About Application Attributes

Application attributes apply to an entire application. Once you create an application, the next logical step is to review and possibly update application attributes.

Topics:

• Editing the Application Definition

• Configuring Security Attributes

• Configuring Globalization Attributes

• Managing the Application User Interface

See Also:

"How to Create a Custom Packaged Application" for information on using the Supporting Objects utility to create a packaged application

Editing the Application Definition

You use the attributes on the Edit Application Definition page to edit the application name and availability and to define static substitution strings.

Topics:

• Accessing the Edit Definition Page

• About the Edit Application Definition Page

Accessing the Edit Definition Page

To edit the application definition:

1. On the Workspace home page, click the Application Builder icon.

2. Select an application.

3. Click the Edit Application Properties button to the right of the application name.

   
   Description of the illustration bldr_hm_top.gif

   The Edit Application Definition page appears.

About Navigation Alternatives

The Edit Application Definition page is divided into the following sections: Name, Properties, Availability, Error Handling, Global Notification, Substitutions, Logo, and Build Options. You can access these sections by scrolling down the page, or by clicking a navigation button at the top of the page.

Description of the illustration app_attribute_tabs.gif

When you select a button at the top of the page, the selected section appears and all other sections are temporarily hidden. To view all sections of the page, click Show All.

About the Edit Application Definition Page

The following sections describe the attributes available on the Edit Application Definition page. Note that required values are marked with a red asterisk (*).

Topics:

• Name

• Properties

• Availability

• Error Handling

• Global Notification

• Substitutions

• Build Options

Name

Use Name to define basic characteristics of your application, including the application name, an optional alphanumeric alias, and a version number. Table 7-2 describes all Name attributes.

---

Table 7-2 Application Definition, Name

Attribute	Description
Name	Provides a short descriptive name for the application to distinguish it from other applications in your development environment.
Application Alias	Assigns an alternate alphanumeric application identifier. You can use this identifier for the application ID. For example, suppose you create an alias of myapp for application 105. Using f?p syntax, you could call application 105 as either: f?p=105:1 f?p=myapp:1 See Also: "Using f?p Syntax to Link Pages"
Version	Includes the application's version number on a page. You can also automatically tie the version to the date of last modification using the following format masks: YYYY.MM.DD MM.DD.YYYY DD.MM.YYYY If your application version uses YYYY.MM.DD, then Application Builder replaces this format mask with the date of last modification of any application attribute.
Application Group	Displays the application group currently associated with this application. To select another application group, make a selection from the list. To remove an application from an existing group, select Unassigned. See Also: "Creating Application Groups"

---

Properties

Use Properties to enable the following attributes: logging, debugging, exact substitutions, application group, feedback, and default error display location. Table 7-3 describes all Name attributes.

---

Table 7-3 Application Definition, Properties

Attribute	Description
Logging	Determines whether user activity is recorded in the Oracle Application Express activity log. When set to Yes, every page view is logged, enabling an administrator to monitor user activity for each application. Disabling logging may be advisable for high volume applications. This attribute can only be modified if the Application Activity Logging attribute in Oracle Application Express Administration Services is set to Use Application Setting. See Also: "Enabling Application Activity" in Logging in Oracle Application Express Administration Guide.
Debugging	Controls debug mode for the current application. Available options include: Yes - Enables the application to run in a debug mode. No - Prevents end users from running an application in debug mode. Running an application in debug mode is useful when an application is under development. However, for a production application, it is a good idea to disable debugging and thus prevent users from viewing application logic.
Allow Feedback	Enables support for end user feedback for this application. Select Yes or No. If enable this option, you must create a feedback page and navigation bar icon to call that page. If you later disable feedback, the navigation bar icon is hidden. See Also: "Managing Feedback"
Compatibility Mode	This attribute controls the compatibility mode of the Application Express engine. Certain runtime behaviors are changed from release to release. Use this attribute to obtain specific application behavior. To realize new behavior in an application, set the compatibility mode of the application to 4.2. To learn more, see Field-level Help.
Application Email from Address	Determines the email address to use as the from address in the application. Enter a valid email address to use as the from address when sending email from an email download or subscription. The value can be a literal string containing a valid email or a static substitution reference defined in the application using substitution syntax APP_EMAIL. Examples: john.doe@abc.com &MY_APP_EMAIL_FROM. Oracle does not recommend using an item substitution at the application or page-level since it only works in email download, but not for subscriptions. You can also specify the from address on the Interactive Report Attributes page. See "Accessing Classic Report Attributes".
Proxy Server	Use this field to specify a proxy server. For example, you may require a proxy server when using a region source type of URL. The URL region source embeds the results of the URL (that is, the page returned by navigating to the URL) as the region source. If you use a firewall and the target of a URL is outside the firewall relative to Application Builder, you may need to specify a proxy server. You can reference values entered into this field from PL/SQL using the PL/SQL package variable APEX_APPLICATION.G_PROXY_SERVER.

