HomeServicesOracle EBSOracle CloudKatrinaAboutBlogGet Quote
Contact Us
Back to Blog
Oracle Cloud9 min read

Oracle Cloud PaaS ADF Security

V

Vahram Manukyan

August 27, 2020

Introduction

This technical guide addresses securing ADF (Application Development Framework) Fusion Web Applications deployed on Oracle Cloud PaaS.

Important Note

You do not need to do this to extend Oracle Cloud SaaS applications like HCM Sales or so. It's all managed by the identity domain and your JCS SX PaaS.

This guide is for standalone ADF applications requiring custom security.

Implementation Steps

Step 1: Datasource Configuration

Establish a security database connection in your WebLogic domain to store user credentials and roles.

Step 2: Authentication Provider

Create SQL Authentication provider using the configured datasource.

Configure the provider in WebLogic console:

  • Access Security Realms
  • Select your realm
  • Add new Authentication Provider
  • Choose SQL Authenticator

    • Step 3: Provider Specific Configuration

    Implement custom SQL queries for user/group/role management through MyRealm settings.

    SQL Query Templates

    Configure queries for:

  • User authentication (SELECT)
  • Password validation
  • Group membership retrieval
  • Role assignment queries
  • User creation (INSERT)
  • Password updates (UPDATE)
  • User removal (DELETE)

    • Step 4: User Maintenance

    Configure user, roles, and group management via either:

  • Custom administration application
  • WebLogic console interface

    • Step 5: Application Security

    Apply security settings through JDeveloper:

  • Configure jazn-data.xml
  • Define application roles
  • Set up page-level security
  • Configure task flow security

    • Step 6: Production Deployment

    Important: Avoid deploying test JAZN data to production environments.

  • Use SQL Authenticator in production
  • Remove embedded test users
  • Configure proper admin accounts

    • Best Practices

    Security Design

  • Follow least privilege principle
  • Implement role-based access control
  • Audit security events
  • Regular password rotation

    • Development Guidelines

  • Test security in development
  • Document security requirements
  • Plan for security upgrades

    • Conclusion

    Implementing proper security for ADF applications on Oracle Cloud PaaS ensures your applications are protected while maintaining flexibility in user management.

    Back to Blog
    Share: