Skip Headers
Oracle® Communications Network Integrity Security Guide
Release 7.1

E25444-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

4 Security Considerations for Developers

This chapter provides information for developers about how to create secure applications for Oracle Communications Network Integrity and how to extend Network Integrity without compromising its security.

About Network Integrity Security Policies

Network Integrity uses ADF security for its UI resources (JSDD or JSPX), and protects them with the NetworkIntegrityRole role. Users having this role canrun create, read, update, and delete operations on these pages. These policies can be customized in Oracle Fusion Middleware Enterprise Manager.

Secure Web Services Development

Web Services Security (WSS) is an extension to SOAP that is used to apply security to Web services. WSS describes enhancements to SOAP messaging to provide quality of protection using features like message integrity, message confidentiality, and single message authentication. You can use these mechanisms to accommodate a wide variety of security models and encryption technologies.

Network Integrity uses policies- and roles-based Web services security which means that only users who belong to the NetworkIntegrityRole role are allowed to access the Network Integrity Web services.

Show here is an example of the Network Integrity policy and role allowed.

Policy

uri="policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml", attachToWsdl=true

Roles Allowed

SecurityRole(role="NetworkIntegrityRole"

Note:

SSL port should be enabled for all Network Integrity servers for Network Integrity Web services security to work.

For secure communication between Network Integrity and Network Integrity Web services, developers must connect to Web services using SSL. The following example shows how to obtain all plug-in names using Web services:

URL url = new URL("https", ipAddress, SSLPort, "/NetworkIntegrityApp-NetworkIntegrityControlWebService-context-root/NetworkIntegrityControlServicePortType?wsdl");
 
NetworkIntegrityControlService sr = new NetworkIntegrityControlService(url, "ipdpna21", "ipdp_Na21");
 
NetworkIntegrityControlServicePortType port = sr.getNetworkIntegrityControlServicePortType();
 
ObjectFactory of = new ObjectFactory();
 
GetAllDisNetworkDiscoveryPluginRequestType req = of.createGetAllDisNetworkDiscoveryPluginRequestType();
 
GetAllDisNetworkDiscoveryPluginResponseType res = port.getAllDisNetworkDiscoveryPlugin(req);
 
  for(DisNetworkDiscoveryPluginType p : res.getDisNetworkDiscoveryPlugin()){
    System.out.println("Plugin Id:" + p.getEntityId());
    System.out.println("Plugin Name:" + p.getPluginName());
    }
  }
 

If the user is invoking Web services from the Java client, the classpath must include the following parameter:

-Djavax.net.ssl.trustStore

Cartridge Development

Network Integrity provides an extensibility mechanism for receiving scan completion notification using a JMS-MDB client. Cartridge developers must follow the following example to securely retrieve the notification messages:

@MessageDestinationConfiguration(connectionFactoryJNDIName = "oracle/communications/integrity/NIXATCF")
@RunAs("NetworkIntegrityRole") public class ScanNotificationBean implements MessageListener
  {
    …….  }
 

See Network Integrity Developer's Guide for more information about developing a JMS or MDB client to listens to event notification messages.