Pro Oracle Application
Express
■■■
John Edward Scott and Scott Spendolini
Pro Oracle Application Express
Copyright © 2008 by John Edward Scott and Scott Spendolini
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage or retrieval
system, without the prior written permission of the copyright owner and the publisher.
ISBN-10 (pbk): 1-59059-827-X
ISBN-13 (pbk): 978-1-59059-827-6
ISBN-13 (electronic): 978-1-4302-0205-9
Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1
Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence
of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark
owner, with no intention of infringement of the trademark.
Lead Editor: Jonathan Gennick
Technical Reviewer: Peter Linsley
Editorial Board: Clay Andres, Steve Anglin, Ewan Buckingham, Tony Campbell, Gary Cornell, Jonathan
Gennick, Matthew Moodie, Joseph Ottinger, Jeffrey Pepper, Frank Pohlmann, Ben Renow-Clarke,
Dominic Shakeshaft, Matt Wade, Tom Welsh
Project Manager: Sofia Marchant
Copy Editor: Marilyn Smith
Associate Production Director: Kari Brooks-Copony
Production Editor: Jill Ellis
Compositor: Pat Christenson
Proofreaders: Linda Seifert and Liz Welch
Indexers: Carol Burbo and Ron Strauss
Artist: April Milne
Cover Designer: Kurt Krames
Manufacturing Director: Tom Debolski
Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor,
New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail
[email protected], or
visit http://www.springeronline.com.
For information on translations, please contact Apress directly at 2855 Telegraph Avenue, Suite 600,
Berkeley, CA 94705. Phone 510-549-5930, fax 510-549-5939, e-mail
[email protected], or visit http://
www.apress.com.
Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use.
eBook versions and licenses are also available for most titles. For more information, reference our Special
Bulk Sales–eBook Licensing web page at http://www.apress.com/info/bulksales.
The information in this book is distributed on an “as is” basis, without warranty. Although every precaution
has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to
any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly
by the information contained in this work.
Contents at a Glance
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii
About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
■CHAPTER 1 Development Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
■CHAPTER 2 Migrating to APEX from Desktop Systems . . . . . . . . . . . . . . . . . . . . . 25
■CHAPTER 3 Authentication and User Management . . . . . . . . . . . . . . . . . . . . . . . . . 65
■CHAPTER 4 Conditions and Authorization Schemes . . . . . . . . . . . . . . . . . . . . . . . 119
■CHAPTER 5 Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
■CHAPTER 6 Navigation and Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
■CHAPTER 7 Reports and Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
■CHAPTER 8 Ajax and JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
■CHAPTER 9 File Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
■CHAPTER 10 Reporting and Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
■CHAPTER 11 Themes and Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
■CHAPTER 12 Localization Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
■CHAPTER 13 LDAP and Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
■CHAPTER 14 Performance and Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
■CHAPTER 15 Production Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
■CHAPTER 16 APEX Dictionary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
■INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
iii
Contents
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
■CHAPTER 1 Development Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
APEX Installation Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Application Development Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Users and Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Workspaces and Schemas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Application Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Application Portability and Code Reuse . . . . . . . . . . . . . . . . . . . . . . . . 13
Performance Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Bind Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Report Pagination Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Error and Exception Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Packaged Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
■CHAPTER 2 Migrating to APEX from Desktop Systems . . . . . . . . . . . . . . . . 25
Excel Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Creating a New Application Based on a Spreadsheet . . . . . . . . . . . . 27
Running the New Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Customizing the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Exporting Data to a Spreadsheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Access Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Using the Access Export Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Using the ODBC Database Export Method . . . . . . . . . . . . . . . . . . . . . 42
Using Oracle Migration Workbench . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Migrating the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
v
vi ■C O N T E N T S
Migration from Other Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Migrating from a System Using an Oracle Database . . . . . . . . . . . . 57
Migrating from a System Using Another Database . . . . . . . . . . . . . . 57
Migration with SQL Developer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Connecting to a Migration Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Running the Migration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Verifying the Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
■CHAPTER 3 Authentication and User Management . . . . . . . . . . . . . . . . . . . . 65
Preconfigured Authentication Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Open Door Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
No Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Application Express Account Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Creating New Application Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Creating Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Controlling Authentication with Groups . . . . . . . . . . . . . . . . . . . . . . . . 71
Maintaining Cookie Users Within Your Application . . . . . . . . . . . . . . 76
Database Account Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Custom Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Creating the User Repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Creating a New Authentication Scheme . . . . . . . . . . . . . . . . . . . . . . . 83
Regarding Index Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Hash Rather Than Crypt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Implementing Locked User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . 97
Automating User Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Implementing Session Timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
■CHAPTER 4 Conditions and Authorization Schemes . . . . . . . . . . . . . . . . . . 119
Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Specifying Condition Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Using Conditions Appropriately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Authorization Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Creating an Authorization Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Protecting Your Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
To Cache or Not to Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Resetting the Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
■C O N T E N T S vii