---

Availability

Use Availability to manage your application by defining an application status and build status. For example, if you select the status Restricted Access, you can specify which users have access and can run the application. To learn more, see Table 7-4.

---

Table 7-4 Application Definition, Availability

Attribute	Description
Status	Specifies whether the application is available or unavailable for use. Options include: Available - Application is available with no restrictions. Available with Edit Links - Application is available for use. For developers, the Developer toolbar displays at the bottom of each page. Requires the developer to be logged in to the Application Builder in the same browser session. Available to Developers Only - Application is available to users having developer privileges. Restricted Access - Application is available to developers named in the Restrict to comma separated user list. Unavailable - Application cannot be run or edited. The message in Message for unavailable application displays when users attempt to access the application. Unavailable (Status Shown with PL/SQL) - Application cannot be run or edited. Unavailable (Redirect to URL) - Application cannot be run. The user is linked to the URL entered in Message for unavailable application. See Also: "Changing Build Status for Multiple Applications" in Oracle Application Express Administration Guide, "Changing Application Build Status Set During Deployment" in Oracle Application Express Administration Guide, and "Controlling Access to Applications, Pages, and Page Components",
Build Status	Identifies the build status of the current application. Options include: Run and Build Application - Developers and users can both run and develop the application. Run Application Only - Users can only run the application. This option is intended for applications in a production instance. See Also: "Changing Application Build Status Set During Deployment" in Oracle Application Express Administration Guide
Message for unavailable application	Use this attribute with Status. If you set Status to Unavailable, Unavailable (Status Shown with PL/SQL), or Unavailable (Redirect to URL), the text you enter in this attribute displays. If you set Status to Available, the text you enter in this attribute does not display.
Restrict to comma separated user list (status must equal Restricted Access)	Use this attribute with the Status Restricted Access. If you set Status to Restricted Access, only the users listed in this attribute can run the application. To use this attribute: From the Status list, select Restricted Access. Enter a comma-delimited list of users who can run the application in the field provided.

---

Error Handling

Use the attributes described in Table 7-5 to control or modify how an application logs errors. Error handling functions specified here are overridden by similar page-level attributes. See "About Page Attributes".

---

Table 7-5 Application Definition, Error Handling

Attribute	Description
Default Error Display Location	Identifies where the validation error messages display for basic validations performed by Application Express or by plug-ins. Validation error messages can display in a notification area (defined as part of the page template), or within the field label. Options include: Inline with Field and in Notification - Error messages display in a notification area defined as part of the page template. Inline with Field - Error messages display within the field label. Inline in Notification - Enter the error text displays in the #NOTIFICATION_MESSAGE# template substitution string when an error occurs on the page.
Error Handling Function	Enter the name of a PL/SQL error function to be called to modify the existing error message and display a more user-friendly message or log the error if one occurs. This function can reference a package function or standalone function in the database. For example: log_apex_error When referencing a database PL/SQL package or standalone function, use the #OWNER# substitution string to reference the parsing schema of the current application. For example: #OWNER#.log_apex_error You must implement error handling functions using the syntax described in the apex_error package. function <name of function> ( p_error in apex_error.t_error ) return apex_error.t_error_result See Also: apex_error in Oracle Application Express API Reference Note: Error handling specified at the page-level overwrites any error handling function specified here. See "About Page Attributes".

---

Global Notification

You can use the Global Notification attribute to communicate system status to application users. For example, you can use this attribute to notify users of scheduled downtime, or communicate other messages regarding application availability. If the page templates used in your application contain the #GLOBAL_NOTIFICATION# substitution string, the text entered here displays in that string's place.

