当前位置:网站首页>Oracle EBs and apex integrated login and principle analysis
Oracle EBs and apex integrated login and principle analysis
2022-07-02 07:11:00 【Virtuous time】
Preface :Oracle The official support is EBS and APEX Seamless integration , There are three ways ,1.OAM 2.OSSO 3. Customization , If EBS It is not installed in the front OAM perhaps OSSO Words , Customization is relatively less troublesome .
this paper DEMO Demonstrate how to use customized integration to demonstrate from EBS How to skip to the menu without password input APEX Specify page .
Architecture description
EBS edition 12.1.3 Corresponding database version 11.2.0.3
APEX edition 20.1 ( This version is compatible IE The highest version under the premise ,20.2 Abandon support IE 了 )
EBS and APEX Installed in the same single instance database , Built a separate schema For installation apex Working space for , Refer to official guidance , For security reasons, it is not installed in apps Under the user .
EBS Patch upgrade
See metalink notes 215268.1 and 458338.1
about EBS 12.1.3 Version of , Just download these four patches
Other previous dependent packages mentioned in the document are relatively old , The general system has been hit , You can verify :
SELECT *
FROM AD_BUGS
WHERE BUG_NUMBER LIKE '%12316083%' -- Corresponding patch Number
p12316083_R12.FND.B_R12_GENERIC.zip
p12316083_R12.FND.B_R12_zht.zip
p12726556_R12.FND.B_R12_GENERIC.zip
p12726556_R12.FND.B_R12_zht.zip
You need to enter the maintenance mode to patch , No, mos The classmate of the account left me a message ([email protected]), My email will send you the patch .
Official instance installation
From the above corresponding patch Download the following scripts
apex_ebs_env.sql
apex_ebs_setup.sql
apex_ebs_application_rev3.sql -- This is apex Instance installer , adopt apex Just import the application in the foreground .
among apex_ebs_env.sql Are not compatible 12.1.3 Need to change , as follows :
Save the following script to sql In file , use sqlplus Connect apps Account execution
-- Way of execution :sqlplus "apps/apps_password" @apex_ebs_env
-- Script source Oracle official , For use in EBS 12.1 edition , A slight change
set define '^'
set concat on
set concat .
set verify off
set termout off
spool off
set termout on
column foo3 new_val log1
select 'apex_ebs_env_'||to_char(sysdate,'yyyy-mm-dd_hh24-mi-ss')||'.log' foo3 from dual;
spool ^log1
prompt .
prompt . << Enter Criteria >>
prompt .
accept APEX_URL CHAR prompt '. APEX URL {http://<EBS_Hostname>:8080/apex} : '
accept APEX_APPID char default '110' prompt '. APEX Application Id [110]: '
accept APEX_PAGE_NR char default '2' prompt '. APEX Page Number with No Repsonsibility [2]: '
accept APEX_PAGE_R char default '3' prompt '. APEX Page Number Using Responsibility [3]: '
accept EBS_USER CHAR default 'APEX' prompt '. EBS Username to be associated with Menu [APEX]: '
accept EBS_PWD CHAR default 'Welcome0' prompt '. EBS Username Password [Welcome0]: '
accept EBS_EMAIL CHAR prompt '. EBS Username Email Address: '
prompt .
prompt ... Set EBS APEX profile option
prompt .
declare
profile boolean default false;
begin
profile := fnd_profile.save ('FND_APEX_URL','^APEX_URL','SITE');
end;
/
commit;
prompt .
prompt ... Create 2 demo functions for APEX
prompt .