■CHAPTER 5 Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
URLs and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Understanding the URL Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Manipulating the URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Session State Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Enabling Session State Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Configuring Session State Protection . . . . . . . . . . . . . . . . . . . . . . . . 165
Virtual Private Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Implementing VPD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Using Contexts with VPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Using Advanced VPD Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
VPD Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Enabling Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Viewing Audit Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
■CHAPTER 6 Navigation and Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Understanding Tab States: Current and Noncurrent . . . . . . . . . . . . 205
Using Standard Tabs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Using Parent Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Navigation Bars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Accessing Navigation Bar Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Creating Navigation Bar Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Performing an Action on the Current Page . . . . . . . . . . . . . . . . . . . . 216
Breadcrumbs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Accessing Breadcrumb Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Using Dynamic Breadcrumb Entries . . . . . . . . . . . . . . . . . . . . . . . . . 220
Displaying Breadcrumbs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Accessing List Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Creating a Menu Using a List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Tracking Clicks on List Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Using User-Defined Attributes for List Entries . . . . . . . . . . . . . . . . . 230
Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Creating a Table for the Tree Entries . . . . . . . . . . . . . . . . . . . . . . . . . 232
Creating the Tree Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Enabling and Disabling Tree Entries . . . . . . . . . . . . . . . . . . . . . . . . . 236
viii ■C O N T E N T S
Page Zero . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Creating Page Zero . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Adding Regions to Page Zero . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Positioning Regions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Positioning Page Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Drag-and-Drop Positioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
■CHAPTER 7 Reports and Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Report Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Named Columns vs. Generic Columns . . . . . . . . . . . . . . . . . . . . . . . 255
Report Pagination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Break Formatting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Column Formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Columns As Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Chart Query Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
HTML Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
SVG Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Flash Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Generic Charting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
■CHAPTER 8 Ajax and JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Implementing an Ajax Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Setting Up the New Search Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Adding JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Examining the Ajax Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Calling On Demand Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Showing and Hiding Page Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Showing and Hiding Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Showing and Hiding Report Columns . . . . . . . . . . . . . . . . . . . . . . . . 315
Disabling Page Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Setting the Value of Form Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
■C O N T E N T S ix
Implementing Third-Party Ajax Libraries . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Using the YUI Library AutoComplete Control . . . . . . . . . . . . . . . . . . 322
Using the YUI Library Tooltip Control . . . . . . . . . . . . . . . . . . . . . . . . . 328
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
■CHAPTER 9 File Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Database or File System? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Using Standard Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Standard Upload Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Standard Download Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Issues with the Standard Procedures . . . . . . . . . . . . . . . . . . . . . . . . 344
Creating Custom Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Custom Upload Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Custom Download Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Security for Download Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Image Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Checking for Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Adding Expiry Headers to the Custom Download Procedure . . . . . 360
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
■CHAPTER 10 Reporting and Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Choosing a Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Configuring APEX to Use a Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Printing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Enabling Printing for a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Troubleshooting Print Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Configuring Some Simple Print Options . . . . . . . . . . . . . . . . . . . . . . 371
Creating Custom Report Layouts with BI Publisher. . . . . . . . . . . . . . . . . . . 374
Installing the Client-Side Layout Tool . . . . . . . . . . . . . . . . . . . . . . . . 375
Creating a New Report Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Adding Graphics and Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Generating Reports Through Apache FOP . . . . . . . . . . . . . . . . . . . . . . . . . 389
Installing Apache FOP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Creating a New Layout Using XSL-FO . . . . . . . . . . . . . . . . . . . . . . . . 390
Adding Graphics to a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
x ■C O N T E N T S
■CHAPTER 11 Themes and Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Themes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Associating a Theme with an Application . . . . . . . . . . . . . . . . . . . . . 403
Viewing Theme Details and Reports . . . . . . . . . . . . . . . . . . . . . . . . . 404
Performing Theme Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Defining Theme Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Switching Themes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Removing Unused Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Viewing Template Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Understanding Template Types and Classes . . . . . . . . . . . . . . . . . . 415
Managing Template Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Choosing a Template Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Template Subscriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Setting Up a Theme Subscription System. . . . . . . . . . . . . . . . . . . . . 438
