Presentation is loading. Please wait.

Presentation is loading. Please wait.

8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure.

Published byEunice Poole Modified over 8 years ago

Similar presentations

Presentation on theme: "8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure."— Presentation transcript:

1 8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure

2 8-2 Copyright © 2004, Oracle. All rights reserved. Objectives After completing this lesson, you should be able to do the following: Define Java Authentication and Authorization Services (JAAS) Define security issues with respect to Web applications Use ADF Model Security design-time features Use the ADF Business Components Browser to test your security model

3 8-3 Copyright © 2004, Oracle. All rights reserved. Goals of J2EE Security Architecture To decouple security logic from application logic To maintain platform and vendor independence To ensure fine-grained access control to resources To enable portable and secure Web applications

4 8-4 Copyright © 2004, Oracle. All rights reserved. Overview of J2EE Security Architecture Use JAAS APIs to: Authenticate a client to access the system –Determine who the user is. –Can they prove it? Authorize clients to access resources –Determine the role of the authenticated user. –What actions can a user perform? Read/Write Application Authentication Authorization User

5 8-5 Copyright © 2004, Oracle. All rights reserved. Java Authentication and Authorization Services JAAS is a framework that: –Provides a Java API package to enable applications to authenticate and enforce security –Allows definition of logical security names (principals) that are mapped to users or roles defined in the run-time environment –Allows fine-grained authorization to manage how clients can access resources A JAAS provider implements the JAAS framework and applies the Java2 Security Model.

6 8-6 Copyright © 2004, Oracle. All rights reserved. Java Authentication and Authorization Services JAAS supports the following authorization, authentication, and user community (realm) features: –Principals –Subjects –Login module authentication –Roles –Realms –Policies and permissions JDeveloper provides wizards and dialogs that help manage these objects.

7 8-7 Copyright © 2004, Oracle. All rights reserved.

8 8-8 Copyright © 2004, Oracle. All rights reserved. JDeveloper, JAAS, and Securing the ADF Model JDeveloper provides application security by using JAAS. ADF Business Components use the JAAS security definitions to enforce security in the model. You can set access roles on entities and attributes. The ADF Business Component Browser uses this property to control model security during development and testing. JDeveloper deployment uses these access roles to build deployment descriptors.

9 8-9 Copyright © 2004, Oracle. All rights reserved. Enabling JAAS Authentication for ADF Business Components Set the jbo.security.enforce application property to enable authentication and authorization. Select –None: No authentication –Test: Will test the login scheme but will not authenticate users –Must: Full authentication –Auth: Full authentication and authorization Modify java.security to use the Oracle login provider.

10 8-10 Copyright © 2004, Oracle. All rights reserved. The jbo.security.enforce Application Property 1.Select the Application Module Configuration Editor. 2.Click the Properties tab. 3.Set the jbo.security.enforce property.

11 8-11 Copyright © 2004, Oracle. All rights reserved. Setting Entity Permissions

12 8-12 Copyright © 2004, Oracle. All rights reserved. Entity Privileges The users role can update new rows. The administrators role can update any rows. The guests role can only read any row.

13 8-13 Copyright © 2004, Oracle. All rights reserved. Attribute Permissions Attributes inherit entity permissions. Permissions can be overridden at the attribute level. The most restrictive permissions apply—for example: –If you set read-only at the entity level, you cannot set update at the attribute level. –Update at the entity level can have read-only at the attribute level.

14 8-14 Copyright © 2004, Oracle. All rights reserved. Using the Business Components Browser Choose Test from the Application Module context menu. Choose AppModuleLocal for the testing configuration.

15 8-15 Copyright © 2004, Oracle. All rights reserved. Testing Entity and Attribute Authorization

16 8-16 Copyright © 2004, Oracle. All rights reserved. Summary In this lesson, you should have learned how to: Set the login configurator for ADF BC applications Enable JAAS authentication for ADF BC Add users and roles Add role-specific permissions to entities and attributes Test an ADF BC application security scheme

17 8-17 Copyright © 2004, Oracle. All rights reserved. Practice 8-1: Overview This practice covers the following topics: Setting up SSO authentication Creating users and roles Adding authorizations Testing the authorizations

18 8-18 Copyright © 2004, Oracle. All rights reserved. Practice 8-1

Download ppt "8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure."

Similar presentations

11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.

11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.
3 Copyright © 2005, Oracle. All rights reserved. Designing J2EE Applications.

3 Copyright © 2005, Oracle. All rights reserved. Designing J2EE Applications.
6 Copyright © 2005, Oracle. All rights reserved. Building Applications with Oracle JDeveloper 10g.

6 Copyright © 2005, Oracle. All rights reserved. Building Applications with Oracle JDeveloper 10g.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Lesson 3: Managing User Access and Security (Cache Administrators only)

Lesson 3: Managing User Access and Security (Cache Administrators only)
Copyright  Oracle Corporation, 1998. All rights reserved. 1 Creating an Application: The AppBuilder for Java IDE.

Copyright  Oracle Corporation, All rights reserved. 1 Creating an Application: The AppBuilder for Java IDE.
Copyright Ó Oracle Corporation, 1999. All rights reserved. 2222 Sharing Objects and Code.

Copyright Ó Oracle Corporation, All rights reserved Sharing Objects and Code.
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.

4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.

3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.
J2EE Security and Enterprise Java Beans Mrunal G. Dhond Department of Computing and Information Sciences Master of Science, Final Defense February 26,

J2EE Security and Enterprise Java Beans Mrunal G. Dhond Department of Computing and Information Sciences Master of Science, Final Defense February 26,
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1999 by Carnegie.

Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999 by Carnegie.
23 Copyright © 2004, Oracle. All rights reserved. Sharing Objects and Code.

23 Copyright © 2004, Oracle. All rights reserved. Sharing Objects and Code.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
2 Copyright © 2009, Oracle. All rights reserved. Getting Started with Warehouse Builder.

2 Copyright © 2009, Oracle. All rights reserved. Getting Started with Warehouse Builder.
Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.

Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.
C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.

C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.
4 Copyright © 2009, Oracle. All rights reserved. Designing Mappings with the Oracle Data Integration Enterprise Edition License.

4 Copyright © 2009, Oracle. All rights reserved. Designing Mappings with the Oracle Data Integration Enterprise Edition License.
Copyright 2000 eMation SECURITY - Controlling Data Access with

Copyright 2000 eMation SECURITY - Controlling Data Access with

Similar presentations

Ads by Google