Note:
Functionality in the Administration Services application is not available in Oracle Database Cloud Service (Database Schema).This section describes how to configure feature availability, security, instance settings, and workspace purge settings.
This section describes how to use the Feature Configuration page to configure your application development environment, SQL Workshop functionality, and database monitoring.
Enabling Instance-level Support for File Upload in Team Development
Enabling Instance-level Support for File Upload in Team Development
By default, developers can change and compile PL/SQL source code when browsing database procedures, packages, and functions in Object Browser. As an Instance administrator, you can control if PL/SQL program unit editing is available on an Oracle Application Express instance.
To disable PL/SQL program unit editing:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Locate the Application Development section.
For Allow PL/SQL Program Unit Editing, select No.
Click Apply Changes.
When an Instance administrator creates a new workspace, Oracle Application Express automatically creates demonstration objects for sample applications.
To disable or enable the creation of demonstration objects:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Locate the Application Development section.
For Create demonstration objects in new workspaces, select No.
Click Apply Changes.
When an Instance administrator creates a new workspace, Oracle Application Express automatically creates sample objects for sample Websheets.
To disable the creation of sample Websheet objects:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Locate the Application Development section.
For Create Websheet objects in new workspaces, select No.
Click Apply Changes.
An Instance administrator can control the ability to use the SQL tag and the ability to create SQL reports in Application Express Websheets. When disabled, all Websheet applications in all workspaces in the instance are prevented from using the SQL tag or creating SQL reports.
To control SQL access in Websheets:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Locate the Application Development section.
For Enable SQL Access in Websheets, select Yes or No.
Click Apply Changes.
When installing a packaged application, Instance administrators can support for the following authentication schemes.
See Also:
"Utilizing Packaged Applications" in Oracle Application Express Application Builder User's GuideTo configure packaged application installation options:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Under Packaged Application Install Options, select Yes to support for the following authentication schemes when installing new packaged for the following options:
Click Apply Changes.
As an Instance administrator, you can use the attributes under SQL Workshop to configure basic SQL Workshop behavior.
To configure SQL Workshop:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Under SQL Workshop, enter the attributes described in Table 2-1.
Table 2-1 SQL Workshop Attributes
Attribute | Description |
---|---|
Identify the maximum amount of time a transactional command in the SQL Command Processor waits before timing out. |
|
Identify the maximum amount of output a single SQL script can generate. SQL scripts are run from the SQL Workshop. |
|
Identify the maximum amount of space all scripts within a workspace may consume. SQL script results are the output generated when running SQL scripts from the Script Editor or from the SQL Scripts home page. |
|
Identify the maximum size of a SQL script used within the SQL Workshop. |
|
Select Yes to enable transactional SQL commands for the entire Oracle Application Express instance. Enabling this feature permits SQL Command Processor users to issue multiple SQL commands within the same physical database transaction. When you select Yes, an Autocommit check box appears on the SQL Command Processor page. By default, this option is set to No. |
Click Apply Changes.
Setting Enable Database Monitoring to Yes enables monitoring within SQL Workshop. Before you can access the Database Monitoring page, an Instance administrator must enable database monitoring.
See Also:
"Monitoring the Database" in Oracle Application Express SQL Workshop GuideTo enable database monitoring:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Scroll down to Monitoring.
For Enable Database Monitoring, select Yes.
Click Apply Changes.
Note:
Only users having a database user account that has been granted a DBA role can access the Database Monitor page.Application Activity Logging controls how application activity is logged for all applications on this instance.
To configuring application activity logging:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Scroll down to Monitoring.
For Application Activity Logging, select one of the following:
Use Application Settings (default) - Use the Logging attribute of each application to determine if activity is logged.
Never - Disable activity logging for all applications in the instance.
Always - Enable activity logging for all applications in the instance.
Initially Disabled for New Applications and Packaged Applications - New applications and packaged applications will initially have activity logging disabled.
Click Apply Changes.
Instance administrators can control whether developers or users can generate database trace files simply by specifying &p_trace=YES
on the URL when displaying a page. The ability to generate a trace file is already controlled if the application has Debug enabled.
To control application tracing at the instance-level:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Scroll down to Monitoring.
From Enable Application Tracing, select:
Yes - Any application which has Debug enabled can also generate a server-side database trace file for a page using &p_trace=YES
on the URL. To learn more, see "Enabling SQL Tracing and Using TKPROF" in Oracle Application Express Application Builder User's Guide.
No - Tracing cannot be enabled for any application on the instance. If someone attempts to run an application with &p_trace=YES
in the URL, the page renders but the request to generate the SQL trace file is silently ignored.
Click Apply Changes.
See Also:
"Available Parameter Values" in Oracle Application Express API Reference to learn about theTRACING_ENABLED
parameterControls the ability for workspace administrators to make service requests from Workspace Administration. Service Requests include the ability to request a new schema, request storage, or request termination of their workspace.
To enable service requests:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Scroll down to Workspace Administration.
For Enable Service Requests, select Yes.
Click Apply Changes.
See Also:
"Managing Workspace and Change Requests"To enable support for file upload in Team Development for an instance:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Feature Configuration.
Under Team Development:
Enable Team Development's File Repository - Specify whether to enable file upload in Team Development:
Yes - Select Yes for all new workspaces created in this instance to allow files to be uploaded into the Team Development file repository. Select No for all new workspaces created in this instance to not allow files to be uploaded into the Team Development file repository.
No - Select No to disable support for file attachments in Team Development.
Tip:
These settings do not affect existing workspaces.Maximum File Size (in MB) - Select the maximum file size for any file uploaded into the team development file repository. The default value is 15 MB.
Click Apply Changes.
This section describes how to configure instance security, including configuring login controls, controlling file upload capability, restricting access by IP address, requiring HTTPS, setting session timeout restrictions, and defining password policies.
Disabling Access to Oracle Application Express Administration Services
Enabling Access to Oracle Application Express Administration Services
Restricting Access to Oracle Application Express by Database Access Descriptor (DAD)
This section describes how to configure service-level security settings:
Disabling Access to Oracle Application Express Administration Services
Enabling Access to Oracle Application Express Administration Services
Instance administrators can control if a convenience cookie is sent to a user's computer whenever a developer or administrator logs in to a workspace from the Application Express Login page.
If Set Workspace Cookie option is set to Yes, Oracle Application Express sends a persistent cookie that:
Combines the last used workspace name and user name
Has a lifetime of six months
Is read to populate the Application Express Workspace Login form (but not the Oracle Application Express Administration Services Login form)
To turn off cookies used to populate the login form:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Security section.
