7 The owa_sec Package

This chapter describes the functions, procedures, and data types in the owa_sec package in the PL/SQL Web Toolkit.

Note:

Use the procedures and functions in the owa_sec package for custom authentication.

Parameters that have default values are optional.

7.1 Summary

owa_sec.get_client_hostname function - returns the client's hostname.

owa_sec.get_client_ip function - returns the client's IP address.

owa_sec.get_password function - returns the password that the user entered.

owa_sec.get_user_id function - returns the username that the user entered.

owa_sec.set_authorization procedure - enables the PL/SQL application to use custom authentication.

owa_sec.set_protection_realm procedure - defines the realm that the page is in.

7.2 owa_sec.get_client_hostname function

This function returns the hostname of the client.

Table 7-1 owa_sec.get_client_hostname function

Properties	Definitions
Syntax:	owa_sec.get_client_hostname return varchar2;
Parameters:	None.
Returns:	The hostname.

7.3 owa_sec.get_client_ip function

This function returns the IP address of the client.

Table 7-2 owa_sec.get_client_ip function

Properties Definitions

Properties	Definitions
Syntax:	owa_sec.get_client_ip return owa_util.ip_address;
Parameters:	None.
Returns:	The IP address. The owa_util.ip_address data type is a PL/SQL table where the first four elements contain the four numbers of the IP address. For example, if the IP address is `123.45.67.89` and the variable ipaddr is of the owa_util.ip_address data type, the variable would contain the following values: ipaddr(1) = 123 ipaddr(2) = 45 ipaddr(3) = 67 ipaddr(4) = 89

Syntax:

owa_sec.get_client_ip return owa_util.ip_address;

Parameters:

None.

Returns:

The IP address. The owa_util.ip_address data type is a PL/SQL table where the first four elements contain the four numbers of the IP address. For example, if the IP address is 123.45.67.89 and the variable ipaddr is of the owa_util.ip_address data type, the variable would contain the following values:

ipaddr(1) = 123
ipaddr(2) = 45
ipaddr(3) = 67
ipaddr(4) = 89

7.4 owa_sec.get_password function

This function returns the password that the user used to log in. For security reasons, this function returns a true value only when custom authentication is used. If you call this function when you are not using custom authentication, the function returns an undefined value. Thus, the database passwords are not exposed.

Table 7-3 owa_sec.get_password function

Properties	Definitions
Syntax:	owa_sec.get_password return varchar2;
Parameters:	None.
Returns:	The password.

7.5 owa_sec.get_user_id function

This function returns the username that the user used to log in.

Table 7-4 owa_sec.get_user_id function

Properties	Definitions
Syntax:	owa_sec.get_user_id return varchar2;
Parameters:	None.
Returns:	The username.

7.6 owa_sec.set_authorization procedure

This procedure, called in the initialization portion of the owa_custom package, sets the authorization scheme for the PL/SQL Gateway. This implements your authorize function, which authorizes the user before his requested procedure is run. The placement of the authorize function depends on the scheme you selected.

Table 7-5 owa_sec.set_authorization procedure

Properties Definitions

Properties	Definitions
Syntax:	owa_sec.set_authorization(scheme in integer);
Parameters:	scheme - the authorization scheme. It is one of the following schemes for set_authorization: OWA_SEC.NO_CHECK - Specifies that the PL/SQL application is not to do any custom authentication. This is the default. OWA_SEC.GLOBAL - Defines an authorize function that is called for all users and all procedures. The function is owa_custom.authorize function in the "oas_public" schema. OWA_SEC.PER_PACKAGE - Define an `authorize` function that is called when procedures in a package or anonymous procedures are called. If the procedures are in a package, the package.authorize function in the user's schema is called to authorize the user. If the procedures are not in a package, then the anonymous `authorize` function in the user's schema is called. OWA_SEC.CUSTOM - Implements different authorize functions for each user. The function owa_custom.authorize in the user's schema is called to authorize the user. If the user's schema does not contain an owa_custom.authorize function, the PL/SQL Gateway looks for it in the "oas_public" schema. The custom `authorize` function has the following signature: function authorize return boolean; If the function returns TRUE, authentication succeeded. If it returns FALSE, authentication failed. If the `authorize` function is not defined, the Gateway returns an error and fails.
Returns:	Not applicable

Syntax:

owa_sec.set_authorization(scheme in integer);

Parameters:

scheme - the authorization scheme. It is one of the following schemes for set_authorization:

OWA_SEC.NO_CHECK - Specifies that the PL/SQL application is not to do any custom authentication. This is the default.

OWA_SEC.GLOBAL - Defines an authorize function that is called for all users and all procedures. The function is owa_custom.authorize function in the "oas_public" schema.

OWA_SEC.PER_PACKAGE - Define an authorize function that is called when procedures in a package or anonymous procedures are called. If the procedures are in a package, the package.authorize function in the user's schema is called to authorize the user. If the procedures are not in a package, then the anonymous authorize function in the user's schema is called.

OWA_SEC.CUSTOM - Implements different authorize functions for each user. The function owa_custom.authorize in the user's schema is called to authorize the user. If the user's schema does not contain an owa_custom.authorize function, the PL/SQL Gateway looks for it in the "oas_public" schema.

The custom authorize function has the following signature:

function authorize return boolean;

If the function returns TRUE, authentication succeeded. If it returns FALSE, authentication failed. If the authorize function is not defined, the Gateway returns an error and fails.

Returns:

Not applicable

7.7 owa_sec.set_protection_realm procedure

This procedure sets the realm of the page that is returned to the user. The user enters a username and login that already exist in the realm.

Table 7-6 owa_sec.set_protection_realm procedure

Properties	Definitions
Syntax:	owa_sec.set_protection_realm(realm in varchar2);
Parameters:	realm - the realm where the page belongs. This string is displayed to the user.
Returns:	Not applicable.