|Oracle® Fusion Applications Developer's Guide
11g Release 1 (11.1.2)
Part Number E15524-02
|PDF · Mobi · ePub|
This part of the Developer's Guide provides information about Oracle Fusion Applications security. It discusses how to implement Oracle Fusion Data Security and user sessions, and how to secure specific use cases for Oracle ADF application artifacts, Web services, and portlet applications.
Getting Started with Security introduces security concepts and features, namely authentication and authorization. Authentication establishes the identity of the user. Authorization ensures that users only have access to resources to which they have been granted access.
Implementing Oracle Fusion Data Security describes how to enforce authorization for access and modification of specific data records. The goal of Oracle Fusion Data Security is to authorize a user to perform specified actions on selected data. Data security can secure rows and attributes of a database object and addresses the question "Who can do what on which set of data."
Implementing Application User Sessions describes how to allow applications to store security and application context on the user session, and to allow for an enhanced security implementation. An application can easily reconnect to the same user session for each request, maintaining the user context over the duration of the user's session without the overhead of having to obtain and initiate a database connection each time. The actual connection used is not guaranteed to be the same between requests. User session roles can be enabled for a user, and dictate what privileges that user has.
Implementing Function Security describes how to authorize end users to access securable application artifacts created using Oracle ADF.
Securing Web Services Use Cases describes best practices for for securing Web services in Oracle Fusion Applications and specifically explains the difference between global policy attachment and local policy attachment and when to use each.
Securing End-to-End Portlet Applications describes how to authenticate and authorize portlet services, as well as how to configure key stores and credential stores.
This part contains the following chapters: