B Configuring Oracle HTTP Server Distributed with Oracle9i Release 2

In Oracle HTTP Server distributed with Oracle9i Release 2 (9.2), the wdbsvr.app file contains information about the DAD to access Oracle Application Express. A DAD is a set of values that specify how the Oracle HTTP Server component modplsql connects to the database server to fulfill an HTTP request.

Topics in this appendix include:

B.1 Recommended Pre-installation Tasks

Before installing Oracle Application Express, Oracle recommends that you complete the following steps:

  1. Review and satisfy all Oracle Application Express installation requirements. See "Oracle Application Express Installation Requirements".

  2. Shut down any existing Oracle Database instances as well as Oracle-related processes.

    Shut down any existing Oracle Database instances with normal or immediate priority, except for the database where you plan to install the Oracle Application Express schemas. On Oracle Real Application Clusters (Oracle RAC) systems, shut down all instances on each node.

    If Automatic Storage Management (ASM) is running, shut down all databases that use ASM except for the database where you will install Oracle Application Express, and then shut down the ASM instance.

    You can use the Windows Services utility, located either in the Windows Control Panel or from the Administrative Tools menu (under Start and then Programs), to shut down Oracle Database and ASM instances. Names of Oracle databases are preceded with OracleService. The Oracle ASM service is named OracleASMService+ASM. In addition, shut down the OracleCSService service, which ASM uses. Right-click the name of the service and from the menu, choose Stop.

  3. Back up the Oracle Database installation.

    Oracle recommends that you create a backup of the current installation of Oracle Database installation before you install Oracle Application Express. You can use Oracle Database Recovery Manager, which is included the Oracle Database installation, to perform the backup.

  4. Start the Oracle Database instance that contains the target database.

    After backing up the system, you must start the Oracle instance that contains the target Oracle database. Do not start other processes such as the listener or Oracle HTTP Server. However, if you are performing a remote installation, make sure the database listener for the remote database has started.

    Note:

    If you are connecting to a remote database, then start the listener.

B.2 Downloading from OTN and Configuring Oracle HTTP Server

This section describes how to install Oracle Application Express by downloading a ZIP file from OTN and then configuring Oracle HTTP Server distributed with Oracle9i Release 2.

Topics in this section include:

B.2.1 Install the Oracle Database and Complete Pre-installation Tasks

Oracle Application Express requires an Oracle database that is release 9.2.0.3 or later. To learn more, see the Oracle Database Installation Guide for your operating environment and "Recommended Pre-installation Tasks".

B.2.2 Download and Install the Software

To install Oracle Application Express:

  1. Download the file apex_3.2.zip from the Oracle Application Express download page. See:

    http://www.oracle.com/technetwork/developer-tools/apex/overview/index.html
    

    Note that the actual file name may differ if a more recent release has shipped since this document was published.

  2. Unzip apex_3.2.zip as follows, preserving directory names:

    • UNIX and Linux: Unzip apex_3.2.zip

    • Windows: Double click the file apex_3.2.zip in Windows Explorer

  3. Change your working directory to apex.

  4. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role. For example:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  5. Disable any existing password complexity rules for the default profile. See "Configuring Password Protection" in Oracle Database Security Guide.

  6. Select the appropriate installation option.

    Full development environment provides complete access to the Application Builder environment to develop applications. A Runtime environment enables users to run applications that cannot be modified. To learn more, see "About the Oracle Application Express Runtime Environment".

    Available installation options include:

    • Full development environment. Run apexins.sql passing the following four arguments in the order shown:

      @apexins tablespace_apex tablespace_files tablespace_temp images
      

      Where:

      • tablespace_apex is the name of the tablespace for the Oracle Application Express application user.

      • tablespace_files is the name of the tablespace for the Oracle Application Express files user.

      • tablespace_temp is the name of the temporary tablespace.

      • images is the virtual directory for Oracle Application Express images. To support future Oracle Application Express upgrades, define the virtual image directory as /i/.

      Example:

      @apexins SYSAUX SYSAUX TEMP /i/
      
    • Runtime environment. Run apxrtins.sql passing the following arguments in the order shown:

      @apxrtins tablespace_apex tablespace_files tablespace_temp images
      

      Where:

      • tablespace_apex is the name of the tablespace for the Oracle Application Express application user.

      • tablespace_files is the name of the tablespace for the Oracle Application Express files user.

      • tablespace_temp is the name of the temporary tablespace.

      • images is the virtual directory for Oracle Application Express images. To support future Oracle Application Express upgrades, define the virtual image directory as /i/.

      Example:

      @apxrtins SYSAUX SYSAUX TEMP /i/
      

See Also:

Oracle Database PL/SQL Language Reference for more information about SQL*Plus

When Oracle Application Express installs it creates three new database accounts:

  • APEX_030200 - The account that owns the Oracle Application Express schema and metadata.

  • FLOWS_FILES - The account that owns the Oracle Application Express uploaded files.

  • APEX_PUBLIC_USER - The minimally privileged account used for Oracle Application Express configuration with Oracle HTTP Server and mod_plsql.

If you are upgrading from a previous release, FLOWS_FILES, already exists and APEX_PUBLIC_USER is created if it does not already exist.

Tip:

Oracle Application Express must be installed from a writable directory on the file system. See "Reviewing a Log of an Installation Session".

B.2.3 Change the Password for the ADMIN Account

In a new installation of Oracle Application Express, or if you are converting a runtime environment to a development environment, you must change the password of the internal ADMIN account. In an upgrade scenario, the password will be preserved and carried over from the prior release.

To change the password for the ADMIN account:

  1. Change your working directory to the apex directory where you unzipped the installation software.

  2. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role. For example:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  3. Run apxchpwd.sql. For example:

    @apxchpwd
    

    When prompted enter a password for the ADMIN account.

See Also:

Oracle Database PL/SQL Language Reference for more information about SQL*Plus

B.2.4 Restart Processes

After you install Oracle Application Express, you must restart the processes that you stopped before you began the installation, such as listener and other processes. In addition, restart Oracle HTTP Server.

B.2.5 Configure Oracle HTTP Server

This section describes how to configure Oracle HTTP Server with mod_plsql distributed with Oracle9i Release 2.

Topics in this section include:

B.2.5.1 Unlock the APEX_PUBLIC_USER Account

The APEX_PUBLIC_USER account is locked at the end of a new installation of Oracle Application Express. You must unlock this account before configuring the database access descriptor (DAD) in a new installation.

To unlock the APEX_PUBLIC_USER account:

  1. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role. For example:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  2. Run the following statement:

    ALTER USER APEX_PUBLIC_USER ACCOUNT UNLOCK
    

B.2.5.2 Change the Password for the APEX_PUBLIC_USER Account

The APEX_PUBLIC_USER account is created with a random password in a new installation of Oracle Application Express. You will must change the password for this account before configuring the database access descriptor (DAD) in a new installation.

To change the password for the APEX_PUBLIC_USER account:

  1. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role. For example:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  2. Run the following statement:

    ALTER USER APEX_PUBLIC_USER IDENTIFIED BY new_password
    

    Where new_password is the new password you are setting for APEX_PUBLIC_USER. You will use this password when creating the DAD in the sections that follow.

