This chapter provides information for developers about how to create secure applications for Oracle Communications Network Integrity and how to extend Network Integrity without compromising its security.
Network Integrity uses ADF security for its UI resources (JSDD or JSPX), and protects them with the NetworkIntegrityRole role. Users having this role can run, create, read, update, and delete operations on these pages. These policies can be customized in Oracle Fusion Middleware Enterprise Manager.
Web Services Security (WSS) is an extension to SOAP that is used to apply security to web services. WSS describes enhancements to SOAP messaging to provide quality of protection using features like message integrity, message confidentiality, and single message authentication. You can use these mechanisms to accommodate a wide variety of security models and encryption technologies.
Network Integrity uses policies- and roles-based WSS which means that only users who belong to the NetworkIntegrityRole role are allowed to access the Network Integrity web services.
Show here is an example of the Network Integrity policy and role allowed.
Policy
uri="policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml", attachToWsdl=true
Roles Allowed
SecurityRole(role="NetworkIntegrityRole")
Note:
SSL port should be enabled for all Network Integrity servers for Network Integrity WSS to work.For secure communication between Network Integrity and Network Integrity web services, developers must connect to web services using SSL. The following example shows how to obtain all plug-in names using web services:
URL url = new URL("https", ipAddress, SSLPort, "/NetworkIntegrityApp-NetworkIntegrityControlWebService-context-root/NetworkIntegrityControlServicePortType?wsdl");
NetworkIntegrityControlService sr = new NetworkIntegrityControlService(url, "ipdpna21", "ipdp_Na21");
NetworkIntegrityControlServicePortType port = sr.getNetworkIntegrityControlServicePortType();
ObjectFactory of = new ObjectFactory();
GetAllDisNetworkDiscoveryPluginRequestType req = of.createGetAllDisNetworkDiscoveryPluginRequestType();
GetAllDisNetworkDiscoveryPluginResponseType res = port.getAllDisNetworkDiscoveryPlugin(req);
for(DisNetworkDiscoveryPluginType p : res.getDisNetworkDiscoveryPlugin()){
System.out.println("Plugin Id:" + p.getEntityId());
System.out.println("Plugin Name:" + p.getPluginName());
}
}
If the user is invoking web services from the Java client, the classpath must include the following parameter:
-Djavax.net.ssl.trustStore
Network Integrity provides an extensibility mechanism for receiving scan completion notification using a JMS-MDB client. Cartridge developers must follow the following example to securely retrieve the notification messages:
@MessageDestinationConfiguration(connectionFactoryJNDIName = "oracle/communications/integrity/NIXATCF")
@RunAs("NetworkIntegrityRole") public class ScanNotificationBean implements MessageListener
{
...
}
See Network Integrity Developer's Guide for more information about developing a JMS or MDB client to listens to event notification messages.