To create a global notification:

1. Include the #GLOBAL_NOTIFICATION# substitution string in your page template.

2. Navigate to the Edit Application Definition page and enter a message in the Global Notification attribute.

3. Click Apply Changes.

See Also:

"Understanding Substitution Strings" and "Page Templates"

Substitutions

Use these fields to define static substitution strings for your application. You can use static substitution string for phrases or labels that occur in many places within an application. To create a substitution string, enter the string name in the Substitution String column and the string value in the Substitution Value column.

Defining static substitution strings centrally enables you to change text strings in multiple places in your application by making a single change to the Substitution Value defined on this page.

See Also:

"Understanding Substitution Strings"

Build Options

Displays existing build options. Most applications have a build option attribute. Build Options have two possible values: INCLUDE and EXCLUDE. If you specify an attribute to be included, then the Application Express engine considers it at runtime. However, if you specify an attribute to be excluded, then the Application Express engine treats it as if it did not exist.

Do not specify a build option unless you plan to exclude that object from specific installations.

See Also:

"Using Build Options to Control Configuration"

Configuring Security Attributes

You can provide security for your application by configuring attributes on the Edit Security Attributes page. The Security Attributes you choose apply to all pages within an application.

Topics:

• Accessing the Edit Security Attributes Page

• About the Security Attributes Page

See Also:

" Managing Application Security "

Accessing the Edit Security Attributes Page

To access the Edit Security Attributes page:

1. On the Workspace home page, click the Application Builder icon.

2. Select an application.

3. Click Shared Components.

   The Shared Components page appears.

4. Under Security, click Security Attributes.

   The Edit Security Attributes page appears.

Tip:

you can also access to the Edit Security Attributes by navigating to the Edit Application Definition and then clicking the Security tab. See "Accessing the Edit Definition Page".

About Navigation Alternatives

The Edit Security Attributes page is divided into the following sections: Authentication, Authorization, Database Schema, Session Timeout, Session State Protection, and Database Session. You can access these sections by scrolling down the page, or by clicking a navigation button at the top of the page.

Description of the illustration sec_attribute_tabs.gif

When you select a button at the top of the page, the selected section appears and all other sections are temporarily hidden. To view all sections of the page, click Show All.

About the Security Attributes Page

The following sections describe the attributes available on the Edit Security Attributes page.

Topics:

• Authentication

• Authorization

• Database Schema

• Session Timeout

• Session State Protection

• Browser Security

• Database Session

Authentication

Authentication is the process of establishing users' identities before they can access an application. Although you can define multiple authentication schemes for your application, only one scheme can be current at a time. Table 7-6 describes the attributes available under Authentication.

---

Table 7-6 Authentication Attributes

Attribute	Descriptions
Public User	Identifies the Oracle schema used to connect to the database through the database access descriptor (DAD). The default value is ANONYMOUS in environments where the database server version is Oracle Database Express Edition and it is APEX_PUBLIC_USER for all other versions of the database server. Once a user has been identified, the Application Express engine keeps track of each user by setting the value of the built-in substitution string APP_USER. Note: Previous versions of Oracle Application Express used the built-in substitution string HTMLDB_PUBLIC_USER. When APP_USER equals this value, the Application Express engine considers the current session to be a public user session. The Application Express engine supports the following built-in display conditions: USER_IS_PUBLIC_USER USER_IS_NOT_PUBLIC_USER If the current application user (APP_USER) equals the value of this attribute, then the user is logged on as a public user. Some applications have public (not logged in) and private (logged in) modes. By determining if the user is the public user, you can conditionally display or hide information. For example, you can show a login button if the user is the public user and a logout link if the user is not a public user. Reference this value using APEX_APPLICATION.G_PUBLIC_USER. The Application Express engine also has built in condition types USER_IS_PUBLIC_USER and USER_IS_NOT_PUBLIC. See Also: "HOME_LINK" and "Understanding Conditional Rendering and Processing"
Authentication Scheme	Select from the authentication schemes defined for the application. To create an authentication scheme, click Define Authentication Schemes. See Also: "Understanding How Authentication Works" and "Creating an Authentication Scheme"
Deep Linking	Use this attribute to enable or prevent deep linking to an application. Options include: Enabled - The URL to a specific page ultimately redirects there, possibly after the user has logged in. Disabled - If the URL does not contain a valid session ID, Application Express starts a new session and redirects to the application's home page. For example, browsers often save the URLs of opened tabs and try to restore the sessions after a restart, causing a deep link. This behavior may be undesirable (for example if a URL points to a page in the middle of a multi-step wizard). By selecting Disable, Application Express starts a new session and redirects to the application's home page. See Also: "Security" to learn more about overriding this behavior at the page-level.

