp.position = pos.id and
emp.id = muser_id ;
elsif upper(mgroup_name) = 'ADMIN' then
select count(*) into ct from t_employees emp, t_positions pos,
t_employee_groups eg
where emp.position = pos.id and
pos.MgtLevel >= mauth_level and pos.MgtLevel!=6 and
emp.position = pos.id and
emp.id = muser_id ;
else
select count(*) into ct from T_employees emp, T_positions pos,
t_emp_group_mapping egm, t_employee_groups eg
where emp.position = pos.id and
emp.id = egm.employee_id and
pos.MgtLevel >= mauth_level and
emp.position = pos.id and
emp.id = muser_id and
egm.group_id = eg.id and
trim(eg.group_name) = mgroup_name;
end if;
if ct > 0 then
return true;
end if;
return false;

Error ERR-1082 Error in executing authorization scheme code.

Hi,
i imported my application from test to prod environment
when run application i received the error (on login page)
ORA-06550: line 13, column 19: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line 12, column 13: PL/SQL: SQL Statement ignored ORA-06550: line 16, column 18: PLS-00364: loop index variable 'C1' use is invalid ORA-06550: line 16, column 4: PL/SQL: Statement ignored ORA-06550: line 17, column 14: PLS-00364: loop index variable 'C1' use is invalid ORA-06550: line 17, column 4: PL/SQL: Statement ignored ORA-06550: line 25, column 19: PL/SQL: ORA-00942: table or view does not exist ORA-06550: line
Error ERR-1082 Error in executing authorization scheme code.
Any help?
Thanks in advance
Costantino

Hi Scott,
Thank you for the quick reply.
What I did was to install APEX 3.1 to 11g db, and installed packaged application which called Software Management. It is working fine to log into the application and other operations, but I got the same error which reported on this thread once I applied the existing authorization schemes. So I thought if I missed to import the apex_access_setup and apex_access_control tables. I am looking for the solution to enable the default authorizations...
I would appreciate if you could give me any suggestions.
Thanks,
Rui

Custome Authorization Scheme

Hello,
Is it possible to pass any parameters to my own Authorization Scheme? For example the name of the item. I would like to create my own auth. system, and to evaluate is the user has a specific right to "click" a button, or not I need the button name/id or anything to check with Authorization Scheme is the user authorizated or not.
Thanks,
András

Hi,
If I did understand corretly what you mean and you are talking about Authentication scheme, answer is no.
But for workaround you can refer items in your Authentication Function using v function
v('Px_MY_ITEM');Br,Jari

"ADFC-0619: Authorization check failed" on standalone WLS10.3.2

Hi,
After migrating from 11.1.1.1.0 to 11.1.1.2.0 we run into the following authorization problem:
ADFC-0619: Authorization check failed: 'pages/UIShell.jspx' 'VIEW'. (as popup, logging at debug level doesn't give more info)
This error occurs after the user has logged in with correct username/password, and continues from Home.jspx to UIShell.jspx.
- When testing with JDeveloper on embedded WLS, everything works fine. But as soon as we deploy to standalone WLS 10.3.2, this problem starts.
- We checked jazn-data.xml on the standalone WLS, but it no missing parts there compared to the 11.1.1.1.0 deployment version.
- A difference between embedded WLS and standalone WLS is that for the standalone we use LDAP for user authentication. We had this setup working on 11.1.1.1.0, so what has changed?
A similar situation is described here:
ADF 11g security: deploy to WebLogic 10.3.1
Any clues or directions?
Thanks alot,
Gerben

I found a workaround for my problem. Because we're using custom authorization (JHeadstart) in our applications, we don't need adf authorization. So I've just simply set authorizationEnforce to "false" in adf-config.xml, which works in our case.
Following blogposts helped alot:
http://hardnoxjava.blogspot.com/2009/02/how-we-handled-adf-security.html
http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html
-- Gerben