begin
fnd_form_functions_pkg.load_row(
X_FUNCTION_NAME => 'XX_APEX_DEMO_1',
X_APPLICATION_SHORT_NAME => null,
X_FORM_NAME => null,
X_PARAMETERS => null,
X_TYPE => 'JSP',
X_WEB_HOST_NAME => null,
X_WEB_AGENT_NAME => null,
X_WEB_HTML_CALL => 'GWY.jsp?targetAppType=APEX&p=^APEX_APPID:^APEX_PAGE_NR',
X_WEB_ENCRYPT_PARAMETERS => 'N',
X_WEB_SECURED => 'N',
X_WEB_ICON => null,
X_OBJECT_NAME => null,
X_REGION_APPLICATION_NAME => null,
X_REGION_CODE => null,
X_USER_FUNCTION_NAME => 'Update User Email (Without Responsibility)',
X_DESCRIPTION => 'Update the current user email without checking the user responsibility.',
X_OWNER => null,
X_CUSTOM_MODE => 'FORCE',
X_LAST_UPDATE_DATE => to_char(sysdate, 'YYYY/MM/DD'),
X_MAINTENANCE_MODE_SUPPORT => 'NONE',
X_CONTEXT_DEPENDENCE => 'RESP',
X_JRAD_REF_PATH => null
);
fnd_form_functions_pkg.load_row(
X_FUNCTION_NAME => 'XX_APEX_DEMO_2',
X_APPLICATION_SHORT_NAME => null,
X_FORM_NAME => null,
X_PARAMETERS => null,
X_TYPE => 'JSP',
X_WEB_HOST_NAME => null,
X_WEB_AGENT_NAME => null,
X_WEB_HTML_CALL => 'GWY.jsp?targetAppType=APEX&p=^APEX_APPID:^APEX_PAGE_R:::::EBS_RESP_ID,EBS_APP_ID,EBS_SEC_GROUP:[RESPONSIBILITY_ID],[RESP_APPL_ID],[SECURITY_GROUP_ID]',
X_WEB_ENCRYPT_PARAMETERS => 'N',
X_WEB_SECURED => 'N',
X_WEB_ICON => null,
X_OBJECT_NAME => null,
X_REGION_APPLICATION_NAME => null,
X_REGION_CODE => null,
X_USER_FUNCTION_NAME => 'Update User Email (Using Responsibilities)',
X_DESCRIPTION => 'Update the current user email after checking the user responsibility. This option is more secure!',
X_OWNER => null,
X_CUSTOM_MODE => 'FORCE',
X_LAST_UPDATE_DATE => to_char(sysdate, 'YYYY/MM/DD'),
X_MAINTENANCE_MODE_SUPPORT => 'NONE',
X_CONTEXT_DEPENDENCE => 'RESP',
X_JRAD_REF_PATH => null
);
end;
/
commit;
prompt .
prompt ... Create Menu and add two menu entries for the functions
prompt .
begin
-- Create menu
fnd_menus_pkg.load_row(
X_MENU_NAME => 'XX_APEX_MENU',
X_MENU_TYPE => 'HOMEPAGE',
X_USER_MENU_NAME => 'XX_APEX Demo',
X_DESCRIPTION => 'Menu for Oracle APEX Demonstration app.',
X_OWNER => null,
X_CUSTOM_MODE => 'FORCE',
X_LAST_UPDATE_DATE => to_char(sysdate, 'YYYY/MM/DD')
);
-- create menu entries
fnd_menu_entries_pkg.load_row(
X_MODE => 'FORCE',
X_ENT_SEQUENCE => '1',
X_MENU_NAME => 'XX_APEX_MENU',
X_SUB_MENU_NAME => null,
X_FUNCTION_NAME => 'XX_APEX_DEMO_1',
X_GRANT_FLAG => 'Y',
X_PROMPT => 'Update Email',
X_DESCRIPTION => 'Update your email without using responsibility.',
X_OWNER => null,
X_CUSTOM_MODE => 'FORCE',
X_LAST_UPDATE_DATE => to_char(sysdate, 'YYYY/MM/DD')
);
--
fnd_menu_entries_pkg.load_row(
X_MODE => 'FORCE',
X_ENT_SEQUENCE => '2',
X_MENU_NAME => 'XX_APEX_MENU',
X_SUB_MENU_NAME => null,
X_FUNCTION_NAME => 'XX_APEX_DEMO_2',
X_GRANT_FLAG => 'Y',
X_PROMPT => 'Update Email (Using Responsibility)',
X_DESCRIPTION => 'Update your email using EBS Responsibility.',
X_OWNER => null,
X_CUSTOM_MODE => 'FORCE',
X_LAST_UPDATE_DATE => to_char(sysdate, 'YYYY/MM/DD')
);
end;
/
commit;
prompt .
prompt ... Submit Concurrent Request to compile menu entries
prompt .
declare
l_conc_status varchar2(1);
begin
l_conc_status := fnd_menu_entries_pkg.submit_compile;
end;
/
commit;
prompt .