Refreshing Subscriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Tools for Working with Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
■CHAPTER 12 Localization Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Localizing Application Builder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Choosing a Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Installing a Language File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
Localizing Your Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
A Simple Currency Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
User-Dependent Localization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
NLS Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Fully Translating Your Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Defining the Primary Application Language and Derived
From Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Creating Translated Versions of an Application . . . . . . . . . . . . . . . . 462
Translating On the Fly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Translating the Standard Messages . . . . . . . . . . . . . . . . . . . . . . . . . 475
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
■C O N T E N T S xi
■CHAPTER 13 LDAP and Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
LDAP Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Benefits of Using LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Centralized User Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Including Other Resources and Attributes. . . . . . . . . . . . . . . . . . . . . 480
Centralized Authentication and Authorization. . . . . . . . . . . . . . . . . . 481
Off-Loading Repository Maintenance and Administration . . . . . . . 482
Authentication with LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Authenticating with Oracle Internet Directory . . . . . . . . . . . . . . . . . 484
Authenticating with Microsoft Active Directory . . . . . . . . . . . . . . . . 488
Integrating with Legacy LDAP Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Using the LDAP Username Edit Function . . . . . . . . . . . . . . . . . . . . . 492
Using a Custom LDAP Authentication Function . . . . . . . . . . . . . . . . 494
Working with Groups in OID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Checking Group Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Checking Nested Group Membership . . . . . . . . . . . . . . . . . . . . . . . . 501
Checking Groups with MEMBER_OF and MEMBER_OF2 . . . . . . . . 508
Turning Groups into Table Rows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Gaining Efficiency and Resiliency Through Materialized Views . . 515
Working with Groups in Microsoft Active Directory . . . . . . . . . . . . . . . . . 516
Examining Active Directory’s Group Structure . . . . . . . . . . . . . . . . . 518
Checking Group Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Querying and Updating LDAP Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
Querying LDAP Attributes in OID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Querying LDAP Attributes in Active Directory . . . . . . . . . . . . . . . . . 533
Modifying LDAP Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
Using Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
External Applications vs. Partner Applications . . . . . . . . . . . . . . . . . 543
External Application Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
Partner Application Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
xii ■C O N T E N T S
■CHAPTER 14 Performance and Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
Diagnosing Performance Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
Viewing Application Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554
Using Debug Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
Using SQL Tracing and TKProf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Giving Timing Information to the Users . . . . . . . . . . . . . . . . . . . . . . . 574
Making Your Applications More Scalable . . . . . . . . . . . . . . . . . . . . . . . . . . 575
Image Caching Revisited . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
Page and Region Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
HTTP Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592
■CHAPTER 15 Production Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
Managing URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
Using a Location Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
Using Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594
Using Apache mod_rewrite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596
Proxying Requests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
Backing Up Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Manual Exports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Easy Backups the Database Way . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Automated Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606
As-Of Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
Migrating Between Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
Upgrading Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
Cloning an Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639
■CHAPTER 16 APEX Dictionary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
Accessing the APEX Dictionary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
Using the Application Builder Interface . . . . . . . . . . . . . . . . . . . . . . . 641
Using the apex_dictionary View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
Uses for the APEX Dictionary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651
Quality Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652
Self-Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
Automated Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669
■C O N T E N T S xiii
Using the API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674
Adding Items to Your Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
Creating Text Fields Programmatically . . . . . . . . . . . . . . . . . . . . . . . 677
Generating Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
A Final Warning! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681
■INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
Foreword
I consider myself a pragmatic person—one who uses the right tools for a job and employs
the most straightforward and easy way to accomplish a task. To that end, I’ve been a great sup-
porter and fan of Oracle’s Application Express (APEX) from before the day it was introduced. I
say “before the day” because I’ve had the honor and pleasure of using APEX long before it was
released to the public at large. My web site, http://asktom.oracle.com/, is one of the first ever
built with the software that was to become known as APEX.
APEX is one of the most pragmatic database development tools I know of. It does one thing
and one thing well: it rapidly implements fully functional database applications—applications
that are used to predominantly access, display, and modify information stored in the database
(you know, the important applications out there). It facilitates using the database and its fea-
ture set to the fullest, allowing you to implement some rather complex applications with as
little work (code) as possible. It is possible to build extremely scalable applications with a huge
user base (http://metalink.oracle.com/, for example, is built with APEX). It is possible to build
extremely functional applications, with seriously powerful user interfaces (APEX itself is writ-
ten in APEX, as proof of this). It is easy to build applications rapidly. For example, the current
version of http://asktom.oracle.com was developed in a matter of days by two developers—in
their spare time; it was not a full-time job.
