7 RWMS Architecture

This chapter discusses security related aspects of RWMS architecture.

Architecture

RWMS 14.1 has been developed using both Oracle ADF and Oracle Forms with integration between both components. This requires that the deployment of RWMS involves two instances of a WebLogic Application Server; one hosting the ADF Application and the other hosting the Oracle Forms Application.

Figure 7-1 RWMS Architecture

The RWMS application will use the following mechanisms to secure the application:

• A standard JAAS based application server based authentication for user identification and setting access roles.

• An ADF based JAZN security model to map enterprise roles obtained from the previous step to application roles defined within the application to provide another layer of abstraction.

Authentication

The new architecture necessitates the secure passing of user credentials from ADF Application to Forms Application. A new table, RWMS_USER_SESSIONS, has been created for this purpose. The ADF Application will insert a valid row in this table after a successful login. Forms Application will verify the contents of this table and after successful validation will allow the application to continue. After validation, the Forms Application will delete the corresponding row in the table.

To ensure that there are no orphaned records in the RWMS_USER_SESSIONS table (which may provide valuable information to attackers) a database job RWMS_PURGE_SECURITY_OBJ runs every 2 minutes to remove the records which are more that 120 seconds old.

Hardening

The frequency of the database job RWMS_PURGE_SECURITY_OBJ can be changed by running the shell script rwms_alter_purge_sec_obj_sch.sh. The parameter value is in minutes. For example, a value of 1 can be passed as the parameter to change the frequency of the job to 60 seconds.

Setting the frequency to a lower value could be an additional burden on the database and would need to be evaluated in the production scenario. It is suggested that the interval be not more than 60 minutes to ensure that all the sensitive information is cleared.

Timeout

Since RWMS is now deployed on two WebLogic Instances (ADF and Forms), timeout of the application needs to be tightly coupled between these two servers. Timeout for the Oracle Forms Application will not be set, so that the ADF Application will invalidate both the sessions and exit the application.

If the Forms Application is active, it will send a keep-alive request to the ADF Application to keep the ADF Application active as well. If the timeout of the ADF Application is 60 minutes, the keep-alive request will be sent every 15 minutes.

To ensure that the keep-alive request is not sent from malicious applications, a record is inserted into the XDOMAIN_MESSAGES table before the keep-alive request is sent. The ADF Application will then validate the inserted record in the XDOMAIN_MESSAGES table and upon successful validation keep itself alive. If the validation fails then the ADF Application will insert a message in XDOMAIN_QUEUE. This will be browsed by the corresponding Forms Application and the Forms Application will then close itself. The ADF Application will also invalidate the session.

Hardening

Hardening may be carried out by doing the following:

• Set the timeout of the ADF Application to a reduced interval. The default timeout is 35 Minutes.

• The frequency of the database job RWMS_PURGE_SECURITY_OBJ can be changed by running the shell script rwms_alter_purge_sec_obj_sch.sh. An increased purge rate will improve security but may slow the application.

Tables in Encrypted Tablespace

All the tables that store sensitive information (including PII data and Application User Credentials) are created in an encrypted tablespace. This is to ensure that the printable strings in the datafiles are hidden away from attackers. Following is the list of tables which are stored in encrypted tablespace.

ACTIVITY_LOG
AHL_QUERIES
APPLY_CONTAINER_ROUTE
APPOINTMENT
APPT_LINE_WORKING
BOL_HEADER
BOL_HEADER_TO_UPLOAD
CARRIER
CONT_LABELS_TO_PRINT
CONTAINER
CONTAINER_HISTORY
CONTAINER_ITEM_ATTRIBUTE
CONTAINER_ROUTE
CONTAINER_WIP
COUNTRY_CODES
CYCLE_COUNT_ADJUSTMENTS
CYCLE_COUNT_LOG
DIST_CONTAINER
DIST_PICK_DIRECTIVE
DISTRIBUTION_QUEUE
DISTRIBUTION_ROUTEDMS_FAVORITES_MENUDMS_USER
ERROR_LOGEXPLODE_KITSFPR_CONFIRMATIONFPR_CONTAINERGENERIC_TEMPGET_CASE_LABEL
INV_ADJUSTMENT_TO_UPLOADINV_ADJUSTMENT_TO_UPLOAD_HISKIT_ASSEMBLE_LISTLOCATIONMANUAL_ORDER_QUERIESNON_CONFORM_ATTACHMENTSNON_CONFORM_DETAILNON_CONFORM_ENTRIESORDER_QUERIESORDER_TOTALSOUTBOUND_QCOUTSTANDING_TOTALSOVERAGES_TO_UPLOADPATCHES_INSTALLEDPEND_CONTAINER_LISTPICK_DIRECTIVEPTS_QUERIESQC_AUDITRECEIPT_TO_UPLOADRECEIPT_TO_UPLOAD_HISRECEIVING_OVERRIDESRECV_ADJ_LOGRECV_PKG_TO_PRINTREPLEN_DIRECTIVERMA_SEARCH_QUERIESROUTERTVSELECT_WIPSELECTED_ACTIVITIESSELECTED_APPTSSELECTED_DESTSSELECTED_DISTROSSHIP_DESTSHIP_DEST_ORDER_CUBESPACE_UTILIZATIONSTANDING_APPOINTMENTSTOCK_ALLOCATIONSTOCK_ORDERSTORE_WT_CUBETASK_LOGTASK_LOG_DETAILSTASKS
TMP_CONTAINER_ITEMTRANSPORT_INVENTORYUNIT_PICK_GROUPUPS_CHUTE_DETAILUSER_ACTIVITY_GROUPSUSER_ATTRIBUTEUSER_EQUIPMENTUSER_EXCEPTIONUSER_SHIFTSUSER_TICKET_TYPESVENDOR_ADDRESSVENDOR_TROUBLE_HISTORYZONE_TO_WAVE

Separate Run Time User

A new database runtime user has been introduced to prevent breach of privileges. This should be used to login to RWMS Application. This user will have only the required privileges to run the application. This user or wallet alias for this user should be the value provided for userid in formsweb.cfg file. Refer to the Oracle Retail Warehouse Management System Installation Guide for detailed information on the formsweb.cfg entries.