prompt ... Create Responsibility and User, and then add the responsibility to the user
prompt .
begin
fnd_responsibility_pkg.load_row(
X_APP_SHORT_NAME => 'FND',
X_RESP_KEY => 'XX_APEX_RESP',
X_RESPONSIBILITY_NAME => 'XX_APEX_RESP',
X_OWNER => null,
X_DATA_GROUP_APP_SHORT_NAME => 'FND',
X_DATA_GROUP_NAME => 'Standard',
X_MENU_NAME => 'XX_APEX_MENU',
X_START_DATE => to_char(sysdate, 'YYYY/MM/DD'),
X_END_DATE => null,
X_DESCRIPTION => 'Responsibility for APEX Demonstration',
X_GROUP_APP_SHORT_NAME => null,
X_REQUEST_GROUP_NAME => null,
X_VERSION => 'W',
X_WEB_HOST_NAME => null,
X_WEB_AGENT_NAME => null,
X_CUSTOM_MODE => 'FORCE',
X_LAST_UPDATE_DATE => to_char(sysdate, 'YYYY/MM/DD')
);
--
-- Add USER
--
fnd_user_pkg.createuser(
X_USER_NAME => upper('^EBS_USER'),
X_OWNER => null,
X_UNENCRYPTED_PASSWORD => '^EBS_PWD',
X_START_DATE => sysdate,
X_END_DATE => null,
X_PASSWORD_DATE => sysdate,
X_PASSWORD_LIFESPAN_DAYS => 30,
X_EMPLOYEE_ID => null,
X_EMAIL_ADDRESS => '^EBS_EMAIL'
);
--
-- Add Responsibility to USER
--
fnd_user_pkg.addresp(
USERNAME => upper('^EBS_USER'),
RESP_APP => 'FND',
RESP_KEY => 'APEX_RESP',
SECURITY_GROUP => 'STANDARD',
DESCRIPTION => 'Add access to APEX Demo menu options',
START_DATE => sysdate,
END_DATE => null
);
end;
/
commit;
set define on
Security login customization package writing
The following code in this section is all deployed in apps Under the user .
The following is used 3 Code to demonstrate general needs 18 Step configuration can achieve the effect :
First brush the dependent packages :
/* This package is similar to generation token And carry on token The result of verification */
CREATE OR REPLACE PACKAGE APPS.XXAPX_SECURITY_PKG AUTHID DEFINER AS
FUNCTION generate_hash (
p_string IN VARCHAR2
, p_offset IN NUMBER DEFAULT 0) RETURN VARCHAR2;
FUNCTION validate_hash (
p_string IN VARCHAR2
, p_hash IN VARCHAR2
, p_delay IN NUMBER DEFAULT 5) RETURN BOOLEAN;
END XXAPX_SECURITY_PKG;
/
CREATE OR REPLACE PACKAGE BODY APPS.XXAPX_SECURITY_PKG AS
g_key VARCHAR2(100);
FUNCTION generate_hash (
p_string IN VARCHAR2
, p_offset IN NUMBER DEFAULT 0) RETURN VARCHAR2
IS
BEGIN
IF p_string IS NULL THEN RETURN NULL; END IF;
RETURN RAWTOHEX(UTL_RAW.cast_to_raw(
DBMS_OBFUSCATION_TOOLKIT.MD5(
input_string=>p_string||':'||
TO_CHAR(SYSDATE-(p_offset/24*60*60), 'YYYYMMDD HH24MISS')||g_key)));
END generate_hash;
FUNCTION validate_hash (
p_string IN VARCHAR2
, p_hash IN VARCHAR2
, p_delay IN NUMBER DEFAULT 5) RETURN BOOLEAN
IS
BEGIN
FOR i IN 0..p_delay LOOP
IF p_hash = generate_hash (p_string, i) THEN RETURN TRUE; END IF;
END LOOP;
RETURN FALSE;
END validate_hash;
BEGIN
SELECT encrypted_user_password
INTO g_key
FROM FND_USER
WHERE user_name = 'SYSADMIN';
END XXAPX_SECURITY_PKG;
/
Code segment 1- Customized login - Validation function
FUNCTION apex_validate_login(p_username IN VARCHAR2, p_password IN VARCHAR2) RETURN BOOLEAN IS
BEGIN
IF XXAPX_SECURITY_PKG.validate_hash(p_username, p_password) THEN
RETURN TRUE;
END IF;
RETURN(FND_WEB_SEC.validate_login(p_username, p_password) = 'Y');
END apex_validate_login;
