7/22/2019 Oracle ADF Security

1/30

Lgigkhts nk Ugeurhif Vgl @ppahe`thnis

Vgl `ppahe`thnis nktgi eniiget whtd ` shifag j`t`l`sg

usgr `eenuit) Zdgrgknrg! sgp`r`tg `ppahe`thni usgrs

`eenuits cust lg usgj)

Hjgithty e`i lg usgj tn=

Gisurg td`t niay `utdgithe`tgj usgrs e`i `eegss tdg

`ppahe`thni

\gstrhet `eegss tn p`rts nk tdg `ppahe`thni

Eustnchzg tdg WH $sued `s pheb ahsts(

_rnvhjg tdg usgri`cg knr `ujhthif

Ugt up ` [hrtu`a _rhv`tg J`t`l`sg $[_J(

Enpyrhfdt

7/22/2019 Oracle ADF Security

2/30

Gx`chihif Ugeurhty @spgets

@utdgithe`thni= Hs tdhs usgr `aanwgj tn

`eegss tdhs `ppahe`thni>

@ppahe`thni

\gsnureg 0 \gsnureg

\gsnureg : \gsnureg 7 \gsnureg ;

Enpyrhfdt

7/22/2019 Oracle ADF Security

3/30

@JK Ugeurhty Kr`cgwnrb= Nvgrvhgw

Zdg @JK sgeurhty kr`cgwnrb prnvhjgs=

Ut`ij`rj kg`turgs rgquhrgj tn sgeurg @JK `ppahe`thnis

Cnrg fr`iua`r jgea`r`thvg sgeurhty

Dhgr`redhe`a rnags whtd pgrchsshni hidgrht`ieg

Wthahty cgtdnjs knr usg hi GA gxprgsshnis

Jhkkgrgit `eegss jgkhigj knr jhkkgrgit rnags `t tdg s`cg W\A

Ht usgs M@@U giknregj ly tdg @JK lhijhif sgrvagt khatgr)

Ht e`i `utdgithe`tg usgrs `f`hist ` rgsnureg prnvhjgr=

AJ@_

NHJ

TCA#l`sgj

Enpyrhfdt

7/22/2019 Oracle ADF Security

4/30

Enikhfurg @JK Ugeurhty Vhz`rj=

Enikhfurhif @JK Ugeurhty @utdgithe`thni

@ppahe`thni 9 Ugeurg 9 Enikhfurg @JK Ugeurhty

Enpyrhfdt

7/22/2019 Oracle ADF Security

5/30

Enikhfurg @JK Ugeurhty Vhz`rj=

Ednnshif tdg @utdgithe`thni Zypg

Cnst enccniay usgj=

DZZ_ l`she `utdgithe`thni=

Ht usgs tdg lrnwsgr anfhi jh`anf lnx)

E`edgj ergjgith`as prgvgit anfnut)

Knrc#l`sgj `utdgithe`thni= Jgvganpgr#jgshfigj anfhi

p`fg

Enpyrhfdt

7/22/2019 Oracle ADF Security

6/30

Wshif Knrc#L`sgj @utdgithe`thni

Xnu hcpagcgit `utdgithe`thni hi tdg WH ly=

Enikhfurhif tdg anfhi hi wgl)xca $jnig ly Enikhfurg @JK

Ugeurhty Vhz`rj(

Ugtthif up ` anfhi p`fg tn `eegpt usgr ergjgith`as whtd tdg

knaanwhif gagcgits=

@ knrc `ttrhlutg= `ethni3,msgeurhty^edgeb,

@i hiput tgxt htgc= i`cg3,m^usgri`cg,

@i hiput p`sswnrj= i`cg3,m^p`sswnrj,

_rgsgithif tdg anfhi p`fg hi DZZ_U cnjg

Enpyrhfdt

7/22/2019 Oracle ADF Security

7/30

Enikhfurg @JK Ugeurhty Vhz`rj=

Ednnshif tdg Vgaencg _`fg

Upgehky p`fg wdgrg usgr sdnuaj fn upni

`utdgithe`thni

Hfinrgj hk p`fg spgehkhgj ni W\A

Hk in p`fg spgehkhgj! usgr rgturis tn tdg anfhi p`fg

Enpyrhfdt

7/22/2019 Oracle ADF Security

8/30

Enikhfurg @JK Ugeurhty Vhz`rj=

Gi`lahif @JK @utdnrhz`thni

Ednnsg tdg @JK

@utdgithe`thni `ij

@utdnrhz`thni npthni)

