Apex 3.2, Flash Charts, HTTPS and Proxy

Leave a comment

Another wrinkle on deploying Apex with a proxy server and https, this time concerning flash charts.

I wrote in my last post that I needed to make a few adjustments to work successfully with a proxy server in my environment. My environment: Apex 3.2.1.00.12, OHS 11.1.0, DB 11.2.0, Win 2008.

All seemed well until I tested pages with flash charts. First off, the IE browser would throw up the message box “This page contains both secure and nonsecure items. Do you want to display the nonsecure items?” After dismissing the message box, the page loaded but the charts would not display. Instead they hung while outputting the message “Loading data. Please wait.”

The first issue that needed sorting out was the https protocol, which was behind the “nonsecure items” message box. In Apex 3.2 there are hard coded references to the protocol at Region Definition – Source. One is

codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"

, the other is

pluginspage="https://www.macromedia.com/go/getflashplayer"

I needed to change each http to https. Interestingly, at the Apex 4.0 website, I learned that this has been fixed. The protocol now has a variable, like this:

codebase="#HOST_PROTOCOL#://download...etc.

The next issue had to do with the proxy server.

The Region – Source screen also uses #HOST# variable, twice in fact. With the proxy server in place, #HOST# came back with the wrong value. Some surfing on the Apex forum at OTN revealed a dads.conf adjustment, which worked.

PlsqlCGIEnvironmentList        HTTP_HOST=proxyhosturl:port/dir
PlsqlCGIEnvironmentList        REQUEST_PROTOCOL=https

NOTE: don’t include the https:// prefix in the HTTP_HOST value.

Prior to that I had tried a more laborious work around. I created an Application Item called MY_HOST. I set this in an Application Process that runs On New Session – After Authentication. Then in every Region – Source for flash charts, I made the following change:

XMLFile=#HOST#apex_util.flash?

became

XMLFile=&MY_HOST.apex_util.flash?

That also worked, but involved updating the Source yet again for each chart.

A final point. The charts available in Interactive Charts are also affected by https and proxies. Fortunately, making the above dads.conf adjustment is all that’s needed.

In summary, getting flash charts to work with https and a proxy requires updating the code for each chart so that https doesn’t generate a prompt, plus updating the dads.conf file.

I’ll be interested to try out 4.0 in my shop to see how that works with proxy and https.

Oracle Apex With HTTPS and Proxy Server

Leave a comment

Some Oracle Apex proxy server and https wrinkles affecting authentication.

In a deployment of Oracle Apex I’m working on, I needed to work with a proxy server. The proxy server has an https url. I’ve also deployed https on my Oracle HTTP server on the Oracle Apex machine.

I’m using the default https certificate that ships with Oracle HTTP Server 11.1.0. While this is not a signed certificate, end users never see a prompt from their browser because this is handled at the proxy server just once by the server administrator.

I’m using the standalone installation of OHS which is now part of the larger Weblogic suite. OHS and Oracle database are on the same Windows 2008 machine. Database version: 11.2.0. Apex Version: 3.2.1.00.12.

Issues:
1. I needed to get a value passed in from the proxy server so that users did not have to login. Here’s how.

2. I wanted to base my security on the username passed in from the proxy. To do that, I created an application item which is in the Shared Components – Logic – Application Items section. Then I created an Application Process (also in the Shared components – Logic) section. This process sets the application item during authentication time.

3. My authentication scheme is database.

4. I updated the authorization scheme to use Application Item mentioned above rather than default built in variable APP_USER.

5. I put in some conditional display of items which detects whether or not a user accessed the application via the proxy server. If they did not, then the Application Item is not set and they will not have sufficient authorization to use the application.

6. Finally, I updated the authorization values accordingly as needed on tabs, lists and pages.

XMing – Lightweight X-Server for Windows

Leave a comment

Oracle DBAs working on windows laptops and connecting to unix/linux environments need an Xwindows server. An Xwindows server is the software you need on your laptop in order to run the GUI interfaces for Oracle installation programs on unix. My favorite Xwindows server is Xming, whose home site is located here, and whose binaries are here.

I’ve used the Exceed product before for an Xwindows server, but have always found the software cumbersome and confusing. It contains many more features and utilities than I need and takes up a fair amount of disk space too. Xming is easy to install, tiny in size and just does one thing: Xwindows server. Configuring it to work with putty is simple. Putty seems to be known to just about everybody in IT that ever had to login to a remote machine via telnet or ssh, but I think Xming is probably a bit less famous.

Installing Xming is simple. I accepted all defaults, which lets use run multiple separate programs from your remote host, each in its own window. Xming also provides some choices of automated integration with putty, which I haven’t used.

To get Xming and putty correctly configured to work with SSH, here’s what I had to do in my environment.

After installing Xming, I ran the Xlaunch utility that comes with Xming. Xlaunch controls the manner in which Xming starts. Xlaunch has a wizard interface, and I accepted the defaults, except on this screen.
Xlaunch screen
Here I made sure the “No access control” check box was checked.

On the putty front, I enabled X11 port forwarding for your session. See the below picture on how to do that. In my environment, I don’t have to set the DISPLAY variable at the unix prompt after making the above two settings.
X11 port forwarding in putty.

With the above two settings in place, I can login via ssh using putty from my windows laptop to remote unix sessions and then successfully start Xwindows programs.

Parse HTTP Header in Apex

1 Comment

I needed to get a value passed in from a proxy server via the HTTP header. I’m using Oracle HTTP server.

Browsing the OTN Application Express forums, I learned that do this, one has to:
1. Edit the dads.conf to include the following line.
PlsqlCGIEnvironmentList [your variable name]

2. Add code to obtain that variable. I added a Display as Text item and made its source a PL/SQL Function or Expression.

The source value was:
OWA_UTIL.GET_CGI_ENV(‘[your variable name]’);

Note that the following will print out all environment variables.
OWA_UTIL.PRINT_CGI_ENV;
You can put this code in a region of type pl/sql block, or as an item.