X

The Latest Technology Stack News Directly from EBS Development

AppsDataSource and Java Authentication and Authorization Service for Oracle E-Business Suite

Steven Chan
Senior Director
simplified architecture diagram showing client - app tier - database tier

[March 1, 2010: Patch 8571001 also includes extended error logging routines for use with external Java EE programs.  Patch  8571001 hasn't changed, but Note 974949.1 has just been updated to include documentation for error logging, as well as some improvements based on feedback I've been getting.  Keep that feedback coming!]

Guest Author: Sara Woodhull

Oracle Application Object Library recently added new standard Java datasource and Java Authentication and Authorization Service (JAAS) features to Oracle E-Business Suite in Patch 8571001. These features are meant for use with Java EE programs deployed in application servers on external nodes; that is, nodes other than those where Oracle E-Business Suite middle tier is installed. These are lightweight implementations that can be used on an external application server without needing to install an entire Oracle E-Business Suite instance on the application server machine.

These features can be used with either Release 11i or Release 12.  For details, see:

AppsDataSource

The AppsDataSource standard data source enables access to the Oracle E-Business Suite APPS database schema from external Java EE environments without sharing the APPS schema password. Since the APPS database password is typically changed frequently, using these data sources insulates such programs from having to change their authentication information. Using these data sources also helps prevent wide exposure of the APPS password.

Using these standard data sources lets you control access to Oracle E-Business Suite data at the APPS schema level. For example, you can use AppsDataSource with BPEL processes and Oracle Service Bus services in Oracle Fusion Middleware. Within Oracle E-Business Suite, the AppsDataSource is used to control APPS database access as part of the integration of Oracle E-Business Suite with Oracle Access Manager using Oracle E-Business Suite AccessGate.

When using the AppsDataSource feature, access to the APPS database is controlled using a dedicated Oracle E-Business Suite user name and password ("applications user", also known as an "FND user") instead of the APPS password. This allows centralized maintenance of the APPS password and provides additional controls on who can access the APPS account.

Java Authentication and Authorization Service (JAAS)

Oracle E-Business Suite contains a repository of application users (FND users) and their associated roles (authorization for access to certain functional areas of the product). If you are developing a custom or third-party Java EE application to integrate with Oracle E-Business Suite, and you want to use that existing repository of users and roles for authentication and authorization for your Java EE application, you can use the Oracle E-Business Suite implementation of Java Authentication and Authorization Service (JAAS). This feature is intended to secure an HTTP resource or piece of application functionality at the Oracle E-Business Suite user level.

Authenticating a Java application via JAAS

For example, suppose you want to build a Java EE application using Oracle Fusion Middleware to integrate with Oracle E-Business Suite data. You would use both AppsDataSource and JAAS so you can secure who has access to your application functionality based on usernames and roles already in Oracle E-Business Suite.

The following diagram shows the relationship between the AppsDataSource and JAAS features and how users and roles are used in the JAAS and AppsDataSource setups:

Relationship between AppsDataSource and JAAS features and how users and roles are used in their setups

 

  • There are two different users, A (with Specialist role) and B (with Manager role), accessing a pr