Ugaget `i npthni knr tgsthif)

Zn ed`ifg gxhsthif

`utdnrhz`thnis!

usg tdg nvgrvhgw

gjhtnr knrm`zi#j`t`)xca)

Enpyrhfdt

7/22/2019 Oracle ADF Security

9/30

Khags Cnjhkhgj ly Enikhfurg @JK Ugeurhty Vhz`rj=wgl)xca

wgl)xcacnjhkhe`thnis=

@JK `utdgithe`thni sgrvagt

jgkhihthni `ij c`pphif

Ugeurhty enistr`hit

Anfhi enikhfur`thni

Enpyrhfdt

7/22/2019 Oracle ADF Security

10/30

e`thni\gquhrg3,trug,.9

enc,9

Khag Ane`thni Enikhfur`thni _grknrcgj

`jk#

enikhf)xca.`jk.CGZ@#HIK

rga`thvg tn Vgl

`ppahe`thni

Ergjgith`a stnrg enitgxt

M@@U sgeurhty enitgxt

mps#

enikhf)xca$M_U st`ijs knr

M`v` _a`tknrc

Ugeurhty)(

.sre.CGZ@#HIK

rga`thvg tn Vgl`ppahe`thni

Nr`eag _a`tknrc Ugeurhty enitgxt knr npthni`a

ergjgith`a stnrg Nr`eag _a`tknrc Ugeurhty enitgxt knr npthni`a

pnahey stnrg

Nr`eag _a`tknrc Ugeurhty enitgxt knr npthni`a

`iniycnus usgr

m`zi#

j`t`)xca.sre.CGZ@#HIK

rga`thvg tn Vgl

`ppahe`thni

Jgk`uat rg`ac i`cg knr npthni`a ahfdtwghfdt

TCA ppahe`thnispgehkhe hjgithty stnrg

_nahey stnrg

Ntdgr Khags Cnjhkhgj nr Erg`tgjly Enikhfurg @JK Ugeurhty Vhz`rj

`jk#enikhf)xca

mps#enikhf)xca

L`sgj @uuttddggiitthhee`tthhnnii

1Ergjgith`aUtnrgEnitgxt ergjgith`aUtnrgEa`ss3

,nr`eag)`jk)sd`rg)sgeurhty)prnvhjgrs)m`zi)M@]IErgjgith`aUtnrg,

ergjgith`aUtnrgJgk`uatWsgr3,`iniycnus,

ergjgith`aUtnrgAne`thni3,).ergjgith`a#m`zi#j`t`)xca,.91sge=M``sUgeurhtyEnitgxt hihth`aEnitgxtK`etnryEa`ss3

,nr`eag)`jk)sd`rg)sgeurhty)M@@UHihth`aEnitgxtK`etnry,

m``s_rnvhjgrEa`ss3

,nr`eag)`jk)sd`rg)sgeurhty)prnvhjgrs)mps)MpsUgeurhtyEnitgxt,

`utdnrhz`thniGiknreg3,trug,

`utdgith 1sgrvheg_rnvhjgrs91sgrvheg_rnvhjgr

ea`ss3,nr`eag)sgeurhty)mps)hitgri`a))),

)))

1.sgrvheg_rnvhjgr9

)))

1sgrvhegHist`iegs9

m`zi#j`t`)xca

Cnjhkhgj

Erg`tgj

1m`zi#rg`ac jgk`uat3,m`zi)

1rg`ac9

1i`cg9m`zi)enc1.i`cg91.rg`ac9

1.m`zi#rg`ac9

1pnahey#stnrg9

)))

)))

1.pnahey#stnrg9

1sgrvhegHist`ieg

prnvhjgr3,ergjstnrg)prnvhjgr,

)))1.sgrvhegHist`ieg9

)))

1mpsEnitgxts jgk`uat3,Utnrgkrnit#0

7/22/2019 Oracle ADF Security

11/30

Gi`lahif Wsgrs tn @eegss \gsnuregs

Zn fhvg usgrs `eegss=

Jgkhig ` sgeurhty rg`ac hi tdg hjgithty stnrg=

Erg`tg usgrs)

Erg`tg rnags)

@sshfi usgrs tn rnags)

Jgkhig `i `ppahe`thni pnahey hi tdg pnahey stnrg=

Erg`tg `ppahe`thni rnags)

C`p tdg hjgithty rnags tn tdg `ppahe`thni rnags)

Fr`it tdg `ppahe`thni rnags `eegss tn rgsnuregs)