This function is placed in the following places :
Code segment 2- Automatic login code
PROCEDURE auto_login IS
lv_username VARCHAR2(300);
lv_password VARCHAR2(300);
lc_blacklist VARCHAR2(2000) := 'GUEST';
BEGIN
--ebs_getsession(lv_username);
wfa_sec.getsession(lv_username);
plog.debug('lv_username:' || lv_username);
lv_password := XXAPX_SECURITY_PKG.generate_hash(lv_username);
plog.debug('lv_password:' || lv_password);
-- Pay attention to filter out this place EBS Of GUEST user
IF lv_password IS NOT NULL AND lv_username IS NOT NULL AND lv_username <> 'GUEST' THEN
/* APEX_CUSTOM_AUTH.login(P_UNAME => lv_username, P_PASSWORD => lv_password, P_SESSION_ID => v('APP_SESSION'), P_APP_PAGE => :APP_ID || :APEX_PAGE);*/
apex_authentication.login(p_username => lv_username, p_password => lv_password);
END IF;
EXCEPTION
WHEN OTHERS THEN
plog.error(' Automatic login exception ' || lv_username || lv_password);
plog.full_error_backtrace;
END auto_login;
This function is used in the login page befor header Upper process in , Here's the picture :
Code 3-EBS Environmental information is transferred
Doing it EBS Report related development , Will make full use of MO Security profile to achieve more OU Screen all data , So in EBS in , How to handle EBS The basic information of the conversation is passed back to APEX What about China? , Here is the code example ,
Its essence is to use ICX Related tables , About EBS Analysis of login session principle , You can read the following article
EBS Analysis of login session principle
FUNCTION check_ebs_credentials RETURN BOOLEAN IS
c_ebs VARCHAR2(240) := 'E-Business Suite';
l_authorized BOOLEAN;
l_user_id NUMBER;
l_resp_id NUMBER;
l_resp_appl_id NUMBER;
l_sec_group_id NUMBER;
l_org_id NUMBER;
l_time_out NUMBER;
l_ebs_url VARCHAR2(100);
l_appl_name VARCHAR2(240);
l_session_count NUMBER := 0;
l_user_name VARCHAR2(3000);
CURSOR get_apps_credentials IS
SELECT iss.user_id,
iss.responsibility_id,
iss.responsibility_application_id,
iss.security_group_id,
iss.org_id,
iss.time_out,
isa.value,
fu.user_name
FROM apps.icx_sessions iss, apps.icx_session_attributes isa, fnd_user fu
WHERE iss.session_id = apps.icx_sec.getsessioncookie
AND isa.session_id = iss.session_id
AND isa.name = '_USERORSSWAPORTALURL'
AND iss.user_id = fu.user_id;
CURSOR get_appl_name(b_appl_id NUMBER) IS
SELECT application_name
FROM apps.fnd_application_tl
WHERE application_id = b_appl_id
AND LANGUAGE = USERENV('LANG');
BEGIN
OPEN get_apps_credentials;
FETCH get_apps_credentials
INTO l_user_id, l_resp_id, l_resp_appl_id, l_sec_group_id, l_org_id, l_time_out, l_ebs_url, l_user_name;
IF get_apps_credentials%NOTFOUND THEN
l_authorized := FALSE;
plog.debug(' No data ');
ELSE
l_authorized := TRUE;
OPEN get_appl_name(l_resp_appl_id);
FETCH get_appl_name
INTO l_appl_name;
IF get_appl_name%NOTFOUND THEN
l_appl_name := c_ebs;
END IF;
CLOSE get_appl_name;
plog.debug('l_user_id' || l_user_id);
-- The following items should be in APEX Predefined in the application item of the shared component , Otherwise, it will report a mistake .
