Oracle Commerce Platform applications incorporate Oracle Platform Security Services (OPSS), which allows you to configure your applications to collect and store credential data in a secure manner. OPSS, which is installed with the Oracle Commerce Platform when installed with CIM, provides a security framework that contains services and APIs for authentication and authorization.
Specifically, the Oracle Commerce Platform uses the Credential Store Framework (CSF) service of OPSS. CSF provides a set of APIs that enable external applications to store any credentials required by your applications securely. Instead of storing credentials such as passwords or logins to directories or databases in a clear text properties or temporary file, you can configure applications to use the Credential Store. The Credential Store is a file-based repository that stores security credentials. CSF associates these credentials with map and key properties. CSF uses Java Platform Security (JPS) to set configuration information, such as credential and key store values. For detailed information on CSF, refer to the Oracle documentation at: http://docs.oracle.com/cd/E12839_01/core.1111/e10043/introdev.htm#JISEC3873.
Credentials that are stored in the Credential Store are divided into credential types. The following credential types are available:
Generic – Used to access any data, but limited to a single string.
Login – Used for storing a user name and password.
Datasource – Used for accessing data sources.
