Tuesday, September 02, 2014

Interested in Oracle APEX in Belgium and around? - join ORCLAPEX-BE Meetup

Over the last months different Oracle Application Express (APEX) meetups were initiated around the world. You can read a bit of background on how the meetups started on Dan's blog.

I think it's a great idea to have local meetups to meet other people working or interesting in APEX too. When you just start with APEX it's interesting to talk to other people how they got started. But equally for more seasoned developers it's a great place to share ideas and have discussions about where the product and industry is going, all casual and in a relaxed environment.

That's why we started an APEX Belgium meetup group too. Our first meetup is planend on September 11th in the APEX R&D office in Leuven, Belgium.


Previously with the Oracle BeNeLux User Group (OBUG) we created one day APEX events, which were great, but had a fixed schedule. The APEX meetups we want to do more frequently and accessible to everybody - a very low entry. We'll try to make all those meetups free-of-charge and flexible in nature. We'll have a presentation about a specific topic, but equally important (or even more important) is that you can network, have a voice and get some help of peers.

I talked to the OBUG board too and they found it an interesting idea and are happy to sponsor the event. We can enjoy pizza thanks to OBUG :)

Every local meetup can decide how they organise their meetup.

Here are the details of the first ORCLAPEX-BE meetup on September 11th (2014):

The first Oracle APEX meetup will go over the concept of the meetups and as first topic APEX 5.0 will be covered.

We'll have an "Open Mic" too, so anybody can get on stage for 5-10 minutes and show what they did or share their ideas or ask for some ideas where they struggle with.

The meetup is completely free.

Agenda

  • 16.00  Registration
  • 16.30  Outline concept APEX Meet-up
  • 16.45  Presentation APEX 5.0
  • 18.00  Pizza break, Networking and "Open Mic"
  • 21.00  End


Interesting in Oracle APEX and in Belgium or around? Join the ORCLAPEX-BE meetup now!
Can't make the 11th? Make you a member of the meetup and receive updates when the next one is :)

Look forward seeing you.

Sunday, June 22, 2014

KScope14 (Sunday) - APEX Symposium - before noon

Sunday is typically the day where the Oracle development team is on stage to talk about what they do, give insight in the product etc. - for me personally one of the highlights of the conference.

The Awesome Evolution of Oracle Application Express 5.0 by Joel Kallman


Joel demoed HTML DB 1.6 again, the predecessor of APEX - went live in 2004, so 10 years ago (time goes fast!). Next he timed doing development in APEX 4.2 compared to APEX 5.0.  

Conclusion: APEX 5.0 is more productive, efficient, intuitive, modern and easy.

Joel highlighted the other new features in APEX 5.0, most of them I already blogged about or you find them here.


The Game Changed - APEX Designer by Patrick Wolf

Patrick showed the time it takes to build components and items in previous versions of APEX. Next he compared it to how you do things with the new Page Designer in APEX 5.0.

There're so many new features in the Page Designer, just give it a try to explore them. It will take a bit of time to get used to them, but it will be the future. 


Turbo Mobile Development by Marc Sewtz

APEX uses jQuery Mobile behind the scenes. APEX 5.0 includes the latest version (jQuery Mobile 1.4). The philosophy is to create "mobile first" applications.
APEX 5.0 will include a new mobile theme, which support the new jQuery Mobile swatches. It's very easy to use ThemeRoller to create your own swatch and upload the zip in Shared Components in APEX and add a style to the theme and make it active.

There are many more new features in APEX 5.0 for mobile development like for example a new region type called "Reflow table".

Friday, June 20, 2014

APEX 5.0 - Page Designer; immediate feedback and more

In APEX 5.0 you (can) develop in the new Page Designer.

The Page Designer makes you way more productive, less clicks and quicker results. You have to get used to it, and you probably want a big monitor (time to ask your boss!), but once all that is done - you will love it.

The Page Designer is so intuitive and attention was put in the details. When you make a mistake APEX gives you immediate feedback. Here's a screenshot:


The region where the error is, is highlighted.
You get a notification message top right in red with the error message and inside the property panel it's highlighted what you need to change. Once you click on the field it will give another text notification e.g. that it is required.

There's also the Messages tab which gives you an explanation of what is wrong. Clicking on the link will bring you right where you need to go.

