| Oracle® Retail Merchandising Security Guide Release 14.1.1 E61235-01 |
|
 Previous |
 Next |
Customization and extending capabilities is an important part of any application. This chapter discusses how to securely implement customizations and extensions such that they do not jeopardize application security.
If customization is required it should be done in such a way that no built-in explicit security features would be circumvented. For example, all requests for a resource within ReIM application will go through CSRF filter to guarantee that required security token is present. You need to protect the page by the existing filter, if new page has to be added.
The most common form of customization is to modify Data Access Object to provide the full form of DAO) layer. ReIM has a customization hook built in. An appropriate configuration has to be done to pick custom bean instead of base bean, if Spring managed bean has to be modified. The custom classes are picked in preference or AAccess, if Access classes have to be modified (as opposite of AAccess classes).
It is recommended to perform secure code analysis after code customization to identify potential secure coding standard violations.
The customization should store those additional credentials in the Secure Wallet along with all other ReIM credentials (in ReIM partition), if additional integration and credentials are required. Credential population should be done by a script provided with ReIM.