Page Restriction - Authorization Scheme

I have an application 8736 this application as 3 tabs
TAB1: information TAB2: department   TAB3: Admin
TAB3 as a form in which SHOULD be only be view by users which authorisation rights. I have been trying to do this for sometimes now and it is not work. I have a table called users
TABLE:users
username    access_level
john919             2
sarah765           0
For the page in TAB3 if you have an access level of 2. You should be able to view this page and if not they you should get an error message saying "sorry you cant view this page".
In this case "john919" should be able to view the page in tab "Tab3" and "sarah765 " SHOULD NOT.
I have this query in the Authorization Scheme and the scheme type: pl/sql function returning boolean
DECLARE
   v_access_level   NUMBER (2);
BEGIN
   IF (:APP_PAGE_ID = 61)
   THEN
      SELECT MAX (ADMIN_LEVEL)
        INTO v_access_level
        FROM USERS
       WHERE USER_NAME = :APP_USER;
      IF v_access_level = 2
      THEN
         RETURN TRUE;
      ELSE
         RETURN FALSE;
      END IF;
   ELSE
      RETURN TRUE;
   END IF;
END
I have never try this before and I have being asking around and alot of people tell me this should check the admin_level in the USERS table using the current username of the person looking in to see if they have access to this page. SO far this is as fail me. Please help

If you only have one access level per user then try changing your authorization scheme code to
DECLARE
   v_access_level   NUMBER (2);
BEGIN
      SELECT ADMIN_LEVEL
        INTO v_access_level
        FROM USERS
       WHERE USER_NAME = :APP_USER;
      IF v_access_level = 2
      THEN
         RETURN TRUE;
      ELSE
         RETURN FALSE;
      END IF;
END;
now apply this scheme to tab3

Authorization schemes

I am trying to not reinvent the wheel but Oracle DB secuirty as it exists today in APEX. I have successfully setup the authentication using Database account and that works fine, but now I want to have my application only allow special oracle accounts that are signified by Banner, authorized to process the application. I do not want to have to setup any additional security, but use my current DB security that is already setup in the Banner accounts for what can be accessed. I know I have to do something in the Authorization schemes in APEX, but I am not sure what? Any help would be appreciated. Thanks. Joe

It's quite simple really.
Create the scheme and the bottom line is that the scheme has to return TRUE or FALSE. TRUE means that they pass the test and can do whatever it is, FALSE means they fail the test and should get an error.
99.9% of the time I create a boolean-returning function in the database and I call it in the scheme like this (assume myfunction() takes the value of the signed-on user and does something with it to check if this user passes the test or not):
RETURN myfunction(:APP_USER);If TRUE comes back, they pass security validation, else it will fail them.
If you are just testing the user name itself, try this:
RETURN (:APP_USER like '%BANNER');...or whatever else returns TRUE/FALSE to evaluate your test.
Then, after you define the scheme, attach it to whatever needs protection.
There is an application-level to place the authorization scheme to restrict all access to all pages but I've never gotten it to effectivelly work because if you do the above example, it will even protect the login page because the APP_USER isn't yet set to the person who is going to log in. So I've always had to put the authorization at each page.
However you might be able to manage it at the application level if you do it this way (I never tried but I guess this would work...assume 101 is the login page):
RETURN :APP_PAGE_ID='101' OR (:APP_PAGE_ID != '101' AND :APP_USER like '%BANNER');So anytime page 101 (login) is accessed, the user passes security test to render the page. Else if it's not page 101, their username has to end in BANNER in order to pass the test.

Create Authorization Scheme for LDAP Groups

I have installed APEX 4.0 in my staging environment and got the LDAPS to finally work. I can now login to the application with my LAN user name and password. The only problem is so can everyone else on the LAN. So I wanted to create an authorization scheme that would only allow a certain group or groups of LDAP users into the application rather than everyone.
I am at the Create Authorization Scheme page and am kind of stuck. Has anyone done this before and can share some SQL or knowledge?

