JET Security

As mentioned earlier, The Process Orchestration and Monitoring (POM) application features a classic ADF User Interface (UI) that is being deprecated as of POM 19.1.002. It is replaced with a JET based UI.

Oracle POM security requirements come from the need to protect application data from unauthorized changes. This is accomplished by the following security features:

• Authentication - POM JET UI restrict access to users that have been authenticated by the configured security provider.

• Authorization - POM JET UI uses enterprise roles to limit what features individual users can access.

• Origin Control - POM JET UI implements the Cross-Origin Resource Sharing (CORS) protocol to allow only same origin.

• Transport Security - POM JET UI and services communicate through REST calls. These communications need to be secured.

  • Always use TLS encryption. Endpoints should be HTTPS URLs and the servers should be configured to use trusted certificates.

  • Route access through WTSS or equivalent. Make sure all service URLs are at a location exposed on WTSS, otherwise each endpoint will be independently authenticated.

The JET UI and services communicate through ReST calls which are secured using JAX-RS security implementation.

For more information regarding securing Restful Web Services, refer to https://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm#RESTF113