---

Authorization

Authorization controls user access to specific controls or components based on user privileges. You can specify an authorization scheme for your application, by making a selection from the Authorization Scheme list. For example, if you only want company employees to be able to log in to an application you could define an authorization scheme that is true if the users email address ends in '@somecompany.com' and then select that authorization scheme for this option.You can assign only one authorization scheme to an entire application. However, you can assign an authorization scheme to individual pages, page controls (such as a region, a button, or an item), or a shared component (such as a menu, a list, or a tab).

To create an authorization scheme, click Define Authorization Schemes.

Use Run on Public Pages to control whether the application-level authorization scheme is checked on public pages (that is, pages that do not require authorization). Options include:

• Yes - If you select Yes and the page is public, the application authorization is checked.

• No - If you select No and the page is public, the application authorization is ignored.

Application-level authorization is never evaluated on the login page (independent of Run on Public Pages), because authorizations typically are dependent on the username.

See Also:

"Attaching an Authorization Scheme to an Application"

Database Schema

Use Parsing Schema to specify the database scheme for the current application. Once defined, all SQL and PL/SQL commands issued by the application are performed with the rights and privileges of the defined database schema.

Session Timeout

Use the following attributes to reduce exposure to abandoned computers with an open web browser by application:

• Maximum Session Length in Seconds - Enter a positive integer to control how many seconds a session exists and should be used by this application. Leave the value null to revert the value to the instance level setting. Enter 0 to have the session exist indefinitely. The session duration may be superseded by the operation of the job that runs every eight hours which deletes sessions older than 12 hours.

• On session timeout direct to this URL - Enter an optional URL to redirect to when the maximum session lifetime has been exceeded. The target page in this URL, if implemented in Application Express, should be a public page. A common use for this page would be to inform the user of the session expiration and to present a login link or other options. If no URL is supplied, the user is redirected to the application home page.

  Only three substitution items are supported in this URL:

  • &APP_SESSION.

  • &SESSION.

  • &APP_ID.

  Because of the particular purpose of this URL. it is not necessary to include either &APP_SESSION. or &SESSION. in the link.

• Maximum Session Idle Time in Seconds - Enter a positive integer to control the seconds of inactivity or idle time for sessions used by this application. The idle time is the time between one page request and the next one. Leave the value null to revert the value to the instance level setting. Set to 0 to prevent session idle time checks from being performed.

• On session idle time timeout direct to this URL - Enter an optional URL to be redirected to when the maximum session idle time has been exceeded. The target page in this URL, if implemented in Application Express, should be a public page. A common use for this page would be to inform the user of the session timeout and to present a login link or other options. If no URL is supplied, the user is redirected to the application home page.

  Only three substitution items are supported in this URL:

  • &APP_SESSION.

  • &SESSION.

  • &APP_ID.

  Because of the particular purpose of this URL. it is not necessary to include either &APP_SESSION. or &SESSION. in the link.

See Also:

"Understanding Session Timeout" and "Configuring Session Timeout" in Oracle Application Express Administration Guide

Session State Protection

Enabling Session State Protection can prevent hackers from tampering with URLs within your application. URL tampering can adversely affect program logic, session state contents, and information privacy.

To enable or disable Session State Protection for your application, make a selection from the Session State Protection list. Setting Session State Protection to Enabled turns on session state protection controls defined at the page and item level.

Allows URLS Created After lists the date and time after which bookmarked links are usable to access pages in this application if the bookmarked link contains a checksum and Session State Protection is enabled for the application.

Bookmarks created before this date and time are not usable to access this application if the bookmarked link contains a checksum and Session State Protection is enabled for the application. Bookmarks that do not contain checksums or bookmarks that contain checksums that are unnecessary are not affected by this attribute. Their usability is determined using other criteria. A hidden application attribute (a checksum salt) is used during the computation and later verification of checksums included in f?p= URLs generated during page rendering. Checksums are included when Session State Protection is enabled for the application. You can reset this checksum salt attribute at any time by clicking the Expire Bookmarks button. Clicking this button causes any bookmarked URLs that contain previously generated checksums to fail when they are subsequently used to access the application.

To configure Session State Protection, click Manage Session State Protection.

See Also:

"Understanding Session State Protection"

Browser Security

Use Cache to enable or disable browser caching of application page contents. If enabled, the browser saves the contents of pages for this application in its cache, both in memory and on disk. Typically when caching is enabled and the browser back button is clicked, the page is loaded from the cache instead of from the server. If disabled, the browser is instructed not to save application page contents and requests the latest page content from the server whenever the URL changes.

To avoid the possibility of saving sensitive data, Oracle recommends that this attribute be disabled. Otherwise, it is possible to go back in the browser history after a logout and see cached content from a previous session. Disabling the browser cache also prevents issues with pages that use partial page refreshes, such as is the case with interactive reports.

If this attribute is set to Disabled, Application Express sends the HTTP header cache-control: no-store which instructs the browser to not cache the page contents on disk or in memory. Note that this feature requires modern browsers that support the HTTP header response variable cache-control.

Use Embed in Frames to control if a browser may display your application's pages within a frame. Available options include:

• Deny - The page cannot be displayed in a frame, regardless of the site attempting to do so.

• Allow from same origin - The page can only be displayed in a frame on the same origin as the page itself.

• Allow - The page can be displayed in any frame.

Displaying pages within frames can be misused with "clickjacking" attacks. In a clickjacking attack the attacker uses multiple layers to trick a user into clicking a button or link on another page when they were intending to click the top level page. Thus, the attacker is hijacking clicks (or keystrokes) meant for their page and routing them to another page.

Tip:

Both of these features require modern browsers that support the HTTP header response variable X-Frame-Options.

Use HTML Escaping Mode to define how Oracle Application Express escapes special characters. Options include:

• Basic: Escape &, ", < and >

• Extended: Escape &, ", <, >, ', / and non-ASCII characters if the database character set is not AL32UTF8

Database Session

Attributes available under Database Session include:

• Initialization PL/SQL Code

  Use this attribute to enter a PL/SQL block that sets a context for the database session associated with the current "show page" or "accept page" request. The block you enter here is executed at a very early point during the page request, immediately after the APP_USER value is established. The value of APP_USER (using :APP_USER or v('APP_USER')) may be used within the block. Values of other items in session state may be referenced as well, but any such items must have been established in session state before the initiation of the current page request. Consider the following example:

  dbms_session.set_context('CTX_USER_QRY','USERPRIV',my_package.my_function(:APP_USER));
  

  This example sets the value of USERPRIV in the context named CTX_USER_QRY to the value returned by the function my_function in package my_package. The function is passed the current value of APP_USER as an input argument. Presumably, the named context would be used in a VPD policy (created within the application's parsing schema) to effect the generation of predicates appropriate to the authenticated user.

  Virtual Private Database, also known as Fine-Grained Access Control or FGAC, is an Oracle database feature that provides an application programming interface (API) that enables developers to assign security policies to database tables and views. Using PL/SQL, developers can create security policies with stored procedures and bind the procedures to a table or view by a call to an RDBMS package. Such policies are based on the content of application data stored within the database, or based on context variables provided by Oracle database. In this way, VPD permits access security mechanisms to be removed from applications, and to be situated closer to particular schemas.

  The code entered in this section need not pertain to VPD/FGAC and may not be related to security at all. Any code that must be executed at the earliest point in a page request can be placed here. For example, to set the database session time zone for every page request:

  BEGIN
    EXECUTE IMMEDIATE 'alter session set time_zone = ''Australia/Sydney'' ';
  END;
  

• Cleanup PL/SQL Code

  Use this attribute to enter a PL/SQL block that runs at the end of page processing. For example, you can use this attribute to free or clean up resources such as VPD contexts or database links.

  Example 1:

  dbms_session.clear_context('CTX_USER_QRY');
  

  This call resets the application context named CTX_USER_QRY before the database session is given back to the session pool, to ensure that no information is leaked when it gets reused.

  Example 2:

  dbms_session.close_database_link('SALES');
  

  This call closes the database link SALES, which may have been opened in the Initialization PL/SQL Code or implicitly, just by querying data through the link. This frees resources and prevents resource leakage when the database session is reused.

See Also:

"Providing Security Through Authorization" and Oracle Label Security Administrator's Guide

Configuring Globalization Attributes

In Application Builder you can develop applications that can run concurrently in different languages. A single application can be translated to support different languages. Use the attributes on the Edit Globalization Attributes page to specify globalization options such as the primary application language.

