This chapter explains how to create secure applications for Oracle Communications Billing Care and how to extend Billing Care without compromising security.
Secure development in Billing Care requires controlling access to users who can access the resource that you want to control. You must do the following:
Add security controls over new UI features.
Control who can access the REST service and the limits of that access.
On user sign in, Billing Care calls Oracle Entitlement Server (OES), and OES provides authorization if appropriate. Additionally, OES determines the restraints or obligations of the authorization.
The developer needs to create a web project in Netbeans for the Billing Care custom REST APIs.
To develop secured custom REST APIs or UIs, you need (OES) resource types for authorization.
To create a resource type with OES:
Log in to Oracle Entitlements Server.
Select the Billing Care application.
Create a resource type with the relevant actions.
Create a resource from the resource type.
Create the authorization policy and add the external roles as principals and resource as targets by checking the required grants (actions) on resource.
Click the triangle symbol on Applications in the left side panel.
Double click Billing Care.
Click the Policy Distribution tab.
Expand the WebLogic Server Security Module for the Billing Care application binding.
Click Distribute, and then click the refresh icon.
For more information, see Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server.
To control the access of custom REST services and operations to authenticated users, define resource types in OES as described in "Creating a Resource Type with OES".
In custom REST resource operations that require authorization, call EnforcementUtil.checkAccess() by passing the required subject, applicationName, action, resourceType, resource, Error and optional UIRequestValue objects as parameters.
UIRequestValue parameters are optional and are used for handling obligations.
For more information, see Oracle Communications Billing Care SDK Guide.
On successful sign in to Billing Care, the grants of all resources are fetched and set into the global variable authorizationJSON.
When opening a page or dialog box, Billing Care gets the grants of resources through the available authorization custom-bindings, and then applies the bindings in the respective view model or overlay view model.
For more information, see Oracle Communications Billing Care SDK Guide.
To add new resource types:
In the CustomConfigurations.xml file, add the new OES resource types:
In this example, the new resource type CreditProfileResourceType is added.
Note:
Do not change key values.
<keyvals>
<key>authorizationResourceTypes/key>
<value>CreditProfileResourceType</value>
<desc>Add comma separated OES Resource Types(values)for authorization.
Also these resource types must be defined in OES.
Do not change the keys here.
</desc>
</keyvals>
Redeploy the customization.
For more information, see Oracle Communications Billing Care SDK Guide.