But just look at the Page Designer for a while; notice the small top left red triangles; it identifies it's a required field. The "Show Common" and "Show All" tabs are great too.

So many things, small, large, ... but so useful.

Here's another one - Developer Comments for the page. If there are comments you see a number in the comment icon. When clicking on the icon you can add more comments. I believe it would also be useful to see the existing comments, hopefully that will be in the final release.


This post is based on Oracle APEX 5.0 EA2, but there's more coming it looks like. Linked to the previous feature, I see a tighter integration with Team Development already too.

So many things to explore in the APEX 5.0 Page Designer... definitely worth your time.

Thursday, June 19, 2014

APEX 5.0 - Button Appearance (template options + Font Awesome)

With the new template, the new buttons for example are highly customisable in APEX 5.0
(icon on the left or right, spacing between, etc.)


In the Appearance section you find kinda the same options as in APEX 4.x, but when you look a bit further, there's so much more now.


You can declaratively change the way your button looks like, by clicking the Template Options:


The icons you can chose for your button are based on Font Awesome, a great scalable vector icons library.

I use Font Awesome in APEX 4.x too, but I had to create a new button template and put the name of the icon in the class section. This is now all integrated and declarative in APEX 5.0.

APEX 5.0 - Keyboard shortcuts

Develop even faster? use the keyboard shortcuts in Oracle Application Express (APEX) - you find them defined here:



Here's the list:
  • Display From HereCtrl+Option+D
  • Display From PageCtrl+Option+T
  • Go to Dynamic ActionsOption+2
  • Go to Gallery ButtonsOption+9
  • Go to Gallery ItemsOption+8
  • Go to Gallery RegionsOption+7
  • Go to Grid LayoutOption+5
  • Go to HelpOption+F1
  • Go to MessagesCtrl+F1
  • Go to Page Shared ComponentsOption+4
  • Go to ProcessingOption+3
  • Go to Property EditorOption+6
  • Go to RenderingOption+1
  • Keyboard ShortcutsOption+Shift+F1
  • Page SearchCtrl+Option+F
  • RedoCtrl+Y
  • Restore/ExpandOption+F11
  • SaveCtrl+Option+S
  • Save and Run PageCtrl+Option+R
  • Toggle Hide Empty PositionsCtrl+Option+E
  • UndoCtrl+Z

  • For Mac users like me; the Option key is "alt". For the F1 etc. use "fn".

Oracle APEX 5.0 EA2 - first impressions

You can now request a workspace in the brand-new version of Oracle APEX 5.0 (EA2).


Once requested a workspace you will get an email to activate it - and you're up-and-running!


The login screen looks awesome:


And then you see the new APEX Builder - new theme, with all new icons:


The Application Builder looks different now too - look at the nice icons and new style of Interactive Report:


Creating a new application - the wizard is more streamlined:


Creation of a new page is now with a modal window implementation:


When finished it opens the page in the new Page Designer:


It looks like all the components are now available in the Page Designer (Shared Components for ex. wasn't available in EA1 - but it is now)

Creating new pages work well and the new universal theme (theme 42) looks nice too.

Oracle APEX went flat design, with bright color blue and grey and nice icons (which are available as a font).

More to come in other blog posts... have fun! and thanks to the APEX Development team for another great release.

Wednesday, June 11, 2014

APEX 5.0 EA2 available in the next days

Joel just blogged that the 2nd Early Adopter release of APEX 5.0 is around the corner.

Here are some screenshots posted on twitter:



I'm sure this new EA will carry many changes and looking at some screenshots it looks awesome.
I especially look forward to the new universal theme.

Here's what should be in - based on the statement of direction of APEX 5.0 :

Oracle Application Express 5.0

Oracle Application Express 5.0 will focus on both new features and enhancements to existing functionality to improve developer productivity and is planned to incorporate the following:
  • Page Designer - New page definition IDE which incoroporates tree controls, drag and drop layout editor, and a property editor.
  • Multiple Interactive Reports – Allow any number of Interactive Reports to be defined on a single page.
  • Modal Dialog - Enhance the ability to declaratively define modal dialogs.
  • Navigation Lists - Ability to define hierarchical lists for navigation, with pull-down menus and sub-menus, instead of being constrained by tabs.
  • Mobile - Enhanced responsive tables, including reflow tables and column toggles, and introduction of panels.
  • Calendar – New calendar region which allows duration based events, improved functionality, and better control over drag and drop operations.
  • Universal Theme – A new central theme which readily allows developers to customize simply using CSS.
  • HTML5 Capabilities – Improve native capabilities for handling HTML5 constructs.
  • Application Builder Security – Allow different authentication schemes to be used to control developer access to the Application Builder.
  • Numerous functional improvements.

