:::: MENU ::::

Securing JAX-RS

Many RESTful web services will want secure access to data and functionality they provide. This is especially true for services that will be performing updates. They will want to prevent sniffers on the network from reading their messages. They may also want to fine-tune which users are allowed to interact with a specific service and disallow certain actions for specific users. The Web and the umbrella specification for JAX-RS, Java EE, provide a core set of security services and protocols that you can leverage from within your RESTful web services. These include:

Authentication Authentication is about validating the identity of a client that is trying to access your services. It usually involves checking to see if the client has provided an existing user with valid credentials, such as a password.
Authorization – Once a client is authenticated, it will want to interact with your RESTful web service. Authorization is about deciding whether or not a certain user is allowed to access and invoke on a specific URI. For example, you may want to allow write access (PUT/POST/DELETE operations) for one set of users and disallow it for others. Authorization is not part of any Internet protocol and is really the domain of your servlet container and Java EE.
Encryption – When a client is interacting with a RESTful web service, it is possible for hostile individuals to intercept network packets and read requests and responses if your HTTP connection is not secure. Sensitive data should be protected with cryptographic services like SSL. The Web defines the HTTPS protocol to leverage SSL and encryption.

Oracle Application Framework – HelloWorld Page

Hi guys, in this post you will learn how to create your first Page by using OAF (Oracle Application Framework).

  1. Open JDeveloper (you can download it from Oracle website).
  2. Create a New OA Workspace and Empty OA Project

01Machine generated alternative text:
Oracle Applications Project Wizard -. Step I of 3: Project Directory, File Name and De...
Eroiect Name:
rHelloWorHOAproject ____________
Qiectory Name:
I -H rijects ] [ browse... ]
Default Package:
[jjlGimar.oracle.apps.ak.helloI _____
Oracle Applications package names take the form
oracle. apps. <application_short_name>. <component>.[ <subcomponent >].webui
Example: oracle. apps, po. requisition .webui
Oracle Applications customers and partners package names take the form
<3rd party identifier>. oracle. apps. <application_short_name>.
<component> .[ <subcomponent>]. webui
Example: mycompany . oracle .apps . po. requisition .webui
[ ti*J rack j[ rzextj [ cancel ]

02Machine generated alternative text:
Qser Name:
eassword: ___________
pphcation Short Name: SYSADMIN
esponsibihty Key: SYSTEM_ADMINIS T PAT’ ER
Optiona( LL parameters:
E.g. &property 1 =value 1 ßeproperty2=value2
[ <ack jrr4ext ] [ irish ][ Cancel j
Oracle Applications Project Wizard - Step 3 of 3: Runtime Connection
DBC File Name:
\jdevhornejdev\dbcji1es\cecure\Vl5ION. dbc
11 Browse...J
FND_TOP=D :\p843 1482_Rl 2_GENERICjdevhome\dev\dbc _Ides
[ jelp ]

3. Set Run Options in OA Project Setting

Select Your Project in the Navigator and choose Project Properties

Select Oracle Applications > Run Options

Select OADeveloperMode and OADiagnostic, and move them to selected Options List


Machine generated alternative text:
Project Properties : D: \p84 31482_Rl 2_GEN ERIC\j devhome\.j dev\myp rojects\He floWo r IdOAP roject
Project Content Oracle Applications: Run Options
ADFm Settings
. . .‘ Use Çustom Settings
ADF View Settings -
‘ Use Project Settings
Available Options:
Business Components
$ Compiler
EJB Module
)ZEE Application
W Javadoc
35$’ Tag Libraries
Oliline Database
Oracle Apphcations
Database Connection
Run Options
Runtime Connection
Technology Scope
OA8ackßuttenTestMode .
Selected Options:

4. Create Application Module AM.

4.1 File, New, Business Tier

4.2 Select ADF Business Components.

4.3 Application Module

04Machine generated alternative text:
ê New Gallery
Eilter By: LProject Technologies ‘ I
El General
Deployment Descriptors
Deployment Profiles
5irnple Files
El Business Tier
Business Components
O %åleh Tiar
2 Business Components From Tables
Business Components Diagram
; Application Module
Q3 Association
Business Components Deployment ProFiles
Business Components Project
a DeFault Data Model Components
¡Pj Domain
L Entity Object
View Link

5. Create a OA components Page


5.1 – Give it a proper name.


