Security
How-to protect your ADF pages
Monday, March 8th, 2010A great discussion on the JDeveloper forum on OTN brough a new addition to ADF application security that I like to share.
Chapter 30 of the Oracle® Fusion Middleware Fusion Developer’s Guide for Oracle Application Development Framework 11g Release 1 explains the JAAS protection mechanism for ADF pages and Task Flows. In here it [...]
Framebursting: A well documented by still unknown ADF Faces Feature
Thursday, September 24th, 2009Customers – internal and external – who try to run ADF Faces applications within a frame may experience problems if using JDeveloper 11g. The reason for this is click protection, which by default is enabled for ADF Faces applications and that should prevent your application from being wrapped by 3rd party sites. So in case [...]
ADF Code Corner: How to deploy ADF Security protected ADF applications to WLS
Thursday, July 30th, 2009I just added a new Camtesia video to ADF Code Corner that goes over the process of deploying ADF Security protected applications to WLS using Oracle Enterprise Manager (OEM) Fusion Middleware Control. For those familiar with ADF Security, I used an internal build, which is an early copy of the next version on Oracle JDeveloper [...]
ADF Security – Authorization
Wednesday, October 22nd, 2008The third of five camtesia videos that cover ADF Security is online. This third mini lesson talks about how to configure authorization in ADF Security in JDeveloper 11
[Watch it]
1 Container Managed Security
2 ADF Security Overview
3 ADF Security Authorization
4 Security Expressions
5 ADF BC Security
Frank
ADF Code Corner
Blogbuster Treasures Hunt: Blog entries from the lost Orablogs blog for download
Friday, May 16th, 2008Nikolay Smirnov is not only a frequent reader of my blogging, but also turned out to be a collector of its content. As if he knew what would happen to orablogs, he kept on copy and pasting the blog content to a Word document since 2006. The document became big and has the quality of [...]
How-to access username and password protected Java EE Web services from ADF
Wednesday, December 12th, 2007Some papers have a longer writing cycle that others, and so was this. Its not a long paper, but I actually got on and off far too often while writing it. I started writing while preparing for my OOW 2007 session in which I presented the integration of ADF in SOA. A good portion of [...]
ADF Security: Authorizing ExecuteWithParams
Wednesday, October 31st, 2007ExecuteWithParams didn't work with ADF Security enabled in JDeveloper versions up to 10.1.3.2. In JDeveloper 10.1.3.3 this issue got fixed. Still there is no need to explicitly authorize the ExecuteWithParams action. However, while this works in my testcase - the same I used to report the bug in JDeveloper 10.1.3.2 - feedback I see on [...]
Mind the Gap: Application Security in AJAX
Wednesday, October 3rd, 2007I recently published a security article article called "Mind the Gap: Application Security in AJAX" on the AjaxWorld Magazine where I expressed my views on security in Ajax and what needs to be done to make Ajax a secure environment.
If you happen to be in San Francisco for Oracle Open World 2007: I'll be [...]
ADF Faces: Detecting and handling user session expiry
Wednesday, August 22nd, 2007A frequent question on the JDeveloper OTN forum, and also one that has been asked by customers directly, is how to detect and graceful handle user session expiry due to user inactivity. The problem of user inactivity is that there is no way in JavaEE for the server to call the client when the session [...]