B.2.5.2.1 About Password Expiration in Oracle Database 11g

In the default profile in Oracle Database 11g, the parameter PASSWORD_LIFE_TIME is set to 180. If you are using Oracle Database 11g with Oracle Application Express, this causes the password for APEX_PUBLIC_USER to expire in 180 days. As a result, your Oracle Application Express instance will become unusable until you change the password.

To prevent this behavior, create another profile in which the PASSWORD_LIFE_TIME parameter is set to unlimited and alter the APEX_PUBLIC_USER account and assign it the new profile.

See Also:

Oracle Database Security Guide for information on creating profiles and assigning them to database users.

B.2.5.3 Copy the Images Directory

Whether you are loading a new installation or upgrading from a previous release, you must copy the images directory from the top level of the apex\images directory to the location on the file system containing the Oracle home for Oracle HTTP Server.

Topics in this section include:

B.2.5.3.1 Copying the Images Directory After an Upgrade

During an upgrade, you must overwrite your existing images directory. Before you begin the upgrade, to ensure that you can revert to the previous version, Oracle recommends that you create a copy of your existing images directory for Oracle Application Express, indicating the release number of the images (for example, images_3_1).

To locate the images directory on the file system, review the httpd.conf file for the text alias /i/.

When you locate the images directory path, copy the existing images directory to a backup location. Doing so enables you to revert to the previous release, if that becomes necessary.

After you copy the existing images directory, use the following command syntax to copy the apex\images directory from the Oracle Database home to the existing images directory path, overwriting the existing images:

  • On Windows:

    xcopy /E /I APEX_HOME\apex\images ORACLE_HTTPSERVER_HOME\Apache\images
    
  • On UNIX and Linux:

    cp -rf APEX_HOME/apex/images ORACLE_HTTPSERVER_HOME/Apache
    

In the preceding syntax examples:

  • ORACLE_HOME is the Oracle Database Oracle home

  • ORACLE_HTTPSERVER_HOME is the existing Oracle HTTP Server Oracle home

B.2.5.3.2 Copying the Images Directory in a New Installation

After installation, copy the directory apex/images.

  • On Windows:

    xcopy /E /I ORACLE_HOME\apex\images ORACLE_HTTPSERVER_HOME\Apache\images
    
  • On UNIX and Linux:

    cp -rf $ORACLE_HOME/apex/images ORACLE_HTTPSERVER_HOME/Apache
    

In the preceding syntax examples:

  • ORACLE_HOME is the Oracle Database Oracle home

  • ORACLE_HTTPSERVER_HOME is the existing Oracle HTTP Server Oracle home

B.2.5.4 Modifying the wdbsvr.app File

To create the DAD, you modify the wdbsvr.app file and add an entry for Oracle Application Express.

To modify the wdbsvr.app file:

  1. Use a text editor and open the wdbsvr.app file:

    • On Windows, see:

      ORACLE_HTTPSERVER_HOME\Apache\modplsql\cfg\wdbsvr.app
      
    • On UNIX and Linux, see:

      ORACLE_HTTPSERVER_HOME/Apache/modplsql/cfg/wdbsvr.app
      
  2. Add an entry for Oracle Application Express using the following syntax. Only change the settings indicated in italics.

    [DAD_apex] 
     connect_string = localhost:1521:orcl 
     password = apex 
     username = apex_public_user 
     default_page = apex 
     document_table = wwv_flow_file_objects$ 
     document_path = docs 
     document_proc = wwv_flow_file_mgr.process_download 
     reuse = Yes 
     enablesso = No 
     stateful = STATELESS_RESET 
     nls_lang = American_America.AL32UTF8
    

    Where:

    • connect_string refers to the host ID, port number, and Oracle9i database where Oracle Application Express was installed. Use the format host:port:sid.

      If the Oracle9i version of Oracle HTTP Server you want to use is installed in the same Oracle home as the database you specified for use with Oracle Application Express, leave this parameter blank.

    • password is the password you changed for the APEX_PUBLIC_USER. See "Change the Password for the APEX_PUBLIC_USER Account".

    • nls_lang determines the language setting of the DAD. The character set portion of the nls_lang value must always be set to AL32UTF8, regardless of whether or not the database character set is AL32UTF8.

      If either the territory portion or the language portion of the NLS settings contains a space, you must wrap the value in double quotes as shown in the following example:

      nls_lang = "ENGLISH_UNITED KINGDOM.AL32UTF8"
      

      You can find information about your database's NLS settings by querying the view NLS_DATABASE_PARAMETERS as shown in the following example:

       SELECT parameter,value 
       FROM nls_database_parameters 
       WHERE PARAMETER IN ('NLS_CHARACTERSET','NLS_LANGUAGE','NLS_TERRITORY');
      
  3. Leave the remaining settings, including the user name setting, as they appear in the previous example.

  4. Save and exit the wdbsvr.app file.

B.2.5.5 Modify the Oracle9i httpd.conf

You must modify the httpd.conf file to include an alias that points to the file system path where you copied the images directory. You may also need to modify the httpd.conf file to add two new MIME types to support SQL Workshop.

To modify httpd.conf file:

  1. Use a text editor and open the httpd.conf file:

    • On Windows:

      ORACLE_HTTPSERVER_HOME\Apache\Apache\conf\httpd.conf
      
    • On UNIX and Linux:

      ORACLE_HTTPSERVER_HOME/Apache/Apache/conf/httpd.conf
      
  2. Add an alias entry that points to the file system path where you copied the images directory.

    • Windows example:

      Alias /i/ "C:\oracle\ora92\Apache\Apache\images/" 
      
    • UNIX and Linux example:

      Alias /i/ "/home/oracle/OraHome1/Apache/Apache/images/" 
      

    Note that the previous examples assume you specified the image directory alias as /i/ when you ran the apexins.sql script.

    Note you must include the forward slash (/) at the end of the path.

  3. Next, add the following two lines to support SQL Workshop if they do not currently exist:

    AddType text/xml             xbl
    AddType text/x-component     htc 
    

    If you are upgrading from Oracle HTML DB 2.0 or later, these MIME types should already exist.

  4. Save and exit the httpd.conf file.

  5. Stop and restart Oracle HTTP Server.

    • On Windows, Stop and restart Oracle HTTP Server:

      • Stop Oracle HTTP Server - From the Start menu, select Programs, Oracle - OraHome, Oracle HTTP Server, and Stop HTTP Server.

      • Restart Oracle HTTP Server - From the Start menu, select Programs, Oracle - OraHome, Oracle HTTP Server, and Start HTTP Server.

    • On UNIX and Linux, execute the following commands:

      ORACLE_HTTPSERVER_HOME/Apache/Apache/bin/apachectl stop
      ORACLE_HTTPSERVER_HOME/Apache/Apache/bin/apachectl start
      

    Note that if the Oracle HTTP Server is listening on a port less than 1024, then these commands must be executed as a privileged user (such as root).

B.2.6 About Enabling Network Services in Oracle Database 11g

By default, the ability to interact with network services is disabled in Oracle Database 11g release 1 (11.1). Therefore, if you are running Oracle Application Express with Oracle Database 11g release 1 (11.1), you must use the new DBMS_NETWORK_ACL_ADMIN package to grant connect privileges to any host for the APEX_030200 database user. Failing to grant these privileges results in issues with:

  • Sending outbound mail in Oracle Application Express.