5.2 – Then, we have to add some UI components such as Label, InputText and one button.


Machine generated alternative text:
Helo World Window Title ‘ . ‘ Page
Hello World Page Header

We will create something like this.

6. Add a Controller

In order to add a controller, do same as the picture:


Machine generated alternative text:
EJ  PageLayoutRN
B LfjlriainF •‘--
cri e Edit Region
Set New Controller,..
pageL Edit Controflet
S o  Cut CtrI.X
k  Copy CtrI-C
X Qelete Delete
Expand All
Collšpse All
Copy Region to jle...
Show OA References

09Machine generated alternative text:
New Controller
Eackage Name: [prajkumar . oracle .apps . ak. hello. webui
Çjass Name: HelloWorIdMainCO
Help _____________J Cancel

The code you need is something like this:


This is the final result:

12Machine generated alternative text:
inport oracle. apps. fnd. framework. OkException;
itt.. .t,
public class HelloVorIdMainCO extends OÀControllerlmpl
public static tinal String RCSD-”$Header$”;
public static tinai. boolean RCS_ID_PECOPDED =
Versionlnfo.recordclassVersion(RCS_IÐ, “%packagename%”);
‘ Layout and page setup logic for a region.
@paran pageContext the current QA page context
t @paran webBean the web bean corresponding to the region
public void processRequest(OAPageContext pageContext, OAblebBean webßean)
super.processRequest(pageContext, webBean);
Procedure to handle form submissions for form elements in
a region.
@par&n pageContext the current OA page context
t @paran webBean the web bean corresponding to the region
public void processFormRequest(OAPageContext pageContext, OATJebBean webBean)
super.processFormRequest(pageContext, webBean);
it (pageContext.getParasaeter(”Go”) = null)
String userContent = pageContext. getParameter (“HelloName”);
String message — “Hello, “ + userContent + “V’;
throw new OÀException(message, OAException.INFORMATION);

Oracle PL-SQL – Exceptions

PL/SQL provides a feature to handle the Exceptions which occur in a PL/SQL Block known as exception Handling. Using Exception Handling we can test the code and avoid it from exiting abruptly. When an exception occurs a messages which explains its cause is received.

PL/SQL Exception message consists of three parts.

  1. Type of Exception
  2. An Error Code
  3. A message 


By Handling the exceptions we can ensure a PL/SQL block does not exit abruptly.


Structure of Exception Handling.

General Syntax for coding the exception section


   Declaration section


   Exception section


 WHEN ex_name1 THEN

    -Error handling statements

 WHEN ex_name2 THEN

    -Error handling statements


   -Error handling statements




Types of Exception.

There are 3 types of Exceptions.

  1. Named System Exceptions: System exceptions are automatically raised by Oracle, when a program violates a RDBMS rule.
  2. Unnamed System Exceptions: Those system exception for which oracle does not provide a name is known as unamed system exception. These exception do not occur frequently. These Exceptions have a code and an associated message.
  3. User-defined Exceptions: Apart from sytem exceptions we can explicity define exceptions based on business rules. These are known as user-defined exceptions.


Steps to be followed to use user-defined exceptions:

  • They should be explicitly declared in the declaration section.
  • They should be explicitly raised in the Execution Section.
  • They should be handled by referencing the user-defined exception name in the exception section.



RAISE_APPLICATION_ERROR is a built-in procedure in oracle which is used to display the user-defined error messages along with the error number whose range is in between -20000 and -20999.


Which BS Technology Should I Use in Oracle ADF?

