Security Features
Security is one of the key features of Oracle Utilities Application Framework architecture, since it protects the access to your application, its functionality, and the underlying data stored and managed via Oracle Utilities Application Framework.
From an architecture point of view the following summarizes the approach to security:
Web Based Authentication: Oracle Utilities Application Framework provides a default method, using a traditional challenge and response mechanism, to authenticate users.
Support for Oracle WebLogic security: Oracle WebLogic can integrate into several internal and external security stores to provide authentication services. Oracle Utilities Application Framework can use those configurations, to liaise via Oracle WebLogic, to authenticate users for online and Web Services based security.
Operating System Security: For non-online and non-web service-based channels, Oracle Utilities Application Framework utilizes the operating system security (including any additional products used to enhance the base operating system security).
Non-Cookie based security: After authentication the user's credentials form part of each transaction call to correctly identify the user to the internal authorization model to ensure the user is only performing permitted actions. This support is not browser cookie-based.
Secure Transport Support: Transmission of data across the network can utilize the secure encryption methods supported for the infrastructure.
Inter-component security: Calls within Oracle Utilities Application Framework and across the tiers are subject to security controls to ensure only valid authenticated and authorized users using Java Authentication and Authorization Services (JAAS).
Inbuilt Authorization Model: Once a user is authenticated then the internal authorization model is used to determine the functions and data the user has access to within Oracle Utilities Application Framework.
Native Web Services Security: Web Services available from Oracle Utilities Application Framework are natively available from Oracle WebLogic. A wide range of security policies are available.
Keystore Support: Keys for encryption can be externalized in JCEKS based keystore.
Integration with other security products: Implementation of security varies from customer to customer, so Oracle Utilities Application Framework allows integration of other security products to offer enhanced security implementations, either directly or indirectly.