Oracle  DBMS_XS_SESSIONS_FFI
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Real Application Security. Similar to DBMS_XS_SESSIONS with the exception that major procs contain parameters for providing attributes and their corresponding values
AUTHID CURRENT_USER
Dependencies
DBMS_XSS_LIB XS$LIST XS$NAME_LIST
DBMS_XS_SESSIONS    
Documented No
Exceptions
Error Code Reason
ORA-46063 Not attached to XS Security session
First Available 12.1
Security Model Owned by SYS with no privileges granted. This package is visible in CDB$ROOT but not in a PDB.
Source {ORACLE_HOME}/rdbms/admin/prvtkzxs.plb
Subprograms
ADD_GLOBAL_CALLBACK DELETE_NAMESPACE REAUTH_SESSION
ASSIGN_USER DESTROY_SESSION RESET_ATTRIBUTE
ATTACH_SESSION DETACH_SESSION SAVE_SESSION
CREATE_ATTRIBUTE DISABLE_ROLE SET_ATTRIBUTE
CREATE_NAMESPACE ENABLE_GLOBAL_CALLBACK SET_INACTIVITY_TIMEOUT
CREATE_SESSION ENABLE_ROLE SET_SESSION_COOKIE
DELETE_ATTRIBUTE GET_ATTRIBUTE SWITCH_USER
DELETE_GLOBAL_CALLBACK GET_SESSIONID_FROM_COOKIE  
 
ADD_GLOBAL_CALLBACK
Registers a PL/SQL procedure as the event handler with the session operation specified by the event_type parameter dbms_xs_sessions_ffi.add_global_callback(
event_type         IN PLS_INTEGER,
callback_schema    IN VARCHAR2,
callback_package   IN VARCHAR2,
callback_procedure IN VARCHAR2);
TBD
 
ASSIGN_USER
Assigns a named application user to the currently attached anonymous application session including attributes and attribute values dbms_xs_sessions_ffi.assign_user(
username              IN VARCHAR2,
is_external           IN BOOLEAN,
enable_dynamic_roles  IN xs$name_list,
disable_dynamic_roles IN xs$name_list,
external_roles        IN xs$name_list,
authentication_time   IN TIMESTAMP WITH TIME ZONE,
namespaces            IN xs$name_list,
attributes            IN xs$list
attribute_values      IN xs$list);
TBD
 
ATTACH_SESSION
Attach to an already created RAS session specified by the sessionid including attributes and attribute values dbms_xs_sessions_ffi.dbms_xs_sessions.attach_session(
sessionid             IN RAW,
enable_dynamic_roles  IN xs$name_list,
disable_dynamic_roles IN xs$name_list,
external_roles        IN xs$name_list,
authentication_time   IN TIMESTAMP WITH TIME ZONE,
namespaces            IN xs$name_list,
attributes            IN xs$list
attribute_values      IN xs$list);
TBD
 
CREATE_ATTRIBUTE
Creates a new custom attribute in the specified namespace in the currently attached application session dbms_xs_sessions_ffi.dbms_xs_sessions.create_attribute(
namespace IN VARCHAR2,
attribute IN VARCHAR2,
value     IN VARCHAR2,
eventreg  IN PLS_INTEGER);
TBD
 
CREATE_NAMESPACE
Creates a new namespace in the currently attached application session dbms_xs_sessions_ffi.create_namespace(namespace IN VARCHAR2);
-- log in and attach to a RAS session

exec dbms_xs_sessions_ffi.create_namespace('UWNS');

exec dbms_xs_sessions_ffi.delete_namespace('UWNS');
 
CREATE_SESSION
Create a RAS session with specified 128 char case sensitive username string including attributes and attribute values dbms_xs_sessions_ffi.create_session(
username         IN         VARCHAR2,
sessionid        OUT NOCOPY RAW,
is_external      IN         BOOLEAN,
is_trusted       IN         BOOLEAN,
namespaces       IN         xs$name_list,
attributes       IN         xs$list
attribute_values IN         xs$list
cookie           IN         VARCHAR2);
TBD
 
DELETE_ATTRIBUTE
Deletes the specified attribute and its associated value from the specified namespace in the currently attached session dbms_xs_sessions_ffi.dbms_xs_sessions.delete_attribute(
namespace IN VARCHAR2,
attribute IN VARCHAR2);
TBD
 
DELETE_GLOBAL_CALLBACK
Deletes the global callback procedure for the session event specified by event_type dbms_xs_sessions_ffi.delete_global_callback(
event_type         IN PLS_INTEGER,
callback_schema    IN VARCHAR2 DEFAULT NULL,
callback_package   IN VARCHAR2 DEFAULT NULL,
callback_procedure IN VARCHAR2 DEFAULT NULL);
TBD
 
DELETE_NAMESPACE
Delete the specified namespace from the currently attached RAS session dbms_xs_sessions_ffi.delete_namespace(namespace IN VARCHAR2);
See CREATE_NAMESPACE Demo Above
 
DESTROY_SESSION
Implicitly detaches all traditional sessions from the application session and destroys the specified session dbms_xs_sessions_ffi.destroy_session(
sessionid IN RAW,
force     IN BOOLEAN DEFAULT FALSE);
TBD
 
DETACH_SESSION
Detaches the current traditional database session from the application session to which it is attached dbms_xs_sessions_ffi.detach_session(abort IN BOOLEAN DEFAULT FALSE);
TBD
 