For Set Workspace Cookie, select No.
Click Apply Changes.
Note:
If your computer has received this cookie, you can physically remove it from its persistent location on disk using browser tools or system utilities. The cookie is namedORA_WWV_REMEMBER_UN.
In older releases of Oracle Application Express, this cookie was named ORACLE_PLATFORM_REMEMBER_UN
. It may exist for each Oracle Application Express service accessed having distinct hostname and path components.Instance administrators prevent a user from logging in to Oracle Application Express Administration Services. Disabling administrator login production environments prevents unauthorized users from accessing Application Express Administration Services and possibly compromising other user login credentials.
To disable user access to Oracle Application Express Administration Services:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Security section.
For Disable Administrator Login, select Yes.
Selecting Yes and signing out prevents anyone from accessing Oracle Application Express Administration Services.
Click Apply Changes.
To enable user access to Oracle Application Express Administration Services if it has been disabled:
Connect in SQL*Plus and connect to the database where Oracle Application Express is installed as SYS
, for example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Run the following statement:
ALTER SESSION SET CURRENT_SCHEMA = APEX_050000;
Run the following statements:
BEGIN APEX_INSTANCE_ADMIN.SET_PARAMETER('DISABLE_ADMIN_LOGIN', 'N'); commit; END; /
Developers and Workspace administrators sign in to the Oracle Application Express development environment to access the Application Builder, SQL Workshop, Team Development, and Administration.
To restrict access to these applications, select Yes from Disable Workspace Login. This option effectively sets a Runtime-Only environment while still allowing Instance administrators to sign in to Instance Administration. Selecting Yes in production environments prevents developers from changing applications or data.
To disable user access to the Internal workspace:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Security section.
From Disable Workspace Login, select Yes.
Selecting Yes prevents users from accessing the Internal workspace.
Click Apply Changes.
Use the Allow Public File Upload attribute to control whether unauthenticated users can upload files in applications that provide file upload controls.
To control file upload:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Security section.
From Allow Public File Upload, select one of the following:
Yes - Enables unauthenticated users to upload files in applications in the Internal workspace.
No - Prevents unauthenticated users from uploading files in applications in the Internal workspace.
Click Apply Changes.
Instance administrators can restrict user access to an Oracle Application Express instance by specifying a comma-delimited list of allowable IP addresses.
To restrict user access by IP address:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Security section.
For Disable Administrator Login, select No.
In Restrict Access by IP Address, enter a comma-delimited list of allowable IP addresses. Use an asterisk (*) to specify a wildcard.
You can enter IP addresses from one to four levels. For example:
141, 141.* ... 192.128.23.1 ...
Note:
When using wildcards, do not include additional numeric values after wildcard characters. For example,138.*.41.2
.Click Apply Changes.
You can configure an entire Oracle Application Express instance to use a proxy for all outbound HTTP traffic. Setting a proxy at the instance-level supersedes any proxies defined at the application-level or in web service references. If a proxy is specified, regions of type URL, Web services, and report printing will use the proxy.
To configure a proxy for an Oracle Application Express instance:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Security section.
In Instance Proxy, enter the address of the proxy to be used for the entire instance.
Click Apply Changes.
The Checksum Hash Function attribute enables you to react to recent developments and switch between algorithms based on new research. Use the Checksum Hash Function attribute to select a hash function that Oracle Application Express uses to generate one way hash strings for checksums. This attribute is also the default value for the Security Bookmark Hash Function attribute in new applications. Applications use the Bookmark Hash Function when defining bookmark URLs.
Tip:
Changing the Checksum Hash Function does not change the Bookmark Hash Function currently defined for existing applications because this would invalidate all existing bookmarks saved by end users.Oracle strongly recommends going into existing applications, expiring existing bookmarks, and then updating the Bookmark Hash Function to the same value defined for Checksum Hash Function.To select a checksum hash function:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Security section.
From Checksum Hash Function, select a a hash function that Application Express uses to generate one way hash strings for checksums.
The SHA-2 algorithms are only supported on Oracle Database 12c or later. Most Secure automatically selects the most secure algorithm available. Therefore, Oracle recommends this setting. On Oracle Database 12c or later, this evaluates to SHA-2, 512 bit and on Oracle Database 11g, SHA-1 is the most secure algorithm. Since the MD5 algorithm is deprecated, Oracle does not recommend this setting.
Click Apply Changes.
By configuring the Rejoin Sessions attribute, Instance administrators can control if Oracle Application Express supports URLs that contain session IDs. When rejoin sessions is enabled, Oracle Application Express attempts to use the session cookie to join an existing session, when a URL does not contain a session ID.
Warning:
For security reasons, Oracles recommends that administrators disable support for session joining unless they implement workspace isolation by configuring the Allow Hostname attributes. See "Isolating a Workspace to Prevent Browser Attacks" and "Isolating All Workspaces in an Instance."Note:
Enabling rejoin sessions may expose your application to possible security breaches, as it can enable attackers to take over existing end user sessions. To learn more, see "About Rejoin Sessions" in Oracle Application Express Application Builder User's GuideTo configure Rejoin Sessions:
Sign in to Oracle Application Express Administration Services. See "Configuring Rejoin Sessions for an Instance."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Security section.
From Rejoin Sessions, select an option:
Disabled - If the URL does not contain a session ID, Oracle Application Express creates a new session.
Enabled for Public Sessions - If the URL goes to a public page and does not contain a session ID Oracle Application Express attempts to use the existing session cookie established for that application. Oracle Application Express only joins using the cookie when the session is not yet authenticated.
Enabled for All Sessions - If the URL does not contain a session ID, Oracle Application Express attempts to use the existing session cookie established for that application, providing one of the following conditions are met:
Session State Protection is enabled for the application and the URL includes a valid checksum. For public bookmarks, the most restrictive item level protection must be either Unrestricted or Checksum Required - Application Level.
The URL does not contain payload (a request parameter, clear cache or data value pairs). This setting requires that Embed In Frames is set to Allow from same origin or to Deny for the application.
Enabled for Public Sessions requires that Embed in Frames is set to Allow from same origin or Deny. This is not tied to a condition about the URL payload, but also applies to session state protected URLs.
Click Apply Changes.
See Also:
"Browser Security," "Configuring Rejoin Sessions in Component View," "Configuring Rejoin Sessions in Page Designer," and "About Rejoins Sessions" in Oracle Application Express Application Builder User's GuideUse this attribute to control how Oracle Application Express displays the results of unhandled errors. When Oracle Application Express encounters an unhandled error during processing, an error page displays to the end user of the application. From a security standpoint, it is often better to not display these messages and error codes to the end user and simply return a HTTP 400 (Bad Request) error code to the client browser.