Enpyrhfdt

7/22/2019 Oracle ADF Security

12/30

rg`thif` usgr

Jgkhihif Wsgrs `ij \nags hi tdg Hjgithty Utnrg

Jgkhihif ` \g`acNpgihif tdg m`zi#j`t` gjhtnr

E

Erg`thifGitgrprhsg rnags

Enpyrhfdt

7/22/2019 Oracle ADF Security

13/30

Jgkhihif Ugeurhty _nahehgs

@ sgeurhty pnahey hs ` sgt nk fr`its c`jg tn rnags)

Zn jgkhig ` sgeurhty pnahey=

Erg`tg `ppahe`thni rnags)

@sshfi hjgithty stnrg rnags tn `ppahe`thni rnags)

Fr`it pgrchsshnis tn rnags)

Enpyrhfdt

7/22/2019 Oracle ADF Security

14/30

Jgkhihif @ppahe`thni \nags hi tdg _nahey Utnrg

_nahey stnrg hs hi

m`zi#j`t`)xca)

Enpyrhfdt

7/22/2019 Oracle ADF Security

15/30

@sshfihif Hjgithty Utnrg \nags

tn @ppahe`thni \nags

Wsgrs

eagrb\nags

c`i`fgr

`pp^eagrb `pp^c`i`fgrC`pphif `i hjgithty rnag

tn i ppahe`thni rnag

Enpyrhfdt

7/22/2019 Oracle ADF Security

16/30

Fr`ithif _grchsshnis tn \nags

Xnu e`i `ssneh`tg rnags tn fr`its ni rgsnuregs=

@utdnrhz`thni _nhit Fr`its Hssugj Ni= Jgkhigj Hi=

Frnups nk p`fgs Lnuijgj t`sb kanws m`zi#j`t`)xcagjhtnr

Hijhvhju`a p`fgs _`fg jgkhihthnis - m`zi#j`t`)xcagjhtnr

\nws Githty nlmgets nr

`ttrhlutgs

GN sgeurhty ij `utdnrhz`thni

gjhtnrs

- Zn sgeurg p`fg whtd inj`t`! erg`tg i gcptyp`fg jgkhihthni khag)

Enpyrhfdt

7/22/2019 Oracle ADF Security

17/30

Ugeurhif Frnups nk _`fgs

$Lnuijgj Z`sb Kanws(

_rgvgit ui`utdnrhzgj `eegss tn sgeurgj t`sb kanws) _rnvhjg jgvganpgrs whtd tdg `lhahty tn=

Ugeurg ` lnuijgj t`sb kanw `s ` anfhe`a githty

Vrhtg sgeurhty#`w`rg lnuijgj t`sb kanws `ij p`fgs

Enpyrhfdt

7/22/2019 Oracle ADF Security

18/30

Ugeurhif Hijhvhju`a _`fgs

$_`fg Jgkhihthnis(

Jgtgrchigs wdgtdgr tdg usgr hs `aanwgj tn i`vhf`tg tn

$vhgw( ` p`fg

Int iggjgj ni p`fgs hi sgeurgj t`sb kanws

Enpyrhfdt

7/22/2019 Oracle ADF Security

19/30

@JK LE Cnjga @utdnrhz`thni

Zdg purpnsg hs tn=

_rgvgit ui`utdnrhzgj `eegss tn githty nlmgets nr `ttrhlutgs

Gi`lag jgvganpgrs tn=

Ugeurg `eegss tn `i githrg githty nlmget nr niay egrt`hi

`ttrhlutgs

Upgehky tdg `ethnis td`t cgclgrs nk ` rnag e`i pgrknrc ni

githty nlmgets nr `ttrhlutgs

Enpyrhfdt

7/22/2019 Oracle ADF Security

20/30

Ugeurhif \nw J`t`

$Githty Nlmgets nr @ttrhlutgs(

Xnu e`i gi`lag sgeurhty ni= Githrg

githty

nlmgets=

Hijhvhju`a

`ttrhlutgs=

@JK Lushigss

Encpnigit

Ugeur`lag

Npgr`thni

Gxpgetgj

C`ppgj @ethni Hcpagcgit`thni

Githty nlmget rg`j \g`j [hgw rnws nk rgsuat sgt)

rgcnvgEurrgit\nw Jgagtg Jgagtg ` rnw krnc tdglnuij enaagethni)

upj`tg Wpj`tg Wpj`tg iy ttrhlutg)

@ttrhlutg nk GN upj`tg Wpj`tg Wpj`tg spgehkhe`ttrhlutg)

