Security
Blogbuster Treasures Hunt: Blog entries from the lost Orablogs blog for download
Friday, May 16th, 2008Nikolay Smirnov is not only a frequent reader of my blogging, but also turned out to be a collector of its content. As if he knew what would happen to orablogs, he kept on copy and pasting the blog content to a Word document since 2006. The document became big and has the quality of […]
How-to access username and password protected Java EE Web services from ADF
Wednesday, December 12th, 2007Some papers have a longer writing cycle that others, and so was this. Its not a long paper, but I actually got on and off far too often while writing it. I started writing while preparing for my OOW 2007 session in which I presented the integration of ADF in SOA. A good portion of […]
ADF Security: Authorizing ExecuteWithParams
Wednesday, October 31st, 2007ExecuteWithParams didn't work with ADF Security enabled in JDeveloper versions up to 10.1.3.2. In JDeveloper 10.1.3.3 this issue got fixed. Still there is no need to explicitly authorize the ExecuteWithParams action. However, while this works in my testcase - the same I used to report the bug in JDeveloper 10.1.3.2 - feedback I see on [...]
Mind the Gap: Application Security in AJAX
Wednesday, October 3rd, 2007I recently published a security article article called "Mind the Gap: Application Security in AJAX" on the AjaxWorld Magazine where I expressed my views on security in Ajax and what needs to be done to make Ajax a secure environment.
If you happen to be in San Francisco for Oracle Open World 2007: I'll be [...]
ADF Faces: Detecting and handling user session expiry
Wednesday, August 22nd, 2007A frequent question on the JDeveloper OTN forum, and also one that has been asked by customers directly, is how to detect and graceful handle user session expiry due to user inactivity. The problem of user inactivity is that there is no way in JavaEE for the server to call the client when the session [...]