DISABLE_ROLE
Disables a real application role from the specified application session dbms_xs_sessions_ffi.disable_role(role IN VARCHAR2);
exec xs_principal.create_role('RAS_ROLE', TRUE, SYSDATE, SYSDATE+30, description=>'RAS Test Role');
exec dbms_xs_sessions_ffi.enable_role('RAS_ROLE');
exec dbms_xs_sessions_ffi.disable_role('RAS_ROLE');
 
ENABLE_GLOBAL_CALLBACK
Enables or disables the global callback for the session event specified by event_type dbms_xs_sessions_ffi.enable_global_callback(
event_type         IN PLS_INTEGER,
enable             IN BOOLEAN  DEFAULT TRUE,
callback_schema    IN VARCHAR2 DEFAULT NULL,
callback_package   IN VARCHAR2 DEFAULT NULL,
callback_procedure IN VARCHAR2 DEFAULT NULL);
TBD
 
ENABLE_ROLE
Enables a real application role in the currently attached application session dbms_xs_sessions_ffi.enable_role(role IN VARCHAR2);
See DISABLE_ROLE Demo Above
 
GET_ATTRIBUTE
Gets the value of the specified attribute in the namespace in the currently attached session dbms_xs_sessions_ffi.get_attribute(
namespace IN         VARCHAR2,
attribute IN         VARCHAR2,
value     OUT NOCOPY VARCHAR2);
DECLARE
 attrlist xs$ns_attribute_list;
BEGIN
  attrlist := xs$ns_attribute_list();
  attrlist.extend(2);
  attrlist(1) := xs$ns_attribute('desc', 'general');
  attrlist(2) := xs$ns_attribute(name=>'item_no',
  attribute_events => xs_namespace.firstread_event);

  sys.xs_namespace.create_template('POAttrs', attrlist, 'SH', 'order', 'fulfillment', 'sys.ns_unrestricted_acl', 'Purchase Order');
END;
/

DECLARE
 attrVal dba_xs_session_ns_attributes.attribute%TYPE;
BEGIN
  sys.dbms_xs_sessions_ffi.get_attribute('POAttrs','item_no',attrVal);
END;
/
 
GET_SESSIONID_FROM_COOKIE
Get SID for the specified cookie. Raises an exception if no session with specified cookie exists dbms_xs_sessions_ffi.dbms_xs_sessions.get_sessionid_from_cookie(
cookie    IN         VARCHAR2,
sessionid OUT NOCOPY RAW);
TBD
 
REAUTH_SESSION
Updates the last authentication time for the specified session ID as the current time dbms_xs_sessions_ffi.reauth_session(sessionid IN RAW);
exec dbms_xs_sessions_ffi.reauth_session('4973DC2F46B643F6913A7C5D99AF78CF');
 
RESET_ATTRIBUTE
Resets the value of an attribute to its default value (if present) or to NULL in the namespace in the current attached session dbms_xs_sessions.reset_attribute_ffi(
namespace IN VARCHAR2,
attribute IN VARCHAR2);
exec dbms_xs_sessions_ffi.reset_attribute('UWNS', 'item_no');
 
SAVE_SESSION
Persist the changes done in currently attached Triton session to the metadata table. It can only be performed from an attached session. dbms_xs_sessions.save_session;
dbms_xs_sessions.save_session;
 
SET_ATTRIBUTE
Sets the value for the specified attribute to the specified value in the namespace in the currently attached session dbms_xs_sessions_ffi.set_attribute(
namespace IN VARCHAR2,
attribute IN VARCHAR2,
value     IN VARCHAR2);
exec dbms_xs_sessions_ffi.set_attribute('UWNS', 'item_type', 'generic');
 
SET_INACTIVITY_TIMEOUT
Sets the inactivity timeout (in minutes) for the session which is the maximum period of  inactivity allowed before the session can be terminated and resource be reclaimed dbms_xs_sessions_ffi.set_inactivity_timeout(
time      IN NUMBER,
sessionid IN RAW);
exec dbms_xs_sessions_ffi.set_inactivity_timeout('4973DC2F46B643F6913A7C5D99AF78CF', 10);
 
SET_SESSION_COOKIE
Set the cookie, which must be a unique string, for the session specified by sessionid dbms_xs_sessions_ffi.dbms_xs_sessions.set_session_cookie(
cookie    IN VARCHAR2,
sessionid IN RAW);
TBD
 
SWITCH_USER
Switch / proxy from current user to another user in currently assigned RAS session dbms_xs_sessions.switch_user (
username         IN VARCHAR2,
keep_state       IN BOOLEAN,
namespaces       IN xs$name_list,
attributes       IN xs$list,
attribute_values IN xs$list);
TBD

Related Topics
Built-in Functions
Built-in Packages
DBMS_XS_PRINCIPALS
DBMS_XS_SESSIONS
DBMS_XS_SIDP
DBMS_XS_SYSTEM
DBMS_XS_SYSTEM_FFI
XS_ACL
XS_ADMIN_UTIL
XS_DATA_SECURITY
XS_DATA_SECURITY_UTIL
XS_DIAG
XS_DIAG_INT
XS_NAMESPACE
XS_PRINCIPAL
XS_SECURITY_CLASS
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx