Oracle  DBMS_XS_SESSIONS_FFI
Version 21c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Real Application Security. Similar to DBMS_XS_SESSIONS with the exception that major procs contain parameters for providing attributes and their corresponding values
AUTHID CURRENT_USER
Dependencies
DBMS_XSS_LIB XS$LIST XS$NAME_LIST
DBMS_XS_SESSIONS    
Documented No
Exceptions
Error Code Reason
ORA-46063 Not attached to XS Security session
First Available 12.1
Security Model Owned by SYS with no privileges granted. This package is visible in CDB$ROOT but not in a PDB.
Source {ORACLE_HOME}/rdbms/admin/prvtkzxs.plb
Subprograms
ADD_GLOBAL_CALLBACK DELETE_NAMESPACE REAUTH_SESSION
ASSIGN_USER DESTROY_SESSION RESET_ATTRIBUTE
ATTACH_SESSION DETACH_SESSION SAVE_SESSION
CREATE_ATTRIBUTE DISABLE_ROLE SET_ATTRIBUTE
CREATE_NAMESPACE ENABLE_GLOBAL_CALLBACK SET_INACTIVITY_TIMEOUT
CREATE_SESSION ENABLE_ROLE SET_SESSION_COOKIE
DELETE_ATTRIBUTE GET_ATTRIBUTE SWITCH_USER
DELETE_GLOBAL_CALLBACK GET_SESSIONID_FROM_COOKIE  
 
ADD_GLOBAL_CALLBACK
Registers a PL/SQL procedure as the event handler with the session operation specified by the event_type parameter dbms_xs_sessions_ffi.add_global_callback(
event_type         IN PLS_INTEGER,
callback_schema    IN VARCHAR2,
callback_package   IN VARCHAR2,
callback_procedure IN VARCHAR2);
TBD
 
ASSIGN_USER
Assigns a named application user to the currently attached anonymous application session including attributes and attribute values dbms_xs_sessions_ffi.assign_user(
username              IN VARCHAR2,
is_external           IN BOOLEAN,
enable_dynamic_roles  IN xs$name_list,
disable_dynamic_roles IN xs$name_list,
external_roles        IN xs$name_list,
authentication_time   IN TIMESTAMP WITH TIME ZONE,
namespaces            IN xs$name_list,
attributes            IN xs$list
attribute_values      IN xs$list);
TBD
 
ATTACH_SESSION
Attach to an already created RAS session specified by the sessionid including attributes and attribute values dbms_xs_sessions_ffi.dbms_xs_sessions.attach_session(
sessionid             IN RAW,
enable_dynamic_roles  IN xs$name_list,
disable_dynamic_roles IN xs$name_list,
external_roles        IN xs$name_list,
authentication_time   IN TIMESTAMP WITH TIME ZONE,
namespaces            IN xs$name_list,
attributes            IN xs$list
attribute_values      IN xs$list);
TBD
 
CREATE_ATTRIBUTE
Creates a new custom attribute in the specified namespace in the currently attached application session dbms_xs_sessions_ffi.dbms_xs_sessions.create_attribute(
namespace IN VARCHAR2,
attribute IN VARCHAR2,
value     IN VARCHAR2,
eventreg  IN PLS_INTEGER);
TBD
 
CREATE_NAMESPACE
Creates a new namespace in the currently attached application session dbms_xs_sessions_ffi.create_namespace(namespace IN VARCHAR2);
-- log in and attach to a RAS session

exec dbms_xs_sessions_ffi.create_namespace('UWNS');

exec dbms_xs_sessions_ffi.delete_namespace('UWNS');
 
CREATE_SESSION
Create a RAS session with specified 128 char case sensitive username string including attributes and attribute values dbms_xs_sessions_ffi.create_session(
username         IN         VARCHAR2,
sessionid        OUT NOCOPY RAW,
is_external      IN         BOOLEAN,
is_trusted       IN         BOOLEAN,
namespaces       IN         xs$name_list,
attributes       IN         xs$list
attribute_values IN         xs$list
cookie           IN         VARCHAR2);
TBD
 
DELETE_ATTRIBUTE
Deletes the specified attribute and its associated value from the specified namespace in the currently attached session dbms_xs_sessions_ffi.dbms_xs_sessions.delete_attribute(
namespace IN VARCHAR2,
attribute IN VARCHAR2);
TBD
 
DELETE_GLOBAL_CALLBACK
Deletes the global callback procedure for the session event specified by event_type dbms_xs_sessions_ffi.delete_global_callback(
event_type         IN PLS_INTEGER,
callback_schema    IN VARCHAR2 DEFAULT NULL,
callback_package   IN VARCHAR2 DEFAULT NULL,
callback_procedure IN VARCHAR2 DEFAULT NULL);
TBD
 
DELETE_NAMESPACE
Delete the specified namespace from the currently attached RAS session dbms_xs_sessions_ffi.delete_namespace(namespace IN VARCHAR2);
See CREATE_NAMESPACE Demo Above
 
DESTROY_SESSION
Implicitly detaches all traditional sessions from the application session and destroys the specified session dbms_xs_sessions_ffi.destroy_session(
sessionid IN RAW,
force     IN BOOLEAN DEFAULT FALSE);
TBD
 
DETACH_SESSION
Detaches the current traditional database session from the application session to which it is attached dbms_xs_sessions_ffi.detach_session(abort IN BOOLEAN DEFAULT FALSE);
TBD
 