hi larosejh
If you want to do that you must write your own procedures using the dbms_ldap package. I found some code a while back that searches the LDAP. Maybe you can use this to create a function for your authentication.
DECLARE
retval PLS_INTEGER;
my_session DBMS_LDAP.session;
my_attrs DBMS_LDAP.string_collection;
my_message DBMS_LDAP.message;
my_entry DBMS_LDAP.message;
entry_index PLS_INTEGER;
my_dn VARCHAR2(256);
my_attr_name VARCHAR2(256);
my_ber_elmt DBMS_LDAP.ber_element;
attr_index PLS_INTEGER;
i PLS_INTEGER;
my_vals      DBMS_LDAP.STRING_COLLECTION ;
ldap_host VARCHAR2(256);
ldap_port VARCHAR2(256);
ldap_user VARCHAR2(256);
ldap_passwd VARCHAR2(256);
ldap_base VARCHAR2(256);
BEGIN
retval := -1;
-- Please customize the following variables as needed
ldap_host := 'host';
ldap_port := '389';
-- In case of update/insert/delete need change ldap_user to other.
     -- ldap_user := 'cn=orcladmin';
     -- ldap_passwd:= 'welcome';
-- set User and password to NULL for anonymous user.
ldap_user := 'user';
ldap_passwd:= 'password';
ldap_base := 'CN=Users,DC=ee,DC=intern';
-- end of customizable settings
-- Start output Header--
DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
DBMS_OUTPUT.PUT('> DBMS_LDAP Search Example ');
DBMS_OUTPUT.PUT_LINE('');
DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Host ',25,' ') || ': ' || ldap_host);
DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Port ',25,' ') || ': ' || ldap_port);
-- Choosing exceptions to be raised by DBMS_LDAP library.
DBMS_LDAP.USE_EXCEPTION := TRUE;
my_session := DBMS_LDAP.init(ldap_host,ldap_port);
DBMS_OUTPUT.PUT_LINE (RPAD('> Ldap session ',25,' ') || ': ' ||
RAWTOHEX(SUBSTR(my_session,1,8)) ||
'(returned from init)');
-- bind to the directory
retval := DBMS_LDAP.simple_bind_s(my_session,
ldap_user, ldap_passwd);
DBMS_OUTPUT.PUT_LINE(RPAD('> simple_bind_s Returns ',25,' ') || ': '
|| TO_CHAR(retval));
-- issue the search
my_attrs(1) := 'dn'; -- retrieve all attributes
retval := DBMS_LDAP.search_s(my_session, ldap_base,
DBMS_LDAP.SCOPE_SUBTREE,
'objectclass=*',
my_attrs,
0,
my_message);
DBMS_OUTPUT.PUT_LINE(RPAD('> search_s Returns ',25,' ') || ': '
|| TO_CHAR(retval));
DBMS_OUTPUT.PUT_LINE (RPAD('> LDAP message ',25,' ') || ': ' ||
RAWTOHEX(SUBSTR(my_message,1,8)) ||
'(returned from search_s)');
-- count the number of entries returned
retval := DBMS_LDAP.count_entries(my_session, my_message);
DBMS_OUTPUT.PUT_LINE(RPAD('> Number of Entries ',25,' ') || ': '
|| TO_CHAR(retval));
DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
-- End output Heading --
-- get the first entry
my_entry := DBMS_LDAP.first_entry(my_session, my_message);
entry_index := 1;
-- Loop through each of the entries one by one
while my_entry IS NOT NULL loop
-- print the current entry
my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
-- DBMS_OUTPUT.PUT_LINE (' entry #' || TO_CHAR(entry_index) ||
-- ' entry ptr: ' || RAWTOHEX(SUBSTR(my_entry,1,8)));
DBMS_OUTPUT.PUT_LINE (' dn: ' || my_dn);
my_attr_name := DBMS_LDAP.first_attribute(my_session,my_entry,
my_ber_elmt);
attr_index := 1;
while my_attr_name IS NOT NULL loop
my_vals := DBMS_LDAP.get_values (my_session, my_entry,
my_attr_name);
if my_vals.COUNT > 0 then
FOR i in my_vals.FIRST..my_vals.LAST loop
DBMS_OUTPUT.PUT_LINE(' ' || my_attr_name || ' : ' ||
SUBSTR(my_vals(i),1,200));
end loop;
end if;
my_attr_name := DBMS_LDAP.next_attribute(my_session,my_entry,
my_ber_elmt);
attr_index := attr_index+1;
end loop;
my_entry := DBMS_LDAP.next_entry(my_session, my_entry);
DBMS_OUTPUT.PUT_LINE(' --------------------------------------------------- ');
entry_index := entry_index+1;
end loop;
-- unbind from the directory
retval := DBMS_LDAP.unbind_s(my_session);
DBMS_OUTPUT.PUT_LINE(RPAD('unbind_res Returns ',25,' ') || ': ' ||
TO_CHAR(retval));
-- Start Output Footer --
DBMS_OUTPUT.PUT_LINE('Directory operation Successful .. exiting');
-- Start Output Footer --
-- Handle Exceptions
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
END;
/

Custom handling of authorization scheme failed errors

Similar Messages

Maybe you are looking for