Security Services

17 Security Services

This chapter describes the services available for securing the search-related services from SQL injections in Oracle WebCenter Content.

This chapter covers the following topics:

This security component is enabled by default and can be invoked by an Admin user in Oracle WebCenter Content.

The locations for specific Security service are listed within each individual service.

The following services can be used when the Security component is enabled in Oracle WebCenter Content:

This service gets the current security configuration that is set in the WebCenter Content application.

Location: IdcHomeDir/components/OracleAdvancedSecurityConfig/resources/securityconfig_service.idoc

Result

This service allows the Admin user to update the security configuration.

Location: IdcHomeDir/components/OracleAdvancedSecurityConfig/resources/securityconfig_service.idoc

Additional Required Service Parameters

IsCoreQueryTextSecurityEdit: Set this flag to true in binder local data for each service request to update Core Security Configuration section. If not set, no update will be sent to Core Security Configuration section.
CORE_QUERYTEXT_SECURITY_ENABLED: To enable/disable validation of QueryText in GET_SEARCH_RESULTS service.
CORE_CUSTOM_TABLES: Semicolon(;) separated list of tables whose columns will be allowed in QueryText.
CORE_CUSTOM_FIELDS: Semicolon(;) separated list of field names to be allowed in QueryText.
IsFfQueryTextSecurityEdit: Set this flag to true in binder local data for each service request to update FrameworkFolders Security Configuration Section. If not set, no update will be sent to FrameworkFolders Security Configuration Section.
FF_QUERYTEXT_SECURITY_ENABLED: To enable/disable validation of QueryText in FrameworkFolders.
FF_CUSTOM_TABLES: Semicolon(;) separated list of tables whose columns will be allowed in QueryText.
FF_CUSTOM_FIELDS: Semicolon(;) separated list of field names to be allowed in QueryText.

Result