Friday Oct 02, 2015

Oracle Mobile Developer Certification Exam Now Available

We are happy to announce the availability of the Oracle Mobile Development Essential Certification Exam.

Get an official Oracle Certification acknowledging your Oracle MAF and mobile development capabilities.

The Oracle Mobile Development 2015 Implementation Specialist certification is designed for individuals who possess a strong foundation and expertise in implementing Oracle Mobile Development. This certification covers topics such as: Mobile Application Framework (MAF), Mobile Application Framework (MAF) Data Layer, User Interface (UI) Development, Device Services Integration, and App Security. This certification differentiates candidates in the marketplace by providing a competitive edge through proven expertise. Up-to-date training and field experience are recommended.

Get the full details about this new certification here

Note, for Oracle Partners, this exam is part of the larger Oracle Enterprise Mobility Specialization Criteria, details for that one are here.

Tuesday Sep 29, 2015

MAF and OS X El Capitan and Xcode 6

UPDATE - It's official.  The Apple Developer page Submit your apps to the App Store states "OS X El Capitan requires Xcode 7. If your app still depends on Xcode 6, you'll need to keep a partition or external hard drive with OS X Yosemite installed in order to submit from Xcode 6."  That sounds like too much effort to me, so I recommend you simply stay put on OS X Yosemite for now while the current version of MAF requires Xcode 6.

Apple today announced that OS X El Capitan will be available on Wednesday, September 30 as a free update for Mac users.

There have been reports of incompatibility between beta releases of OS X El Capitan and Xcode, with Apple suggesting a workaround on the Apple Developer Forums here. Whilst that post makes it clear that Xcode 7 will be fully supported on OS X El Capitan, it remains unclear whether Xcode 6 will be fully supported.

MAF 2.1.3 requires Xcode 6. 

As soon as OS X El Capitan is released, the MAF development team will commence certification of MAF 2.1.3 using Xcode 6 on OS X El Capitan.  Until this certification has been completed, you may wish to remain on your current OS X release.

Monday Aug 24, 2015

New Features : Oracle Mobile Security Suite Integration in Oracle MAF 2.1.3


MAF 2.1.3 provides a tighter integration with Oracle Mobile Security Suite (OMSS) integration offers capabilities like, Android Containerization, Data Leak Protection, Data Encryption, Application Tunneling, Container Authentication and Single Sign-On. Features like Containerization, Data Leak Protection and Data Encryption are already supported on iOS from previous MAF releases.

New Features

1. Support for Android Containerization

Mobile app containerization allows customers to add a standardized security layer to native mobile apps. 

The containerization process is simple, and developers do not need to change a line of code. MAF developers just need to deploy the application to OMSS, in JDeveloper or Eclipse. During the deployment, the app is first compiled and an unsigned version of the app is generated that is intended to be signed with an enterprise distribution certificate for distribution within the company. After deployment, a wrapped APK file is generated which is signed with the signing certificates which are configured in the MAF JDeveloper / Eclipse Preferences, in the Android platform section.

Enable OMSS deployment in JDeveloper 

Enable OMSS deployment in Eclipse 

2. Data Leak Protection on Android

Once a MAF app is containerized with OMSS, IT administrators can apply various data leak protection policies and restrict how and if users can share data within the app

  • Email allowed can restrict the ability to send email from an app.

  • Instant Message allowed can restrict the ability to send Instant Message from an app.

  • Video chat allowed restricts the ability to share information via services such as FaceTime.

  • Social Share allowed restricts the ability to share information via services such as Facebook or Twitter.

  • Print allowed restricts the ability of the user to print.

  • Restrict file sharing restricts the ability of the user to share files outside the secure enterprise workspace.

  • Restrict copy/paste allows copy/paste inside the secure container, containerized apps or between containerized apps, but not to apps outside the secure enterprise workspace.

  • Redirects to container allowed prevents any app outside the Mobile Security Container workspace from redirecting a URL into the container.

  • Save to media gallery allowed prevents images, videos and audio files from being saved to media gallery and photo stores.

  • Save to local contacts allowed prevents contacts inside secure enterprise workspace apps from being saved down to native device contacts app.

  • Redirects from container allowed prevents any vApp from the Mobile Security Container workspace or containerized app from redirecting a URL outside the Mobile Security Container workspace or containerized app.

3. Data Encryption on Android

OMSS Containerization provides the ability to encrypt the data stored offline within MAF android applications. Starting with 2.1.3 this functionality is available for MAF applications as well. Encrypted data storage includes application data, including files, databases, application cache, and user preferences. Developers can use MAF encryption with OMSS containerization without having to worry about double encryption. Within a containerized application, MAF frameworks delegates encryption to the container this ensures that there are no code changes needed based on whether an app is Containerized or not. 