apex_util.set_session_state('EBS_USER_NAME', TO_CHAR(l_user_name));
apex_util.set_session_state('EBS_USER_NAME', 'APEX');
apex_util.set_session_state('EBS_RESP_ID', TO_CHAR(l_resp_id));
apex_util.set_session_state('EBS_APP_ID', TO_CHAR(l_resp_appl_id));
apex_util.set_session_state('EBS_SEC_GROUP', TO_CHAR(l_sec_group_id));
apex_util.set_session_state('EBS_ORG_ID', TO_CHAR(l_org_id));
apex_util.set_session_state('EBS_TIME_OUT',TO_CHAR(l_time_out));
apex_util.set_session_state('EBS_URL', l_ebs_url);
apex_util.set_session_state('EBS_APPLICATION_NAME', l_appl_name);
apex_util.set_session_max_idle_seconds(l_time_out * 60, 'APPLICATION');
-- Perform a login
apex_authentication.send_login_username_cookie(p_username => FND_GLOBAL.user_name);
plog.debug(FND_GLOBAL.user_name);
/* apex_authentication.login(p_username => l_user_name, p_password => XXAPX_SECURITY_PKG.generate_hash(l_user_name)); */
/* APEX_CUSTOM_AUTH.login(P_UNAME => l_user_name, P_PASSWORD => XXAPX_SECURITY_PKG.generate_hash(l_user_name), P_SESSION_ID => v('APP_SESSION'), P_APP_PAGE => V('APP_ID') || ':2'); */
END IF;
IF apex_authentication.is_authenticated THEN
l_authorized := TRUE;
ELSE
l_authorized := FALSE;
END IF;
CLOSE get_apps_credentials;
plog.assert(l_authorized, ' Call failed ');
RETURN l_authorized;
plog.debug(' Successful call ');
EXCEPTION
WHEN OTHERS THEN
plog.debug(' Call exception ');
plog.full_error_backtrace;
IF get_apps_credentials%ISOPEN THEN
CLOSE get_apps_credentials;
END IF;
RETURN FALSE;
END;
APEX And third-party integration principle analysis
And single sign on token Or similar to the verification principle ,APEX Flexible customization token And custom validation token The way , And provides a unified entrance (apex_authentication.login and APEX_CUSTOM_AUTH.login) To achieve integration with itself , Using this principle , Not only can it be with EBS Integrate , Integration with other systems is also similar , This architecture is worth learning .
Reference documents
apex-ebs-extension-white-paper
Integration of Oracle Apex and E-Business Suite R12( A ladder is needed )
边栏推荐
- JSP智能小区物业管理系统
- ORACLE EBS中消息队列fnd_msg_pub、fnd_message在PL/SQL中的应用
- Stress test modification solution
- [Zhang San learns C language] - deeply understand data storage
- Uniapp introduces local fonts
- Oracle apex Ajax process + dy verification
- MySQL中的正则表达式
- Go common compilation fails
- Flex Jiugongge layout
- Laravel8中的find_in_set、upsert的使用方法
猜你喜欢
微信小程序基础
解决微信小程序swiper组件bindchange事件抖动问题
Uniapp introduces local fonts
Sentry construction and use
SQL injection closure judgment
Solve the problem of bindchange event jitter of swiper component of wechat applet
sqli-labs通关汇总-page4
Sqli labs customs clearance summary-page1
The boss said: whoever wants to use double to define the amount of goods, just pack up and go
Stack (linear structure)
随机推荐
ssm人事管理系统
Explain in detail the process of realizing Chinese text classification by CNN
RMAN增量恢复示例(1)-不带未备份的归档日志
JS create a custom JSON array
Data warehouse model fact table model design
In depth study of JVM bottom layer (IV): class file structure
Changes in foreign currency bookkeeping and revaluation general ledger balance table (Part 2)
Common prototype methods of JS array
[leetcode question brushing day 35] 1060 Missing element in ordered array, 1901 Find the peak element, 1380 Lucky number in matrix
oracle EBS标准表的后缀解释说明
Sqli-labs customs clearance (less6-less14)
Thinkphp5中一个字段对应多个模糊查询
Oracle 11g sysaux table space full processing and the difference between move and shrink
Yolov5 practice: teach object detection by hand
Ceaspectuss shipping company shipping artificial intelligence products, anytime, anywhere container inspection and reporting to achieve cloud yard, shipping company intelligent digital container contr
2021-07-19C#CAD二次开发创建多线段
Sqli-labs customs clearance (less1)
解决微信小程序swiper组件bindchange事件抖动问题
js判断数组中对象是否存在某个值
In depth study of JVM bottom layer (II): hotspot virtual machine object