While it all sounds wonderful and easy so far, APEX is a rather sophisticated tool with many
bits of functionality and a large degree of control over how the generated application will look
and feel. To fully utilize the power of APEX, you need to have a guide and a mentor, to show you
how to do so, very much akin to what I do with people regarding the Oracle database.
This book, Pro Oracle Application Express, is that guide. The authors, Scott Spendolini and
John Scott, are those mentors. The book walks you through the steps you need to understand
after you’ve installed and started using APEX, to go beyond the sample applications. Covering
diverse topics such as using the database features to full advantage (one of my favorite topics),
to SQL injection attacks (what they are and how to avoid them in APEX), to printing, you’ll find
many real-world issues you will be faced with explained, demystified, and solved in this book.
For example, Chapter 5 “Data Security,” covers a wide breadth of topics regarding securing
your database application. There is a section on URL injection issues that discusses what they
are, how they are exploited, why you care about them, and how to protect yourself from them.
There is a section on session state protection that follows the same format: what it is, how it is
exploited, why you care, and how to protect yourself. The same mentoring occurs with data-
level access, where the authors introduce how to use Virtual Private Database, a core database
feature (not really an APEX feature) to protect your data from unauthorized access. Lastly, a
critical application feature, auditing, is discussed in depth using the same “what it is, why it is,
why you care, and then how to do it” approach. While some of the content in this chapter is not
specific to APEX, it is needed to give you a holistic view to building database applications,
which is what this book is about.
This book covers not just the nitty-gritty details of building a secure application, but also
covers all you need to know to build database applications with APEX. When they are finished xv
xvi ■F O R E W O R D
with security, the authors move on to other necessary topics, such as how to perform screen
layout and application screen navigation, how to integrate reports and charts, how to integrate
web services—enabling you to perform application integration—in an APEX environment, and
much more.
If you are an APEX developer just starting out, or an APEX developer with experience under
your belt and want to learn more about the environment you are using, this book is for you. It
describes from start to finish how to build secure, functional, scalable applications using the
APEX application development environment.
Thomas Kyte
http://asktom.oracle.com/
About the Authors
■JOHN EDWARD SCOTT has been using Oracle since version 7 (around
1993) and has used pretty much every release since then. He has had the
good fortune to work on a wide range of projects for a varied group of
clients. He was lucky enough to start working with Oracle Application
Express when it was first publicly released, and has worked with it nearly
every day since (and loves it).
John is an Oracle ACE and was named Application Express
Devel-oper of the Year 2006 by Oracle Magazine. He is also the
cofounder of ApexEvangelists (http://www.apex-evangelists.com),
a company that specializes in providing training, development, and
consulting specifically for the Oracle Application Express product. You can contact John at
[email protected].
■SCOTT SPENDOLINI has been using Oracle since version 7.3 (around
1996) and has also used pretty much every version since then on a
number of different projects.
From 1996 until 2005, Scott was employed at Oracle Corporation
in the greater Washington, DC area. For the first few years, he was a
sales consultant who focused on the Oracle E-Business Suite. Around
2002, he changed jobs and became a senior product manager for
Oracle Application Express. For the next three and a half years, he
worked with the Application Express development team in designing
features of the product, as well as with Oracle customers, helping them
to get started with Oracle Application Express.
In October 2005, Scott decided to start his own company, Sumner Technologies, LLC, and
focus on Oracle Application Express training and consulting. Since then, he has worked with a
number of different clients on a wide variety of products, each one as different and challenging
as the next. He has also presented on the benefits and technical aspects of Application Express
at Oregon Development Tools User Group events, Independent Oracle User Group events,
Oracle OpenWorld, APEXposed, and a number of smaller user group conferences.
Currently, Scott resides in Ashburn, Virginia, with his wife Shannon and two children,
Isabella and Owen.
xvii
About the Technical Reviewer
■PETER LINSLEY discovered the wondrous virtues of Application Express while employed at
Oracle in 2004. He remains a steadfast advocate of Application Express for rapid development
of enterprise applications and is yet to be impressed by similar offerings. Peter currently works
at Google Inc. in California.
xix
Acknowledgments
I would like to thank many people for helping me complete this book. I have the good fortune
to know many people in the “APEX world” and can freely bounce ideas around with them. Most
notably, I would like to thank Dimitri Gielis for being an excellent friend and an excellent devel-
oper. His enthusiasm for Application Express development is contagious.