4. Application Tunneling

MAF 2.1.3 release provides support for application tunneling through Oracle Mobile Security Suite on both Android & iOS. Application tunneling provides a secure way to access the corporate resources behind the firewall, within a mobile client, without the need of device level VPN. Tunneling functionality allows administrators to intercept, and manage, all the requests coming from a specific MAF application. Administrators can configure the requests coming from a specific URL to go through a proxy on MSAS server. They can also either completely block the requests, or redirect the requests directly to the internet.You can find more details on how to configure application tunneling in the Web Settings section of Administrative Console Guide for Oracle Mobile Security Suite.

5. Container Authentication & Single Sign-On

When Web SSO authentication type is used in MAF apps with Oracle Access Manager and Oracle WebGate used in the back-end for authentication, the end user is not challenged for credentials in the application after Container authentication. The user identity from the Container is propagated to the App and the back-end services. SSO across multiple apps in the Container is also supported, i.e. user can login once to the Container and access all the apps in the Container with out additional authentication challenges. 


Here is a quick demo which shows all three features (Android Containerization, Data Leak Protection, and File Encryption) 

Using Oracle MAF Authentication To Access Secure Services From Oracle MCS

Oracle MAF 2.1.3 release makes it easy to authenticate against Oracle Mobile Cloud Service (MCS) and access secure data from services hosted on MCS.  Below are the steps to configure MAF application to authenticate against MCS:

1. Create Login Connection : In maf-application.xml go to security tab and create a login server connection. Select authentication type as "HTTP Basic" as shown below 

create login connection

create login connection

The login server URI is of the form https://<host>:<port>/mobile/platform/users/login . You can obtain the host & port from a Mobile Backend(MBE) settings page in you MCS instance. The above URI can be used for any MBE in the MCS instance.

2.  Configure Custom Header : During authentication MCS requires a custom header with the MBE id to be injected with the request. Configure the header in the Custom Headers tab  as follows:

configure custom header

You can get the MBE Id from the MBE settings page in MCS. The header name should be "Oracle-Mobile-Backend-Id"

3. Configure Security Policy : Now that we have the login connection created, the next step is to create a connection to API end point on MCS.  In the Web Service Security Policies section :

  1. Create a REST/HTTP Connection to an API end point in connections.xml, in the example below it's named "fiftechnician".  
  2. Associate the "fiftechnician" connection with the login connection created in steps 1 & 2. This allows the framework to inject the user identity obtained during authentication for any service calls to the connection.    
  3. In the "Policy" column, double click on the pencil icon to launch a dialog to select the security policy to be used for the connection. Select "oracle/wss_http_token_client_policy". This policy can be used for Basic-Auth protected connections with either HTTP and HTTPS. 
configure security policy

select the correct policy :

configure security policy

The above steps would allow mobile app developers using MAF to securely access data from API hosted on MCS through simple configuration without writing any code and be assured that you are following security best practices.

Tuesday Apr 28, 2015

Oracle MAF 2.1.2 Released

Our mobile development team has been busy continuously improving the framework we provide you. Last month we released Oracle MAF 2.1.1 and this month we are releasing Oracle MAF 2.1.2. This is part of Oracle's commitment to a much faster release cycle for our mobile customers.

This new version is a minor release with no major new features, but it contain several fixes for issues you might have ran into, so check out our 2.1.2 release notes

As always, you should get the extension using the help->check for updates option in JDeveloper. 

Wednesday Apr 22, 2015

New Oracle University MAF Virtual Course : April 29 - May 1st

Looking for a way to skill-up on mobile development? Attend the Oracle Mobile Application Framework: Develop Mobile Apps course (now updated for MAF 2.1) where you'll learn how to develop real-world mobile applications that run in HTML5 on iOS or Android, access data from a variety of data sources including REST, and ensure your mobile application is secure, performant, and engaging.

Sign up today to take the course from the comfort of your own desk and spend April 29-May 1 learning how to build your organization's next great application without having to code for multiple platforms or form factors.

Follow this link to get more info


This blog is is dedicated to announcements,tips and tricks and other items related to developing, integrating, securing, and managing mobile applications using Oracle's Mobile Platform. It is created and maintained by the Oracle Mobile product development team.

Archive of past entries

Even More Mobile Development Blogs

Oracle A-Team Site - Mobile Related Entries

Code samples from the Community

Fusion Middleware Blogs


« October 2015