I have put Rollback command in a button , whenever i click the button data has rolling back also it clears the form data. Suggest any, thanks.
CLEAR_FORM is the inteded action on Rollback, some used ISSUE_ROLLBACK(null) to avoid it, but it is not recommended, see Oracle Community
Related
I have a region of type Form and a process of type Automatic Row Processing (DML) for this form. I've configured the form edit authorization schemes (in Attributes) for each operation: Add, Update and Delete:
But the process doesn't obbey the authorization schemes. It always runs. Here is my proccess:
I've applied the same authorization schemes on the buttons CREATE, SAVE and DELETE, and they are disappearing accordly. But a malicious user can execute this command on browser console with success, even if the related authorization scheme returns false: apex.page.submit("DELETE");
Am I doing something wrong? Or this is a security fail?
Oracle Apex 19.1
Thanks in advance.
I just tried this on my own APEX 19.2 application and was able to reproduce the issue. It does seem odd to me that you are able to perform these actions without having the proper authorization. Thanks for the heads up!
I was able to work around the issue by adding an Authorization Scheme to my Form - Automatic Row Processing (DML).
Since you have a CREATE, SAVE, and DELETE button, you may have to set up 3 Form - Automatic Row Processing (DML) Processes, set up each one to only execute on the When Button Presssed condition (one for each button) and assign the appropriate Authorization Scheme to each Process.
i have upgraded our application to SWF 2 and have implemented FMPC pattern. majority of our existing flow definitions doesn't have end-state, now using FMPC as described here, you can trigger commit by putting commit=true to your end-state. Example of our flow:
get form object
save details to db (we want to commit here)
fetch the same object with refreshed data
display to view
its currently working with previous SWF and just using Open Session in View pattern. but we imlemented FMPC to avoid any LazyInitializationException. Now what's happening is steps 1-4 is happening except that changes are not committed, so in the view, we don't see any changes. it seems difficult to add end-state at the middle just to commit to DB and also this means we need to add so many end-state, so my question is how to tell (SWF/FMPC) to commit "programmaticaly" without having to add the end-state tag. If you know better approach, please tell also. Thanks!
Spring Web Flows can have inheritance, so you can implement the end-state in your parent flow and then have it as a parent for all your flows.
I resolved my issue. I finally found out that indeed Hibernate is auto-committing all my read-write operations. The problem is when refreshing the object concerned which gave me the impression that there is no read-write done while in fact there is. Doing sessioFactory.refresh(object) instead of plain find() effectively fetched the updated data from the DB. I guess its because the hibernate session is still alive (due to FMPC) that's why doing "find" will retrieve from the hibernate cache while "refresh" means re-reading the data directly from underlying database. Please correct my analysis as necessary.
I am working on an application with Spring Webflow, Freemarker, Hibernate (JPA) and Oracle.
In the application I've got an Admin page which should be editable to only one user.
Once a user is editing that page, other user accessing should be presented this page as a view only page and they should get a warning when they open the page that 'X is editing this page, thus your access is read only'.
Is this possible to do easily in Webflow or Freemarker?
Any suggestions are welcome.
Thanks
UPDATE 1
I am using JPA (Hibernate) as well.
UPDATE 2
And the application will be deployed in a clustered JBoss.
I would use optimistic locking instead. The following strategy is the one used by JPA.
You add a version field to the table holding the data to edit. Each time you load the data to edit, you also load the version field. Each time the data is modified, you increment this version field by 1. But to be able to save the data, you must have an in-memory version that is equal to the one stored in database:
update data set ..., version = version + 1 where ... and version = :inMemoryVersion
If the above query doesn't update anything, it means the data has been updated by someone else. In this case, you throw an exception and tell the admin to refresh the page and redo his edit.
If you really want pessimistic locking, then you need to maintain some in-memory (in the app is not clustered) or in-database lock, try to lock the lock, and display the page in read-only if it's already locked. Once the update is done, you must release the lock. The problem is if the update is never done. In this case, you need to use an HttpSessionListener, and release the lock when sessionDestroyed() is called, if the lock is held by the session being destroyed.
I'm updating my Windows Phone App to Mango and starting to use SQL Server CE. I can insert and select data but am struggling to understand how to update data.
Most of the examples are basic tutorials and only show inserting and retrieving data not updating. I believe I need to attach a class I have retrieved to the data context but that is as far as I have got.
Please can someone point me to an online tutorial showing how to do this. Or some example code would be great.
Thanks.
UPDATE
Basic updating looks fairly simple - query the database, update the object, call SubmitChanges.
My scenario is a little more complicated.
I have a page showing a list of jobs. A job (JobDetail) is selected and another page is used to edit the details. The job is written to a cache (another table JobCache) while the job is edited. If the user cancels the edit the cache is deleted. If the user saves the edit the JobCache object is pulled from the cache, converted to an object of type JobDetail and now I want to update the database with the new JobDetail object.I don't think I can just call SubmitChanges as the object was not generated from a query. I believe I need to somehow use Attach to do this. The question is how?
Why not get the original JobDetail object, update the changed properties from the cahced object and call SubmitChanges ?
Is it possible to stop the back button from working during a data call? For instance, when registering, I don't want someone to press the back button otherwise they may register for my service and not know it (other than confirmation email)? (And the registration will fail the next time they try)
Handle the BackKeyPress event or override the OnBackKeyPress method in your page class, and then set e.Handled = true; when you want to prevent backwards navigation.
Note that if you do this, then you should provide the user with a way to cancel your long-running process so they can back out if they want to.
Please note that if you stop the Back button from working your application will fail marketplace submission.
See section 5.2.4 Use of Back Button.
If a user has the situation where they try to reregister (becuase they don't realise they have registered previously) then you should handle this in your app as the situation may come up anyway.