JET Security
As mentioned earlier, The Process Orchestration and Monitoring (POM) application features a classic ADF User Interface (UI) that is being deprecated as of POM 19.1.002. It is replaced with a JET based UI.
Oracle POM security requirements come from the need to protect application data from unauthorized changes. This is accomplished by the following security features:
-
Authentication - POM JET UI restrict access to users that have been authenticated by the configured security provider.
-
Authorization - POM JET UI uses enterprise roles to limit what features individual users can access.
-
Origin Control - POM JET UI implements the Cross-Origin Resource Sharing (CORS) protocol to allow only same origin.
-
Transport Security - POM JET UI and services communicate through REST calls. These communications need to be secured.
-
Always use TLS encryption. Endpoints should be HTTPS URLs and the servers should be configured to use trusted certificates.
-
Route access through WTSS or equivalent. Make sure all service URLs are at a location exposed on WTSS, otherwise each endpoint will be independently authenticated.
-
The JET UI and services communicate through ReST calls which are secured using JAX-RS security implementation.
For more information regarding securing Restful Web Services, refer to https://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm#RESTF113