Friday, August 29, 2008

Oracle Application Express (APEX) "submit" Button

We just ran in to the strangest problem. All of our buttons and standard tabs stopped working on a particular page. Parent tabs worked fine, but anything that relied on posting the page (javascript:doSubmit) stopped working. Neelesh Shah came up with the solution. One of our buttons was "submit"--all lower case. Usually a submit button in APEX is either SUBMIT of Submit, with at least one upper case letter. APEX automatically adds an id="" to all the buttons. As it turns out, id="submit" (all lower case) causes browsers to stop submitting (posting) pages. Just changes the value to Submit did the trick.

Friday, August 22, 2008

Oracle Internet Directory (IDM OID) patchset 10.1.4.2 and WNA

Ouch! We recently installed the OID 10.1.4.2 patch to solve some issues with Server Chaining to Microsoft Active Directory (MS AD). There were two object classes that did not get mapped for groups and there were problems that OID would not find any group that was not directly in the dn that was chained to AD. If you chained
cn=ad,cn=groups,dc=mycompany,dc=com
to
cn=groups,ou=myDept,dc=mycompany,dc=com
but you had a group in subcontainer
cn=anotherLevel,cn=ad,cn=groups,dc=mycompany,dc=com
OID would not find it.

The patch almost worked as expected--we got one of the two object classes promised and we could find the groups in subcontainers. Unfortunately the patchset broke Windows Native Authentication (WNA). The problem is that the patch introduced a new java JDK, version 1.4.2._14. After many hours of troubleshooting we found Oracle bug 6658334--WNA FAILS AFTER APPLYING IDM 10.1.4.2.0 PATCHSET. The solution appears to be to downgrade the Sun JDK to 1.4.2_13. We did this and it works, but oh what a headache.

You might get an error stack that looks like this:

DAS servlet init enter
oiddas: Release 10.1.4.0.1 Production Started
<$ORACLE_HOME>/j2ee/OC4J_SECURITY/applications/oiddas/ui/WEB-INF/lib/oiddas.jar archive
DAS servlet init exit
Getting creds for HTTP/ ...
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null KeyTab is
<$ORACLE_HOME>/j2ee/OC4J_SECURITY/config/sso.keytab refreshKrb5Config is
false principal is HTTP/ tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
principal's key obtained from the keytab
principal is HTTP/
KerberosAuthenticator: GSSException raised in constructor -
No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT
credentials failed!)
GSSException: No valid credentials provided (Mechanism
level: Attempt to obtain new ACCEPT credentials failed!)
at
sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCreden
tial.java:189)
at
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.j
ava:80)
. . .
30 Caused by: javax.security.auth.login.LoginException:
java.lang.NullPointerException
at java.lang.StringBuffer.append(StringBuffer.java:467)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginMo
dule.java:576)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

Wednesday, August 13, 2008

Oracle Open World (Oracle OpenWorld)

I will be speaking at OOW this year on two topics.

How to Hack an Oracle Application Express Application

If you write HTML applications in any technology and you care about your data, this presentation is for you. All HTML applications share some attributes that expose them to potential hacking. APEX has many features that will allow developers to lock down their applications – or to expose them to hacking. I will show techniques that can be used to hack HTML applications, how to close these holes within APEX and where APEX may expose these holes through its wizards. Naturally, I will show how to protect against any hack that I demonstrate. This session can benefit the novice to the highly advanced APEX developer as well as developers of any HTML application.

This is a skinnied down version of the module that C2 Consulting teaches in its Application Express classes.

Realizing ROI with Application Express

As part of Massachusetts healthcare reform, C2 Consulting worked with Harvard Pilgrim Healthcare (HPHC) to develop a new business process for providing health insurance directly to the subscriber. Utilizing Oracle Application Express, the HPHC system allows individuals to apply, enroll and be confirmed in a healthcare plan online in just a few minutes. Developed in just one month, the project cost will be recovered in just one year's saved postage.

Oracle Portal Secure Content Repository Views

I recently went searching for the documentation on the Oracle Portal repository views for Portal 10.1.4 and had a hard time finding them.

The Views
http://www.oracle.com/technology/products/ias/portal/html/plsqldoc/pldoc1014/wwsbr_api_view.html

The APIs
http://www.oracle.com/technology/products/ias/portal/html/plsqldoc/pldoc1014/summary.html

The Documentation
http://download-west.oracle.com/docs/cd/B14099_19/portal.1012/b14134/toc.htm

And More Documentation
http://download.oracle.com/docs/cd/B14099_15/portal.1014/b14135/pdg_part3.htm#sthref1557

Monday, August 04, 2008

Advanced Configuration Training Course: Oracle Application Express (APEX)

This is just a quick note to mention that C2 Consulting has added a new module to its Oracle Application Express (APEX) course. The training class is modular, so class attendees or clients can choose which modules are taught during a particular session. The new Advanced Configurations course covers installation and configuration in a variety of environments. Some of the topics follow:

  • High Availability, RAC, HA Middle Tiers (I contributed to the Oracle white paper on this topic)
  • Configuring Apache for SSL
  • Configuring Apache Virtual Hosts
  • Using Apache 2.x as a reverse proxy
  • Using Oracle Web Cache
  • Capturing IP Address behind Firewalls, Reverse Proxies and Web Cache
  • Using Apache Rewrite Rules
  • Custom DAD configurations--passing environment variables, setting default application, etc.
  • Custom Authentication and Authorization Schemes
  • How to enable Oracle Single Sign-On (SSO)
  • How to integrate with Netegrity (Computer Associates) Siteminder (Optional)
  • How to integrate with RSA (Optional)
  • How to integrate with PKI (client-side) certificates (Optional)
If you are interested in this topic or any of the C2 courses, contact C2.