DISABLE_ROLE
Disables a real application role from the specified application session dbms_xs_sessions_ffi.disable_role(role IN VARCHAR2);
exec xs_principal.create_role('RAS_ROLE', TRUE, SYSDATE, SYSDATE+30, description=>'RAS Test Role');
exec dbms_xs_sessions_ffi.enable_role('RAS_ROLE');
exec dbms_xs_sessions_ffi.disable_role('RAS_ROLE');
 
ENABLE_GLOBAL_CALLBACK
Enables or disables the global callback for the session event specified by event_type dbms_xs_sessions_ffi.enable_global_callback(
event_type         IN PLS_INTEGER,
enable             IN BOOLEAN  DEFAULT TRUE,
callback_schema    IN VARCHAR2 DEFAULT NULL,
callback_package   IN VARCHAR2 DEFAULT NULL,
callback_procedure IN VARCHAR2 DEFAULT NULL);
TBD
 
ENABLE_ROLE
Enables a real application role in the currently attached application session dbms_xs_sessions_ffi.enable_role(role IN VARCHAR2);
See DISABLE_ROLE Demo Above
 
GET_ATTRIBUTE
Gets the value of the specified attribute in the namespace in the currently attached session dbms_xs_sessions_ffi.get_attribute(
namespace IN         VARCHAR2,
attribute IN         VARCHAR2,
value     OUT NOCOPY VARCHAR2);
DECLARE
 attrlist xs$ns_attribute_list;
BEGIN
  attrlist := xs$ns_attribute_list();
  attrlist.extend(2);
  attrlist(1) := xs$ns_attribute('desc', 'general');
  attrlist(2) := xs$ns_attribute(name=>'item_no',
  attribute_events => xs_namespace.firstread_event);

  sys.xs_namespace.create_template('POAttrs', attrlist, 'SH', 'order', 'fulfillment', 'sys.ns_unrestricted_acl', 'Purchase Order');
END;
/

DECLARE
 attrVal dba_xs_session_ns_attributes.attribute%TYPE;
BEGIN
  sys.dbms_xs_sessions_ffi.get_attribute('POAttrs','item_no',attrVal);
END;
/
 
GET_SESSIONID_FROM_COOKIE
Get SID for the specified cookie. Raises an exception if no session with specified cookie exists dbms_xs_sessions_ffi.dbms_xs_sessions.get_sessionid_from_cookie(
cookie    IN         VARCHAR2,
sessionid OUT NOCOPY RAW);
TBD
 
REAUTH_SESSION
Updates the last authentication time for the specified session ID as the current time dbms_xs_sessions_ffi.reauth_session(sessionid IN RAW);
exec dbms_xs_sessions_ffi.reauth_session('4973DC2F46B643F6913A7C5D99AF78CF');
 
RESET_ATTRIBUTE
Resets the value of an attribute to its default value (if present) or to NULL in the namespace in the current attached session dbms_xs_sessions.reset_attribute_ffi(
namespace IN VARCHAR2,
attribute IN VARCHAR2);
exec dbms_xs_sessions_ffi.reset_attribute('UWNS', 'item_no');
 
SAVE_SESSION
Persist the changes done in currently attached Triton session to the metadata table. It can only be performed from an attached session. dbms_xs_sessions.save_session;
dbms_xs_sessions.save_session;
 
SET_ATTRIBUTE
Sets the value for the specified attribute to the specified value in the namespace in the currently attached session dbms_xs_sessions_ffi.set_attribute(
namespace IN VARCHAR2,
attribute IN VARCHAR2,
value     IN VARCHAR2);
exec dbms_xs_sessions_ffi.set_attribute('UWNS', 'item_type', 'generic');
 
SET_INACTIVITY_TIMEOUT
Sets the inactivity timeout (in minutes) for the session which is the maximum period of  inactivity allowed before the session can be terminated and resource be reclaimed dbms_xs_sessions_ffi.set_inactivity_timeout(
time      IN NUMBER,
sessionid IN RAW);
exec dbms_xs_sessions_ffi.set_inactivity_timeout('4973DC2F46B643F6913A7C5D99AF78CF', 10);
 
SET_SESSION_COOKIE
Set the cookie, which must be a unique string, for the session specified by sessionid dbms_xs_sessions_ffi.dbms_xs_sessions.set_session_cookie(
cookie    IN VARCHAR2,
sessionid IN RAW);
TBD
 
SWITCH_USER
Switch / proxy from current user to another user in currently assigned RAS session dbms_xs_sessions.switch_user (
username         IN VARCHAR2,
keep_state       IN BOOLEAN,
namespaces       IN xs$name_list,
attributes       IN xs$list,
attribute_values IN xs$list);
TBD

Related Topics
Built-in Functions
Built-in Packages
DBMS_XS_PRINCIPALS
DBMS_XS_SESSIONS
DBMS_XS_SIDP
DBMS_XS_SYSTEM
DBMS_XS_SYSTEM_FFI
XS_ACL
XS_ADMIN_UTIL
XS_DATA_SECURITY
XS_DATA_SECURITY_UTIL
XS_DIAG
XS_DIAG_INT
XS_NAMESPACE
XS_PRINCIPAL
XS_SECURITY_CLASS
What's New In 19c
What's New In 20c-21c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2021 Daniel A. Morgan All Rights Reserved
  DBSecWorx