Recommended Approach to Secure your ADFdi Spreadsheets
By Juan Camilo Ruiz on May 05, 2010
An ADF Desktop Integration client spreadsheet accesses the Application Server container where the ADF application has been deployed. When this client needs to access resources on the server Application Server security needs to be enforced. In this article I discuss a good security practice for your existing as well as any new spreadsheets that you create in order to make sure we are aware of possible security vulnerabilities.
ADF Desktop Integration uses the adfdiRemoteServlet to process and send request back and fort from and to the ADFmodel which is allocated in the Java EE container where our application is deployed. In other words this is one of the entry points to the application server.
So what is needed?
After securing your application.
Verify the resulting Security Constraints defined on the Web.xml file. In particular for an ADFdi application look for a constraint that has the /adfdiRemoteServlet URL Pattern. If you find one you are good to go.
If you don’t have this constraint you need to create it. Fortunately JDeveloper 11g provides a nice visual editor and an easy way to do this. Open the web.xml file and go to the security category
Add a new Web Resource Collection give it a meaningful name and on the URL Pattern add /adfdiRemoteServlet click on the Authorization tab and make sure the valid-users role is selected for authorization and Voila! your application is set to fire container-based security on client calls coming to the ADFdi remote servlet .