I would like to thank Tyler Muth in relation to the LDAP chapter. I corresponded with Tyler
when I found that some legacy code I had for working with LDAP was similar to some code he
had. While I genuinely cannot remember where the inspiration for that code came from, it
stands more than a fleeting chance that it was due to something I saw from Tyler many years
ago (before I even knew him). So Tyler, thank you for sharing your work.
Tim Hall, who runs the Oracle-Base web site (http://www.oracle-base.com/), also deserves
a mention. I frequently refer to Tim’s site for reference material. While it is not directly related
to this book, I have certainly used his site to refresh my memory for some of the examples.
I would also like to thank Scott Spendolini for helping with this book by contributing a
chapter. Scott is one of the most knowledgeable APEX developers around, and his experience
has definitely added to the quality of this book.
I would also like to thank the Oracle team behind Application Express, including Mike
Hichwa, Joel Kallman, Carl Backstrom, David Peake, and many others (sorry I can’t name you
all, but you know who you are), for not only creating such a great product, but also being so
approachable to end users, answering questions and responding to comments.
Also deserving of a mention are all the people in the OTN APEX Forum, who helped me
to discover that I really do enjoy challenges when replying to questions. The OTN forums are a great
source of information, and I use them just as much to find answers as I do to answer questions.
Finally, most importantly, I’d like to thank my family for the incredible support over the
years. My parents for helping me to get to where I am now in life; I hope I’ve made them proud.
My wife Pamela for being understanding about how much time I sit in front of a glowing screen.
Without her years of love and support, I wouldn’t be where I am now. Thank you, Pamela.
Oh, and also, a final mention of our cat. Without her sleeping by my feet each day when I
was writing the book, the days would have seemed so much longer and less furry.
John Edward Scott
F irst off, I’d like to thank John Scott for asking me to help with this book. John is a brilliant
APEX developer, and his knowledge of the tool is perhaps surpassed only by his willingness to
help others learn it, as evidenced by his frequent postings in the OTN forums.
I’d be remiss if I also did not mention the Oracle APEX developers for initially giving me
the opportunity to work with such a talented team and then continuing to support me as I
launched my own company. I simply would not be where I am today if it were not for them.
I’d also like to thank my family, particularly my wife Shannon, who would tend to the kids
while I was in the office after-hours trying to finish my chapter.
Scott Spendolini
xxi
Preface
T he inspiration for the material in this book comes from my experience developing Oracle
Application Express applications and working with the Oracle database for many years. I use
the products every day, and each day I find new or better ways of doing things.
There was no way I could cover everything in a single book. However, I hope that this
book provides a “checklist” of the most common scenarios that people encounter when
developing applications with Application Express. Unfortunately, due to time and page
constraints, sometimes I could not go into as much detail as I would like. I hope the reader
can forgive me for that. And where I might not go into detail in one area, I try to make sure
I go into sufficient detail in others.
I also have the pleasure of knowing Scott Spendolini and asked him to contribute a chapter
to the book. Since his own experiences complement my own, the book is all the richer for
Scott’s contribution.
John Edward Scott
xxiii
CHAPTER 1
■■■
Development Best Practices
O racle Application Express (APEX) makes it extremely easy to quickly prototype and develop
a web application. However, as a software developer, you should be aware that speed of devel-
opment is only one of a number of criteria that will contribute to the perceived success (or
failure) of your project.
The perception of the project success can vary depending on viewpoint. For example, a
typical project might be viewed by developers, testers, managers, production support, and end
users. The developers may feel like the project was a success because they developed the appli-
cation quickly, Production support may feel like the project was a failure because no one has a
clear strategy on how to perform application upgrades. The end users may dread using the
application because it runs incredibly slowly. Clearly, for the project to be considered a suc-
cess, you need to satisfy the expectations of all these people (or as many as you reasonably
can). Ideally, you should strive for an application that has the following characteristics:
• Easy to develop
• Easy to deploy and upgrade
• Easy to maintain and debug
• Enjoyable for end users to use
• Fast enough for the users’ requirements
• Stable from the end users’ perspective
• Secure enough to protect your data from unauthorized access
You should never end up feeling like developing, deploying, maintaining, or (even worse)
using the application is seen as a chore. Each of these areas can often benefit from the adoption
of some best practices to ensure that all the people who will be involved with it see your appli-
cation as a success.
Chapter 1 is the best place to introduce and discuss best-practice techniques, since they
should form the foundation of every significant development you undertake. You can certainly
create applications without using any of the techniques mentioned in this chapter, but adopt-
ing techniques like these will make your job as a developer easier, and your applications will be
considerably more successful.
1