Custom Authentication in Oracle APEX

1- Introduction

This document is based on:
  • Oracle APEX 5.0

2- Default authentication of APEX

When you create an Oracle APEX application, the default login page is created with page number is 101. Default login uses APEX authentication, which means you have to enter a username and password created by the APEX Admin. In case you have a separate table to store user information, you need to customized authentication.

OK this is the default login page is created:

3- SQL Script

To begin this example, you need to run Script to create table to store user and create package.
Create USER_ACCOUNT table:
create table USER_ACCOUNT
(
  USER_NAME VARCHAR2(30) not null,
  PASSWORD  VARCHAR2(30) not null,
  USER_TYPE VARCHAR2(10) not null,
  ACTIVE    VARCHAR2(1) not null,
  EMAIL     VARCHAR2(64) not null,
  FULL_NAME VARCHAR2(64) not null
) ;
 
alter table USER_ACCOUNT
  add constraint USER_ACCOUNT_PK primary key (USER_NAME) ;
alter table USER_ACCOUNT
  add constraint USER_ACCOUNT_UK unique (EMAIL) ;

-----------------------------------

insert into user_account (USER_NAME, PASSWORD, USER_TYPE,
 ACTIVE, EMAIL, FULL_NAME)
values ('tom', 'tom123', 'admin', 'Y', 'tom@example.com', 'Tom');

insert into user_account (USER_NAME, PASSWORD, USER_TYPE,
ACTIVE, EMAIL, FULL_NAME)
values ('jerry', 'jerry123', 'user', 'Y', 'jerry@example.com', 'Jerry');

insert into user_account (USER_NAME, PASSWORD, USER_TYPE,
ACTIVE, EMAIL, FULL_NAME)
values ('donald', 'donald123', 'guest', 'N', 'donald@example.com', 'Donald');

Commit;
PKG_SECURITY
Create Or Replace Package Pkg_Security Is

  Function Authenticate_User(p_User_Name Varchar2
                            ,p_Password  Varchar2) Return Boolean;

  -----
  Procedure Process_Login(p_User_Name Varchar2
                         ,p_Password  Varchar2
                         ,p_App_Id    Number);

End Pkg_Security;
/
Create Or Replace Package Body Pkg_Security Is

  Function Authenticate_User(p_User_Name Varchar2
                            ,p_Password  Varchar2) Return Boolean As
     v_Password User_Account.Password%Type;
     v_Active   User_Account.Active%Type;
     v_Email    User_Account.Email%Type;
  Begin
     If p_User_Name Is Null Or p_Password Is Null Then
 
        -- Write to Session, Notification must enter a username and password
        Apex_Util.Set_Session_State('LOGIN_MESSAGE'
                                   ,'Please enter Username and password.');
        Return False;
     End If;
     ----
     Begin
        Select u.Active
              ,u.Password
              ,u.Email
        Into   v_Active
              ,v_Password
              ,v_Email
        From   User_Account u
        Where  u.User_Name = p_User_Name;
     Exception
        When No_Data_Found Then
     
           -- Write to Session, User not found.
           Apex_Util.Set_Session_State('LOGIN_MESSAGE'
                                      ,'User not found');
           Return False;
     End;
     If v_Password <> p_Password Then
   
        -- Write to Session, Password incorrect.
        Apex_Util.Set_Session_State('LOGIN_MESSAGE'
                                   ,'Password incorrect');
        Return False;
     End If;
     If v_Active <> 'Y' Then
        Apex_Util.Set_Session_State('LOGIN_MESSAGE'
                                   ,'User locked, please contact admin');
        Return False;
     End If;
     ---
     -- Write user information to Session.
     --
     Apex_Util.Set_Session_State('SESSION_USER_NAME'
                                ,p_User_Name);
     Apex_Util.Set_Session_State('SESSION_EMAIL'
                                ,v_Email);
     ---
     ---
     Return True;
  End;

  --------------------------------------
  Procedure Process_Login(p_User_Name Varchar2
                         ,p_Password  Varchar2
                         ,p_App_Id    Number) As
     v_Result Boolean := False;
  Begin
     v_Result := Authenticate_User(p_User_Name
                                  ,p_Password);
     If v_Result = True Then
        -- Redirect to Page 1 (Home Page).
        Wwv_Flow_Custom_Auth_Std.Post_Login(p_User_Name -- p_User_Name
                                           ,p_Password -- p_Password
                                           ,v('APP_SESSION') -- p_Session_Id
                                           ,p_App_Id || ':1' -- p_Flow_page
                                            );
     Else
        -- Login Failure, redirect to page 101 (Login Page).
        Owa_Util.Redirect_Url('f?p=&APP_ID.:101:&SESSION.');
     End If;
  End;

End Pkg_Security;
/

4- Declaring Application Items

Click on the "Shared Components", here allows you to declare the "Application Items", it is the items will be used in your application.
Enter a name for the Application Item is "LOG_MESSAGE", its value is "LOGIN_MESSAGE" attribute of Session, you can set its value in PL/SQL:
Apex_Util.Set_Session_State('LOGIN_MESSAGE'
                                             ,'User not found');
Similarly, you create 2 Application Items:
  • SESSION_USER_NAME
  • SESSION_EMAIL

5- Custom Authentication

Open LOGIN page in APEX Page designer:
Create new Region:
Change the properties for the newly created Region.
Set display conditions for this Region.
Next you have to modify code handling process when the user clicks the Submit button.
  • PL/SQL Code:
Pkg_Security.Process_Login(:P101_USERNAME,
                           :P101_PASSWORD,
                           :APP_ID);
Save and running your apps: