Database Reference
In-Depth Information
37. Set
When Button Pressed
to
CREATE (Create)
. Click the
Create
Validation
button when you're finished.
This completes the navigation and UI part of the security scheme you're implement-
ing. With the navigation and maintenance in place, you can now implement the authen-
tication scheme that will use the information.
Authentication
The key step in making a secure application is to understand who the accessing user is.
APEX refers to this as
authentication
. Authentication answers the question, “Who are
you?” The APEX tool provides a series of predefined authentication mechanisms, in-
cluding a built-in authentication framework and an extensible custom framework. At
design time, it's easy to switch between authentication methods by setting the active
scheme. There can be only one active authentication scheme at a time for an applica-
tion. The following are the major types of authentication schemes:
•
Application Express Accounts
: Users are managed in the APEX workspace
and are maintained just like workspace developer accounts.
•
LDAP Directory
: The user is an existing LDAP-compliant server such as
Active Directory or Oracle Internet Directory.
•
Oracle Application Server Single Sign On
: Authentication can pass
between APEX and an existing Oracle SSO server. Logging into the SSO
server once passes the same credentials to all APEX applications.
•
Database Accounts
: Database usernames and passwords determine authen-
tication. Don't confuse this with data access in an APEX application.
•
HTTP Header Variable
: This approach supports the use of HTTP header
variables to identify a user and to create an Application Express user ses-
sion.
•
Custom
: Logic is determined by the developer. An example of usage is for
Internet-facing applications where self-registration may be desired. Anoth-
er example is when more than one authentication source is used simultan-
eously, such as using two LDAP servers.