Oracle APEX button - link to URL and execute dynamic action - oracle11g

I am working with APEX 20.
I defined a button which links to a URL:
Behavior: "Redirect to URL" and my URL as Target - this works without any problem.
When this button is pressed, I have to change the status in a table in my data model.
I added a Dynamic Action which executes some PL/SQL code to update my table.
The problem is that when the button is pressed, the redirect is done and my dynamic action is
not executed.
Is there any way to change the sequence, executing the dynamic action first, and then the redirect?
Some background:
This application allows users to define + configure systems and queue them for automatic installation. The installation is done from a remote server, and must be triggered by calling a CGI script per URL. When the order is issued, the user should come back to the applications main page to work on other systems.
Therefore I choose a modal dialog to launch the order. The idea is:
On the system page press button "Install"
Modal dialog page opens
Here you press the usual "Do you really wish to install" button (since it will cost money now).
At this moment the status in the database must be altered, and the redirect to the URL must happen.
The modal dialog closes and the user is back on the system definition pages.
I tried to connect the button only with the dynamic action to update the database table,
followed by a "submit" action.
In this scenario I added a branch to the URL to be processed after page submit, which did not
work.
I also tried to intergrate the redirect to the URL into the PL/SQL code using apex_util.redirect_url, but I do something wrong, this part is simply ignored.

What you could try is:
Make the button with action "Submit Page"
Create a page process in the with point "Processing". This is where you'd execute the code to update the table. Add a when button pressed server sided condition.
Create a branch to redirect to the new page after submit with the same when button pressed server sided condition.
This is "the traditional" way of doing it in APEX - handle all database actions after page submit. No dynamic actions are needed in this case.

Related

Iron Router Meteor , Router.go alternative from server-side

I am using Meteor with Iron Router and Stripe. Everything is working great, but I cant figure out how to re-direct user to a final order complete page after the Stripe charge is completed.
On my client side I have a modal box that appears which contains a button that says, "Pay" When the Pay button is clicked an event is fired that calls up and opens Stripe Checkout.
The Stripe Checkout then initiates on the client and the user is able to enter the card details and submit the payment. The server side method for charging the card thru Stripe is completed and I also have some other basic database tasks that are being performed to log the result and complete the order status.
I have created a route using Iron router that I want the user to be re-directed too after the Stripe Payment is completed.
As of now the modal box continues to stay on the screen. I am trying to make the Router.go send user to the order page that had been setup after the order is finished.
I beleive the Iron Router Router.go is used client-side only. How can I complete the order process and make the client-side modal box disappear after the Stripe charge is completed and re-direct user to a final complete page.
When I use the Router.go on server-side I am getting error:
Exception in callback of async function: TypeError: Object function router(req, res, next) {//XXX this assumes no other routers on the parent stack which we should probably fix
You can't force the user's browser away from it's page if you don't already have some logic on the page to "remote control it". Fortunately there are a number of options for the latter:
If you are using a router you could make the route itself reactive, depending on the content of a subscribed collection. Alternatively, you can have an Tracker.autorun or an observeChanges block on your client side code that checks for changes to that "control" collection and then execute Router.go accordingly.
As for the control collection, a simple collection like:
var Control = new Mongo.Collection('control');
would do, and then you insert into it from the server when the event occurs (Control.insert({route: "newroute"})), and check for content changes on the client, for instance like so:
Control.find().observeChanges({
added: function(id, doc) {
Router.go(doc.route);
});

NancyFX calls action without request from browser

There is smth strange in my NanceFX app.
I've created an "action" for GET request with a name "Load".
Now I just start my application and begin type a url for "load" action and it calls without pressing enter! How is it possible?