There is no single answer to the question of which business services technology is the best. The right choice of a business services technology depends on your needs, your background, and your priorities.

Do You Have Your Own Object Framework?
OracleAS TopLink POJO can provide O/R mappings and caching for arbitrary Java objects. For this reason, OracleAS TopLink is generally the best alternative for developers and organizations who have a Java object framework in place or who wish to create one. If you have your own systems or requirements for representing business objects, implementing business logic, and shaping and aggregating the data for clients, TopLink POJO is most likely the best option for your projects. EJB technology requires that your components match EJB specifications, and ADF BC component classes must extend ADF BC framework classes, but TopLink will work with any object model to provide O/R mapping, data retrieval and caching, and transaction functionality.

Do You Want to Use an Existing Object Framework?
If you are creating a completely new application, with no existing application infrastructure, Oracle ADF Business Components technology is the most productive option you can choose. ADF Business Components technology handles all aspects of application plumbing completely automatically: O/R mapping, data retrieval and caching, transaction management, and integration with the ADF data binding layer. In addition, ADF Business Components automatically implements key J2EE design patterns to improve performance and scalability; it provides a framework for creating validation rules and other business logic; and it includes base classes to represent your entities and views.

Can You Use Oracle Runtime Technology?
Oracle ADF Business Components and OracleAS TopLink are both 100% J2EE-compliant technologies that will run on any J2EE-compliant application server. Neither of these technologies requires you to use an Oracle database or application server, nor do they in any way restrict which technologies you can use for the view or controller layer of your application. Both of these technologies, however, make use of some Oracle runtime classes on the application server. If you use ADF Business Components, your business services will extend the ADF Business Components base classes. If you use OracleAS TopLink, your business services will rely on the TopLink runtime to provide O/R mappings and caching. If you have requirements that prevent you from using any Oracle classes at runtime, you will need to choose a different business service technology: either EJB with CMP provided by the application server, or entirely hand-coded JavaBeans-based business services.

Oracle ADF Further Raises the Level of Declarative Development for JSF

The Oracle ADF Model layer follows the same declarative patterns as other J2EE technologies, by using XML configuration files to drive generic framework facilities. The only interesting difference is that ADF Model focuses on adding value in the data binding layer. It implements the two concepts in JSR-227 that enable decoupling the user interface technology from the business service implementation: data controls and declarative bindings.

Data controls abstract the implementation technology of a business service by using standard metadata interfaces to describe its public interface. This includes information about the properties, methods, and types involved. At design time, visual tools leverage the service metadata to let you bind your UI components declaratively to any public member of a data control. At runtime, the generic Oracle ADF Model layer reads the information describing your data controls and bindings from appropriate XML files and implements the two-way “wiring” that connects your user interface to your service. This combination enables three key benefits:

  •  You write less code, so there are fewer lines to test and debug.
  • You work the same way with any UI and business service technologies.
  • You gain useful runtime features that you don’t have to code yourself.


There are three basic kinds of binding objects that automate the key aspects of data binding that all enterprise applications require:

  • Action bindings invoke business service methods to perform a task or retrieve data.
  • Iterator bindings keep track of the current row in a data collection.
  • Attribute bindings connect UI components to attributes in a data collection.


Typically UI components like hyperlinks or buttons use action bindings. This allows the user to click on the component to invoke a business service without code. UI components that display data use attribute bindings. Iterator bindings simplify building user interfaces that allow scrolling and paging through collections of data and drilling-down from summary to detail information.

The group of bindings supporting the UI components on a page are described in a page-specific XML file called the page definition file. Generic bean factories provided by ADF Model use this file at runtime to instantiate the page’s bindings. These bindings are held in a request-scoped Map called the binding container accessible during each page request using the EL expression #{bindings}. This expression always evaluates to the binding container for the current page. Figure 1–3 shows how EL value binding expressions relate the UI components in a page to the binding objects in the binding container.