Contents

List of Examples

List of Figures

List of Tables

Title and Copyright Information

Send Us Your Comments

Preface

• Audience
• Documentation Accessibility
• Customer Support
• Review Patch Documentation
• Improved Process for Oracle Retail Documentation Corrections
• Oracle Retail Documentation on the Oracle Technology Network
• Conventions

1 Introduction to Part I: Oracle Retail Applications

2 Pre-installation of Retail Infrastructure in WebLogic

• JDK Hardening for Use with Retail Applications
  • Upgrading JDK to Use Java Cryptography Extension
  • Disabling Weak SSL Protocols and Obsolete Ciphers in JDK7
• Pre-installation - Steps for Secured Setup of Oracle Retail Infrastructure in WebLogic
• Certificate Authority
• Obtaining an SSL Certificate and Setting up a Keystore
• Creating a WebLogic Domain
• Configuring the Application Server for SSL
• Configuring WebLogic Scripts if Admin Server is Secured
• Adding Certificate to the JDK Keystore for Installer
• Enforcing Stronger Encryption in WebLogic
  • SSL Protocol Version Configuration
    • Enabling Cipher in WebLogic SSL Configuration (For Weblogic 10.3.6 Domains)
• Securing Nodemanager with SSL Certificates
• Using Secured Lightweight Directory Access Protocol (LDAP)
• Webservice Security Policies
• Advanced Infrastructure Security

3 Post Installation of Retail Infrastructure in Database

• Configuring SSL Connections for Database Communications
• Configuring SSL on the Database Server
• Configuring SSL on an Oracle Database Client
• Configuring SSL on a Java Database Connectivity (JDBC) Thin Client
• Configuring the Password Stores for Database User Accounts
• Configuring the Database Password Policies
• Creating an Encrypted Tablespace in Oracle 12c Container Database
• Additional Information

4 Post Installation of Retail Infrastructure in WebLogic

• Retail Application Specific Post installation Steps for Security
  • Batch Set Up for SSL Communication
• Asynchronous Task JMS Queue Security
  • Verifying and Creating Required Async Task Job Role and User
  • Securing the Asynchronous Task JMS Queue
  • Allowing Publishing to a Secured Asynchronous Task JMS Queue
• Hardening Use of Headers and Transport Layer Security
  • Virtual Host Configuration
  • Update weblogic.jdbc.remoteEnabled in setStartupEnv.sh

5 Troubleshooting

• Enabling TLS1.1 and 1.2 Protocols in Internet Explorer 11
• Java Version 7/8 SSL Handshake Issue while Using Self Signed Certificates
• Importing the Root Certificate in Local Client JRE
• Importing the Root Certificate to the Browser
  • Importing the Root Certificate through Internet Explorer
  • Importing the Root Certificate through Mozilla Firefox
• Set Up Secure Cookie
• Changes to Web Application Descriptor
• Disabling Hostname Verification
• Verifying the Certificate Content
• Verifying the Keystore Content
• Integration Issues
• HTTPS Service Encountering Redirect Loop After Applying Policy A

6 Importing Topology Certificate

• Importing Certificates into Middleware and Repository of Oracle Retail Applications

7 Using Self-Signed Certificates

• Creating a Keystore through the Keytool in Fusion Middleware (FMW) 11g
• Exporting the Certificate from the Identity Keystore into a File
• Importing the Certificate Exported into trust.keystore
• Configuring WebLogic
• Configuring Nodemanager
• Importing Self Signed Root Certificate into Java Virtual Machine (JVM) Trust Store
• Disabling Hostname Verification
• Converting PKCS7 Certificate to x.509 Certificate

8 Functional Security for Applications Using Fusion Middleware

• Understanding the Security Model
  • Key Security Elements
    • Application Policy
    • Application Role
    • Authentication Provider
    • Users and Groups
    • Security Realm
• Permission Grants and Inheritance
• Managing Authorization
  • Accessing Oracle Enterprise Manager Fusion Middleware Control
    • To display the Security menu in Fusion Middleware Control
  • Managing the Policy Store Using Fusion Middleware Control
  • Modifying Application Roles Using Fusion Middleware Control
    • To Add or Remove Members from an Application Role
  • Creating Application Roles Using Fusion Middleware Control
    • To Create a New Application Role
    • To Create an Application Role Based on an Existing One
• Customizing the Default Security Configuration
• Customizing the Policy Store
  • Session Timeout

9 ReST Services Security Consideration

• One Way SSL
• One Way SSL - ReST Services

10 Introduction to Part II: Oracle Retail Process Orchestration and Monitoring System (POM)

11 Understanding Security

• Security Features of the Application
• Security Features of the Application
• Database-level Security
• Application-level Security

12 Post-Installation Application Administration

• Application Security Configuration
• Post-Installation Steps for Webservice Security
  • Applying Policy A
    • Enabling the HTTPS Servers
    • Creating the Webservice User
    • Securing Services
    • Updating the Webservice Deployment
    • Webservice Clock Skew Setting
  • Applying Policy B
    • Creating the Webservice User
    • Securing Services
    • Updating the Webservice Deployment