Presentation is loading. Please wait.

Presentation is loading. Please wait.

Corralling APEX Applications in a Corporate Environment Scott Chaplow HCL Technologies.

Similar presentations

Presentation on theme: "Corralling APEX Applications in a Corporate Environment Scott Chaplow HCL Technologies."— Presentation transcript:

1 Corralling APEX Applications in a Corporate Environment Scott Chaplow HCL Technologies

2 2 Introduction Scott Chaplow Systems Architect, HCL Technologies Level 4, ACC Building 18 London St Hamilton 3204 New Zealand +64 7 858 7129 +64 27 233 0615

3 3 HCL Overview 59.5% 26.7% 13.8% Asia Pacific Europe US 12.1% Telecom 25.5% Financial Services 26.7% Manufacturing 7.6% BPO 22.2% Infrastructure Services 19.0% Engineering Services 21.4% Enterprise Apps 29.9% Custom Apps Geo Mix Vertical Mix Service Line Mix Highlights Total Revenues$6.3 B Clients500+ Employees93,000 Countries31 HCL Technologies HCL Infosystems Diversified and De-Risked Portfolio 6.9% Retail & CPG 5.0% MPE 6.3% Life Sciences 8.9% E&U 6.9% Others

4 4 HCL in New Zealand Auckland Wellington NZ 300+ Consultants Hamilton  Locally registered since 1999  100 seat Development Centre in Auckland, offices in Hamilton and Wellington  300+ onsite consultants  200+ off-shore

5 5 Fonterra APEX Payroll Reporting DARSyConv Cost FTS Config Manu Capacity RX7 Ozone Portal Requests FSRPM ES PCA SNO Compliance System Operational Excellence Cost of Quality eBudget PWMR IS Report Data Load BIPP FAM Data INJMANeProject RUCS Activity Mapping WEBREM A3 WEBDOCS RFM / GSR Business Proc ASMR FSKAT Customer Visit Tool 20062007201320122011201020092008 ProFin Rework MFU Starter Culture Upload Sheet OPT1 Value Portal MOMPA RP Bioscience Starter Culture WMLOG Request Tracker PMR Perform Reporting Training Portal APEX Portal

6 e-HR Perform WEBFORMS 6 Fonterra APEX Environments RX7 MAX WEBREM Inform Payroll BPR- MDS Edit My Details e-HR Admin WEBREM Payroll report WEB- DOCS INJMAN WEBLEAVE A3 OPT1 RP MOMPA MFU Starter Biosci Culture FAM RX7 eBudget DARSy Oper Excel eProject FTS Cost Qual Conv Cost Comply ASMR WMLOG Manu Cap RUCS Ozone ES PCA SNO FSRPM BIPP ProFin Rework Train Portal Request APEX Portal Active Map PMR RFM/ GSR IS Data Load Upload Value Portal PWMR FS KAT Visit Tool Request Tracker A3

7  Developed over eight years by more than 30 developers  At least twelve APEX themes in use  Examples… 7 Application Examples

8 8 The Problem  Variation  Twelve different themes  Duplication of effort  User access maintenance  Other functions  Lack of internal application security  No Authorization Schemes (security through obscurity)  Page Access Protection not enabled (URL tampering)  Report columns not escaping special characters (XSS)  Inappropriate use of &ITEM. syntax (SQL injection)

9 9 The Journey 201220112010 Shared security schema User Security Tables & Functions Authentication Parameters Lookup Lists Import Template (base) Import Template (pages) Auditing Jobs Standard Admin Pages Configuration Export / Import Dropdown Menu Single sign-on Shared Pages Security Assurance 2013 HR Data Authentication Access Administration

10 Oracle APEX Database 10 The Vision Email Address User Name HR Data Preferred Name Last Name Person ID Manager ID Position Cost Centre Termination Date Location Contact Details Organisation Hire Date Shared Area security data code Security Application Shared Pages

11 11 The Result – A3  Three areas of focus  Authentication  Access  Administration  Three Applications A3 (Security Data) Application Shared Application APEX Portal

12 12 A3 Structure A3 Application (A3A) Shared Pages (A30) User-selected Application’s Data Shared Area (A3)

13 13 A3 Features

14 14 Authentication  Checks if there’s an outage  Refreshes user’s automatically assigned roles  Checks the user has access to the application  Randomly selects authentication host from list  Authenticates username and password

15 15 Access – Security Structure Users Actions Roles Security Codes Pages

16 16 Security Structure Range of Functionality Range of Data

17 17 Access – Security Structure Users Actions Roles Security Codes Pages

18 18 Application Security Functions

19 19 Page Security Functions

20 20 Administration – Security Structure List Parameter Audit Import Template Jobs Users Actions Roles Security Codes Pages

21 21 Other Features  Standard Theme  Messages  Logging  Configuration Export and Import  Dropdown Menu  Single Sign-on  Shared Pages  APEX Portal  Security Assurance

22  Comply to Fonterra branding guidelines  Test all templates  Create guide on how each template should be used  Remove any extra templates 22 Standard Theme

23 23 Messages  Information and Outage messages  Use standard APEX notification variables apex_application.g_notification (outage) apex_application.g_print_success_message (information)