Security considerations for an ASP.Net web application that will be used on a public computer or kiosk

I have an application that can be used without authentication on computers in public locations. It's a simple four page application that allows users to apply for a marriage license. Some offices will have a public computer kiosk where applicants can fill out their own information before proceeding to the clerk. They can also do so at home before visiting the office. What considerations should I take to make sure that a user cannot get access to the previous user's input? Some form data will contain sensitive info such as DOB, SSN and Mother's Maiden Name.
1. Disable AutoComplete
So far, I've set autocomplete=false in my Master page form tag.
<form id="frmMain" runat="server" autocomplete="false">
2. Disable Page Caching
I've also been able to disable page caching in IE and FF, but cannot do so in Safari and Chrome. Anybody know the trick? Hitting the back button still shows the form-filled data in Safari and Chrome.
// Disables page-caching in IE
Response.Cache.SetAllowResponseInBrowserHistory(false);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Response.Expires = 0;
// HACK: fixes Firefoxes cache issue
Response.AddHeader("ETag", new Random().Next(1111111, 9999999).ToString());
3. Manage the session
I've also implemented a timer on each page that will kill the session after n number of minutes. The session holds the current application ID with which the pages use to load previously entered data. They can get more time by clicking a button. When the timer is up, it redirects back to the main page where I kill the session in Page_Load. I also redirect to this page when the users click the "Finished/Submit" button. Once the session is killed, navigating to the pages by URL will never load the previous application. It'll be treated as a new one.
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
Session.Abandon();
}
4. what else should I do?
Your awesome suggestions/tips here
Since this is a Kiosk app, you'd want to make sure that the browser is configured to honor requests to not cache anything.
Last time I researched the effectiveness of server side no-cache headers, I realized that any one using customized, buggy or uncommon browser might not be honor requests to not cache documents.
You may also want to add javascript back-button breakers on some pages (e.g. some end of session page) and a history navigation deterrent, but not all pages because no one like the back button to be broken.
I think you have the right idea. Killing the session on "finish/submit" is what I would have recommender. Still read over the owasp top 10 and keep your usual vulnerabilities in mind.
1)Make sure you use HTTPS.
2) Always always always test your application for vulnerabilities before rolling it out. I recommend using Wapiti(free), Acunetix($) or NTOSpider($$$$).
3) Keep your server up to date, make sure you run OpenVAS to make sure your server is secure.
Here you are: What should a developer know before building a public web site
Use JavaScript. You will have to capture and prevent each form's submit event, grab the data, submit it via ajax, then use the form's native reset() method. From there you can navigate elsewhere or show validation errors depending on the ajax result. It's easy with jQuery.

Application design in Spring MVC

I'm new to Spring MVC and trying out a simple project.It will contain a simple adding, viewing, updating and deleting user work flows. It will have login page and once authenticated the user will be taken to a welcome screen which will have links to add, view, update and delete users. Clicking on any of the links will take to individual pages where the user can do the specific tasks. What I'm doing here is, I'm using a MultiActionController to group together all requests related to User work flow. So the request from "Add User" link will handled by the addUser method in the UserController which will redirect the user to the "Add User" page, and the user can then fill in the details and save the new user. Now here is where I'm getting confused. Where should I put the save process of the new user, should I put that in new method inside UserController, or use the same "addUser" method. What is the best way to handle this kind of scenario.
I hope I was able to clear my question.
did you try to check the Petclinic example which is in the Spring distribution? There you can find all the CRUD operation examples and much more...
Based on your example I suggest that you implement a "goto action page" method and a "perform action" mthod in your UserController. For the AddUser operation, the "goto action page" method might be AddUserPage() which performs any necessary initialization and setup required for the "add user" page then forwards the request to the "add user" web page and the "perform action" method might be AddUser() in which you implement the action of adding a user to your website.
For a "Delete User" action, you might have a "DeleteUserPage" and a "DeleteUser". etc.
The idea here being that you need a method in the MultiActonController to send the user to the correct page and another method to implement the desired action. The name of the methods is not important, but I suggest that you name them consistantly (for instance, xxxPage() sends the user to the xxx activity page and xxx() implements the xxx activity).

