APEX Listener & SSL Recommended Configuration - ORDS, SODA & JSON in the Database

Hi
The new listener looks exciting.
Can anyone suggest a preferred method (OC4J platform) to implement given the requirement to run SSL / HTTPS?
Thanks
Mike 

Mike,
You may want to drop over the oc4j forum since that's where you'd have to config ssl/https. They can get you and answer quicker on the webserver config. OC4J
-kris 

Hi Chris
Thanks for the advice.
Just to be clear, configuring ssl/https using the APEX listener on OC4J is done entirely on OC4J?
Is there nothing to be done (for ssl/https) in the listener itself?
Thanks once again.
Mike 

Yes, the listener configuration is independent of the http/SSL setup.
-Richard

Related

Does Apex_Listener resolve variable #HOST_PROTOCOL# correct in HTTPS?

Hi everybody,
In January I dropped a question about Apex_Listener and mixed HTTP/HTTPS content.
Re: APEX Listener Feedback
Mixed HTTP and HTTPS content when using SSL (&link to APEX_LISTENER issue)
Because I didn't have a satisfying answer I did some test with the latest Apex (4.0) & Apex_Listener (build 0.10.110.10.57).
- Apex_Listener with HTTP: Charts are OK
- Apex_Listener with HTTPS: Charts are NOK!
- OHS/mod_plsql with HTTP: Charts are OK
- OHS/mod_plsql with HTTPS: Charts are OK
As background info, I used the Apex 4.0 "Sample Application" that was "fresh" installed.
In the chart region the variable #HOST_PROTOCOL# is used and it isn't hardcoded anymore.
Because it works fine with the Oracle HTTP Server I assume that there is still a problem with the Apex Listener.
Depending on the brand of browser (Chrome, IE, FF) and internal settings the HTTPS chart load just hangs or complains with "No data found".
Is this a known bug of Apex_Listener and is there a workaround (not hard coding the macromedia calls off course).
If some body wants to test it, I have temporary a sandbox with the standard "Sample Apllication" available:
http://gitsapx01.corp.global-it-services.eu:8888/apex/f?p=100:1
https://gitsapx01.corp.global-it-services.eu:8443/apex/f?p=100:1
(Please note that the HTTPS is based on a self signed certificate, your browser will complain about that :-)
Best regards,
JB
PS.
I noticed a minor issue in Apex 4.0 when you open it as a developer in HTTPS.
After the initial logon it throws a warning like:
+>> "This page contains both secure and nonsecure items."+
+>> "Do you want to display the nonsecure items?"+
But I can live with that because it doesn't complain to end-users. 
Hello,
I have noticed the same issue as you. I have tested it with
apex_listener.1.10.179.10.43 on GlassFish Server Open Source Edition 3.0.1 (build 22) - listening on port 8181 and Tomcat 6.0.24 (listening on port 8443).
Also connections through standard SSL port 443 gave me any success.
All of time the CGI environment variable REQUEST_PROTOCOL has value of '/1.1' instead of 'HTTPS'.
Have anyone any idea how to resolve this issue or if it would be fixed in next release of apex_listener?
Best regards,
Piotr 
Hi Piotr,
I verified your expecriences in my sandbox.
The (direct) EPG connection is temporary activated for this test.
In my opnion I believe that the REQUEST_PROTOCOL environment variable is resrverd for Apache-Mod_plsql-Dads.conf only.
As you I get "/1.1" as the result in AL. But in EPG it is "tcp".
See the output below for the details.
Anybody any idea?!? Plzzzz.
Regards,
JB
Apex Listener using HTTP:
The content of owa_util.get_cgi_env('HTTP_REFERER'): http://gitsapx01.corp.global-it-services.eu:8888/apex/f?p=9500:1:2237926306889275
The content of owa_util.get_cgi_env('REQUEST_PROTOCOL'): */1.1*
Apex Listener using HTTPS:
The content of owa_util.get_cgi_env('HTTP_REFERER'): https://gitsapx01.corp.global-it-services.eu:8443/apex/f?p=9500:1:854227275158801
The content of owa_util.get_cgi_env('REQUEST_PROTOCOL'): */1.1*
Embedded PLSQL Gateway & HTTP:
The content of owa_util.get_cgi_env('HTTP_REFERER'): http://gitsapx01.corp.global-it-services.eu:7777/apex/f?p=9500:18
+The content of owa_util.get_cgi_env('REQUEST_PROTOCOL'): tcp+ 
Has anyone come up with an answer to this? It is very important that we get this solved too. It is going to definitely halt our upgrade to apex 4.0 if this can't be fixed.
Michelle 
I see it and it'll be fix in the next push of the code to otn.
-kris 
Do you know about when that code update will be?
Thanks for your help,
Michelle 
I do know but I'm not allowed to tell. We can not give dates but it's not too far away.
-kris 
Kris, thx for the info!
JB 
anything new on this ?
Problem is a real showstopper...
.g 
Hoi Guys,
I used p9976149 to upgrade Apex 4.0.1 and replace Apex Listener with the latest 1.10.230.17.38. Well I must say that I am quite disappointed.
The HTTPS issues with the failing graphical chars still exist!?!
It is very well possible that is caused by the fact that I still using Tomcat.
Can't go to Oracle Support, but before I go to install Oracle's/Sun's Puffer/Blow/Glassfish I like to hear from somebody else what his or hers experiences are?
Don't like to be forced to use software because of so called "smart" marketing.
Does somebody has positive results with charts & https in the latest Apex (Listener) version?
Regards,
JB 
A patch for this was mentioned but not delivered 
Hi Piotr,
Were you able to reproduce these issues in Apex 4.0.1 & Apex_Listener (build 0.10.110.10.57) in your Glassfish environment?. Or are they resolved? Either way I am very interested to know!
Best regards,
JB 
I've not seen the garbled pictograph characters. If you have some that fail every time, put them in here.
This https thing is confisung me since I checked your instance of the sample app and the url for the xml is fine yet no content is delivered:
#HOST#apex_util.flash?p=&APP_ID.:1:&APP_SESSION.:FLOW_FLASH_CHART5_R#REGION_ID#
expands to:
http://gitsapx01.corp.global-it-services.eu:8443/apex/apex_util.flash?p=100:1:2878217115106373:FLOW_FLASH_CHART5_R830115739922903989_en&XMLCallDate=128267217389
Is there anything in the log? Did you put the listener in debug to see if there was something there?
-kris 
Found and fixed the protocol issue. patch coming soon.
-kris 
Kris,
Thanks for the feedback!
I'll wait (im)patiently! ;-)
Regards,
JB