To configure Unhandled Errors:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Security section.
From Unhandled Errors, select an option:
Show Error Page - This is the default behavior. For any error or exception which is not handled by the error processing of an application, an error page displays to the end user with the specific error and the error code.
Return HTTP 400 - Returns an HTTP 400 status to the end user's client browser when the Application Express engine encounters an unhandled error.
Click Apply Changes.
You can configure both your Oracle Application Express instance and all related applications to require HTTPS by configuring the Require HTTPS and Require Outbound HTTPS attributes.
Note:
Require HTTPS make Oracle Application Express unreachable by the HTTP protocol. Before enabling this setting, ensure that the HTTPS protocol is enabled and configured correctly on your server.Secure Socktets Layer (SSL) is a protocol for managing the security of data transmitted on the Internet. For web applications, SSL is implemented by using the HTTPS protocol. Oracle recommends running Oracle Application Express applications using SSL (HTTPS protocol) to prevent any sensitive data from being sent over an unencrypted (cleartext) communication channel.
To require HTTPS in Oracle Application Express:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate HTTP Protocol and configure the following:
Require HTTPS. Options include:
Always - Enforces HTTPS for all applications (including the Oracle Application Express development and administration applications) to require HTTPS.
If set to Always, the he Strict-Transport-Security Max Age attribute displays. Use this field to specify the time period in seconds during which the browser shall access the server with HTTPS only. To learn more, see field-level Help.
Development and Administration - Forces all internal applications within Oracle Application Express (that is, Application Builder, SQL Workshop, Instance Administration and so on) to require HTTPS.
Application specific - Makes HTTPS dependent on application-level settings.
Require Outbound HTTPS - Select Yes to require all outbound traffic from an Application Express instance to use the HTTPS protocol.
HTTP Response Headers - Enter additional HTTP response headers that Oracle Application Express should send on each request for all applications. Developers can specify additional headers at application-level. Each header has to start on a new line. Note that support for various headers differs between browsers. To learn more, see field-level Help.
Click Apply Changes.
Note:
If you set Require HTTPS to Yes, you are only able to sign in to an Oracle Application Express workspace or Oracle Application Express Administration Services over HTTPS.To reverse Require HTTPS:
Connect in SQL*Plus or SQL Developer with the Application Express engine schema as the current schema, for example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Run the following statement:
ALTER SESSION SET CURRENT_SCHEMA = APEX_050000;
Run the following statements:
BEGIN APEX_INSTANCE_ADMIN.SET_PARAMETER('REQUIRE_HTTPS', 'N'); commit; end; /
To reverse Require Outbound HTTPS:
Connect in SQL*Plus or SQL Developer with the Application Express engine schema as the current schema, for example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Run the following statement:
ALTER SESSION SET CURRENT_SCHEMA = APEX_050000;
Run the following statements:
BEGIN APEX_INSTANCE_ADMIN.SET_PARAMETER('REQUIRE_OUT_HTTPS', 'N'); commit; end; /
To configure additional response headers:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate HTTP Protocol.
In HTTP Response Headers, enter additional HTTP response headers that Oracle Application Express should send on each request for all applications. Developers can specify additional headers at application-level. Each header has to start on a new line. Note that support for various headers differs between browsers.
To learn more, see field-level Help.
Click Apply Changes.
Use the Allow RESTful Access attribute to control whether developers can expose report regions as RESTful services. You can enable RESTful services for specific workspace or for an entire development instance.
To configure RESTful access for an instance:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the RESTful Access section.
From Allow RESTful Access, select one of the following:
Yes - Enables developers to expose report regions as RESTful services.
No - Prevents developers from exposing report regions as RESTful services.
Click Apply Changes.
See Also:
"Controlling RESTful Services for a Workspace" and "Using RESTful Services" in Oracle Application Express SQL Workshop GuideIf you are running Oracle Database 12c Release 1 (12.1.0.2) or later, you can enable Oracle Real Application Security. Oracle Real Application Security (RAS) is a database authorization framework that enables application developers and administrators to define, provision, and enforce application-level security policies at the database layer.
To enable Real Application Security:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate Real Application Security.
For Allow Real Application Security.
Yes - Enables Oracle Database Real Application Security support for applications. If Real Application Security is configured in an application's authentication scheme, Oracle Application Express creates a Real Application Security session for a new Oracle Application Express session and automatically attaches to it.
No - Disables Oracle Database Real Application Security.
Click Apply Changes.
Use the attributes under Session Timeout to reduce exposure at the application level for abandoned computers with an open web browser.
To configure session timeout for an instance:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Under Session Timeout For Application Express, specify the following attributes:
Maximum Session Length in Seconds - Enter a positive integer to control how many seconds an application session is allowed to exist. This setting is superseded by the application-level setting. Leave the value null to revert to the default value of 8 hours (28800 seconds). Enter 0 to have the session exist indefinitely. This session duration may be superseded by the operation of the job that runs every hour which deletes sessions older than 12 hours.
Maximum Session Idle Time in Seconds - Enter a positive integer to control how many seconds a session may remain idle for Oracle Application Express applications. This setting is superseded by the application-level setting. Leave the value null to revert to the default value of 1 hour (3600 seconds). Set to 0 to prevent session idle time checks from being performed.
Click Apply Changes.
See Also:
"Session Timeout" in Oracle Application Express Application Builder User's GuideThis section describes how Instance administrators can isolate a workspace and prevent browser attacks.
Isolating workspaces is an effective approach to preventing browser attacks. The only way to truly isolate a workspace is to enforce different domains in the URL by configuring the Allow Hostnames attribute. When the URLs of the attacker and the victim have different domains and hostnames, the browser's same-origin policy prevents attacks.
See Also:
"Isolating a Workspace to Prevent Browser Attacks" and "About Isolating Workspaces" in Oracle Application Express Application Builder User's GuideTo configure instance-level Workspace Isolation attributes:
Access the Edit Workspace Information page for the workspace:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Locate the Workspace Isolation section.
Edit the appropriate attributes as described in Table 2-2.
