With the Oracle Java Platform Security extensions provided in WebCenter Portal, you can define security for an entire application or portal, any page within the application or portal, or individual actions provided by different components. The Security Wizard helps you to easily configure security for your WebCenter Portal application. Additionally, you can use WS-Security to secure identity propagation for the WebCenter Portals services and WSRP producers.
However, portals typically include many pages – in some cases hundreds of pages – and it's not always practical to specify access to individual pages. WebCenter Portal's Page Hierarchy feature organizes pages into a tree structure, with a parent-child relationship between pages. This hierarchical structure allows the convenient inheritance of security settings from pages to sub pages. The Page Hierarchy editor in JDeveloper lets you specify these delegated security policies at design time. You can also set delegated security on pages at runtime using the WebCenter Portal Administration Console.
Because WebCenter Portal security is based on the JAAS and Java EE standards, you can directly leverage the enterprise roles that are defined in an existing identity management store when securing a portal. You do not need to synchronize roles within the portal that you are building; instead, the application references and uses defined users and roles directly. Additionally, you can use file-based security during the development phase of your portal and then easily switch over to an enterprise identity management server during the deployment phase.
Many applications manage their users and passwords directly and are not integrated into a single sign-on architecture. Consequently, users are forced to remember their various user names and passwords for several different applications. Because you can leverage existing applications that have their own authentication mechanism—such as e-mail or custom applications—you can use Oracle WebCenter Portal: Framework’s external application features to map user names from your application to the existing applications. By leveraging the Oracle Credential Store included with WebCenter Portal, the disparate user names and passwords can be stored securely. In this way, your end users can leverage a single sign-on experience to access all of their needed applications, even if all the applications aren't on the same identity management system.