Good APEX resource
Nicosa, September 04, 2008 - 10:31 am UTC
And do you known a good APEX book you would recommand ?
(Book, Doc, tutorial, any resource you consider good)
Thanks in advance, and thanks again for everything you do.
I love your site.
September 04, 2008 - 10:39 am UTC
Comming out soon...
Wolfgang Bauer, September 04, 2008 - 4:02 pm UTC
I pre-ordered that book in July '07...
In the meantime it seems like a joke for me.
A book that was announced for August '07, which has not been released in September '08 and amazon already gives 37% discount on it.
September 04, 2008 - 4:40 pm UTC
I know it is coming - they had me on a deadline to look at it and write the foreword ;)
I did not tech edit the book, I reviewed it for content and usefulness and wrote the foreword.
Wolfgang Bauer, September 04, 2008 - 4:43 pm UTC
So there is light at the end of the tunnel ;-)
Wolfgang Bauer, September 05, 2008 - 3:19 am UTC
Tom,
as you have already reviewed the book can you please tell me if there is a chapter about security and not only the build in security from apex but also if you need to interact with other Webapplications.
For example passing a user from a JSB Webapp to an Apex app without the need to re-authenticate. In one word: singel sign on.
Regads
Wolfgang
September 05, 2008 - 9:14 am UTC
Yes, there is a full chapter on authentication methods.
However, unless the "JSB Webapp" is using a formal single sign on method, not a home grown one, you'll just be passing data in cookies or urls from "jsb" to APEX - you'd need to secure that somehow yourself. Else it is rather easy to spoof it all.
I've put the foreword I wrote here:
http://asktom.oracle.com/Misc/new-book-on-apex-coming-out.html
Bauer Wolfgang, September 05, 2008 - 2:08 pm UTC
Thanks a lot Tom.
Of course I meant JSP not JSB ;-)
Both apps are using LDAP authentication.
Regards
Wolfgang
September 05, 2008 - 4:47 pm UTC
what does "ldap" authentication mean - sounds like "Do it yourself" (ldap is a repository, not an authentication means really, ldap can hold certificates, data, whatever, you might have to authenticate to ldap in order to query it, but it is a repository)
Wolfgang Bauer, September 05, 2008 - 5:30 pm UTC
Our Users are administrated in an active directory domain service. In Apex we use LDAP authentication and role authorisation.
The jsp app also accesses the ADDS (over the LDAP protocoll).
Now the problem is how we can pass-through the already authenticated and authorised user from one Webapplication to the other. The easiest way would be to add a link and let the user simple login into the apex app again. But hmm we're in 2008 that's not the way to go - at least in my opinion.
As a quick workaround I created another apex application without any authorization, copied the page into it and that it was. As it is an internal used App and the information shown is not confidential it is ok - for this time.
But generally I'm thinking about a practicable way to pass a user from one application to another. JSP/Servlet based App -> APEX and perhaps also the other way. NTLM may be a possible solution but of course windows dependent. Cockies may be another way.
I would be interested if there are some working solutions out there. Which problems did occur, how much time was spend to adopt this solution...
To make a long story short: All the things Manager and Architects want to know when you recommend them to integrate Apex into the infrastructure of one of the worlds largest insurance companies.
Also I have to say, that I'm not a pure web developer. I'm used to java and PL/SQL (prefering PL/SQL) and we are using apex since V2.2 (the XE effect) for some relatively small apps with 5-15 pages. But now "The Apex thing" becomes bigger and bigger and we begin touching the hemisphere of the company wide used web apps.
Now we have two possibilities: Stop here and go back to the small isolated applications used by a handful people or start interacting. I would prefer the last one.
Regards
Wolfgang
September 08, 2008 - 8:31 am UTC
if the two applications are not using the same authentication and the same authorization services - then it is not fair to say they are "already authenticated and authorized"
These applications use two entirely different services.
For a situation like this, you use an "official single sign on" service, it becomes the authentication, the authorization service - the single point of truth there.
There are many solutions out there (we offer one - single sign on as part of our middle tier offering, identity management). The applications have to change a bit to "play" in this arena - as they have a new authenticator, a new authorizor.
And APEX supports various "single sign on" capabilities. We use it internally that one - we have one "logon service" that lets any SSO enabled APEX application "know who you are"
Should have mentioned
Harrsion Picot, September 06, 2008 - 4:36 am UTC
Of course, in my (original) question, I left out testing, which Tom added, "And trying things out to see how they really work." I think that is one of the most important thing I have learned from Tom, that if you have some idea of the concepts, testing is easy (not so easy for me as for Tom, but much less work than I imagined). Once you understand how a multi-column (b-tree) index is actually built, the idea that Oracle may ignore it when the return set is not predicted on the "leading edge" makes sense. Your ideas of what to test have to come from the concepts (and Tom's books are full of concepts that have not changed), but Tom shows again and again how little time and code it takes to test. Seeing one neat trick with sql%rowcount (big_table),can give you a handle on that which will benefit you many times, as will learning that "when others" is always followed by "raise" (at least). Another nice thing about the tests is that Tom makes them work. If you don't know what part of the test does, you can cut it out an run that part and see exactly what it is doing. I am no expert on memory, but typing the tests in and making them run for you must make it 3-4 times more likely that you learn it; at least that is how it works for me.
.exrc
ab wor WHEN OTHERS RAISE;
Nitu Marius, September 18, 2008 - 10:56 am UTC
Hi Tom,
Do you belive that it is possible to build the same kind of database application with APEX as we have done in the past using SQL*Forms, like an account system or a HR application for a medium-size or large company ?
Thanks for your time
September 18, 2008 - 11:34 am UTC
sure it is.
APEX is written in APEX. Check out the development environment to see what is possible with APEX itself.