    Users can call methods from the APEX_MAIL package, but issues arise when sending outbound email.

  • Using Web services in Oracle Application Express.

  • PDF/report printing.

  • Searching for content in online Help (that is, using the Find link).

Topics in this section include:

Tip:

To run the examples described in this section, the compatible initialization parameter of the database must be set to at least 11.1.0.0.0. By default an 11g database will already have the parameter set properly, but a database upgraded to 11g from a prior version may not. See "Creating and Configuring an Oracle Database" in Oracle Database Administrator's Guide for information about changing database initialization parameters.

B.2.6.1 Granting Connect Privileges

The following example demonstrates how to grant connect privileges to any host for the APEX_030200 database user. This example assumes you connected to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role.

DECLARE
  ACL_PATH  VARCHAR2(4000);
  ACL_ID    RAW(16);
BEGIN
  -- Look for the ACL currently assigned to '*' and give APEX_030200
  -- the "connect" privilege if APEX_030200 does not have the privilege yet.

  SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
   WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;

  -- Before checking the privilege, ensure that the ACL is valid
  -- (for example, does not contain stale references to dropped users).
  -- If it does, the following exception will be raised:
  --
  -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_030200'
  -- ORA-06512: at "XDB.DBMS_XDBZ", line ...
  --
  SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
    FROM XDB.XDB$ACL A, PATH_VIEW P
   WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
         EQUALS_PATH(P.RES, ACL_PATH) = 1;

  DBMS_XDBZ.ValidateACL(ACL_ID);
   IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_030200', 
     'connect') IS NULL THEN 
      DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH, 
     'APEX_030200', TRUE, 'connect'); 
  END IF;

EXCEPTION
  -- When no ACL has been assigned to '*'.
  WHEN NO_DATA_FOUND THEN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
    'ACL that lets power users to connect to everywhere',
    'APEX_030200', TRUE, 'connect');
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
/
COMMIT;

The following example demonstrates how to provide less privileged access to local network resources. This example would enable indexing the Oracle Application Express Online Help and could possibly enable email and PDF printing if those servers were also on the local host.

DECLARE
  ACL_PATH  VARCHAR2(4000);
  ACL_ID    RAW(16);
BEGIN
  -- Look for the ACL currently assigned to 'localhost' and give APEX_030200
  -- the "connect" privilege if APEX_030200 does not have the privilege yet.
  SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
   WHERE HOST = 'localhost' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;

  -- Before checking the privilege, ensure that the ACL is valid
  -- (for example, does not contain stale references to dropped users).
  -- If it does, the following exception will be raised:
  --
  -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_030200'
  -- ORA-06512: at "XDB.DBMS_XDBZ", line ...
  --

  SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
    FROM XDB.XDB$ACL A, PATH_VIEW P
   WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
         EQUALS_PATH(P.RES, ACL_PATH) = 1;

  DBMS_XDBZ.ValidateACL(ACL_ID);
   IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_030200', 
     'connect') IS NULL THEN 
      DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH, 
     'APEX_030200', TRUE, 'connect'); 
  END IF;

EXCEPTION
  -- When no ACL has been assigned to 'localhost'.
  WHEN NO_DATA_FOUND THEN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('local-access-users.xml',
    'ACL that lets power users to connect to everywhere',
    'APEX_030200', TRUE, 'connect');
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('local-access-users.xml','localhost');
END;
/
COMMIT;

B.2.6.2 Troubleshooting an Invalid ACL Error

If you receive an ORA-44416: Invalid ACL error after running the previous script, use the following query to identify the invalid ACL:

REM Show the dangling references to dropped users in the ACL that is assigned
REM to '*'.

SELECT ACL, PRINCIPAL
  FROM DBA_NETWORK_ACLS NACL, XDS_ACE ACE
 WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL AND
       NACL.ACLID = ACE.ACLID AND
       NOT EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);

Next, run the following code to fix the ACL:

DECLARE
  ACL_ID   RAW(16);
  CNT      NUMBER;
BEGIN
  -- Look for the object ID of the ACL currently assigned to '*'
  SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
   WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;

  -- If just some users referenced in the ACL are invalid, remove just those
  -- users in the ACL. Otherwise, drop the ACL completely.
  SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
   WHERE ACLID = ACL_ID AND
         EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);

  IF (CNT > 0) THEN

    FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
               WHERE ACLID = ACL_ID AND
                     NOT EXISTS (SELECT NULL FROM ALL_USERS
                                  WHERE USERNAME = PRINCIPAL)) LOOP
      UPDATE XDB.XDB$ACL
         SET OBJECT_VALUE =
               DELETEXML(OBJECT_VALUE,
                         '/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')
       WHERE OBJECT_ID = ACL_ID;
    END LOOP;

  ELSE
    DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
  END IF;

END;
/

REM commit the changes.

COMMIT;

Once the ACL has been fixed, you must run the first script in this section to apply the ACL to the APEX_030200 user. See "Granting Connect Privileges".

B.2.7 Security Considerations

Oracle highly recommends you configure and use a Secure Sockets Layer (SSL) to ensure that passwords and other sensitive data are not transmitted in clear text in HTTP requests. Without the use of SSL, passwords could potentially be exposed, compromising security.

SSL is an industry standard protocol that uses RSA public key cryptography in conjunction with symmetric key cryptography to provide authentication, encryption, and data integrity.

B.2.8 About Running Oracle Application Express in Other Languages

The Oracle Application Express interface is translated into German, Spanish, French, Italian, Japanese, Korean, Brazilian Portuguese, Simplified Chinese, and Traditional Chinese. A single instance of Oracle Application Express can be installed with one or more of these translated versions. At runtime, each user's Web browser language settings determine the specific language version.

The translated version of Oracle Application Express should be loaded into a database that has a character set that supports the specific language. If you attempt to install a translated version of Oracle Application Express into a database that does not support the character encoding of the language, the installation may fail or the translated Oracle Application Express instance may appear corrupt when run. The database character set AL32UTF8 supports all the translated versions of Oracle Application Express.

You can manually install translated versions of Oracle Application Express using SQL*Plus. The installation files are encoded in AL32UTF8.

Note:

Regardless of the target database character set, to install a translated version of Oracle Application Express, you must set the character set value of the NLS_LANG environment variable to AL32UTF8 before starting SQL*Plus.

The following examples illustrate valid NLS_LANG settings for loading Oracle Application Express translations:

American_America.AL32UTF8
Japanese_Japan.AL32UTF8 

B.2.8.1 Installing a Translated Version of Oracle Application Express

Whether you are installing for the first time or upgrading from a previous release, you must run the load_lang.sql script to run a translated version of Oracle Application Express.

The installation scripts are located in subdirectories identified by a language code in the unzipped distribution apex/builder. For example, the German version is located in apex/builder/de and the Japanese version is located in apex/builder/ja. Within each of directory, there is a language loading script identified by the language code (for example, load_de.sql or load_ja.sql).