24 24 Logging  Standard functions for writing to log table  Debug message only generated if debugging switched on in APEX or a3_log_pkg.gv_debug is TRUE Procedure / Function v_group_id := a3_log_group( ‘Group’ ); a3_log_info( ‘Information’, v_group_id ); a3_log_debug( ‘Debug’, v_group_id ); a3_log_error( ‘Error’, v_group_id ); a3_log_warning( ‘Warning’, v_group_id );

25 25 Configuration Export & Import  Configuration Export, by  Object type or specific object  Grouping of objects by change date  Entire application  Configuration Import

26 26 Dropdown Menu  Started as a bit of “bling” for the applications  Integrated nicely with shared security  Integral for seamlessly adding shared pages

27 27 Dropdown Menu Technical  Started with a Plugin from  Moved PL/SQL to shared schema  Moved images, CSS and JavaScript files to shared directory  Included menu HTML as JavaScript file with document.write(‘’);  Added page footer to shift last menu items left

28 28 Single Sign-on Overview  Uses Session Initialization and Authentication Function  Triggered via the APEX request item f?p=App:Page:Session:Request:Debug:ClearCache:Items:Values:PrinterFriendly A3-REDIRECT~Database~App~Page~Request~ClearCache~Items~Values f?p=App:Page:Session:Request:Debug:ClearCache:Items:Values:PrinterFriendly

29 wwv_flow.accept ?p_flow_id=2001 &p_flow_step_id=101 &p_arg_names=Username-Item-ID &p_t01=username &p_arg_names=Password-Item-ID &p_t02=password 29 APEX Login Authentication Authenticate to Active Directory Post AuthenticationRedirect to Home Page f?p=2001:1:95563177109636::NO::::

30 wwv_flow.accept ?p_flow_id=120 &p_flow_step_id=101 &p_request=A3-REDIRECT-LOGIN &p_arg_names=Username-Item-ID &p_t01=username &p_arg_names=Password-Item-ID &p_t02=A3-Redirect-key f?p=2001:1:955631877109636:A3-REDIRECT~MAX~120~4000~~~~:NO::::&cs=384D Initialise Session (VPD) Generate A3 Redirect Key f?p=2001:1:95563177109636::NO:::: Authentication Authenticate to Active Directory A3 Redirect Key 30 Single Sign-on (new session) Redirect to login process on target application Post Authentication Redirect to Target URL f?p=120:4000:863177109636::NO:::: A3-REDIRECT~MAX~120~4000~~~~

31 f?p=2001:1:95563177109636::NO:::: f?p=120:4000:863177109636::NO:::: f?p=120:4000:863177109636:A3-REDIRECT~MAX~2001~1~~~~:NO::::&cs=591X Initialise Session (VPD) 31 Single Sign-on (existing session) Redirect to target page in application reusing session A3-REDIRECT~MAX~2001~1~~~~ Found Session ID 95563177109636 for App 2001 in Session Group

32 32 Shared Pages  Original plan was to include a set of administration pages in the standard application template  Foundations  Consistent theme  Consistent variable naming  Shared security framework  Drop-down menu  Captures session state prior to accessing shared page  Shared application adopts security and session state of calling application

33 33 APEX Portal  Home page for users listing the applications they have access to  Centralized reporting  Place for users to request further access

34 34 Security Assurance  Report checks application is set up correctly  Checks compliance to the security standards  Authorization Scheme for entire application  Page Access Protection on  Report fields restrict HTML characters  &ITEM. Syntax not used in SQL queries  Checks page relationships

35 35 APEX Base Tables WorkspacesWWV_FLOW_COMPANIES Workspace SchemasWWV_FLOW_COMPANY_SCHEMAS Workspace UsersWWV_FLOW_FND_USER ApplicationsWWV_FLOWS Application ProcessesWWV_FLOW_PROCESSING Application ItemsWWV_FLOW_ITEMS Authentication SchemesWWV_FLOW_CUSTOM_AUTH_SETUPS Authorization SchemesWWV_FLOW_SECURITY_SCHEMES Parent TabsWWV_FLOW_TOPLEVEL_TABS Standard TabsWWV_FLOW_TABS PagesWWV_FLOW_STEPS Page RegionsWWV_FLOW_PAGE_PLUGS Page Region ColumnsWWV_FLOW_REGION_REPORT_COLUMN Interactive ReportsWWV_FLOW_WORKSHEETS Interactive Report Columns WWV_FLOW_WORKSHEET_COLUMNS Page ButtonsWWV_FLOW_STEP_BUTTONS Page ItemsWWV_FLOW_STEP_ITEMS Page ProcessesWWV_FLOW_STEP_PROCESSING Page BranchesWWV_FLOW_STEP_BRANCHES APEX Activity LogWWV_FLOW_ACTIVITY_LOG  Tables available in the APEX_040000 schema (version 4.0)  Don’t alter these tables, or you’ll void your support

36 36 Final Words

37 37 Caveats  Applications are no longer stand-alone  Not using all standard features  References to base APEX tables

38 38 Benefits  Application administration and support is easier  Application development is streamlined  Application security is assured  Application quality is improved  User access is controlled and auditable  User experience is consistent  Custom applications become trusted

39 39 Questions

40 Thanks

Download ppt "Corralling APEX Applications in a Corporate Environment Scott Chaplow HCL Technologies."

Similar presentations

Ads by Google