When a web application developed using ADF, is protected using OAM (Oracle Access Manager).
Whenever a web resource is protected using OAM, the following process is excuted.
OAM PROCESS :
When an user first tries to access a protected resource,
WebGate will detect weather the resource is protected, if the resource is protected the user is redirected to the OAM Server to login.
The WebGate stores some information about the user's request, generates a cookie as a key to this context.
Then it sends an HTTP response with this cookie and the URL of the OAM Server.
After the user successfully logs in the user is redirected to the application.
STEPS :
Now to access the user who is logged into OAM here are the following steps:
Resource Protection
Protect the resource with OAM.
Security Configuration
We need to define security-constraint in web.xml to use auth-method of CLIENT-CERT, so that weblogic forces the user through the Identity Assertion process
Access User
The logged in user name can br accessed from the request object.
if(request.getUserPrincipal() != null){
userName = request.getUserPrincipal().getName();
}
Whenever a web resource is protected using OAM, the following process is excuted.
OAM PROCESS :
When an user first tries to access a protected resource,
WebGate will detect weather the resource is protected, if the resource is protected the user is redirected to the OAM Server to login.
The WebGate stores some information about the user's request, generates a cookie as a key to this context.
Then it sends an HTTP response with this cookie and the URL of the OAM Server.
After the user successfully logs in the user is redirected to the application.
STEPS :
Now to access the user who is logged into OAM here are the following steps:
Resource Protection
Protect the resource with OAM.
Security Configuration
We need to define security-constraint in web.xml to use auth-method of CLIENT-CERT, so that weblogic forces the user through the Identity Assertion process
<security-constraint>
<web-resource-collection>
<web-resource-name>User Auth</web-resource-name>
<url-pattern>/pages/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
Access User
The logged in user name can br accessed from the request object.
if(request.getUserPrincipal() != null){
userName = request.getUserPrincipal().getName();
}
1 Comments
thanks! great post
ReplyDelete