Understanding Authentication

20.4.1.1 How Authentication Works

You determine how your application interacts with users. If all users have the same rights and privileges, they are referred to as public users. However, if your application must track each user individually, you must specify an authentication method.

Authentication establishes the identity of each user who accesses your application. Many authentication processes require that a user provide some type of credentials such as a user name and password. These credentials are then evaluated and they either pass or fail. If the credentials pass, the user has access to the application. Otherwise, access is denied.

Once a user has been identified, the Application Express engine keeps track of each user by setting the value of the built-in substitution string APP_USER. As a user navigates from page to page, the Application Express engine sets the value of APP_USER to identify the user. The Application Express engine uses APP_USER as one component of a key for tracking each user's session state.

From a programming perspective, you can access APP_USER using the following syntax:

As a bind variable from either PL/SQL or SQL:
```
:APP_USER
```
From PL/SQL packages and triggers:
```
V('APP_USER')
```
As an attribute of the context APEX$SESSION:
```
sys_context('APEX$SESSION', 'APP_USER')
```

You can use APP_USER to perform your own security checks and conditional processing. For example, suppose you created the following table:

CREATE TABLE my_security_table (
  user_id   VARCHAR2(30),
  privilege VARCHAR2(30));

Once created, you could populate this table with user privilege information and then use it to control the display of pages, tabs, navigation bars, buttons, regions, or any other control or component.

20.4.1.2 About Support for Deep Linking

Oracle Application Express applications that use authentication schemes support deep linking. Deep linking refers to the ability to link to an Oracle Application Express page out of context (for example, from a hyperlink in an email or workflow notification). When you link to a page out of context and the application requires the user be authenticated, the user is taken to the login page. After credentials verification, the Application Express engine automatically displays the page that was referenced in the original link.

Parent topic: Understanding Authentication

20.4.1.3 About Determining Whether to Include Authentication

As you create your application, you must determine whether to include authentication. You can:

Choose to not require authentication. Oracle Application Express does not check any user credentials. All pages of your application are accessible to all users.
Select a built-in authentication scheme. Create an authentication method based on available preconfigured authentication schemes. Depending on which scheme you choose, you may also have to configure the corresponding components of Oracle 10giAS, Oracle Internet Directory, or other external services.
Create custom authentication scheme. Create a custom authentication method to have complete control over the authentication interface. To implement this approach, you must provide a PL/SQL function the Application Express engine executes before processing each page request. This function's Boolean return value determines whether the Application Express engine processes the page normally or displays a failure page.