8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure.

Slides:



Advertisements
Similar presentations
11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.
Advertisements

3 Copyright © 2005, Oracle. All rights reserved. Designing J2EE Applications.
6 Copyright © 2005, Oracle. All rights reserved. Building Applications with Oracle JDeveloper 10g.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Lesson 3: Managing User Access and Security (Cache Administrators only)
Copyright  Oracle Corporation, All rights reserved. 1 Creating an Application: The AppBuilder for Java IDE.
Copyright Ó Oracle Corporation, All rights reserved Sharing Objects and Code.
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.
J2EE Security and Enterprise Java Beans Mrunal G. Dhond Department of Computing and Information Sciences Master of Science, Final Defense February 26,
Lesson 4: Configuring File and Share Access
Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999 by Carnegie.
23 Copyright © 2004, Oracle. All rights reserved. Sharing Objects and Code.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
2 Copyright © 2009, Oracle. All rights reserved. Getting Started with Warehouse Builder.
Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.
C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.
4 Copyright © 2009, Oracle. All rights reserved. Designing Mappings with the Oracle Data Integration Enterprise Edition License.
Copyright 2000 eMation SECURITY - Controlling Data Access with
Message-Driven Beans and EJB Security Lesson 4B / Slide 1 of 37 J2EE Server Components Objectives In this lesson, you will learn about: Identify features.
第十四章 J2EE 入门 Introduction What is J2EE ?
Security Planning and Administrative Delegation Lesson 6.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
Module 6: Configuring User Environments Using Group Policy.
Higher Express Banner-APEX Integration Framework
3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.
Creating competitive advantage Copyright © 2003 Enterprise Java Beans Presenter: Wickramanayake HMKSK Version:0.1 Last Updated:
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Copyright Ó Oracle Corporation, All rights reserved Working with Other Canvases.
3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.
Access control 2/18/2009. TOMCAT Security Model Declarative Security:  the expression of application security external to the application, and it allows.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
12 Copyright © 2009, Oracle. All rights reserved. Managing Backups, Development Changes, and Security.
3 Copyright © 2009, Oracle. All rights reserved. Understanding the Warehouse Builder Architecture.
Preface IIntroduction Objectives I-2 Course Overview I-3 1Oracle Application Development Framework Objectives 1-2 J2EE Platform 1-3 Benefits of the J2EE.
1 Copyright © 2004, Oracle. All rights reserved. Oracle Application Development Framework.
13 Copyright © 2004, Oracle. All rights reserved. Adding Validation and Error Handling.
23 Copyright © 2009, Oracle. All rights reserved. Oracle Business Intelligence Answers: Advanced Features.
17 Copyright © 2004, Oracle. All rights reserved. Deploying an ADF Application.
Modern Programming Language. Web Container & Web Applications Web applications are server side applications The most essential requirement.
DEVELOPING ENTERPRISE APPLICATIONS USING EJB
Presentation Title Subtitle DSpace UI Prototype 7 Spring, Angular.js, and the DSpace REST API.
Copyright © 2007, Oracle. All rights reserved. Implementing Role-Based Security.
15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.
Creating competitive advantage Copyright © 2003 Enterprise Java Beans Presenter: Wickramanayake HMKSK Version:0.1 Last Updated:
10 Copyright © 2004, Oracle. All rights reserved. Building ADF View Components.
29 Copyright © 2009, Oracle. All rights reserved. Administering the Oracle Business Intelligence Presentation Catalog.
22 Copyright © 2009, Oracle. All rights reserved. Filtering Requests in Oracle Business Intelligence Answers.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Copyright © 2007, Oracle. All rights reserved. Managing Items and Item Catalogs.
2 Copyright © 2004, Oracle. All rights reserved. ADF Development Process.
6 Copyright © 2007, Oracle. All rights reserved. Managing Security and Metadata.
8 Copyright © 2005, Oracle. All rights reserved. Managing Schema Objects.
3 Copyright © 2006, Oracle. All rights reserved. Building an Analytic Workspace.
7 Copyright © 2006, Oracle. All rights reserved. Defining a Relational Dimensional Model.
17 Copyright © 2006, Oracle. All rights reserved. Information Publisher.
2 Copyright © Oracle Corporation, All rights reserved. Basic Oracle Net Architecture.
I Copyright © 2004, Oracle. All rights reserved. Introduction.
16 Copyright © 2004, Oracle. All rights reserved. Building ADF UIX View Components.
2 Copyright © 2008, Oracle. All rights reserved. Building the Physical Layer of a Repository.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Packaging and Deploying Windows Applications
ORACLE ADF ONLINE TRAINING COURSE
Lesson 4: Configuring File and Share Access
CRIC ・ Authentication & Authorization
Component-based Applications
Component Technology Bina Ramamurthy 2/25/2019 B.Ramamurthy.
Access Control What’s New?
Presentation transcript:

