Upload
taylor-durnal
View
221
Download
1
Tags:
Embed Size (px)
Citation preview
Corralling APEX Applicationsin a Corporate Environment
Scott ChaplowHCL Technologies
2
Introduction
Scott ChaplowSystems Architect, HCL Technologies
Level 4, ACC Building18 London StHamilton 3204New Zealand
+64 7 858 7129+64 27 233 [email protected]@fonterra.com
3
HCL Overview
59.5%
26.7%
13.8%Asia Pacific
Europe
US
12.1% Telecom
25.5%Financial Services
26.7% Manufacturing
7.6% BPO
22.2%InfrastructureServices
19.0%EngineeringServices
21.4%EnterpriseApps
29.9% Custom Apps
Geo MixGeo Mix Vertical Mix
Vertical Mix
Service Line MixService Line Mix
Highlights
Total Revenues
$6.3 B
Clients
500+
Employees
93,000
Countries
31
HCL Technologies HCL Infosystems
Diversified and De-Risked Portfolio
6.9% Retail & CPG
5.0% MPE6.3% Life Sciences
8.9% E&U
6.9% Others
4
HCL in New Zealand
Auckland
Wellington
NZ300+Consultants
Hamilton
Locally registered since 1999
100 seat Development Centre in Auckland,
offices in Hamilton and Wellington
300+ onsite consultants
200+ off-shore
5
Fonterra APEX
PayrollReporting
DARSy Conv Cost
FTSConfig
ManuCapacity
RX7
Ozone
PortalRequests
FSRPM
ES
PCA
SNO
ComplianceSystem
OperationalExcellence
Cost ofQuality
eBudget
PWMR
IS ReportData Load
BIPP
FAM Data
INJMANeProject
RUCS
ActivityMapping
WEBREM
A3
WEBDOCS
RFM / GSRBusiness Proc
ASMR
FSKAT
CustomerVisit Tool
2006 2007 201320122011201020092008
ProFin
Rework
MFU StarterCulture
Upload Sheet
OPT1
Value Portal
MOMPA
RP
BioscienceStarter Culture
WMLOG
RequestTracker
PMR Perform Reporting
TrainingPortal
APEX Portal
e-HRPerformWEBFORMS
6
Fonterra APEX Environments
RX7
MAX
WEBREM
InformPayroll BPR-
MDS
Edit My Details
e-HR Admin
WEBREMPayroll report
WEB-DOCS INJMAN
WEBLEAVE
A3
OPT1
RPMOMPA
MFUStarter
BiosciCulture
FAM
RX7
eBudget
DARSy
OperExcel
eProject
FTS
CostQual
ConvCost
Comply
ASMR
WMLOG
ManuCap
RUCSOzone
ES
PCA
SNO
FSRPM
BIPP
ProFin
Rework
TrainPortal
PortalRequest
APEX Portal
Active Map
PMR
RFM/GSR
IS Data Load
Upload
Value Portal
PWMR
FSKAT
Visit Tool
Request Tracker
A3
Developed over eight years by more than 30 developers
At least twelve APEX themes in use
Examples…
7
Application Examples
8
The Problem
Variation
Twelve different themes
Duplication of effort
User access maintenance
Other functions
Lack of internal application security
No Authorization Schemes (security through obscurity)
Page Access Protection not enabled (URL tampering)
Report columns not escaping special characters (XSS)
Inappropriate use of &ITEM. syntax (SQL injection)
9
The Journey
201220112010
Shared securityschema
User Security Tables & Functions
Authentication
Parameters
Lookup Lists
Import Template
(base)
Import Template (pages)
Auditing
Jobs
Standard Admin Pages
Configuration Export / Import
Dropdown Menu
Single sign-on
Shared Pages
Security Assurance
2013
HR Data
AuthenticationAccess
Administration
Oracle
APEX Database
10
The Vision
Email AddressUser NameHR Data Preferred Name Last Name Person ID Manager ID Position
Cost CentreTermination Date LocationContact DetailsOrganisation
Hire Date
Shared Area
security
data
codeSecurity
ApplicationSharedPages
11
The Result – A3
Three areas of focus
Authentication
Access
Administration
Three Applications
A3 (Security Data)Application
Shared Application
APEX Portal
12
A3 Structure
A3Application(A3A)
SharedPages(A30)
User-selectedApplication’sData
Shared Area(A3)
13
A3 Features
14
Authentication
Checks if there’s an outage
Refreshes user’s automatically assigned roles
Checks the user has access to the application
Randomly selects authentication host from list
Authenticates username and password
15
Access – Security Structure
Users
Actions
RolesSecurity Codes
Pages
16
Security Structure
Range of Functionality
Ran
ge o
f D
ata
17
Access – Security Structure
Users
Actions
RolesSecurity Codes
Pages
18
Application Security Functions
19
Page Security Functions
20
Administration – Security Structure
List Parameter AuditImport TemplateJobs
Users
Actions
RolesSecurity Codes
Pages
21
Other Features
Standard Theme
Messages
Logging
Configuration Export and Import
Dropdown Menu
Single Sign-on
Shared Pages
APEX Portal
Security Assurance
Comply to Fonterra branding guidelines
Test all templates
Create guide on how each template should be used
Remove any extra templates
22
Standard Theme
23
Messages
Information and Outage messages
Use standard APEX notification variablesapex_application.g_notification (outage)
apex_application.g_print_success_message (information)
24
Logging
Standard functions for writing to log table
