Skip to main content

Username and Password on Every Page

Well, not really, as that would be bad. However, I’ve often wondered how to include a field for the username and password on every public page, making the sign on process one less click. Well, there’s nothing like learning how to do something like having a customer requirement!

A current client wants a largely public site – that is, you do not need to authenticate to see most of it. Simple enough – just set the Page Attributes Security to Page is Public. However, the client also wanted the username and password field to appear on each and every public page.

From a developer point of view, I didn’t want to have to put any items on any page aside from Page Zero. Thus, every time that I add a page to the application, the login region would simply show up. This required a bit more thought.

Here’s what I came up with: I created a region on Page Zero which holds my username and password fields, as well as a Login button. The button is not an item button, but rather a true button which submits the page when clicked. I also set this region to only display when the user was unauthenticated.

In order to accommodate authenticated users, I also created an HTML region on Page Zero which only renders when the user is authenticated. This region simply displays a welcome message to the user.

Next, I created 2 application level processes to handle the actual authentication process. These two processes are copies of the Set Username Cookie & Login processes which are typically found on Page 101 of your HTML DB Application. These processes are set to run only when the REQUEST = P0_LOGIN, which is the name of my button on Page Zero.

Thus, when you enter a valid username and password and click the Login button on any public page in my application, you are authenticated and returned to the page from which you came. All without any code or items on any page aside from Page Zero!

Steps to Implement
  1. Create Page 0

  2. Create an HTML Region on Page 0 called Login

  3. Set condition of that region to User is the Public User (user has not authenticated)

  4. In that region, create two items:
    P0_USERNAME
    - Text
    P0_PASSWORD - Password

  5. Create an HTML Region on Page 0 called Welcome

  6. In the source of that region, enter a simple welcome message, such as Welcome, &APP_USER.

  7. Set condition of that region to User is Authenticated (user has not authenticated)

  8. Create a Button named P0_LOGIN on Page 0 in the Login region
    - Select Create Button in a Region Position when prompted
    - Leave Branch to Page blank

  9. Create an Application Level Process:
    Sequence
    : 1
    Process Point
    : On Submit: After Page Submission – After Computations and Values
    Name
    : Set Cookie
    Type
    : PL/SQL Procedure
    Process Text
    :
    begin

    owa_util.mime_header('text/html', FALSE);

    owa_cookie.send(

    name => 'LOGIN_USERNAME_COOKIE',

    value => lower(:P0_USERNAME));

    exception
    when others then null;

    end;

    Process Error Message
    : An Error Has Occured
    Condition Type
    : Request = Expression 1
    Expression 1
    : P0_LOGIN

  10. Create an Application Level Process:
    Sequence
    : 2
    Process Point
    : On Submit: After Page Submission – After Computations and Values
    Name
    : Login
    Type
    : PL/SQL Procedure
    Process Text
    :
    begin

    wwv_flow_custom_auth_std.login(

    P_UNAME => :P0_USERNAME,

    P_PASSWORD => :P0_PASSWORD,

    P_SESSION_ID => v('APP_SESSION'),

    P_FLOW_PAGE => :APP_ID||':&APP_PAGE_ID.'
    );
    :P0_USERNAME := null;

    :P0_PASSWORD := null;

    end;


    Process Error Message
    : An Error Has Occured
    Condition Type
    : Request = Expression 1
    Expression 1
    : P0_LOGIN

  11. Edit your current Authentication Scheme, and set the Logout URL to redirect to a public page, not page 101.

  12. Set the Security - Authentication to at least one page in your application to Page is Public.

You should now be able to sign on from any public page in your applicaion.

Comments

Jochen said…
Hmm, interesting to read. I have to keep this tip in mind, just in case of.. You should post more blog entries like this :)
Scott said…
You should post more blog entries like this :)

Thanks for the feedback - I try my best to keep the content here useful, but as everyone knows, time is a scarce commodity these days!