8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure

8-2 Copyright © 2004, Oracle. All rights reserved. Objectives After completing this lesson, you should be able to do the following: Define Java Authentication and Authorization Services (JAAS) Define security issues with respect to Web applications Use ADF Model Security design-time features Use the ADF Business Components Browser to test your security model

8-3 Copyright © 2004, Oracle. All rights reserved. Goals of J2EE Security Architecture To decouple security logic from application logic To maintain platform and vendor independence To ensure fine-grained access control to resources To enable portable and secure Web applications

8-4 Copyright © 2004, Oracle. All rights reserved. Overview of J2EE Security Architecture Use JAAS APIs to: Authenticate a client to access the system –Determine who the user is. –Can they prove it? Authorize clients to access resources –Determine the role of the authenticated user. –What actions can a user perform? Read/Write Application Authentication Authorization User

8-5 Copyright © 2004, Oracle. All rights reserved. Java Authentication and Authorization Services JAAS is a framework that: –Provides a Java API package to enable applications to authenticate and enforce security –Allows definition of logical security names (principals) that are mapped to users or roles defined in the run-time environment –Allows fine-grained authorization to manage how clients can access resources A JAAS provider implements the JAAS framework and applies the Java2 Security Model.

8-6 Copyright © 2004, Oracle. All rights reserved. Java Authentication and Authorization Services JAAS supports the following authorization, authentication, and user community (realm) features: –Principals –Subjects –Login module authentication –Roles –Realms –Policies and permissions JDeveloper provides wizards and dialogs that help manage these objects.

8-7 Copyright © 2004, Oracle. All rights reserved.

8-8 Copyright © 2004, Oracle. All rights reserved. JDeveloper, JAAS, and Securing the ADF Model JDeveloper provides application security by using JAAS. ADF Business Components use the JAAS security definitions to enforce security in the model. You can set access roles on entities and attributes. The ADF Business Component Browser uses this property to control model security during development and testing. JDeveloper deployment uses these access roles to build deployment descriptors.

8-9 Copyright © 2004, Oracle. All rights reserved. Enabling JAAS Authentication for ADF Business Components Set the jbo.security.enforce application property to enable authentication and authorization. Select –None: No authentication –Test: Will test the login scheme but will not authenticate users –Must: Full authentication –Auth: Full authentication and authorization Modify java.security to use the Oracle login provider.

8-10 Copyright © 2004, Oracle. All rights reserved. The jbo.security.enforce Application Property 1.Select the Application Module Configuration Editor. 2.Click the Properties tab. 3.Set the jbo.security.enforce property.

8-11 Copyright © 2004, Oracle. All rights reserved. Setting Entity Permissions

8-12 Copyright © 2004, Oracle. All rights reserved. Entity Privileges The users role can update new rows. The administrators role can update any rows. The guests role can only read any row.

8-13 Copyright © 2004, Oracle. All rights reserved. Attribute Permissions Attributes inherit entity permissions. Permissions can be overridden at the attribute level. The most restrictive permissions apply—for example: –If you set read-only at the entity level, you cannot set update at the attribute level. –Update at the entity level can have read-only at the attribute level.

8-14 Copyright © 2004, Oracle. All rights reserved. Using the Business Components Browser Choose Test from the Application Module context menu. Choose AppModuleLocal for the testing configuration.

8-15 Copyright © 2004, Oracle. All rights reserved. Testing Entity and Attribute Authorization

8-16 Copyright © 2004, Oracle. All rights reserved. Summary In this lesson, you should have learned how to: Set the login configurator for ADF BC applications Enable JAAS authentication for ADF BC Add users and roles Add role-specific permissions to entities and attributes Test an ADF BC application security scheme

8-17 Copyright © 2004, Oracle. All rights reserved. Practice 8-1: Overview This practice covers the following topics: Setting up SSO authentication Creating users and roles Adding authorizations Testing the authorizations

8-18 Copyright © 2004, Oracle. All rights reserved. Practice 8-1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.