Debug message only generated if debugging switched on in APEX
or a3_log_pkg.gv_debug is TRUE
Procedure / Functionv_group_id := a3_log_group( ‘Group’ );
a3_log_info( ‘Information’, v_group_id );
a3_log_debug( ‘Debug’, v_group_id );
a3_log_error( ‘Error’, v_group_id );
a3_log_warning( ‘Warning’, v_group_id );
25
Configuration Export & Import
Configuration Export, by
Object type or specific object
Grouping of objects by change date
Entire application
Configuration Import
26
Dropdown Menu
Started as a bit of “bling” for the applications
Integrated nicely with shared security
Integral for seamlessly adding shared pages
27
Dropdown Menu Technical
Started with a Plugin from http://www.apex-plugin.com/
Moved PL/SQL to shared schema
Moved images, CSS and JavaScript files to shared directory
Included menu HTML as JavaScript file with document.write(‘’);
Added page footer to shift last menu items left
28
Single Sign-on Overview
Uses Session Initialization and Authentication Function
Triggered via the APEX request item
f?p=App:Page:Session:Request:Debug:ClearCache:Items:Values:PrinterFriendly
A3-REDIRECT~Database~App~Page~Request~ClearCache~Items~Values
f?p=App:Page:Session:Request:Debug:ClearCache:Items:Values:PrinterFriendly
wwv_flow.accept ?p_flow_id=2001 &p_flow_step_id=101 &p_arg_names=Username-Item-ID &p_t01=username &p_arg_names=Password-Item-ID &p_t02=password
29
APEX Login
Authentication
Authenticate toActive Directory
Post Authentication
Redirect to Home Page
f?p=2001:1:95563177109636::NO::::
wwv_flow.accept ?p_flow_id=120 &p_flow_step_id=101 &p_request=A3-REDIRECT-LOGIN &p_arg_names=Username-Item-ID &p_t01=username &p_arg_names=Password-Item-ID &p_t02=A3-Redirect-key
f?p=2001:1:955631877109636:A3-REDIRECT~MAX~120~4000~~~~:NO::::&cs=384D
Initialise Session (VPD)
Generate A3 Redirect Key
f?p=2001:1:95563177109636::NO::::
Authentication
Authenticate toActive Directory
A3 RedirectKey
30
Single Sign-on (new session)
Redirect to login process
on target application
Post Authentication
Redirect to Target URL
f?p=120:4000:863177109636::NO::::
A3-REDIRECT~MAX~120~4000~~~~
f?p=2001:1:95563177109636::NO::::f?p=120:4000:863177109636::NO::::
f?p=120:4000:863177109636:A3-REDIRECT~MAX~2001~1~~~~:NO::::&cs=591X
Initialise Session (VPD)
31
Single Sign-on (existing session)
Redirect to target page in
application reusing session
A3-REDIRECT~MAX~2001~1~~~~
Found Session ID95563177109636 for App 2001 in Session Group
32
Shared Pages
Original plan was to include a set of administration pages in the
standard application template
Foundations
Consistent theme
Consistent variable naming
Shared security framework
Drop-down menu
Captures session state prior to accessing shared page
Shared application adopts security and session state of calling
application
33
APEX Portal
Home page for users listing the applications they have access to
Centralized reporting
Place for users to request further access
34
Security Assurance
Report checks application is set up correctly
Checks compliance to the security standards
Authorization Scheme for entire application
Page Access Protection on
Report fields restrict HTML characters
&ITEM. Syntax not used in SQL queries
Checks page relationships
35
APEX Base Tables
Workspaces WWV_FLOW_COMPANIES
Workspace Schemas WWV_FLOW_COMPANY_SCHEMAS
Workspace Users WWV_FLOW_FND_USER
Applications WWV_FLOWS
Application Processes WWV_FLOW_PROCESSING
Application Items WWV_FLOW_ITEMS
Authentication Schemes WWV_FLOW_CUSTOM_AUTH_SETUPS
Authorization Schemes WWV_FLOW_SECURITY_SCHEMES
Parent Tabs WWV_FLOW_TOPLEVEL_TABS
Standard Tabs WWV_FLOW_TABS
Pages WWV_FLOW_STEPS
Page Regions WWV_FLOW_PAGE_PLUGS
Page Region Columns WWV_FLOW_REGION_REPORT_COLUMN
Interactive Reports WWV_FLOW_WORKSHEETS
Interactive Report Columns WWV_FLOW_WORKSHEET_COLUMNS
Page Buttons WWV_FLOW_STEP_BUTTONS
Page Items WWV_FLOW_STEP_ITEMS
Page Processes WWV_FLOW_STEP_PROCESSING
Page Branches WWV_FLOW_STEP_BRANCHES
APEX Activity Log WWV_FLOW_ACTIVITY_LOG
Tables available in the APEX_040000 schema (version 4.0)
Don’t alter these tables, or you’ll void your support
36
Final Words
37
Caveats
Applications are no longer stand-alone
Not using all standard features
References to base APEX tables
38
Benefits
Application administration and support is easier
Application development is streamlined
Application security is assured
Application quality is improved
User access is controlled and auditable
User experience is consistent
Custom applications become trusted
39
Questions
www.hcl.com
Thanks