ADF Deployment - Security settings

To Avoid the Cross-Site Request Forgery (CSRF) attack in your application, make below settings in web.xml file.


<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>

<context-param>
<param-name>org.apache.myfaces.trinidad.CLIENT_STATE_METHOD</param-name>
<param-value>token</param-value>
</context-param>


<context-param>
<param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
<param-value>differentDomain</param-value>
</context-param>

oracle.adf.view.rich.security.FRAME_BUSTING – You use this context parameter if your ADF application runs on ADF 11g.

org.apache.myfaces.trinidad.security.FRAME_BUSTING - You use this context parameter if your ADF application runs on ADF 12c or later.

More on faces Configuration

For avoiding framework details in source code :

By default oracle.adf.view.rich.versionString.HIDDEN parameter value will be false which will show framework details. To avoid this, make it as true.

<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.
</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>true</param-value></context-param>

Session Descriptor Parameters

Comments

The file store "WLS_DIAGNOSTICS" could not be opened

WLS_DIAGNOSTIC ERROR weblogic.store.PersistentStoreException: [Store:280073]The file store "WLS_DIAGNOSTICS" could not be opened because it contained a file with the invalid version 1. A file of version 2 was expected. When you get this error while running your application on internal weblogic server delete the following file WLS_DIAGNOSTICS000000.DAT search the file in following path C:\jdev_work\system11.1.1.5.37.60.13\DefaultDomain this file is in DefaultDomain folder of your jdev. and delete the WLS_DIAGNOSTICS000000.DAT file . and run your applicatuon

Overview Editor for bc4j.xcfg

This is used to customize the configuration settings for the application pool, connection pool, and transactions. Select the Application Module, then select a configuration from the Configurations list. You can specify a Default Configuration from the dropdown to use with selected application module. Edit the name of the configuration in Details. Its having 3 tabs 1.Database and Scalability 2. Properties 3. Custom Properties Database and Scalability Tab : In Database and Scalability you can mention the JDBC data source definition for each application module. You can choose to connect to a JDBC data source or to a JDBC URL.The default connection type is the default data source. A data source is a vendor-independent encapsulation of a database server connection on the application server. 1. Data sources ( JNDI name) offer advantages over a JDBC URL connection because the data source can be tuned, reconfigured, or remapped without changing the deployed application. 2. JDB...

WebCenter Deployment Architecture

The main components of the deployment architecture are: • WebLogic Server • Portlets deployed in Portlet Container • Metadata storage for customization information • Enterprise Content Management solution with Content Adapters • WebCenter Services • WebCenter Search • Identity Management WebLogic Server, which is a Java EE–compliant application server, is at the center of WebCenter. WebCenter applications are Java EE applications that are deployed to WebLogic Server. WebCenter Spaces is a prebuilt custom application using WebCenter Framework and Services. Portlets : WebCenter applications can consume portlets. Portlets are deployed into a Portlet Container and are accessed by various HTTP-based network protocols such as WSRP and SOAP. Oracle WebCenter supports several portlet APIs such as JSR 168 and PDK Java. Metadata Services : WebCenter applications can be customized or personalize...

ORACLE TECHNOLOGY

Search This Blog