Topics:

• Accessing the Globalization Attributes Page

• About the Edit Globalization Attributes Page

See Also:

" Managing Application Globalization "

Accessing the Globalization Attributes Page

To access the Edit Globalization Attributes page:

1. On the Workspace home page, click the Application Builder icon.

2. Select an application.

   The Application home page appears.

3. Click Shared Components.

   The Shared Components page appears.

4. Under Globalization, click Globalization Attributes.

   The Edit Globalization Attributes page appears.

Tip:

you can also access to the Edit Globalization Attributes page by navigating to the Edit Application Definition and then clicking the Globalization tab. See "Accessing the Edit Definition Page".

About the Edit Globalization Attributes Page

The following sections describe the attributes available on the Edit Globalization Attributes page.

See Also:

"Specifying the Primary Language for an Application"

Application Primary Language

Identifies the language in which an application is developed. This language is the base language from which all translations are made. For example, suppose application 100 was authored in English, translated into French, and published as application 101. English would be the Application Primary Language.

All modifications to the application should be made to the primary language specified here.

Application Language Derived From

Determines how Application Builder determines or derives the application language.

The application primary language can be static, derived from the web browser language, or determined from a user preference or item. The database language setting also determines how the date is displayed and how certain information is sorted.

This option enables you to disable browser derived language support. You also have the option of having the application language derived from an application preference. To learn more, see Field-level Help.

Application Date Format

Determines the date format to be used in the application.

Use this date format to alter the NLS_DATE_FORMAT database session setting before showing or submitting any page in the application. This value can be a literal string containing a valid Oracle date format mask or an item reference using substitution syntax. If no value is specified, the default date format is derived from the database session at runtime. Consider the following examples:

Month DD, YYYY
&MY_DATE_FORMAT.

Application Date Time Format

Specify the date time format to be used in the application.

This date time format can be referenced in an application using the substitution reference &APP_DATE_TIME_FORMAT., or in PL/SQL using the function v('APP_DATE_TIME_FORMAT'). This attribute does not alter any NLS settings. This value can be a literal string containing a valid Oracle date format mask or an item reference using substitution syntax. If this attribute value is not specified, then a reference to APP_DATE_TIME_FORMAT returns the NLS database session date format and the NLS time format. Consider the following examples:

Month DD, RRRR HH24:MI
&MY_DATE_TIME_FORMAT.

Application Timestamp Format

Determines the timestamp format to be used in the application. Select a timestamp format from the list of values.

Use this timestamp format to alter the NLS_TIMESTAMP_FORMAT database session setting before showing or submitting any page in the application. This value can be a literal string containing a valid Oracle timestamp format mask or an item reference using substitution syntax. If no value is specified, the default timestamp format is derived from the database session at runtime. Consider the following examples:

DD-MON-RR HH.MI.SSXFF AM
&MY_TIMESTAMP_FORMAT.

Application Timestamp Time Zone Format

Determines the timestamp with time zone format to be used in the application.

Use this date format to alter the NLS_TIMESTAMP_TZ_FORMAT database session setting before showing or submitting any page in the application. This value can be a literal string containing a valid Oracle timestamp with time zone format mask or an item reference using substitution syntax. If no value is specified, the default timestamp with time zone format is derived from the database session at runtime. Consider the following examples:

DD-MON-RR HH.MI.SSXFF AM TZR
&MY_TIMESTAMP_TZ_FORMAT.

Character Value Comparison

Determines the collating sequence for character value comparison in various SQL operations and clauses, for example, ORDER BY, LIKE, MIN/MAX.

Use this value to alter NLS_SORT database session parameter for the execution of SQL queries in classic report and interactive report regions. If no value is specified, the default value is derived from the database session at runtime. Consider the following examples:

BINARY
GERMAN
CANADIAN_M

Character Value Comparison Behavior

Determines the collation behavior of SQL operations, for example, LIKE, MIN/MAX.

Use this value to alter the NLS_COMP database session parameter for the execution of SQL queries in classic report and interactive report regions. Options include:

• Database session NLS setting (default) - The NLS_COMP value is derived from the database session at runtime.

• Binary - Comparisons in WHERE clauses and other SQL operations are binary.

• Linguistic - Comparisons in WHERE clauses and other SQL operations use the linguistic sort specified in the Character Value Comparison attribute (NLS_SORT).

Automatic Time Zone

Controls the setting of the database session time zone. When set to Yes, the client time zone is derived from the client's web browser and set for the duration of the Application Express session.

