Recommended Approach to Secure your ADFdi Spreadsheets

An ADF Desktop Integration client spreadsheet accesses the Application Server container where the ADF application has been deployed. When this client needs to access resources on the server Application Server security needs to be enforced. In this article I discuss a good security practice for your existing as well as any new spreadsheets that you create in order to make sure we are aware of possible security vulnerabilities.

ADF Desktop Integration uses the adfdiRemoteServlet to process and send request back and fort from and to the ADFmodel which is allocated in the Java EE container where our application is deployed. In other words this is one of the entry points to the application server.

So what is needed?

After securing your application.

(Please see http://download.oracle.com/docs/cd/E15523_01/web.1111/b31974/adding_security.htm#BGBGJEAH)

Verify the resulting Security Constraints defined on the Web.xml file. In particular for an ADFdi application look for a constraint that has the /adfdiRemoteServlet URL Pattern. If you find one you are good to go.

image

If you don’t have this constraint you need to create it. Fortunately JDeveloper 11g provides a nice visual editor and an easy way to do this. Open the web.xml file and go to the security category

image

Add a new Web Resource Collection give it a meaningful name and on the URL Pattern add /adfdiRemoteServlet click on the Authorization tab and make sure the valid-users  role is selected for authorization and Voila! your application is set to fire container-based security on client calls coming to the ADFdi remote servlet .

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

me
A blog that explores features, tips and tricks of ADF and JDeveloper by Juan Camilo Ruiz, Product Manager on the ADF and JDeveloper team
Follow me:
Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today