Introduction to MapViewer 1-45 jdbc_mode=thin number_of_mappers=3 allow_jdbc_theme_based_foi=true plsql_package=web_user_info When you specify a PLSQL package name in a data source definition, MapViewer flags the data source as a secure data source, and it automatically invokes the packages set_user and clear_user procedures whenever performing any theme queries on the data source.

1.8.2 Getting the User Name from a Cookie

Sometimes the authenticated users name is not passed to MapViewer through a J2EE or OSSO session. such as when you integrate MapViewer within Application Express APEX, where authentication is carried out by APEX and the user name is not available through a J2EE or OSSO session. To enable you to work around this issue, MapViewer also supports getting the user name from a cookie. Note that it is your responsibility to set up the cookie within APEX to hold the authenticated user name. To ensure that MapViewer picks up the user name from a named cookie, you must specify the web_user_type attribute in the data source definition in addition to the mandatory plsql_package attribute. For example, if you want MapViewer to pick up the user name from a cookie named MON_USER, your secure data source definition should look like Example 1–6 . Example 1–6 Data Source Definition Specifying Cookie Name map_data_source name=mvdemo jdbc_host=stadb32.us.oracle.com jdbc_sid=mv jdbc_port=25650 jdbc_user=mvdemo jdbc_password=LfCDQ6NH59nuV7zbeY5QY06sqN7XhiUQ jdbc_mode=thin number_of_mappers=3 allow_jdbc_theme_based_foi=true plsql_package=web_user_info web_user_type=MON_USER The possible values for the web_user_type attribute are: ■ J2EE_USER: tells MapViewer to get the authenticated user name from a J2EE session ■ OSSO_USER: tells MapViewer to get the authenticated user from an OSSO session. ■ cookie-name : tells MapViewer to get the authenticated user from a cookie with the specified name. The cookie name is not case sensitive. If web_user_type is not specified, MapViewer first looks for the user name in the J2EE session; and if none is found, it looks for the user name in the OSSO session if present.

1.8.3 Authenticating Users: Options and Demo

How, when, and where users are authenticated depend on the requirements of your application and the setup of your installation. For example, your options include the following: 1-46 Oracle Fusion Middleware Users Guide for Oracle MapViewer ■ Deploy MapViewer as part of an enterprise portal site, so that end users always first log onto the portal before performing any mapping functions through MapViewer. ■ Deploy MapViewer on a separate system, and have users authenticate to a central Oracle SSO server. As long as the HTTP requests reaching MapViewer contain the authenticated user information, MapViewer will be able to pass the requests on to the database, and the secure data access approach will work as expected. The demo files supplied with MapViewer see Section 1.9 include an explanation, plus related files, for restricting a single mapping page to be accessible only by authenticated users. This demo involves making simple changes to MapViewers own deployment files. In this case, this protected page is the entry point that causes users to be authenticated, and the authentication is performed by the OC4J instance running MapViewer.

1.9 MapViewer Demos and Tutorials