Tip:
To learn more about an attribute, see field-level Help.Table 2-2 Workspace Isolation Attributes
Attribute | Description |
---|---|
Enter a comma separated list of hostnames that can be used to access this instance. This attribute can be used to specify which DNS aliases of the web server can be used with applications. You can configure specific values that override this one at workspace level. If you enter one or more hostnames, the incoming HTTP request URL's hostname part must match one of the listed hostnames. |
|
Specify the Database Resource Manager consumer group to be used for all page events on the instance. You can configure specific values that override this one at the workspace-level. At the beginning of every request, the Application Express engine switches the current consumer group of the current database session to the consumer group that is defined at workspace or instance level. This applies to both executing applications and any of the applications used within the Application Express development environment. The privilege to switch to this consumer group must be granted to either PUBLIC or the Application Express schema. This privilege is typically granted using the procedure |
|
Enter the maximum number of concurrent page events that Oracle Application Express supports for all applications. You can configure a specific value at the workspace-level. Instead of processing a page event, Oracle Application Express shows an error message when the limit is already reached. Oracle Application Express keeps track of workspace requests by querying the |
|
Enter the maximum number of concurrent page events that Oracle Application Express supports for each session for applications in this instance. You can configure a specific value at the workspace-level. Instead of processing a new page event, Oracle Application Express shows an error message when the limit is already reached. Alternatively, you can use the Concurrent Session Requests Kill Timeout attribute to kill an active database session, to process the new page event. Oracle Application Express keeps track of session requests by querying the |
|
If a new page event comes in that is outside the limits of Maximum Concurrent Session Requests, Oracle Application Express can execute Warning: Killing sessions can cause problems with the application server's database session pool. |
|
Enter the total size (in bytes) of all files that can be uploaded to a workspace. You can configure a specific value at the workspace-level. |
Click Apply Changes.
An Instance administrator can define a list of restricted domains for regions of type URL and Web services. If a Web service or region of type URL contains an excluded domain, an error displays informing the user that it is restricted.
To define a list of excluded domain from regions of type URL and Web services:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Under Domain Must Not Contain, enter a colon-delimited list of excluded domains, for example:
mycompany.com:yourcompany.com:abccompany.com
Click Apply Changes.
his section describes how instance administrators can configure authentication controls for an entire Oracle Application Express instance.
Administrators can configure authentication controls for an entire instance or for each individual workspace. For example, if an instance administrator configures authentication controls in Oracle Application Express Administration Services that configuration applies to all Application Express accounts in all workspaces across an entire development instance.
If the instance administrator does not enable authentication controls across an entire instance, then each Workspace administrator can enable the following controls on a workspace-by-workspace basis:
User account expiration and locking
A maximum number of failed login attempts for user accounts
Account password lifetime (or number of days an end-user account password can be used before it expires for end-user accounts)
Tip:
This feature applies only to accounts created using the Application Express user creation and management. It provides additional authentication security for applications. See "Managing Users in a Workspace."To configure security settings for developer and end user login:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Under General Settings, configure the following attributes:
Delay after failed login attempts in Seconds - Enter a positive integer value for the delay in seconds between login attempts. Enter 0 to disable the countdown and enable immediate access. If the delay is greater than 0, Oracle Application Express always displays the countdown, even on the first login failure.
Method for computing the Delay - Select a method for computing the delay for failed log ins. The computation methods are based on recent data in the Login Access Log. See item help for further details.
Inbound Proxy Servers - Enter a comma-separated list of IP addresses for well known proxy servers, through which requests come in. Oracle Application Express uses this list to compute the actual client address from the HTTP Headers X-Forwarded-For
and REMOTE_ADDR
.
Single Sign-On Logout URL - Enter the URL Application Express redirects to trigger a logout from the Single Sign-On server. Application Express automatically appends ?p_done_url=...login url....
Click Apply Changes.
To configure security controls for workspace administrator and developer accounts:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Under Development Environment Settings, configure the following attributes:
Username Validation Expression - Enter a regular expression to validate the usernames of developers and administrators. Enter *
to bypass the validation. The following example validates that the username is an email address:
^[[:alnum:]._%-]+@[[:alnum:].-]+\.[[:alpha:]]{2,4}$
Require User Account Expiration and Locking - Select Yes to enable Application Express user account expiration and locking features across all workspaces in an instance. This selection prevents the same feature from being disabled at the workspace-level.
Select No to relinquish control to each Workspace administrator.
Maximum Login Failures Allowed - Enter a integer for the maximum number of consecutive unsuccessful authentication attempts allowed before a developer or administrator account is locked. If you do not specify a value in this field, the default value is 4.
This setting applies to administrator and developer accounts. It does not apply to end user accounts.
The value you enter is used as the default for the workspace-level Maximum Login Failures Allowed preference if the Workspace administrator does not specify a value. That preference is used for end-user accounts within the respective workspace.
Account Password Lifetime (days) - Enter a number for the maximum number of days a developer or administrator account password may be used before the account expires. If you do not specify a value in this field, a default value is 45 days.
This setting applies to accounts used to access the Application Express administration and development environment only. It does not apply to end user accounts.
The value you enter is used as the default workspace-level End User Account Lifetime preference, if the Workspace administrator specifies no value. That preference is used for end-user accounts within the respective workspace.
Click Apply Changes.
To edit development environment authentication schemes:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Scroll down to Development Environment Authentication Schemes.
Click the Edit icon adjacent to the authentication scheme you wish to edit.
Edit the appropriate attributes. To learn more about an attribute, see field-level Help.
To save you changes, click Apply Changes. To make the selected authentication scheme current, click Make Current Scheme.
Tip:
You can also change the authentication scheme using theAPEX_BUILDER_AUTHENTICATION
parameter in APEX_INSTANCE_ADMIN
package. See "Available Parameter Values" in Oracle Application Express API Reference.This section describes how instance administrators can create strong password policies for an Oracle Application Express instance.
Password policies can:
Apply to all users (including, Workspace administrators, developers, and end users) in an Oracle Application Express instance.
Include restrictions on characters, password length, specific words, and differences in consecutive passwords.
Apply to users signing in to Oracle Application Express Administration Services.
The Application Express instance administrator can select the password policy for service administrators. Options include:
Use policy specified in Workspace Password Policy - Applies the password rules specified the in Workspace Password Policy.
Use default strong password policy - Adds another layer of security to prevent hackers from determining an administrator's password. This password policy requires that service administrator passwords meet these restrictions:
Consist of at least six characters.
Contain at least one lowercase alphabetic character, one uppercase alphabetic character, one numeric digit, and one punctuation character.
Cannot include the username.
Cannot include the word Internal.
Cannot contain any words shown in the Must Not Contain Workspace Name field in this section.
Adds another layer of security to prevent hackers from determining an administrator's password.
To configure password policies:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Under Password Policy and specify the attributes described in Table 2-3.