To install a translated version of Oracle Application Express:

  1. Set the NLS_LANG environment variable, making sure that the character set is AL32UTF8. For example:

    • Bourne or Korn shell:

      NLS_LANG=American_America.AL32UTF8
      export NLS_LANG
      
    • C shell:

      setenv NLS_LANG American_America.AL32UTF8
      
    • For Windows based systems:

      set NLS_LANG=American_America.AL32UTF8
      
  2. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role. For example:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  3. Execute the following statement:

    ALTER SESSION SET CURRENT_SCHEMA = APEX_030200;
    
  4. Execute the appropriate language specific script. For example:

    @load_lang.sql
    

    Where lang is the specific language (for example, load_de.sql for German or load_ja.sql for Japanese).

B.2.9 About Managing JOB_QUEUE_PROCESSES

JOB_QUEUE_PROCESSES determine the maximum number of concurrently running jobs. In Oracle Application Express release 3.2, transactional support and SQL scripts require jobs. If JOB_QUEUE_PROCESSES is not enabled and working properly, you cannot successfully execute a script.

Topics in this section include:

B.2.9.1 Viewing the Number of JOB_QUEUE_PROCESSES

There are currently three ways to view the number of JOB_QUEUE_PROCESSES:

  • In the installation log file

  • On the About Application Express page in Oracle Application Express

  • From SQL*Plus

B.2.9.1.1 Viewing JOB_QUEUE_PROCESSES in the Installation Log File

After installing or upgrading Oracle Application Express to release 3.2, you can view the number of JOB_QUEUE_PROCESSES in the installation log files. See "Reviewing a Log of an Installation Session".

B.2.9.1.2 Viewing JOB_QUEUE_PROCESSES in Oracle Application Express

You can also view the number of JOB_QUEUE_PROCESSES on the About Application Express page.

To view the About Application Express page:

  1. Log in to Oracle Application Express. See "Logging in to Your Oracle Application Express Workspace".

  2. On the Administration list, click About Application Express.

    The current number JOB_QUEUE_PROCESSES displays at the bottom of the page.

B.2.9.1.3 Viewing JOB_QUEUE_PROCESSES from SQL*Plus

You can also view the number of JOB_QUEUE_PROCESSES from SQL*Plus by running the following SQL statement:

SELECT VALUE FROM v$parameter WHERE NAME = 'job_queue_processes'

B.2.9.2 Changing the Number of JOB_QUEUE_PROCESSES

You can change the number of JOB_QUEUE_PROCESSES by running a SQL statement in SQL*Plus:

To update the number of JOB_QUEUE_PROCESSES:

  1. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  2. In SQL*Plus run the following SQL statement:

    ALTER SYSTEM SET JOB_QUEUE_PROCESSES = <number>
    

    For example, running the statement ALTER SYSTEM SET JOB_QUEUE_PROCESSES = 20 sets JOB_QUEUE_PROCESSES to 20.

B.2.10 About Obfuscating PlsqlDatabasePassword Parameter

The PlsqlDatabasePassword parameter specifies the password for logging in to the database. You can use the dadTool.pl utility to obfuscate passwords in the dads.conf file.

You can find the dadTool.pl utility in the following directory:

  • For UNIX and Linux based systems:

    ORACLE_BASE/ORACLE_HTTPSERVER_HOME/Apache/modplsql/conf
    
  • For Windows based systems:

    ORACLE_BASE\ORACLE_HTTPSERVER_HOME\Apache\modplsql\conf
    

B.2.10.1 Obfuscating Passwords

To obfuscate passwords, run dadTool.pl by following the instructions in the dadTool.README file.

B.2.11 Create a Workspace and Add Oracle Application Express Users

You access the Oracle Application Express home page by logging in to workspace using a Web browser. Your Web browser must support JavaScript and the HTML 4.0 and CSS 1.0 standards. See "Browser Requirement".

A workspace is a virtual private database allowing multiple users to work within the same Oracle Application Express installation while keeping their objects, data and applications private. Each workspace has a unique ID and name.

An Oracle Application Express administrator can create a workspace manually within Oracle Application Express Administration Services or have users submit requests. Oracle Application Express Administration Services is a separate application for managing an entire Oracle Application Express instance. See "Creating Workspaces" and "Managing Workspace Requests" in Oracle Application Express Administration Guide.

See Also:

Oracle Database 2 Day + Oracle Application Express Developer's Guide if you are new to Oracle Application Express

Topics in this section include:

B.2.11.1 Creating a Workspace Manually

To create an Oracle Application Express workspace manually:

  1. Log in to Oracle Application Express Administration Services. Oracle Application Express Administration Services is a separate application for managing an entire Oracle Application Express instance. You log in using the ADMIN account and password created or reset during the installation process.

    1. In a Web browser, navigate to the Oracle Application Express Administration Services application.

      If your setup uses Apache and mod_plsql, go to:

      http://hostname:port/pls/apex/apex_admin
      

      Where:

      hostname is the name of the system where Oracle HTTP Server is installed.

      port is the port number assigned to Oracle HTTP Server. In a default installation, this number is 7777.

      pls is the indicator to use the mod_plsql cartridge.

      apex is the database access descriptor (DAD) defined in the mod_plsql configuration file.

    2. On the Login page:

      • In Username, enter admin.

      • In Password, enter the Oracle Application Express administrator account password you specified when you installed Oracle Application Express.

      • Click Login.

    See Also:

    See "Logging in to Oracle Application Express Administration Services" in Oracle Application Express Administration Guide.

    Next, create a workspace.

  2. Click Manage Workspaces.

  3. Under Manage Workspaces, click Create Workspace.

    The Create Workspace Wizard appears.

  4. For Identify Workspace, enter a workspace name and description and click Next.

  5. For Identify Schema, select the Oracle Forms application schema.

    1. For Re-use existing schema, select Yes.

    2. Select a schema from the list.

    3. Click Next.

  6. For Identify Administrator, enter the Workspace administrator information and click Next.

  7. Confirm your selections and click Create.

B.2.11.2 Creating Oracle Application Express Users

To create an Oracle Application Express user account:

  1. Log in to Oracle Application Express Administration Services as described in the previous section. See "Logging in to Oracle Application Express Administration Services" in Oracle Application Express Administration Guide.

  2. Click Manage Workspaces.

  3. Under Manage Workspaces, click Manage Developers and Users.

    The Manage Developers and Users page appears.

  4. Click Create.

    The Create/Edit User page appears.

  5. Under User Attributes, enter the appropriate information. Fields marked with an asterisk are required.

    Tip:

    To learn more about a specific attribute, click the item label. When Help is available, the item label changes to red when you pass your cursor over it and the cursor changes to an arrow and question mark.
  6. Under Password, type a case-sensitive password for this account.

    If your organization has set up a password policy, be sure the password meets the requirements.

  7. Under Developer Privileges, select the appropriate privileges:

    • User is a developer - To add this user as a developer or Workspace administrator, select Yes. For end users, select No.

      Developers can create and modify applications and database objects as well as view developer activity, session state, workspace activity, application, and schema reports.

    • User is a workspace administrator - To add this user as a Workspace administrator, select Yes. For developers or end users, select No.

      In addition to having developer privileges, workspace administrators can create and edit user accounts, manage groups, alter passwords of users within the same workspace, and manage development services.