Oracle APEX Cookbook: Second Edition

For the first Oracle APEX Cookbook I was involved as a reviewer.

Michel and Marcel updated their book end of last year, but I didn't take the time to blog about it yet - and months fly. The concept stayed the same as the first edition, but it got updated with the latest info for APEX 4.x.

"People who followed a beginner training or learned APEX at their own and they want to know how to do a specific thing which is covered in the book, it's great to have the book, as you can just follow what the authors wrote and you also have an idea why it's done like that."

If you need onsite Oracle APEX training, you can also contact my company APEX R&D :)

Tuesday, June 10, 2014

Social Authentication (Facebook) in WC2014Challenge

People expect these days from a public website you can authenticate with Facebook, Google+, Linkedin, Microsoft etc. It's very convenient as you don't need to create a specific account per website.

Background

All of the social networks have very good documentation how to call their APIs.
Here's for example the Facebook Login explained.

Most of the API's use the OAuth2.0 protocol, there's an application key and tokens that are send with the requests. Here's an overview how it works with Google+


So how easy is it in Oracle Application Express (APEX) to do such social authentication?

Unfortunately Oracle APEX doesn't provide us with a native social authentication mechanism just yet. But nothing prevents you from building it yourself.

Here are the options I reviewed:

  • Custom build; in PL/SQL you call the different url's and make some procedures public so when the social network comes back you can intercept the call and move on.
  • Oracle REST Data Services supports OAuth 2.0 and the calls are mostly REST calls, so I also looked into writing the logic in ORDS (and PL/SQL) and integrate that way with my APEX application.
  • Some people in the community wrote an authentication plugin which does the hard work for you.

I went with a combination of the Facebook plugin in combination with my own PL/SQL code.
Peter was so nice to share his work with me, thanks again for that Peter. I first thought that the authentication plugin would be plug-and-play, just like the other APEX plugins... but that is not the case.
It hasn't much to do the way Peter's team implemented it, it has more to do with the complex setup of SSL certificates etc. So when downloading the plugin, know that it will take some time to configure it. Luckily Peter provides good documentation so it makes it a bit easier.

So, to see the authentication to work, login with your Facebook account on the wc2014challenge.com site. I extended the plugin a bit so it will automatically create a site account for you behind the scenes so regardless if you create a site account or login with Facebook it can hook up the scores, bets etc. in the same way.

Challenges with Social Authentication

If you want to provide Facebook, Google+, LinkedIn and a normal site account in your app, I found some challenges with that. How do you hook-up a person that logs-in with Facebook the first time, with the same player logging in with Google+ the same time? You could use the email address maybe? But what if they use different ones? There are many blog posts about this topic and how to get around it, but it would bring me to far in this post. I might do a follow-up post later as it's an interesting challenge.

Future 

I really believe that most public sites will allow social authentication, so I hope the team of ORDS or the APEX development team will make something available to do the social authentication natively in the future. I believe that would be the best solution (fast to implement and secure).

Monday, June 09, 2014

Security Audit of WC2014Challenge

A few weeks ago I asked my friends at RecX to do a security audit of the World Cup 2014 Challenge app.  The result was a security assessment document which explained what they tested, an explanation why it was important and the results they found. I found it very interesting to see how other (security) people approach your code.

Here are the areas they went into:

Access Control

  • Hidden items
  • Item Protection
  • Page Access Protection
Configuration
  • Session Timeout
Cross-Site Scripting 
  • Column From LOV/Query (make use of )
  • Direct Output
  • Indirect Output
  • Report Column Display Type
  • Template Variables
Tip: make use of apex_escape.html, apex_escape.html_attribute, utl_url.escape

Data Protection 
  • Page Autocomplete
Tip: Ensure sensitive data is not held in the browser cache

Warnings
  • Direct URL
You can read more about security in their Hands-On Oracle Application Express Security book.

Thanks Nathan and Tim.