4 Security Considerations for Developers

This chapter provides information for developers about how to create secure applications for Oracle Communications Order and Service Management (OSM), and how to extend OSM without compromising security.

Securely Communicating with External Systems

Securely communicating with an external system requires managing the following securely:

  • the credentials required to access the system

  • the communication between OSM and the external system

You store credentials securely by using the OSM secure credential storage feature, described in "Secure Credential Management."

For reliability, Oracle recommends that communication with external systems be over Java Messaging Service (JMS). OSM creates a JMS module, oms_jms_module, for this purpose, which is secured from unauthorized access. Only members of the following Oracle WebLogic Server groups are allowed access to resources created in this module:

  • OMS_client

  • OMS_ws_api

  • OMS_xml_api

  • OSM_automation

  • Cartridge_Management_WebService

See the information about installed components in OSM System Administrator's Guide for additional information about the OSM WebLogic Server groups. Oracle recommends that any other JMS modules with which OSM interacts be similarly configured. Ensure that the associated persistent store is properly secured, as described in "WebLogic Server Security."

Security Callback

OSM allows developers to add additional authorization and auditing to the default order data access model. For information on where and how this feature may be leveraged, see the information about using OSM security callback in OSM Developer's Guide.

Hiding Sensitive Data in the Web Client

You can ensure that the OSM Web clients obscure OSM solution data by identifying that the data is secret at design time. A data node declared as secret in Oracle Communications Design Studio is rendered as a password field in the OSM Web clients. For more information, see Modeling OSM Processes Help.

Web Service Security

Access to the OSM Web services is restricted to members of the OMS_ws_api WebLogic Server group. Access to specific operations, such as CreateOrder, CancelOrder, and UpdateOrder, are further restricted through OSM role and order life cycle policy permissions. For information about OSM roles and order life cycle policies, see Modeling OSM Processes Help.