  8. Under Account Control, specify the following:

    • Account Availability - Select Unlocked to enable a user to log in to this account.

    • Require Change of Password on First Use - Select Yes to require the user to change the password immediately after logging in with the current, temporary password. Otherwise, select No.

  9. Click Create User or Create and Create Another.

B.2.11.3 Logging in to Your Oracle Application Express Workspace

Once you create a workspace, you must log in to it using your login credentials (that is, the workspace name, user name, and password).

See Also:

See "Creating Workspaces" and "Managing Workspace Requests" in Oracle Application Express Administration Guide

To log in to a workspace:

  1. In a Web browser, navigate to the Oracle Application Express Login page.

    If your setup uses Oracle HTTP Server (Apache) and mod_plsql, go to:

    http://hostname:port/pls/apex
    

    Where:

    • hostname is the name of the system where Oracle HTTP Server is installed.

    • port is the port number assigned to Oracle HTTP Server. In a default installation, this number is 7777. You can find information about your Oracle HTTP Server installation's port number from either of the following files:

      ORACLE_BASE\ORACLE_HOME\install\portlist.ini
      ORACLE_BASE\ORACLE_HTTPSERVER_HOME\Apache\Apache\conf\httpd.conf
      

      Be aware that if you change a port number, it is not updated in the portlist.ini file. You can only rely on this file immediately after installation.

    • pls is the indicator to use the mod_plsql cartridge.

    • apex is the database access descriptor (DAD) defined in the mod_plsql configuration file.

      For users who have upgraded from earlier releases, or who have a custom configuration, this value may be htmldb or something else. Verify your DAD with your Oracle Application Express administrator.

    The Login page appears.

  2. Under Login, enter the following:

    • Workspace field - Enter the name of your workspace.

    • Username field - Enteryour user name.

    • Password field - Enter your case-sensitive password.

  3. Click Login.

    Note that, depending on your setup, you might be required to change your password when you log in for the first time.

B.3 Install the Database and Configure Oracle HTTP Server

This section describes how to configure Oracle HTTP Server with mod_plsql in a new installation.

Topics in this section include:

Note that instructions do not apply if you are running Oracle HTTP Server distributed with Oracle9i Release 2. To learn more, see "Configuring Oracle HTTP Server Distributed with Oracle9i Release 2".

Note:

Within the context of this section, the Oracle home directory (ORACLE_HTTPSERVER_HOME) is the location where Oracle HTTP Server is installed.

B.3.1 Install the Oracle Database and Complete Pre-installation Tasks

Oracle Application Express requires an Oracle database that is release 9.2.0.3 or later. To learn more, see the Oracle Database Installation Guide for your operating environment and "Recommended Pre-installation Tasks".

B.3.2 Configure Oracle HTTP Server Distributed with Oracle Database Release 9.0.3

Perform the following postinstallation steps if:

  • This is a new installation of Oracle Application Express (that is, you are not upgrading from a previous release)

  • You are running Oracle HTTP Server distributed with Oracle Database Release 9.0.3.

  • Oracle HTTP Server is installed in an Oracle home.

Topics in this section include:

Note:

Within the context of this section, the Oracle home directory (ORACLE_HTTPSERVER_HOME) is the location where Oracle HTTP Server is installed.

B.3.2.1 Change the Password for the ADMIN Account

First, change the password for the Oracle Application Express ADMIN account.

To change the password for the ADMIN account:

  1. Change your working directory to ORACLE_BASE\ORACLE_HOME\apex or whatever convention used to indicate the Oracle home.

  2. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS. For example:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  3. Run apxchpwd.sql. For example:

    @apxchpwd.sql
    

    When prompted enter a password for the ADMIN account.

B.3.2.2 Unlock the APEX_PUBLIC_USER Database User

When configuring Oracle HTTP Server for Oracle Application Express in a new installation, the database user APEX_PUBLIC_USER must be an unlocked account. To unlock the account for database user APEX_PUBLIC_USER, execute the following steps:

  1. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS. For example:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  2. Run the following statement:

    ALTER USER APEX_PUBLIC_USER ACCOUNT UNLOCK
    

B.3.2.3 Change the Password for the APEX_PUBLIC_USER Database User

In order to specify the password in the DAD file, you have to change the password for the database user APEX_PUBLIC_USER. Please use the following steps to change the password for the APEX_PUBLIC_USER database user:

  1. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS. For example:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  2. Run the following statement:

    SQL> PASSWORD APEX_PUBLIC_USER
    Changing password for APEX_PUBLIC_USER
    New password: password
    Retype new password: password
    
B.3.2.3.1 About Password Expiration in Oracle Database 11g

In the default profile in Oracle Database 11g, the parameter PASSWORD_LIFE_TIME is set to 180. If you are using Oracle Database 11g with Oracle Application Express, this causes the password for APEX_PUBLIC_USER to expire in 180 days. As a result, your Oracle Application Express instance will become unusable until you change the password.

To prevent this behavior, create another profile in which the PASSWORD_LIFE_TIME parameter is set to unlimited and alter the APEX_PUBLIC_USER account and assign it the new profile.

See Also:

Oracle Database Security Guide for information on creating profiles and assigning them to database users.

B.3.2.4 Modifying the wdbsvr.app File

To create the DAD, you modify the wdbsvr.app file and add an entry for Oracle Application Express.

To modify the wdbsvr.app file:

  1. Use a text editor and open the wdbsvr.app file:

    • On Windows, see:

      ORACLE_HTTPSERVER_HOME\Apache\modplsql\cfg\wdbsvr.app
      
    • On UNIX and Linux, see:

      ORACLE_HTTPSERVER_HOME/Apache/modplsql/cfg/wdbsvr.app
      
  2. Add an entry for Oracle Application Express using the following syntax. Only change the settings indicated in italics.

    [DAD_apex] 
     connect_string = localhost:1521:orcl 
     password = apex 
     username = apex_public_user 
     default_page = apex 
     document_table = wwv_flow_file_objects$ 
     document_path = docs 
     document_proc = wwv_flow_file_mgr.process_download 
     reuse = Yes 
     enablesso = No 
     stateful = STATELESS_RESET 
     nls_lang = American_America.AL32UTF8
    

    Where:

    • connect_string refers to the host ID, port number, and Oracle9i database where Oracle Application Express was installed. Use the format host:port:sid.

      If the Oracle9i version of Oracle HTTP Server you want to use is installed in the same Oracle home as the database you specified for use with Oracle Application Express, leave this parameter blank.

    • password is the password you changed for the APEX_PUBLIC_USER. See "Change the Password for the APEX_PUBLIC_USER Database User".

    • nls_lang determines the language setting of the DAD. The character set portion of the nls_lang value must always be set to AL32UTF8, regardless of whether or not the database character set is AL32UTF8.