Table 2-3 Workspace Password Policy Attributes
Attribute | Description |
---|---|
Select a hash function that Application Express uses to generate one way hash strings for workspace user passwords. To learn, see field-level Help. |
|
Enter a number to set a minimum character length for passwords for workspace administrator, developer, and end user accounts. |
|
Enter a positive integer or 0. When users change their password, the new password must differ from the old password by this number of characters. The old and new passwords are compared, character-by-character, for differences such that each difference in any position common to the old and new passwords counts toward the required minimum difference. This setting applies to accounts for workspace administrators, developers, and end users. |
|
Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one alphabetic character as specified in the Alphabetic Characters field. |
|
Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one Arabic numeric character (for example, 0,1,2,3,4,5,6,7,8,9). |
|
Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one punctuation character as specified in the Punctuation Characters field. |
|
Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one uppercase alphabetic character. |
|
Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one lowercase alphabetic character. |
|
Select Yes to prevent workspace administrator, developer, and end user account passwords from containing the username. |
|
Select Yes to prevent workspace administrator, developer, and end user account passwords from containing the workspace name, regardless of case. |
|
Enter words, separated by colons, that workspace administrator, developer, and end user account passwords must not contain. These words may not appear in the password in any combination of uppercase or lowercase. This feature improves security by preventing the creation of simple, easy-to-guess passwords based on words like hello, guest, welcome, and so on. |
|
Enter new or edit the existing alphabetic characters. This is the set of characters used in password validations involving alphabetic characters. |
|
Enter new or edit existing punctuation characters. This is the set of characters used in password validations involving punctuation characters. |
Next, set up a password policy for Application Express service administrators.
Scroll down to the Service Administrator Password Policy and specify one of the following:
Use policy specified in Workspace Password Policy - Applies the password rules specified in Workspace Password Policy to service administrator passwords.
Use default strong password policy - Adds another layer of security to prevent hackers from determining an administrator's password. This password policy requires that service administrator passwords:
Consist of at least six characters.
Contain at least one lowercase alphabetic character, one uppercase alphabetic character, one numeric digit, and one punctuation character.
Cannot include the username.
Cannot include the word Internal.
Cannot contain any words shown in the Must Not Contain Workspace Name field in this section.
Click Apply Changes.
This section describes how to restrict access to Oracle Application Express by Database Access Descriptor (DAD).
Tip:
The PL/SQL Request Validation Function directive is only available in Oracle Application Server 10g and Oracle HTTP Server 11g or later, and the embedded PL/SQL gateway in Oracle Database 11g or later. This directive is not available in Oracle HTTP Server Release 9.0.3.mod_plsql
and the embedded PL/SQL gateway support a directive which enables you to name a PL/SQL function which is called for each HTTP request. You can use this functionality to restrict the procedures that can be called through the embedded PL/SQL gateway or mod_plsql
. The function returns TRUE
if the named procedure in the current request is allowed and FALSE
if it is not allowed. You can also use this function to enforce access restrictions for Oracle Application Express on a per-Database Access Descriptor (DAD) basis.
During installation, the installer also creates a PL/SQL function in the Oracle Application Express product schema (APEX_050000
). To restrict access, you can change and recompile this function. The source code for this function is not wrapped and can be found in the Oracle Application Express product core directory in the file named wwv_flow_epg_include_local.sql
.
Oracle Application Express ships with a request validation function named wwv_flow_epg_include_modules.authorize
. This function specifies access restrictions appropriate for the standard DAD configured for Oracle Application Express.
The wwv_flow_epg_include_mod_local
function is called by Oracle Application Express's request validation function which itself is called by the embedded PL/SQL gateway or mod_plsql
. The Oracle Application Express function first evaluates the request and based on the procedure name, approves it, rejects it, or passes it to the local function, wwv_flow_epg_include_mod_local
, which can evaluate the request using its own rules.
When you create new DADs for use with Oracle Application Express, the request validation function directive should be specified. Specifically, the function wwv_flow_epg_include_modules.authorize
should be named in the directive PlsqlRequestValidationFunction
in the Database Access Descriptor entry in dads.conf
.
If you have no additional restrictions beyond those implemented in the wwv_flow_epg_include_modules.authorize
function, there is no need to take any action with respect to the source code for the wwv_flow_epg_include_mod_loca
l function.
You can change and recompile the wwv_flow_epg_include_local
function to restrict access. The source code for the wwv_flow_epg_include_local
function is not wrapped and can be found in the Oracle Application Express product core directory in the file named wwv_flow_epg_include_local.sql
. The source code is as follows:
CREATE OR REPLACE FUNCTION wwv_flow_epg_include_mod_local( PROCEDURE_NAME IN VARCHAR2) RETURN BOOLEAN IS BEGIN RETURN FALSE; -- remove this statement when you add procedure names to the "IN" list IF UPPER(procedure_name) IN ( '') THEN RETURN TRUE; ELSE RETURN FALSE; END IF; END wwv_flow_epg_include_mod_local; /
To specify names of procedures that should be allowed, edit wwv_flow_epg_include_local
as follows:
Remove or comment out the RETURN FALSE
statement that immediately follows the BEGIN
statement:
... BEGIN RETURN FALSE; -- remove this statement when you add procedure names to the "IN" list ...
Add names to the clause representing procedure names that should be allowed to be invoked in HTTP requests. For example to allow procedures PROC1
and PROC2
the IN
list you would write IN ('PROC1', 'PROC2')
.
After changing the source code of this function, alter the Oracle Application Express product schema (APEX_050000
) and compile the function in that schema.
To alter the product schema, APEX_050000
Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS
. For example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Alter the product schema (APEX_050000
) by entering the following command:
ALTER SESSION SET CURRENT_SCHEMA APEX_050000;
Compile the function wwv_flow_epg_include_local.sql
.
In Oracle Application Express developers can use a URL as an argument in Oracle Application Express procedures that redirect to the defined URL. Examples include APEX_UTIL.COUNT_CLICK
(p_url
parameter) and WWV_FLOW_CUSTOM_AUTH_STD.LOGOUT
(p_next_url
parameter).
This section describes how instance administrators can define a list of authorized URLs. When a URL is provided as an argument to these procedures, it is verified internally against this list.
To define a list of Authorized URLs:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Click the Authorized URLs tab.
Click Create Authorized URL.
On the Authorized URL page:
Authorized URL - Enter an authorized URL that can be used as the parameter value to certain Application Express procedures.
The entire authorized URL value is compared with the URL parameter value in Oracle Application Express procedures. If there is an exact match up to and including the entire length of the Authorized URL value, then the URL parameter value is permitted.
Description - Enter a description of the URL.
Click Create Authorized URL.
To edit an existing URL:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Click the Authorized URLs tab.
A report of defined authorized URLs appears.
Click the Edit icon adjacent to the URL.