Thanks,

- Scott -
Bill Dwight said…
Excellent entry Scott - very helpful. Thank you!
Glenm said…
If you still had a 'real' logon page, should it be modified to use the page0 fields and application processes in order to prevent code duplication and ease maintenance down the line?
Scott said…
If you still had a 'real' logon page, should it be modified to use the page0 fields and application processes in order to prevent code duplication and ease maintenance down the line?

You could conceivably remove page 101 entirely, and then just use page 1 as a "login" page. If there was a field for username & password on all public pages, there simply woulnd't be a need for a dedicated login page.

Thanks,

- Scott -
Doug Gault said…
Very interesting... I've done this before using other languages (Oracle, PSP's is one of them) but its cool to know that it's actually pretty easy with HTML-DB.

Thanks!
Anonymous said…
Hi Scott,

This is quite an approach...
However, I have a rather more challeging issue...
A client of mine just has an XE database and that's basicly it. now there is a business need to integrate all 4 (custom build)of the apex-applications into 1 sign on session. (log in once, and use all the applications).
any suggestions...
Scott said…
A client of mine just has an XE database and that's basicly it. now there is a business need to integrate all 4 (custom build)of the apex-applications into 1 sign on session. (log in once, and use all the applications).
any suggestions...


If all of the applications are in the same schema (workspace), then you should be able to share a cookie among them; thus, signing on to one should authenticate you to all.

Thanks,

- Scott -
J-P said…
This comment has been removed by the author.

Popular posts from this blog

Spaced Out

A while back, I wrote about how to give the Universal Theme a face lift.  If you follow the steps in that post, the base font for an APEX application with the Universal Theme can easily be changed.

While that's all well and good, sometimes you only want to change the font for a report, not the entire page.  One of the applications that I'm building contains a number of IRs based mostly on log data.  Thus, having that data in a monospaced font would make it a whole lot easier to read.

You can search Google Fonts for monospaced fonts by selecting only that option on the right-side menubar.  You can also opt for the standard yet kinda boring Courier and achieve the same thing.

To implement this in your application, follow the steps in my other post, but stop shy of the final step.  Instead of pasting in the text that I specify, paste in the following to the Custom CSS field in Theme Roller, using the name of the font you selected for the font-family:

.a-IRR-table tr td { font-fam…

Thanks, ODC (Oracle Developer Community)!

I owe a lot of thanks to the ODC - which stands for Oracle Developer Community.  What is ODC?  You may remember it as OTN, or the Oracle Technology Network.  Same people, different name.  Why they changed it I can't say.  People just liked it better that way... (love that song)

In any case, what am I thankful for?  A lot.  To start, the tools that I use day in and day out: SQL Developer, ORDS, Oracle Data Modeler, SQLcl and - of course - APEX.  Without these tools, I'm likely on a completely different career path, perhaps even one that aligns more closely with my degree in television management.

While the tools are great, it's really the people that make up the community that make ODC stand out. From the folks who run ODC and the Oracle ACE program to the developers and product managers who are behind the awesome tools, the ODC community is one of, if not the greatest asset of being involved with Oracle's products.

If you have yet to get more involved with this communi…

Whose Deck is it Anyways?

This year at KScope, we're going to try something new.  And fun.  And funny to watch - we hope.  It's called "Whose Deck is it Anyways?", and will occur on Sunday at 8:30pm.  It's only 30 minutes, but it will likely be the best 30 minutes of the conference.  Or at least the most embarrassing.

Here's what we're going to do: the will be four 5-minute presentations - one on each of the following: BI, EPM, Database & APEX.

Sound interesting?  Probably not.  We get that, too.  So here's what we did.

Each 5-minute session will be presented by a non-expert.  For example, it's highly likely that I'll be presenting on BI or EPM.

To make it even better, each slide deck will be prepared by the corresponding expert.  So again, it's highly likely that my slide deck's creator will be either Stewart Bryson or Edward Roske.  If nothing else, this session will be a crash course in how not to make cohesive, easy to read slides.

Interested now?  Ya,…