Control Access to Resources Using Allowed Forwards

The Allowed Forwards feature builds upon the Allowed Resources feature introduced in Release 12.2.6+ to further reduce the attack surface of Oracle E-Business Suite by creating an allowlist of pages that an environment can forward to. You can enable this feature using a profile option. If you enable Allowed Forwards, then JavaServer Pages (JSPs) and servlets are not permitted to forward to other resources in your Oracle E-Business Suite environment unless a rule explicitly allows them to do so. 

Oracle E-Business Suite provides seeded rules to allow forwards that are part of standard application functionality. You can add rules as needed for any custom JSPs and servlets in your environment.

Steps to enable and configure

You don't need to do anything to enable this feature.

Key resources

• Allowed Resources, Oracle E-Business Suite Security Guide Release 12.2