Edit the Authorized URL and Description fields.
Click Apply Changes.
To delete an existing URL:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Security.
Click the Authorized URLs tab.
A report of defined authorized URLs appears.
Click the Edit icon adjacent to the URL.
Click Delete.
Click OK to confirm your selection.
This section describes configuring general settings for an Oracle Application Express development instance. Instance Settings impact general behavior of workspace provisioning, storage, email, wallet, report printing, Help, workspace change request size, and Application ID Ranges.
See Also:
"Creating Workspaces"The instance administrator determines the amount of automation when provisioning (or creating) a workspace. To determine how provisioning works, an Instance Administrator selects one of the following Provisioning Status options on the Instance Settings page:
Manual - In this mode, an instance administrator creates new workspaces and notifies the Workspace administrator of the login information.
Request - Users request workspaces directly in a self-service fashion. Users click a link on the login page to access a request form. After the workspace request has been granted, users are automatically emailed the appropriate login information.
Request with Email Verification - In this mode, users request workspaces directly by clicking a link on the Sign In page to access a request form. Each user receives an initial email containing a verification link. When the user clicks the verification link, the request is processed. The user can then access the workspace using the Sign In page.
Note:
To enable users to request a workspace using a link on the Sign In page, you must choose the provisioning status of Request or Request with Email Verification as described in the previous section. If the provisioning status is set to Manual, no link appears on the sign in page.Use Email Provisioning to disable workspace provisioning when provisioning with Email Verification.
To disable email provisioning:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
From Email Provisioning, select Disabled.
Selecting Disabled completely disables workspace provisioning when provisioning with Email Verification.
In Message, enter a message that explains why email provisioning is disabled.
Click Apply Changes.
Instance administrators can configure the following storage options: require a new schema when requesting a workspace, auto extend tablespaces, or delete uploaded files are a specified number of days.
To require a new schema when creating a workspace:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to Storage.
From Require New Schema, select one of the following:
Yes - Requires users to request a new schema when they request a new workspace.
No - Enables users to select an existing schema when they request a new workspace.
Auto Extend Tablespaces, select Yes or No. See "Enabling Auto Extend Tablespaces."
Click Apply Changes.
If Auto Extend Tablespaces is enabled, tablespaces provisioned with Oracle Application Express are created with a data file that is one tenth the requested size. The data file automatically extends up to the requested size. For example, if a user requests a 100 MB workspace, the initial size of the data file is 10 MB and automatically extends up to a maximum size of 100 MB.
To enable Auto Extend Tablespaces:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to Storage.
To enable Auto Extend Tablespaces, select Yes.
Click Apply Changes.
When a workspace is provisioned, Oracle Application Express creates the associated database user, tablespace, and data file. If Bigfile Tablespaces is enabled, tablespaces provisioned with Oracle Application Express are created as bigfile tablespaces. A bigfile tablespace is a tablespace with a single, but very large data file. Traditional smallfile tablespaces, in contrast, can contain multiple data files, but the files cannot be as large.
Tip:
Oracle does not recommend using bigfile tablespaces on platforms that do not support large file sizes and can limit tablespace capacity. Refer to your operating system specific documentation for information about maximum supported file sizes.To enable bigfile tablespaces:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to Storage.
For Bigfile Tablespaces, select Yes.
Click Apply Changes.
See Also:
"Available Parameter Values" in Oracle Application Express API Reference to learn about theBIGFILE_TABLESPACES_ENABLED
parameterIf Encrypted Tablespaces is enabled, tablespaces provisioned with Oracle Application Express are created as encrypted tablespaces using the Oracle database feature Transparent Data Encryption (TDE). TDE encrypts sensitive data stored in data files. To prevent unauthorized decryption, TDE stores the encryption keys in a security module external to the database.
To be able to exploit this feature in Application Express, an encryption wallet must be created and with a master encryption key set. Additionally, the encryption wallet must be open before provisioning a new Application Express workspace.
To enable Encrypted Tablespaces:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to Storage.
For Encrypted Tablespaces, select Yes.
Click Apply Changes.
See Also:
"Available Parameter Values" in Oracle Application Express API Reference to learn about theENCRYPTED_TABLESPACES_ENABLED
parameterUse Delete Uploaded Files After (days) to specify the number of days after which Oracle Application Express automatically deletes uploaded files. Note this automatic deletion process applies to all workspaces in an Oracle Application Express instance. The types of files that are deleted include:
Application Export
CSS Export
Images Export
Page Export
Plug-in
Script Export
Spreadsheet / Text Data Import
Static Files Export
Themes
User Interface Defaults
Workspace Export
XML Data Import
To configure when export and import files are deleted:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to Storage.
In Delete Uploaded Files After (days), enter the number of days after which Oracle Application Express deletes uploaded files. Enter a positive, whole number. If this setting is null, then no files are automatically deleted.
Click Apply Changes.
Tip:
To view a summary of deleted files, see the Automatic File Delete Log. See "Monitoring Activity Across a Development Instance"To enable Oracle Application Express to send mail, an instance administrator must configure email settings. This section describes how to configure email settings in a full development environment and a runtime environment.
Tip:
You can configure Oracle Application Express to automatically email users their login credentials when a new workspace request has been approved. See "About Specifying How Workspaces Are Created" and "Selecting a Provisioning Mode."If you are running Oracle Application Express with Oracle Database 11g or later, you must enable outbound mail. Starting with Oracle Database 11g Release 1 (11.1), the ability to interact with network services is disabled by default.
By default, the ability to interact with network services is disabled in Oracle Database 11g
or later. Therefore, if you are running Oracle Application Express with Oracle Database 11g or later, you must use the DBMS_NETWORK_ACL_ADMIN
package to grant connect privileges to any host for the APEX_050000
database user. Failing to grant these privileges results in issues with:
Sending outbound mail in Oracle Application Express.
Using Web services in Oracle Application Express.
PDF/report printing.
See Also:
"Enabling Network Services in Oracle Database 11g or Later" for your configuration scenario in Oracle Application Express Installation GuideTo configure Oracle Application Express to send mail in a full development environment:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services".
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Under Email, enter the following:
Application Express Instance URL - Enter the URL to the Oracle Application Express instance, inclusive of the DAD and trailing slash. For example:
http://your_server/pls/apex/
This setting is used for Oracle Application Express system-generated emails.
Application Express Images URL - Enter the URL to the Oracle Application Express images directory, inclusive of the trailing slash.
http://your_server/i/
This setting is used for Oracle Application Express system-generated emails.