Logoff button IIS6 ASP.NET Basic Authentication

I have a requirement for an explicit logout button for users in a ASP.NET web app. I am using IIS6 with Basic Authentication (SSL). I can redirect to another web page but the browser keeps the session alive. I have googled around and found a way to do it by enabling an active x control to communicate with IIS and kill the session. I am in a restricted environment that does not allow forms authentication and active x controls are not forbidden as well. Has anyone else had this requirement and how have you handled it?
Okay that is what I was afraid of. I have seen similar answers on the net and I was hoping someone would have a way of doing it. Thanks for your time though. I guess I can use javascript to prevent the back button like the history.back()
I was struggling with this myself for a few days.
Using the IE specific 'document.execCommand('ClearAuthenticationCache');' is not for everyone a good option:
1) it flushes all credentials, meaning that the user will for example also get logged out from his gmail or any other website where he's currently authenticated
2) it's IE only ;)
I tried using Session.Abandon() and then redirecting to my Default.aspx. This alone is not sufficient.
You need to explicitly tell the browser that the request which was made is not authorized. You can do this by using something like:
response.StatusCode = 401;
response.Status = "401 Unauthorized";
response.AddHeader("WWW-Authenticate", "BASIC Realm=my application name");
resp.End();
This will result in the following: the user clicks the logout button ==> he will get the basic login window. HOWEVER: if he presses escape (the login dialog disappears) and hits refresh, the browser automagically sends the credentials again, causing the user to get logged in, although he might think he's logged out.
The trick to solve this is to always spit out a unique 'realm'. Then the browser does NOT resend the credentials in the case described above. I chose to spit out the current date and time.
response.StatusCode = 401;
response.Status = "401 Unauthorized";
string realm = "my application name";
response.AddHeader("WWW-Authenticate", string.Format(#"BASIC Realm={0} ({1})", realm, DateTimeUtils.ConvertToUIDateTime(DateTime.Now)));
resp.End();
Another thing that you need to do is tell the browser not to cache the page:
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.MinValue);
Response.Cache.SetNoStore();
With all these things in place it works (for me) in IE, but until now I still wasn't able to prevent firefox from logging in the user when the user first presses escape (hides the basic login dialog) and then refresh (F5) or the browsers back button.
The Session.Abandon method destroys all the objects stored in a Session object and releases their resources. If you do not call the Abandon method explicitly, the server destroys these objects when the session times out.
Have you tried calling Session.Abandon in response to the button click?
Edit:
It would seem this is a classic back button issue.
There is very little you can do about the back button. Imagine the user has just opened the current page in a new window then clicked the logOut button, that page appears to log out but it will not immediately affect the content of the other window.
Only when they attempt to navigate somewhere in that window will it become apparent that their session is gone.
Many browsers implement the back button in a similar (although not identical) way. Going back to the previous page is not necessarily a navigation for a HTML/HTTP point of view.
This is a solution for this problem that works in IE6 and higher.
<asp:LinkButton ID="LinkButton1" runat="server" OnClientClick="logout();">LinkButton</asp:LinkButton>
<script>
function logout()
{
document.execCommand("ClearAuthenticationCache",false);
}
</script>
Found this from
http://msdn.microsoft.com/en-us/library/bb250510%28VS.85%29.aspx
Web Team in Short
Your Credentials, Please
Q: Jerry B. writes, "After the user has validated and processed his request, I now want to invalidate him. Assuming this machine is in an open environment where anyone could walk up and us it, I want to throw a new challenge each time a user accesses a particular module on the Web."
A: This is a frequently requested feature of the Internet Explorer team and the good people over there have given us a way to do it in Internet Explorer 6.0 SP1. All you need to do is call the execCommand method on the document, passing in ClearAuthenticationCache as the command parameter, like this:
document.execCommand("ClearAuthenticationCache");
This command flushes all credentials in the cache, such that if the user requests a resource that needs authentication, the prompt for authentication occurs again.
I put this on my logout link button and it works in IE6 sp1 and higher:
OnClientClick="document.execCommand('ClearAuthenticationCache');"

Resources