8-30 Oracle Fusion Middleware Developers Guide for Oracle Portal else raise wwpro_api_provider.PORTLET_NOT_FOUND_EXCEPTION; end if; end is_portlet_runnable; 3. Find the get_portlet_list procedure. get_portlet_list allows the portlet to be included in the list of portlets implemented by this provider. get_ portlet_list first checks the security flag p_security_level to find out whether security is enabled. If the flag is set to true, get_portlet_list uses is_runnable to check whether the portlet is accessible. The value of the p_ security_level parameter indicates whether to perform security checks before returning a portlet in the list. When a portlet repository refresh operation retrieves the master list of portlets implemented by the provider, p_security_level has a value of false. A value of false means the provider does not need to perform a security check and that a master list of all of the portlets implemented by the provider must be returned. The master list of portlets returned is used to populate the portlet repository for that provider. If the value of p_security_level is true, then the provider implementation decides whether to perform portlet security checks. If portlet security is implemented, the provider may return a different list of portlets depending on the currently logged on user. function get_portlet_list ... if p_security_level = false then l_cnt := l_cnt + 1; l_portlet_listl_cnt := get_portlet p_provider_id = p_provider_id ,p_portlet_id = SERVICES_PORTLET_ID ,p_language = p_language ; else if services_portlet.is_runnable p_provider_id = p_provider_id ,p_reference_path = null then l_cnt := l_cnt + 1; l_portlet_listl_cnt := get_portlet p_provider_id = p_provider_id ,p_portlet_id = SERVICES_PORTLET_ID ,p_language = p_language ; end if; ... end get_portlet_list; 4. Open the services_portlet.pkb file in an editor. 5. Find the show procedure. Before displaying a portlet, the show procedure runs a security check to determine whether the current user is allowed to see the portlet. procedure show ... -- Perform a security check if not is_runnable p_provider_id = p_portlet_record.provider_id ,p_reference_path = p_portlet_record.reference_path then wwerr_api_error.add DOMAIN, SUBDOMAIN, securityerr, services_portlet.show; Creating PLSQL Portlets 8-31 raise wwpro_api_provider.PORTLET_SECURITY_EXCEPTION; end if; ... end show; 6. Find the is_runnable function. is_runnable is the place where you implement your security checks. In this example, the security check is quite simple. If the user is logged on that is, not in a public session, then the function returns true and the portlet is displayed to the user. For your own purposes, you could, of course, code much more complex security checks in the is_runnable function. function is_runnable p_provider_id in integer ,p_reference_path in varchar2 return boolean is begin -- -- Portlet security check. It allows the portlet to be visible -- if the user is logged on, that is, the current session is not a -- public session. -- return wwctx_api.is_logged_on; end is_runnable; 7. Optionally, if you want to see this portlet on a page and it is not already in the Portlet Repository, refer to the instructions in Section 8.3.2, Implementing the Provider Package for information on how to add it. 8. Once your portlet appears in the repository, you can add it to a page to test it. To add your portlet to a page, follow the instructions in Oracle Fusion Middleware Users Guide for Oracle Portal.

8.8 Improving Portlet Performance with Caching

Oracle Portal provides for the caching of PLSQL portlets. This functionality permits PLSQL portlets to cache their Web content on the middle tier. Subsequent requests for the content may be retrieved from the cache, with or without validation from the database, decreasing the database workload. Oracle Portal provides three types of caching for your PLSQL portlets: ■ Validation-based caching compares a key value to check whether the contents of the cache are still valid. If the key value does not change, it uses the cached content. Otherwise, it makes a round trip to the portal node to fetch the portlet content. ■ Expiry-based caching uses a given expiration period for the contents of the cache when rendering the portlet. This form of caching is useful for content that changes infrequently or at very regular intervals for example, every day at the close of business. ■ Invalidation-based caching is the most complex form of caching but also the most flexible. The objects in Oracle Web Cache are considered valid as long as they are not invalidated explicitly. You can also combine invalidation-based caching with either expiry-based or validation-based caching.