Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Oracle JET and ADF BC REST Security Integration Approach

0
0
I have promised to atendee of my OOW'16 session (Building Enterprise-Grade Mobile Apps with Oracle JET and Cordova [CON5731]) to post a blog about ADF BC REST security and integration with Oracle JET. This post is to demonstrate how we could reuse cookie ID generated by ADF BC REST Web session for REST requests from JET.

First thing first, here you can download source code - jet_adfbc_security.zip . This archive contains ADF BC REST application and JET source code (you need to copy it into your local JET application).

Take a look first into JET login form. This is where we collect username/password and call login function. One important detail - invalidComponentTracker, this allows to report required validation error, when user hits login button with empty username or password:


Oracle JET and ADF BC REST Security Integration Approach

Here is the login function in JET. If there are no validation errors, it executes POST against ADF BC REST service custom method. In response we could return user info, preferences, etc. This is the only one request where we are using username/password. Key point of this request is to get JSESSIONID from ADF BC REST server, so we could use it for subsequent requests, without sending username/password again. This is similar concept to ADF Faces, it is also using JSESSIONID to track web user and HTTP session on the server. If login is successful, we are reading custom parameter from response with JSESSIONID value. JET router is updated to render different menu structure after login:


Oracle JET and ADF BC REST Security Integration Approach

Custom response parameter is populated on the server in Filter class. On authentication request this parameter is set once:


Oracle JET and ADF BC REST Security Integration Approach

ADF BC REST application is enabled with standard ADF Security:


Oracle JET and ADF BC REST Security Integration Approach

This is how it works. Login form in JET:


Oracle JET and ADF BC REST Security Integration Approach

Login is successful with redsam/welcome1 user. Two tabs are rendered - Home and People. Home tab displays chart with employees:


Oracle JET and ADF BC REST Security Integration Approach

We should dive deeper and check what happens with REST communication. POST method in response gets custom parameter with JSESSIONID value, if authentication is successful based on Authorization header parameter:


Oracle JET and ADF BC REST Security Integration Approach

Chart data in Home tab is retrieved through GET method and this method is not using Authorization header anymore. It calls REST method using JSESSIONID in URL. JESSIONID must be before URL parameters:


Oracle JET and ADF BC REST Security Integration Approach

Home tab is implemented with JET chart component:


Oracle JET and ADF BC REST Security Integration Approach

JSESSIONID is included into REST call URL through getURL method, which is referenced by JET collection:


Oracle JET and ADF BC REST Security Integration Approach

People tab implements table with pagination support:


Oracle JET and ADF BC REST Security Integration Approach

Same approach is applied in People tab. JSESSIONID is appended into URL through getURL method, before URL parameters:


Oracle JET and ADF BC REST Security Integration Approach

People UI with paginated table in JET:


Oracle JET and ADF BC REST Security Integration Approach

REST request URL contains JSESSIONID:


Oracle JET and ADF BC REST Security Integration Approach

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles



click here for Latest and Popular articles on Mesothelioma and Asbestos


Latest Images