Oracle APEX provides various types of Page access protection (Page level declarative). We can utilize them as per the required scenario.
Let’s see all of um one by one …
The page may be requested using a URL, with or without session state arguments, and without having to have a checksum.
If Request, Clear Cache, or Name/Value Pair arguments appear in the URL, a checksum must also be provided. The checksum type must be compatible with the most stringent Session State Protection attribute of all the items passed as arguments.
A URL may be used to request the page, but the URL can not contain Request, Clear Cache, or Name/Value Pair arguments.
The page may not be accessed using a URL. However, the page may be the target of a Branch to Page branch type, as this does not perform a URL redirect.
After APEX came up with a friendly URL feature, and I started using it in our applications, never realized that if we try to manually build the friendly URL then it doesn’t generate the checksum automatically.
SELECT empno, '<a href ="' || APEX_UTIL.prepare_url ( '/ords/r/web/ontoor-solutions-extras/page-access-unrestricted?session=' || v ('APP_SESSION') || '&p11_empno=' || empno, p_checksum_type => 'SESSION') || '">Friendly URL</a>' link FROM emp
In an Interactive report, I am using the above query and enabled the required checksum on the target page in the “Page Access Protection” section. And if I try to click on the URL then it gives an error.
Attempt to save item P11_EMPNO in session state during show processing. Item protection level indicates: Item may be set when accompanied by a “session” checksum. No checksum was passed in or the checksum passed in would be suitable for an item with protection level “Item has no protection.”. Note: End users get a different error message.
So it means a friendly URL doesn’t generate checksum automatically. Thankfully we have the s“APEX_PAGE.GET_URL” function which can generate the checksum.
Let’s try with “APEX_PAGE.GET_URL”
SELECT empno, '<a href ="' || apex_page.get_url (p_page => 'page-access-unrestricted', p_items => 'P6_empno', p_values => empno) || '">Friendly URL</a>' link_checksum FROM emp