      If either the territory portion or the language portion of the NLS settings contains a space, you must wrap the value in double quotes as shown in the following example:

      nls_lang = "ENGLISH_UNITED KINGDOM.AL32UTF8"
      

      You can find information about your database's NLS settings by querying the view NLS_DATABASE_PARAMETERS as shown in the following example:

       SELECT parameter,value 
       FROM nls_database_parameters 
       WHERE PARAMETER IN ('NLS_CHARACTERSET','NLS_LANGUAGE','NLS_TERRITORY');
      
  3. Leave the remaining settings, including the user name setting, as they appear in the previous example.

  4. Save and exit the wdbsvr.app file.

B.3.2.5 Modify the Oracle9i httpd.conf

You must modify the httpd.conf file to include an alias that points to the file system path where you copied the images directory. You may also need to modify the httpd.conf file to add two new MIME types to support SQL Workshop.

To modify httpd.conf file:

  1. Use a text editor and open the httpd.conf file:

    • On Windows:

      ORACLE_HTTPSERVER_HOME\Apache\Apache\conf\httpd.conf
      
    • On UNIX and Linux:

      ORACLE_HTTPSERVER_HOME/Apache/Apache/conf/httpd.conf
      
  2. Add an alias entry that points to the file system path where you copied the images directory.

    • Windows example:

      Alias /i/ "C:\oracle\ora92\Apache\Apache\images/" 
      
    • UNIX and Linux example:

      Alias /i/ "/home/oracle/OraHome1/Apache/Apache/images/" 
      

    Note that the previous examples assume you specified the image directory alias as /i/ when you ran the apexins.sql script.

    Note you must include the forward slash (/) at the end of the path.

  3. Next, add the following two lines to support SQL Workshop if they do not currently exist:

    AddType text/xml             xbl
    AddType text/x-component     htc 
    

    If you are upgrading from Oracle HTML DB 2.0 or later, these MIME types should already exist.

  4. Save and exit the httpd.conf file.

B.3.2.6 Stop and Restart Oracle HTTP Server

To stop and restart Oracle HTTP Server:

  • On Windows, Stop and restart Oracle HTTP Server:

    • Stop Oracle HTTP Server - From the Start menu, select Programs, Oracle - OraHome, Oracle HTTP Server, and Stop HTTP Server.

    • Restart Oracle HTTP Server - From the Start menu, select Programs, Oracle - OraHome, Oracle HTTP Server, and Start HTTP Server.

  • On UNIX and Linux, execute the following commands:

    ORACLE_HTTPSERVER_HOME/Apache/Apache/bin/apachectl stop
    ORACLE_HTTPSERVER_HOME/Apache/Apache/bin/apachectl start
    

Note that if the Oracle HTTP Server is listening on a port less than 1024, then these commands must be executed as a privileged user (such as root).

B.3.2.7 Copy the Images Directory

Whether you are loading a new installation or upgrading from a previous release, you must copy the images directory from the top level of the ORACLE_BASE\ORACLE_HOME\apex directory to the location on the file system containing the Oracle home for Oracle HTTP Server.

Note:

This section is relevant only if your plan to run Oracle Application Express with Oracle HTTP Server with mod_plsql.

Topics in this section include:

B.3.2.7.1 Copying the Images Directory After an Upgrade

During an upgrade, you must overwrite your existing images directory. Before you begin the upgrade, to ensure that you can revert to the previous version, Oracle recommends that you create a copy of your existing images directory for Oracle Application Express, indicating the release number of the images (for example, images_3_1).

To locate the images directory on the file system, review the httpd.conf file for the text alias /i/:

When you locate the images directory path, Oracle recommends that you copy the existing images directory to a backup location. Doing this allows you to revert to the previous release, if that becomes necessary.

After you copy the existing images directory, use the following command syntax to copy the apex\images directory from the Oracle database home to the existing images directory path, overwriting the existing images:

  • On Windows:

    xcopy /E /I ORACLE_HOME\apex\images ORACLE_HTTPSERVER_HOME\Apache\images
    
  • On UNIX and Linux:

    cp -rf $ORACLE_HOME/apex/images ORACLE_HTTPSERVER_HOME/Apache
    

In the preceding syntax examples:

  • ORACLE_HOME is the Oracle Database Oracle home

  • ORACLE_HTTPSERVER_HOME is the existing Oracle Application Server or Oracle HTTP Server Oracle home

B.3.2.7.2 Copying the Images Directory in a New Installation

After installation, copy the directory apex/images.

You can copy the images directory using Windows Explorer, or running a command from a command prompt similar to the following:

  • On Windows:

    xcopy /E /I ORACLE_HOME\apex\images ORACLE_HTTPSERVER_HOME\Apache\images
    
  • On UNIX and Linux:

    cp -rf $ORACLE_HOME/apex/images ORACLE_HTTPSERVER_HOME/Apache
    

In the preceding syntax example:

  • ORACLE_HOME is the Oracle Database Oracle home

  • ORACLE_HTTPSERVER_HOME is the existing Oracle HTTP Server Oracle home

B.3.3 About Enabling Network Services in Oracle Database 11g

By default, the ability to interact with network services is disabled in Oracle Database 11g release 1 (11.1). Therefore, if you are running Oracle Application Express with Oracle Database 11g release 1 (11.1), you must use the new DBMS_NETWORK_ACL_ADMIN package to grant connect privileges to any host for the APEX_030200 database user. Failing to grant these privileges results in issues with:

  • Sending outbound mail in Oracle Application Express.

    Users can call methods from the APEX_MAIL package, but issues arise when sending outbound email.

  • Using Web services in Oracle Application Express.

  • PDF/report printing.

  • Searching for content in online Help (that is, using the Find link).

Topics in this section include:

Tip:

To run the examples described in this section, the compatible initialization parameter of the database must be set to at least 11.1.0.0.0. By default an 11g database will already have the parameter set properly, but a database upgraded to 11g from a prior version may not. See "Creating and Configuring an Oracle Database" in Oracle Database Administrator's Guide for information about changing database initialization parameters.

B.3.3.1 Granting Connect Privileges

The following example demonstrates how to grant connect privileges to any host for the APEX_030200 database user. This example assumes you connected to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role.

DECLARE
  ACL_PATH  VARCHAR2(4000);
  ACL_ID    RAW(16);
BEGIN
  -- Look for the ACL currently assigned to '*' and give APEX_030200
  -- the "connect" privilege if APEX_030200 does not have the privilege yet.

  SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
   WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;

  -- Before checking the privilege, ensure that the ACL is valid
  -- (for example, does not contain stale references to dropped users).
  -- If it does, the following exception will be raised:
  --
  -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_030200'
  -- ORA-06512: at "XDB.DBMS_XDBZ", line ...
  --
  SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
    FROM XDB.XDB$ACL A, PATH_VIEW P
   WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
         EQUALS_PATH(P.RES, ACL_PATH) = 1;

  DBMS_XDBZ.ValidateACL(ACL_ID);
   IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_030200', 
     'connect') IS NULL THEN 
      DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH, 
     'APEX_030200', TRUE, 'connect'); 
  END IF;

EXCEPTION
  -- When no ACL has been assigned to '*'.
  WHEN NO_DATA_FOUND THEN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
    'ACL that lets power users to connect to everywhere',
    'APEX_030200', TRUE, 'connect');
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
/
COMMIT;

The following example demonstrates how to provide less privileged access to local network resources. This example would enable indexing the Oracle Application Express Online Help and could possibly enable email and PDF printing if those servers were also on the local host.

DECLARE
  ACL_PATH  VARCHAR2(4000);
  ACL_ID    RAW(16);
BEGIN
  -- Look for the ACL currently assigned to 'localhost' and give APEX_030200
  -- the "connect" privilege if APEX_030200 does not have the privilege yet.
  SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
   WHERE HOST = 'localhost' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;

  -- Before checking the privilege, ensure that the ACL is valid
  -- (for example, does not contain stale references to dropped users).
  -- If it does, the following exception will be raised:
  --
  -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_030200'
  -- ORA-06512: at "XDB.DBMS_XDBZ", line ...
  --

  SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
    FROM XDB.XDB$ACL A, PATH_VIEW P
   WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
         EQUALS_PATH(P.RES, ACL_PATH) = 1;

  DBMS_XDBZ.ValidateACL(ACL_ID);
   IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_030200', 
     'connect') IS NULL THEN 
      DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH, 
     'APEX_030200', TRUE, 'connect'); 
  END IF;

EXCEPTION
  -- When no ACL has been assigned to 'localhost'.
  WHEN NO_DATA_FOUND THEN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('local-access-users.xml',
    'ACL that lets power users to connect to everywhere',
    'APEX_030200', TRUE, 'connect');
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('local-access-users.xml','localhost');
END;
/
COMMIT;

B.3.3.2 Troubleshooting an Invalid ACL Error

If you receive an ORA-44416: Invalid ACL error after running the previous script, use the following query to identify the invalid ACL:

REM Show the dangling references to dropped users in the ACL that is assigned
REM to '*'.

SELECT ACL, PRINCIPAL
  FROM DBA_NETWORK_ACLS NACL, XDS_ACE ACE
 WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL AND
       NACL.ACLID = ACE.ACLID AND
       NOT EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);

Next, run the following code to fix the ACL:

DECLARE
  ACL_ID   RAW(16);
  CNT      NUMBER;
BEGIN
  -- Look for the object ID of the ACL currently assigned to '*'
  SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
   WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;

  -- If just some users referenced in the ACL are invalid, remove just those
  -- users in the ACL. Otherwise, drop the ACL completely.
  SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
   WHERE ACLID = ACL_ID AND
         EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);

  IF (CNT > 0) THEN

    FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
               WHERE ACLID = ACL_ID AND
                     NOT EXISTS (SELECT NULL FROM ALL_USERS
                                  WHERE USERNAME = PRINCIPAL)) LOOP
      UPDATE XDB.XDB$ACL
         SET OBJECT_VALUE =
               DELETEXML(OBJECT_VALUE,
                         '/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')
       WHERE OBJECT_ID = ACL_ID;
    END LOOP;

  ELSE
    DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
  END IF;

END;
/

REM commit the changes.

COMMIT;

Once the ACL has been fixed, you must run the first script in this section to apply the ACL to the APEX_030200 user. See "Granting Connect Privileges".

B.3.4 Security Considerations

Oracle highly recommends you configure and use a Secure Sockets Layer (SSL) to ensure that passwords and other sensitive data are not transmitted in clear text in HTTP requests. Without the use of SSL, passwords could potentially be exposed, compromising security.

SSL is an industry standard protocol that uses RSA public key cryptography in conjunction with symmetric key cryptography to provide authentication, encryption, and data integrity.

B.3.5 About Running Oracle Application Express in Other Languages

The Oracle Application Express interface is translated into German, Spanish, French, Italian, Japanese, Korean, Brazilian Portuguese, Simplified Chinese, and Traditional Chinese. A single instance of Oracle Application Express can be installed with one or more of these translated versions. At runtime, each user's Web browser language settings determine the specific language version.

The translated version of Oracle Application Express should be loaded into a database that has a character set that supports the specific language. If you attempt to install a translated version of Oracle Application Express into a database that does not support the character encoding of the language, the installation may fail or the translated Oracle Application Express instance may appear corrupt when run. The database character set AL32UTF8 supports all the translated versions of Oracle Application Express.

You can manually install translated versions of Oracle Application Express using SQL*Plus. The installation files are encoded in AL32UTF8.

Note:

Regardless of the target database character set, to install a translated version of Oracle Application Express, you must set the character set value of the NLS_LANG environment variable to AL32UTF8 before starting SQL*Plus.

The following examples illustrate valid NLS_LANG settings for loading Oracle Application Express translations:

American_America.AL32UTF8
Japanese_Japan.AL32UTF8 

B.3.5.1 Installing a Translated Version of Oracle Application Express

Whether you are installing for the first time or upgrading from a previous release, you must run the load_lang.sql script to run a translated version of Oracle Application Express.

The installation scripts are located in subdirectories identified by a language code in the unzipped distribution apex/builder. For example, the German version is located in apex/builder/de and the Japanese version is located in apex/builder/ja. Within each of directory, there is a language loading script identified by the language code (for example, load_de.sql or load_ja.sql).

To install a translated version of Oracle Application Express:

  1. Set the NLS_LANG environment variable, making sure that the character set is AL32UTF8. For example:

    • Bourne or Korn shell:

      NLS_LANG=American_America.AL32UTF8
      export NLS_LANG
      
    • C shell:

      setenv NLS_LANG American_America.AL32UTF8
      
    • For Windows based systems:

      set NLS_LANG=American_America.AL32UTF8
      
  2. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role. For example:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  3. Execute the following statement:

    ALTER SESSION SET CURRENT_SCHEMA = APEX_030200;
    
  4. Execute the appropriate language specific script. For example:

    @load_lang.sql
    

    Where lang is the specific language (for example, load_de.sql for German or load_ja.sql for Japanese).

B.3.6 About Managing JOB_QUEUE_PROCESSES

JOB_QUEUE_PROCESSES determine the maximum number of concurrently running jobs. In Oracle Application Express release 3.2, transactional support and SQL scripts require jobs. If JOB_QUEUE_PROCESSES is not enabled and working properly, you cannot successfully execute a script.

Topics in this section include:

B.3.6.1 Viewing the Number of JOB_QUEUE_PROCESSES

There are currently three ways to view the number of JOB_QUEUE_PROCESSES:

  • In the installation log file

  • On the About Application Express page in Oracle Application Express

  • From SQL*Plus

B.3.6.1.1 Viewing JOB_QUEUE_PROCESSES in the Installation Log File

After installing or upgrading Oracle Application Express to release 3.2, you can view the number of JOB_QUEUE_PROCESSES in the installation log files. See "Reviewing a Log of an Installation Session".

B.3.6.1.2 Viewing JOB_QUEUE_PROCESSES in Oracle Application Express

You can also view the number of JOB_QUEUE_PROCESSES on the About Application Express page.

To view the About Application Express page:

  1. Log in to Oracle Application Express. See "Logging in to Your Oracle Application Express Workspace".

  2. On the Administration list, click About Application Express.

    The current number JOB_QUEUE_PROCESSES displays at the bottom of the page.