|Apex Listner and Custom Authentication

Hi All,
I have spent a long time looking through the forums and beyond, but cannot seem to get to the bottom of this.
I have recently installed Apex Listener (on glassfish) with Apex 4 and 10g on an XP box, and it all works fine. However, when I import an application that was developed using EPG, I cannot log into it, getting the following message:
Expecting p_company or wwv_flow_company cookie to contain security group id of application owner.
     Error      ERR-7621 Could not determine workspace for application (:) on application accept.
OK      The application uses custom authentication and authorisation, maintaining info in session.
I am suspicious that the environment will not let me store a cookie, but I'm not sure. It is a little frustrating, because I wanted to simply use the recommended default configuration for Apex 4. i.e. using the listener. However, now at customer site and just losing so much time on this.
Can anybody help?
thanks
paul 
I guess no one has the answer to this or even a thought ...
or nothing helpful at all.
Thats really disappointing.
I will have to go back to EPG or APache.
Why bother with the big hollbollo about the listener .... 
Hi PJ,
what is the exact version of APEX? And does your application use a page sentry function for custom authentication?
Does your application work when you call it through EPG/mod_plsql? Does only the APEX listener call fail?
Regards
Patrick
-----------
My Blog: http://www.inside-oracle-apex.com
APEX 4.0 Plug-Ins: http://apex.oracle.com/plugins
Twitter: http://www.twitter.com/patrickwolf 
Patrick
Thanks for the reply. The problem has been fixed when I upgraded to 4.0.2.00.07.
Paul

Windows NT Authentication Auto-login

Hi,
If we use APEX Listener, then would it be possible to provide auto-login facility to APEX applications based on user-NT id's
Regards,
Hari 
Hi Hari,
I guess this won't work with the current release of the APEX Listener, as it doesn't support the CGI-Environment necessary for such operations. You can follow a similar issue (NTLM-authentication) here: {thread:id=2125018}
There exist some Java NTLM-Implementations you could try use to create a servlet that does the header-exchange for you. Currently, there seems to be no out-of-the-box-solution for that issue. I bookmarked the following page for the case the problem may become urgent:
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
I was hoping to find the time to create that kind of servlet, but as there's no customer need at the moment (all NTLM-users still use OHS), there hasn't been an assignment for that yet. Perhaps one of the following Listener releases includes the support for custom header exchange.
-Udo 
Hi Udo,
Thanks for the reply. Our customer is asking for auto-login based on NT User credentials. So I'm just trying to know different alternatives to achieve this. No reliable solutions I found though yet :(
Regards,
Hari 
push
same problem here!

Why use oracle apex listener

Hi all,
Up till now I have been working with Oracle 10gXE and Apex 3 and 4. I just install both as is.
So I think I make use of the mod-plsql connection method.
What are the advantages of using apex listener?
Where can I read about an implementation and optimum use of apex listener?
Tnx in advance.
Raoul 
Hi Raoul,
at first, note that "mod_plsql" and APEX Listener are two different things. The first one uses a HTTP Server (usually Oracle HTTP Server (OHS), based on Apache HTTPD), the second one either an existing JEE Container or can be run in "Standalone Mode" using the embedded Grizzly.
What are the advantages of using apex listener?There have been a few posts on that topic in the past:
{thread:id=1100122}
{thread:id=1555908}
{thread:id=1594158}
Where can I read about an implementation and optimum use of apex listener?The first place to look would be the [url http://www.oracle.com/technetwork/developer-tools/apex-listener/documentation/index.html]Documentation for APEX Listener. There also is a general [url http://www.oracle.com/technetwork/developer-tools/apex-listener/overview/index.html]Overview for possible APEX Listener implementation scenarios.
If there's anything you don't find in either the posts or the documentation, don't hesitate to ask.
-Udo 
Hi Raoul,
is your question answered? Then please mark this thread accordingly and any helpful or correct answer to help other users to spot relevant posts.
Thanks,
Udo

The URL from Apex Listener.

Hi everybody!
I set up my Apex Listener in a Standalone Mode
How can I set up my URL with my words such as: http:/localhost:8585/myapplication/f?.......
replace for the default URL: http:/localhost:8585/apex/f?.......
I don't know where my DAD is, and how many steps should I do to complete this changes?
And how about
http://localhost:8585/apex" or "http://localhost:8585/apex/apex_admin?
Thanks for any help. 
Hi,
the APEX Listener has fixed (hard coded) contexts in Standalone Mode, so you can't do that. Either deploy the war file to a regular JEE server where you can choose the context, or put a HTTP (reverse) proxy in front to do the switch for you.
Note that Standalone Mode is not intended to be used for productive deployments, but for testing and development purposes only.
-Udo 
thanks very much Udo! 
I'm glad I could help.
Please mark this thread as answered and any helpful or correct answer accordingly, so other users searching the forum might spot relevant posts easily.
Thanks,
Udo

Categories

Resources