Subsequent page views have the database session time zone set properly per page view. Once set, this setting can be overridden using APEX_UTIL.SET_SESSION_TIME_ZONE, or reset using APEX_UTIL.RESET_SESSION_TIME_ZONE.

See Also:

Oracle Application Express API Reference

Automatic CSV Encoding

Automatic CSV Encoding controls the encoding of all comma-delimited (CSV) report output in an application. The default value for Automatic CSV Encoding is No. If Automatic CSV Encoding is set to Yes, CSV report output is converted to a character set compatible with localized desktop applications. The character set for the CSV encoding is determined by the Application Language Derived From setting.

The encoding of pages in Application Builder is determined by the character set of the database access descriptor (DAD) used to access Oracle Application Express. For example, if the character set of the database access descriptor is AL32UTF8, all pages in all applications in the Oracle Application Express user interface are encoded in UTF-8.

By default, the CSV output from report regions is encoded in the same character set as the database access descriptor. However, some desktop spreadsheet applications require that the data is encoded in the client desktop operating system character set. In the case of multibyte data, the CSV output from report regions often appears corrupted when opened by a desktop spreadsheet application. This is because the CSV output from report regions is encoded differently than what is required by the desktop application. Enabling Automatic CSV Encoding resolves this issue.

For example, if the user's language preference for an application is de, the CSV data is encoded in Western European Windows 1252, regardless of the Database Access Descriptor character set setting. If the user's language preference is zh-cn, the CSV data is encoded in Chinese GBK.

Managing the Application User Interface

Use the attributes on the User Interface page to specify user interface options for an application.

Topics:

• Accessing the User Interface Page

• About the User Interface Page

• Creating a New User Interface

Accessing the User Interface Page

To access the User Interface page:

1. On the Workspace home page, click the Application Builder icon.

2. Select an application.

   The Application home page appears.

3. Click Shared Components.

   The Shared Components page appears.

4. Under User Interface, click User Interface Attributes.

   The User Interface page appears.

Tip:

you can also access to the User Interface page by navigating to the Edit Application Definition and then clicking the User Interface tab. See "Accessing the Edit Definition Page".

About the User Interface Page

The following sections describe the attributes available on the User Interface page.

Topics:

• General Properties

• Logo

• JavaScript

• User Interface Detection

• User Interfaces

General Properties

Use General Properties to define basic characteristics of the application user interface. Table 7-7 describes all General Properties attributes.

---

Table 7-7 User Interface, General Properties

Attribute	Description
Image Prefix	Determines the virtual path the web server uses to point to the images directory distributed with Application Builder. During installation, the virtual path is configured as /i/. When embedding an image in static text (for example, in page or region headers or footers), you can reference an image using the substitution string #IMAGE_PREFIX#. For example, to reference the image go.gif, you would use the following syntax: <img src="#IMAGE_PREFIX#go.gif"> See Also: "IMAGE_PREFIX", "Managing Images", and "Referencing Images"
Content Delivery Network	Specify the Content Delivery Network used to load the 3rd party libraries jQuery and jQuery Mobile. Using a Content Delivery Network can reduce the loading time of your application if the user has visited other websites which also use the same content delivery network to load the jQuery files. It is very likely that those file calls are still in the browser cache and do not have to be downloaded again. Especially on mobile devices with limited browser caches, this can improve performance because it is not so likely that the files are purged from the cache.
Media Type	Enter the Internet Media Type. An Internet Media Type is two-part identifier for file formats on the Internet. A Media Type is composed of at least two parts: a type, a subtype, and one or more optional parameters. This Media Type is used in the Content-Type HTTP header when rendering the page. The page-level Media Type overrides the application-level Media Type. The default value for this attribute is NULL. If both the page-level and application-level values for Media Type are NULL, the Media Type text/html is used.

---

Logo

Use Logo attributes to define an application logo. An application logo can be text-based or image-based. To use this feature, your page template must include the #LOGO# substitution string.

To define an application logo:

1. For Logo Type, select one of the following:

   • Select Image to use an image for the application logo.

   • Select Text to use text for the application logo.