B.3.6.1.3 Viewing JOB_QUEUE_PROCESSES from SQL*Plus

You can also view the number of JOB_QUEUE_PROCESSES from SQL*Plus by running the following SQL statement:

SELECT VALUE FROM v$parameter WHERE NAME = 'job_queue_processes'

B.3.6.2 Changing the Number of JOB_QUEUE_PROCESSES

You can change the number of JOB_QUEUE_PROCESSES by running a SQL statement in SQL*Plus:

To update the number of JOB_QUEUE_PROCESSES:

  1. Start SQL*Plus and connect to the database where Oracle Application Express is installed as SYS specifying the SYSDBA role:

    • On Windows:

      SYSTEM_DRIVE:\ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
    • On UNIX and Linux:

      $ sqlplus /nolog
      SQL> CONNECT SYS as SYSDBA
      Enter password: SYS_password
      
  2. In SQL*Plus run the following SQL statement:

    ALTER SYSTEM SET JOB_QUEUE_PROCESSES = <number>
    

    For example, running the statement ALTER SYSTEM SET JOB_QUEUE_PROCESSES = 20 sets JOB_QUEUE_PROCESSES to 20.

B.3.7 About Obfuscating PlsqlDatabasePassword Parameter

The PlsqlDatabasePassword parameter specifies the password for logging in to the database. You can use the dadTool.pl utility to obfuscate passwords in the dads.conf file.

You can find the dadTool.pl utility in the following directory:

  • For UNIX and Linux based systems:

    ORACLE_BASE/ORACLE_HTTPSERVER_HOME/Apache/modplsql/conf
    
  • For Windows based systems:

    ORACLE_BASE\ORACLE_HTTPSERVER_HOME\Apache\modplsql\conf
    

B.3.7.1 Obfuscating Passwords

To obfuscate passwords, run dadTool.pl by following the instructions in the dadTool.README file.

B.3.8 Create a Workspace and Add Oracle Application Express Users

You access the Oracle Application Express home page by logging in to workspace using a Web browser. Your Web browser must support JavaScript and the HTML 4.0 and CSS 1.0 standards. See "Browser Requirement".

A workspace is a virtual private database allowing multiple users to work within the same Oracle Application Express installation while keeping their objects, data and applications private. Each workspace has a unique ID and name.

An Oracle Application Express administrator can create a workspace manually within Oracle Application Express Administration Services or have users submit requests. Oracle Application Express Administration Services is a separate application for managing an entire Oracle Application Express instance. See "Creating Workspaces" and "Managing Workspace Requests" in Oracle Application Express Administration Guide.

See Also:

Oracle Database 2 Day + Oracle Application Express Developer's Guide if you are new to Oracle Application Express

Topics in this section include:

B.3.8.1 Creating a Workspace Manually

To create an Oracle Application Express workspace manually:

  1. Log in to Oracle Application Express Administration Services. Oracle Application Express Administration Services is a separate application for managing an entire Oracle Application Express instance. You log in using the ADMIN account and password created or reset during the installation process.

    1. In a Web browser, navigate to the Oracle Application Express Administration Services application.

      If your setup uses Oracle HTTP Server (Apache) and mod_plsql, go to:

      http://hostname:port/pls/apex/apex_admin
      

      Where:

      hostname is the name of the system where Oracle HTTP Server is installed.

      port is the port number assigned to Oracle HTTP Server. In a default installation, this number is 7777.

      pls is the indicator to use the mod_plsql cartridge.

      apex is the database access descriptor (DAD) defined in the mod_plsql configuration file.

    2. On the Login page:

      • In Username, enter admin.

      • In Password, enter the Oracle Application Express administrator account password you specified when you installed Oracle Application Express.

      • Click Login.

    See Also:

    See "Logging in to Oracle Application Express Administration Services" in Oracle Application Express Administration Guide.

    Next, create a workspace.

  2. Click Manage Workspaces.

  3. Under Manage Workspaces, click Create Workspace.

    The Create Workspace Wizard appears.

  4. For Identify Workspace, enter a workspace name and description and click Next.

  5. For Identify Schema, select the Oracle Forms application schema.

    1. For Re-use existing schema, select Yes.

    2. Select a schema from the list.

    3. Click Next.

  6. For Identify Administrator, enter the Workspace administrator information and click Next.

  7. Confirm your selections and click Create.

B.3.8.2 Creating Oracle Application Express Users

To create an Oracle Application Express user account:

  1. Log in to Oracle Application Express Administration Services as described in the previous section. See "Logging in to Oracle Application Express Administration Services" in Oracle Application Express Administration Guide.

  2. Click Manage Workspaces.

  3. Under Manage Workspaces, click Manage Developers and Users.

    The Manage Developers and Users page appears.

  4. Click Create.

    The Create/Edit User page appears.

  5. Under User Attributes, enter the appropriate information. Fields marked with an asterisk are required.

    Tip:

    To learn more about a specific attribute, click the item label. When Help is available, the item label changes to red when you pass your cursor over it and the cursor changes to an arrow and question mark.
  6. Under Password, type a case-sensitive password for this account.

    If your organization has set up a password policy, be sure the password meets the requirements.

  7. Under Developer Privileges, select the appropriate privileges:

    • User is a developer - To add this user as a developer or Workspace administrator, select Yes. For end users, select No.

      Developers can create and modify applications and database objects as well as view developer activity, session state, workspace activity, application, and schema reports.

    • User is a workspace administrator - To add this user as a Workspace administrator, select Yes. For developers or end users, select No.

      In addition to having developer privileges, workspace administrators can create and edit user accounts, manage groups, alter passwords of users within the same workspace, and manage development services.

  8. Under Account Control, specify the following:

    • Account Availability - Select Unlocked to enable a user to log in to this account.

    • Require Change of Password on First Use - Select Yes to require the user to change the password immediately after logging in with the current, temporary password. Otherwise, select No.

  9. Click Create User or Create and Create Another.

B.3.8.3 Logging in to Your Oracle Application Express Workspace

Once you create a workspace, you must log in to it using your login credentials (that is, the workspace name, user name, and password).

See Also:

See "Creating Workspaces" and "Managing Workspace Requests" in Oracle Application Express Administration Guide

To log in to a workspace:

  1. In a Web browser, navigate to the Oracle Application Express Login page.

    If your setup uses Oracle HTTP Server (Apache) and mod_plsql, go to:

    http://hostname:port/pls/apex
    

    Where:

    • hostname is the name of the system where Oracle HTTP Server is installed.

    • port is the port number assigned to Oracle HTTP Server. In a default installation, this number is 7777. You can find information about your Oracle HTTP Server installation's port number from either of the following files:

      ORACLE_BASE\ORACLE_HOME\install\portlist.ini
      ORACLE_BASE\ORACLE_HTTPSERVER_HOME\Apache\Apache\conf\httpd.conf
      

      Be aware that if you change a port number, it is not updated in the portlist.ini file. You can only rely on this file immediately after installation.

    • pls is the indicator to use the mod_plsql cartridge.

    • apex is the database access descriptor (DAD) defined in the mod_plsql configuration file.

      For users who have upgraded from earlier releases, or who have a custom configuration, this value may be htmldb or something else. Verify your DAD with your Oracle Application Express administrator.

    The Login page appears.

  2. Under Login, enter the following:

    • Workspace field - Enter the name of your workspace.

    • Username field - Enteryour user name.

    • Password field - Enter your case-sensitive password.

  3. Click Login.

    Note that, depending on your setup, you might be required to change your password when you log in for the first time.