Enpyrhfdt

7/22/2019 Oracle ADF Security

21/30

Fr`ithif _rhvhagfgs ni Githty Nlmgets nr

@ttrhlutgs

Hi tdg Utrueturg whijnw! rhfdt#

eaheb tdg githty nlmget nr `ttrhlutg

`ij sgaget Gjht @utdnrhz`thni)

Ugaget prhvhagfgs tn fr`it tn

`ppahe`thni rnags)

Enpyrhfdt

7/22/2019 Oracle ADF Security

22/30

@ppahe`thni @utdgithe`thni `t \ui Zhcg

Zwn typgs=

Hcpaheht= L`sgj ni M@@U pgrchsshnis knr`iniycnus#

rnag rnag

Gxpaheht= L`sgj ni sgeurhty enistr`hit ni `utdgithe`thni

sgrvagt td`t ynu e`i jgkhig ly ushif tdg Enikhfurg @JK

Ugeurhty Vhz`rj

Enpyrhfdt

7/22/2019 Oracle ADF Security

23/30

@JK Ugeurhty= Hcpaheht @utdgithe`thniM sueegss^ura3.`pp.Cy_`fg)mspx

7/22/2019 Oracle ADF Security

24/30

@JK Ugeurhty= Hcpaheht @utdgithe`thni $enithiugj(

5) Lge`usg tdg `jk@utdgithe`thni sgrvagt d`s ` M`v` GG sgeurhty enistr`hit ni ht! e`aahif tdg

`jk@utdgithe`thni Ugrvagt rgsuats hi tdg M`v` GG enit`higr hivnbhif tdg enikhfurgj anfhicged`ihsc)

:) L`sgj ni tdg enit`higrs anfhi enikhfur`thni! tdg usgr hs prncptgj tn `utdgithe`tg) Zdg gx`cpag

sdnwi hi tdg sahjg usgs ` knrc#l`sgj anfhi! sn tdg `pprnprh`tg anfhi knrc hs jhspa`ygj) Zdg usgr

gitgrs ergjgith`as `ij pnsts tdg knrc l`eb tn tdg enit`higrs m^sgeurhty^edgeb$(cgtdnj! sn td`t tdg M`v` GG enit`higr e`i `utdgithe`tg tdg usgr)

7) Wpni sueegsskua `utdgithe`thni! tdg enit`higr rgjhrgets tdg usgr l`eb tn tdg

`jk@utdgithe`thni sgrvagt)

;) Zdg `jk@utdgithe`thni sgrvagt knrw`rjs tdg usgr tn tdg rgqugstgj p`fg) Hk @JK Ugeurhtyhs giknregj! td`t rgsnureg `ppg`rs hk tdg usgr d`s `eegss prhvhagfgs)

7/22/2019 Oracle ADF Security

25/30

:

@JK Ugeurhty= Gxpaheht @utdgithe`thni

Gxpaheht @utdgithe`thni

.`pp._ulahe)mspx

Anfhi Ahib ni tdg

_ulahe _`fg

0.`jk@utdgithe`thni>sueegss^ura3.`pp._ulahe)mspx

M`v` GG Enit`higr

Wsgr= LnlM`v` GG Ugeurhty

Enistr`hit

7/22/2019 Oracle ADF Security

26/30

M@@U @utd]rgqugst

@JK Ugeurhty= @utdnrhz`thni `t \ui ZhcgM`v` GG Enit`higr

Wsgr= Lnl

.`pp.Uge_`fg)msp

.`pp.Cy_`fg)mspx

.`pp._ulahe)msp

_`fgJgks

@JK Ugeurhty pgrknrcs

`utdnrhz`thni edgeb

@JK

Ugeurhty

Khatgr

-)msp

-)mspx

M@@U @utd]rgqugst

Lnl d`s In

[hgw_rhvhagfg Jgkhigj

ni tdg _`fg)

Uge_`fg)mspx

[hgw_rhvhagfg hs

fr`itgj tn ` \nag

nk wdhed Lnl hs `

Cy_`fg)mspx cgclgr)

[hgw_rhvhagfg

fr`itgj tn tdg_`fgJgks usgj `s nrUgeurhty Jgk gij

pnhits _ulahe)msp

`iynig\nag)

Lnlhs ` cgclgr nk tdgUt`kk rnag hi tdg pnahey

1fr`it91prhiehp`a9

_nahey Utnrg @jchihstr`tnr

D\

stnrg)

Wiahbg M`v` GG

Enit`higr Ugeurhty!

`utdnrhz`thni hs int

p`td l`sgj)

1typg9rnag1.typg91i`cg9Ut`kk1.i`cg9

1.prhiehp`a9

1pgrchsshni9

1i`cg9Cy_`fg1.i`cg9

1`ethnis9vhgw1.`ethnis91.pgrchsshni9

1.fr`it9

Jgv

Ut`kk

U`ags

Eagrbs

Enpyrhfdt

7/22/2019 Oracle ADF Security

27/30

_rnfr`cc`the`aay @eegsshif

@JK Ugeurhty Enitgxt

Hs @JK sgeurhty turigj ni>

hk $@JKEnitgxt)fgtEurrgit$()fgtUgeurhtyEnitgxt$()hs@utdnrhz`thniGi`lagj$((

{ }

Hs tdg usgr anffgj ni>pulahe lnnag`i hs@utdgithe tgj$( {

rgturi@JKEnitgxt)fgtEurrgit$()fgtUgeurhtyEnitgxt$()hs@utdgithe`tgj$(2 }

Vdn hs tdg usgr>pulahe Utrhif fgtEurrgitWsgr$( {

rgturi@JKEnitgxt)fgtEurrgit$()fgtUgeurhtyEnitgxt$()fgtWsgrI`cg$(2 }

Hs tdg usgr hi ` spgehkhgj rnag>pulahe lnnag`i hsWsgrHi\nag$Utrhif rnag( {

rgturi@JKEnitgxt)fgtEurrgit$()fgtUgeurhtyEnitgxt$()hsWsgrHi\nag$rnag(2 }

Enpyrhfdt

7/22/2019 Oracle ADF Security

28/30

1`k=encc`ijAhib `ethni3,`eenuitsrgijgrgj3,%{usgrHikn)`jchi},tgxt3,C`i`fg @eenuits,.9

,

Wshif Gxprgsshni A`ifu`fg

tn Gxtgij Ugeurhty E`p`lhahthgs

Xnu e`i hitgfr`tg Gxprgsshni A`ifu`fg hi twn w`ys=

Wshif luhat#hi fanl`a sgeurhty gxprgsshnis=

1`k=encc`ijAhib `ethni3,`eenuits,rgijgrgj3,%{sgeurhtyEnitgxt)usgrHi\nagR&`jchi&S},tgxt3,C`i`fg @eenuits,.9

Wshif ` sgeurhty prnxy lg`i=

Ugg igxt sahjg knr snureg

nk tdhs gxprgsshni)

Enpyrhfdt

7/22/2019 Oracle ADF Security

29/30

Wshif Fanl`a Ugeurhty Gxprgsshnis

Gxprgsshni _urpnsg

%{sgeurhtyEnitgxt)usgrI`cg} Wsgri`cg nk tdg `utdgithe`tgjusgr

%{sgeurhtyEnitgxt)usgrHi\nag

R&rnag ahst&S}

Hs tdg usgr hi iy nk tdgsg

rnags>

%{sgeurhtyEnitgxt)usgrHi@aa\nags

R&rnag ahst&S}

Hs tdg usgr hi aa nk tdgsg

rnags>

%{sgeurhtyEnitgxt)

usgrFr`itgj_grchsshni

R&pgrchsshni&S}

Jngs tdg usgr d`vg tdhs

pgrchsshni fr`itgj>

%{sgeurhtyEnitgxt)t`sbkanw[hgw`lagR&t`rfgt&S}

Jngs tdg usgr d`vg vhgwpgrchsshni ni tdg t`rfgt t`sb

kanw>

%{sgeurhtyEnitgxt)rgfhni[hgw`lag

R&t`rfgt&S}

Jngs tdg usgr d`vg vhgw

pgrchsshni ni tdg t`rfgt

rgfhni>

Enpyrhfdt

7/22/2019 Oracle ADF Security

30/30

Wshif ` Ugeurhty _rnxy Lg`i

@ c`i`fgj lg`i e`i gxpnsg ` Lnnag`i prnpgrty td`t tdg WH

gxprgsshnis e`i enisucg)

Gx`cpag= WsgrHikn lg`i=

pulahe lnnag`i hs@jchi$( {rgturi $@JKEnitgxt)fgtEurrgit$()

fgtUgeurhtyEnitgxt$()hsWsgrHi\nag$,`jchi,((2

}

Gx`cpag= WH gxprgsshni=%{usgrHikn)`jchi}

Edgebhif knr cuathpag rnags hs ` prnlagc2 ynu enuaj gij up

wrhthif c`iy enivgihgieg cgtdnjs)

Enpyrhfdt