SMTP Host Address - Defines the server address of the SMTP server. By default on installation, this is set to localhost
. If you are using another server as an SMTP relay, change this parameter to that server's address.
SMTP Host Port - Defines the port the SMTP server listens to for mail requests. The default setting is 25.
SMTP Authentication Username - If you enter a username, Oracle Application Express authenticates against it when sending emails. Prior to Oracle Database 11g Release 2 (11.2.0.2), only the SMTP authentication scheme "LOGIN" is supported. On newer database versions, all authentication schemes of UTL_SMTP
are supported.
SMTP Authentication Password - If you enter a password, Oracle Application Express authenticates against it when sending emails. Prior to Oracle Database 11g Release 2, Release 11.2.0.2, only the SMTP authentication scheme "LOGIN" is supported. On newer database versions, all authentication schemes of UTL_SMTP
are supported.
Use SSL/TLS - Beginning with Oracle Database 11g Release 2 (11.2.0.2), Oracle Application Express supports secure SMTP connections. Options include:
Yes - A secure connection with SSL/TLS is made before SMTP communication.
After connection is established - Oracle Application Express sends the SMTP command STARTTLS
immediately after the connection is opened.
No - A non-secure connection is opened.
Default Email From Address - Defines the from
address for tasks that generate email, such as approving a provision request or resetting a password.
Maximum Emails per Workspace - Defines the number of email messages that can be sent with the APEX_MAIL
API per workspace per 24 hour period.
Click Apply Changes.
To configure Oracle Application Express to send mail in a runtime environment:
Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS
. For example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Run the following statement:
ALTER SESSION SET CURRENT_SCHEMA = APEX_050000
Run the following statement:
BEGIN APEX_INSTANCE_ADMIN.SET_PARAMETER(PARAMETER_NAME, PARAMETER_VALUE); END;
For a description of email parameters, see "Configuring Email in a Full Development Environment."
See Also:
"SET_PARAMETER Procedure" in Oracle Application Express API ReferenceTo determine email settings in runtime environment:
Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS
. For example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Run the following statement:
ALTER SESSION SET CURRENT_SCHEMA = APEX_050000
Run the following statement:
SELECT
APEX_INSTANCE_ADMIN.GET_PARAMETER(PARAMETER_NAME)
FROM DUAL;
For a description of email parameters, see "Configuring Email in a Full Development Environment."
See Also:
"GET_PARAMETER Function" in Oracle Application Express API ReferenceThis section describes how to configure wallet information for an Oracle Application Express instance.
Secure Sockets Layer (SSL) is an industry standard protocol that uses RSA public key cryptography with symmetric key cryptography to provide authentication, encryption, and data integrity. When SSL is enabled, https
displays in the URL.
A wallet is a password-protected container that stores authentication and signing credentials (including private keys, certificates, and trusted certificates) needed by SSL. You must create a wallet if you:
Call a SSL-enabled URL (for example, by invoking a Web service).
Create a region of type URL that is SSL-enabled.
Configure secure SMTP, by setting the Use SSL/TLS attribute to Yes.
Have applications with LDAP authentication schemes that are configured to use SSL with Authentication.
To create a wallet:
The database administrator must create a wallet on the Oracle Application Express database instance. See "Using Oracle Wallet Manager" in Oracle Database Advanced Security Administrator's Guide.
The instance administrator configures the Wallet section of the Instance Settings page to specify the file system path to the wallet and the wallet password (if required).
See Also:
"Working with SSL Enabled Web Services" in Oracle Application Express Application Builder User's Guide and "Using Oracle Wallet Manager" in Oracle Database Enterprise User Security Administrator's GuideTo specify wallet settings in a full development environment:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to Wallet.
In Wallet Path, enter the path on the file system where the wallet is located using the following format:
file:directory-path
See field-level Help for examples.
If a password is required to open the wallet:
In Wallet Password, enter a password.
Select Check to confirm that you wish to change the wallet password.
Click Apply Changes.
To specify wallet settings in a runtime environment:
Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS
. For example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Run the following statement:
ALTER SESSION SET CURRENT_SCHEMA = APEX_050000
Run the following statement:
BEGIN APEX_INSTANCE_ADMIN.SET_PARAMETER(PARAMETER_NAME, PARAMETER_VALUE); END;
For a description of wallet parameters, see Table 2-4.
See Also:
"SET_PARAMETER Procedure" in Oracle Application Express API ReferenceTo determine wallet settings in a runtime environment:
Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS
. For example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Run the following statement:
ALTER SESSION SET CURRENT_SCHEMA = APEX_050000
Run the following statement:
SELECT
APEX_INSTANCE_ADMIN.GET_PARAMETER(PARAMETER_NAME)
FROM DUAL;
For a description of wallet parameters, see Table 2-4, "Wallet Parameters".
See Also:
"GET_PARAMETER Function" in Oracle Application Express API ReferenceThis section describes how to configure report printing options for an Oracle Application Express instance.
Configuring Report Printing in a Full Development Environment
Configuring Report Printing Settings in a Runtime Environment
Determining Report Printing Settings in a Runtime Environment
Oracle Application Express provides several features so that end users can download and print reports in various formats, including PDF. To set up this functionality, different users must configure the following printing settings:
Site Level: Instance administrators must specify the level of functionality (Standard or Advanced) for an entire Oracle Application Express instance, as described in this section.
Application Level: Workspace administrators and developers can define Report Queries and Report Layouts. Report Queries and Report Layouts are stored under Shared Components and are not tied to a specific page.
Page/Region Level: Developers can edit the Report regions on specific pages to enable printing. This, in turn, enables end users to print regions as reports in various formats. See "Configuring Classic Report Region Print Attributes" in Oracle Application Express Application Builder User's Guide.
Tip:
If you are running Oracle Application Express with Oracle Database 11g Release 1 (11.1) or later, you must enable network services to use report printing. See "Enabling Network Services in Oracle Database 11g or Later" for your configuration scenario in Oracle Application Express Installation Guide.To configure the printing of reports in a full development environment:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to Report Printing.
For Printer Server, select one of the following:
Oracle REST Data Services - Select this option if you are using the Oracle REST Data Services release 2.0 or later. This option enables you to use the basic printing functionality, which includes creating report queries and printing report regions using the default templates provided in Application Express and using your own customized XSL-FO templates.
Note:
The Oracle REST Data Services option does not require an external print server, instead the report data and style sheet are downloaded to the listener, rendered into PDF format by the listener and then sent to the client. The PDF documents in this setup are not returned back into the database, thus the print APIs are not supported when using the Oracle REST Data Services-based configuration.External (Apache FOP) - Select this option if you are using Apache FOP on an external J2EE server. This option enables you to use the basic printing functionality, which includes creating report queries and printing report regions using the default templates provided in Application Express and using your own customized XSL-FO templates.