2. In Logo, enter the following:

   • For an image, enter the complete image name, including the file name extension. For example:

     /i/oracle.gif
     

   • For text, enter the full text string. For example:

     Sample Application
     

3. In Logo Attributes, enter the appropriate attributes for the logo or make a selection from the list.

   Image example:

   width="100" height="20" alt="Company Logo"
   

   Text example:

   style="font-family:Arial; color:#000000; font-size:18; white-space:nowrap; font-weight:bold;"
   

See Also:

"Managing Images", "Verifying the Prefix for the Virtual Image Directory", "Customizing Templates", and "Page Templates"

JavaScript

Use the attributes described in Table 7-8 to control or modify how an application handles JavaScript.

---

Table 7-8 User Interface, JavaScript

Attribute	Description
File URLs	Enter JavaScript file URLs for code to be loaded on every page. Each URL has to be written into a new line. If you provide a minified version of your file, you can use the substitution string #MIN# to include .min in your file URL for a regular page view and an empty string if the page is viewed in debug mode. JavaScript file URLs you enter here replaces the #APPLICATION_JAVASCRIPT# substitution string in the page template. Note: You do not need to include opening or closing script tags. Just write the URL. Examples: Standard file reference: /myjs/main.js Standard file reference which loads the minified file main.min.js for regular page views and main.js in Debug mode: /myjs/main#MIN#.js Conditional file for Internet Explorer [if IE]/myjs/ie.js
Include Legacy JavaScript	Specifies if the legacy JavaScript functions are included on every page in the application. If you are confident your application does not contain any references to the legacy functions, set this to No to reduce the overall size of the JavaScript files loaded.

---

User Interface Detection

Enter Cascading Style Sheet ( CSS) file URLs for stylesheets that should load when Oracle Application Express displays the available user interfaces, when automatic detection fails. Each URL has to be written on a new line. If you provide a minified version of your file you can use the substitution string #MIN# to include .min in your file URL for a regular page view and an empty string if the page is viewed in debug mode. You also have access to the substitution string #APP_VERSION# to include the application's version in the file URL. If you do not enter any URLs, Oracle Application Express uses a default stylesheet.

Examples:

• Standard file reference:

  /mycss/main.css
  

• Standard file reference which loads the minified file main.min.css for regular page views and main.css in debug mode:

  /mycss/main#MIN#.css
  

• Conditional media query:

  [media="only screen and (max-device-width: 480px)"]/mycss/smartphone.css
  

• Conditional file for Internet Explorer:

  [if IE]/mycss/ie.css
  

• File reference using a query string in the URL referencing the application version, such that when the application is upgraded (and the version is incremented), the browser loads the new file and ignores any previously cached files:

  /mycss/main.css?version=#APP_VERSION#
  

You do not need to include opening or closing script tags. Just write the URL.

User Interfaces

Displays user interfaces defined for the current application. To edit an existing user interface, click the user interface name. To add a new user interface, click Add New User Interface.

See Also:

"Managing Themes"

Creating a New User Interface

To add a new user interface:

1. Navigate to the User Interface page. See Accessing the User Interface Page.

2. Scroll down to User Interfaces and click Add New User Interface.

3. For User Interface:

   1. User Interface - Displays the current user interface.

   2. Type - Select a user interface type. You can only select interfaces not currently associated with the application.

   3. Display Name - Specify a display name for the user interface.

   4. Sequence - Specify the user interface sequence.

   5. Auto Detect - Select whether the user interface should be automatically detected.

   6. Home URL - Specifies a URL or procedure that should be run when you run the application.

      For example, Home Link could contain the relative URL used to locate the application home page. For example, f?p=6000:600 would specify application 6000 with a home page number of 600. In this example, the value you enter in Home Link replaces the #HOME_LINK# substitution string in application templates. See "HOME_LINK".

      You can also use this attribute to name a procedure. For example, you could create a procedure such as personal_calendar which renders an HTML page to serve as the application home.

      Note:

      Do not use the Home Link attribute to determine the page that displays after authentication. The page that displays after authentication is determined by other components within the application's authentication scheme.

   7. Login URL - Specify the URL for the page that is to be used as the login page for the current user interface. This replaces the substitution strings &LOGIN_URL. in HTML or #LOGIN_URL# in templates. See "LOGIN_URL" and "Creating an Authentication Scheme".

   8. Click Next.

4. For Identify Theme:

   1. Theme Type - Select a theme type. Standard themes are supplied with Application Express. Custom themes are those created for the workspace or Oracle Application Express instance. Legacy themes are older themes supplied with Application Express.

   2. Theme - Select a theme. A theme identifies a collection of templates which define the look and feel of the application.

   3. Click Next.

5. Confirm your selections and click Create.