Skip to Main Content

APEX

Throttle message displayed on Login page but the seconds value does not count down remaining seconds

NazbitDec 13 2021

Hi,
I wonder if anyone might be able to help with this?
I am having a problem with my login page when incorrect credentials are entered the throttling message "Invalid Login Credentials Please wait 5 seconds to login again." Is being displayed as expected BUT the numeric seconds value in the warning message does not count down the remaining seconds until the user can login again.
E.G: It says 5 seconds as rendered and stays at that value forever when it should say 5…4, 3, 2, 1.
I found a couple of similar threads where it was identified that the relevant JS has not been rendered on the page but no solution was discussed:
https://community.oracle.com/tech/developers/discussion/2499214/problem-with-login-throttle-counter-on-login-page
https://community.oracle.com/tech/developers/discussion/2499500/wiered-security-on-login-page-change-page-alias-change-page-type
So to give some more detail of the problem and what I have found, I have an app which uses two step login process which I have split across two public pages.
P9999 - Login Step 1 - Collect some credentials, verify against an external webservice and branch to Step 2
P9998 - Login Step 2 - Collect more credentials and then Calls apex_authentication.login like any other apex login page
The login page setting under App Builder > Application Properties is set to P9998 Login Step 1 as this is to be the initial landing page for new / expired / logged out sessions.
The actual login functionality is all working fine.
Just when we have cause to display the throttling message it is displayed with static values and does not count down. It appears that the javascript to do the throttle count down is missing from the page (see above URLS) but I don't know enough about JS to re add it to the page manually.
So I tried to dig more in to the underlying cause of the missing JS.
It seems like the reason for the missing JS in the page rendering is coming from the PAGE_FUNCTION on the view APEX_APPLICATION_PAGES:
PAGE_NO PAGE_FUNCTION
9999 Login
9998 Dynamic HTML
That view is sourcing this data from PAGE_COMPONENT_MAP on WWV_FLOW_STEPS:
ID FLOW_ID COMPONENT_MAP
9999 200 12
9998 200 10
(10 = Dynamic HTML, 12 = LOGIN)
I think to be able to solve my problem and get the JS rendered on the login page to count down seconds as expected, I need to have both login pages (9999 and 9998) set to WWV_FLOW_STEPS.COMPONENT_MAP = 12 and by extension APEX_APPLICATION_PAGES.PAGE_FUNCTION = 'Login'.
Does that seem right?
I can’t get much further than this to see what is setting the Component Map and what criteria it is based on because the package bodies are wrapped and so do not show up in the source tables. Unwrapping them will be very time consuming and possibly a license violation too.
I think I can solve this problem in two ways:
Hopefully someone might know how to get the component map set to 12 for both of my login pages rather than just step 1?
Or does anyone know how to add the necessary JS to my Step 2 page manually to allow the throttle message to count down the remaining seconds?
Thanks for reading and I hope I've explained the problem clearly enough.
Oracle Apex Version 20.1.0.00.13
Oracle Database 18.0.0.0.0
Oracle REST Data Services 19.2.0.r1991647
Tomcat 9.0.37

This post has been answered by Nazbit on Dec 13 2021
Jump to Answer
Comments
Post Details
Added on Dec 13 2021
8 comments
268 views