How to protect JSF application using Oracle Access Manager?

Many people are using JSF technology for developing the web applications. No doubt about that. What if you are asked to protect that JSF application using Oracle Access Manager? Is it certified? Yes – OAM is certified for JSF applications from 10.1.4.3 onwards. In our environment, OAM Access Server is 10.1.4.3 and WebGate is 10.1.4.2.

So, that’s all basic.  How about implementing it? In our case, there is no security mechanism employed in JSF application i.e., nothing in web.xml or other configuration files.

The JSF application URL format is : http://host:port/WebApp/faces/home.jsp

We can protect the JSF application in OAM Policy domain by specifying the URL as /WebApp/faces/home.jsp. What if you have 100 jsp pages in JSF application. Are you going specify all jsp  pages explicitly in Policy domain. If not, what is the way…? All you need to do is to specify the URL /WebApp/faces/.

Please note that the following URL formats in OAM policy domain does not work.

/WebApp/faces/*.jsp

/WebApp/faces/*.*

/WebApp/faces/…/*

……

The related thread in Oracle Forums is here.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

4 comments
Add Your Reply