Oracle BI Publisher - This option requires a valid license of Oracle BI Publisher (also known as Oracle XML Publisher). This option enables you to take report query results and convert them from XML to RTF format using Oracle BI Publisher. Select this option to upload your own customized RTF or XSL-FO templates for printing reports within Application Express.
See Also:
PDF Printing in Application Express to learn more about installing and configuring Oracle BI Publisher. Go to:http://www.oracle.com/technetwork/developer-tools/apex/application-express/configure-printing-093060.html
The following options apply to External (Apache FOP) and Oracle BI Publisher:
Print Server Protocol - Select the protocol (HTTP or HTTPS) that the print server uses.
Print Server Host Address - Specify the host address of the print server engine. By default, this is set to localhost
. Enter the appropriate host address if the print server is installed at another location.
Print Server Port - Define the port of the print server engine. The default setting is 8888
.
Print Server Script - Defines the script that is the print server engine. The default setting is:
/xmlpserver/convert
In Print Timeout, enter the number of seconds. This option defines the transfer timeout for communicating with the print server in seconds.
Click Apply Changes.
To configure report printing settings in a runtime environment:
Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS
. For example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Run the following statement:
ALTER SESSION SET CURRENT_SCHEMA = APEX_050000
Run the following statement:
BEGIN APEX_INSTANCE_ADMIN.SET_PARAMETER(PARAMETER_NAME, PARAMETER_VALUE); END;
For a description of available parameters, see Table 2-5.
Table 2-5 Report Printing Parameters in Runtime Environment
Parameter Name | Description |
---|---|
|
Specify either standard support or advanced support. Advanced support requires an Oracle BI Publisher license. Valid values include:
|
|
Specifies the host address of the print server converting engine, for example, |
|
Defines the port of the print server engine, for example |
|
Valid values include:
|
|
Defines the script that is the print server engine, for example: /xmlpserver/convert |
See Also:
"SET_PARAMETER Procedure" in Oracle Application Express API ReferenceTo determine report printing settings in a runtime environment:
Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS
. For example:
On Windows:
SYSTEM_DRIVE:\ sqlplus /nolog SQL> CONNECT SYS as SYSDBA Enter password: SYS_password
On UNIX and Linux:
$ sqlplus /nolog
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
Run the following statement:
ALTER SESSION SET CURRENT_SCHEMA = APEX_050000
Run the following statement:
SELECT
APEX_INSTANCE_ADMIN.GET_PARAMETER(PARAMETER_NAME)
FROM DUAL;
For a description of available parameters, see Table 2-5.
See Also:
"GET_PARAMETER Function" in Oracle Application Express API ReferenceInstance administrators can configure the target location of the Help menu that displays in the upper right corner of the Oracle Application Express development environment. By default, the Help menu points to the current Oracle Application Express online documentation library.
To configure the Help menu:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to Help.
In Help URL, edit the URL.
The URL defined here displays when users click the Help link from within Oracle Application Express.
Click Apply Changes.
See Also:
"About the Oracle Application Express Documentation" in Oracle Application Express Application Builder User's GuideInstance administrators can configure the workspace sizes available when users request:
A new workspace and schema
Additional space for an existing workspace
To configure workspace size options:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to New Workspace Request Size and Workspace Change Request Size. Specify the following:
Size in Megabytes - Edit the default numbers to change the size options.
Display - Select Yes for all the size options you want to appear in the select list for workspace size.
Default - Select the default value to appear in the storage field for workspace and change requests.
Click Apply Changes.
See Also:
"Enabling Auto Extend Tablespaces"Instance administrators can control the range for IDs of new database or Websheet applications. If you separate ID ranges in large multi-instance installations, you can easily move workspaces between the instances and keep their application IDs. To enable ID ranges, you must specify at least an ID Minimum.
To configure the application ID ranges:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Instance Settings.
Scroll down to Application ID Range and specify the following:
ID Minimum - Enter the lower range for database and Websheet application IDs.
ID Maximum - Enter the maximum range for database and Websheet application IDs.
Click Apply Changes.
This section describes how an Instance administrator purges inactive workspaces.
See Also:
"Monitoring Activity Across a Development Instance" to view reports concerning purging workspacesInactive workspaces consume valuable storage space and degrade system performance. By enabling Workspace Purge Settings, you can configure Oracle Application Express to purge inactive workspaces.
If a workspace is designated as inactive, a notification email is sent to each workspace administrator explaining that the workspace will be purged in a specific number of days. The workspace administrator can prevent the workspace from being purged by following an embedded link and following the online instructions.
See Also:
"Configuring Email" and "Sending Email from an Application" in Oracle Application Express Application Builder User's GuideTo configure workspace purge settings:
Sign in to Oracle Application Express Administration Services. See "Accessing Oracle Application Express Administration Services."
Click Manage Instance.
Under Instance Settings, click Workspace Purge Settings.
On the Workspace Purge Settings, configure the following:
Enabled - Select Yes to enable the workspace purge process. Select No to disable the workspace purge process.
Language - Select the language of the text of emails sent to workspace administrators of inactive workspaces. Note that only one language can be selected for each instance.
Purge Administration Email Address - Enter the email address (or From address) from which emails are sent to workspace administrators.
Send Summary Email To - Enter a list of email addresses separated by commas. Recipients will receive a daily email summary of the purge process.
Days Until Purge - Enter the number of days before a workspace is physically purged. For example, entering 10
means a workspace will be purged 10 days after it is added to the inactive list.
Reminder Days in Advance - Enter the number of days before the purge date to send a reminder email to workspace administrators. Reminder email criteria includes:
The workspace is on the inactive list.
There has been no activity in the workspace.
The workspace administrator has not chosen to follow the link in the email to prevent the workspace from being purged.
Days Inactive - Enter the number of days of inactivity before a workspace is classified as inactive. Inactivity includes not logging into the workspace and the no runtime activity of any application in the workspace.
Grace Period (Days) - Enter the number of days for the grace period. The grace period starts after workspace administrators click the link in the email to not have their workspace purged. If there is no activity during the grace period, the workspace is added back to the list of inactive workspaces.
Maximum Execution Time (Hours) - Enter the number limiting the number of hours that the purge process may execute per run of the workspace purge job.
Maximum Number of Workspaces - Enter the maximum number of workspaces to be purged per run of the workspace purge job.
Maximum Number of Emails - Enter the maximum number of reminder emails and workspace inactive emails to be send per run of the workspace purge job.
Click Apply Changes.