This discussion is archived
11 Replies Latest reply: Jun 13, 2013 10:49 PM by NarenPasuleti RSS

Preventing URL Copy & Paste in OAF

NarenPasuleti Newbie
Currently Being Moderated
Hi Team,

I want to prevent the URL Copy & Paste scenario in OAF.

I mean USER1 logged in & visited some pages, Example: Page1. then USER1 copied the URL when he/she is in Page1.
then Did logout.

Then USER2 logged in & then Pasted the URL, which was copied above, then Page1 is getting opened, But we Don't want this type of behaviour.

This kind of Behaviour voilates the Security.

Any Ideas to achieve this.

Thanks in Advance.

Regards,
Naren.
  • 1. Re: Preventing URL Copy & Paste in OAF
    Kalimuthu V Expert
    Currently Being Moderated
    Hi Naren,
    If the USER2 got access to the page and when he paste the URL which copied from USER1's session
    he will get the page.

    But I am sure if the USER2 dont have access to the page(say he didn't have the responsibility of the page)
    the USER2 should not get the page even you copy the USER1s URL.

    what case you are discussing here?
    And the pages you mentioned in a standard module or in your custom application pages?

    Thanks,

    With regards,
    Kali.
    OSSi.
  • 2. Re: Preventing URL Copy & Paste in OAF
    NarenPasuleti Newbie
    Currently Being Moderated
    Hi Kali,

    Thanks for your response.

    These pages are from Custom Application.

    I am not sure whether Role/Responsibility based security is implemented or not(I started working on this project from last week).

    My Idea is when we copy URL from USER1 session, just I want to Encrypt the URL Parameters, so that URL should not work when paste it.

    or else is there any property to set similar to 'SECURITY MODE' etc.. so that copy & paste should not work.

    At the same time I will check whether role based security implemented or not.

    Finally, I feel like irrespective of security level, copy & Paste of URL should not work.


    Regards,
    Naren.
  • 3. Re: Preventing URL Copy & Paste in OAF
    Kalimuthu V Expert
    Currently Being Moderated
    Hi Naren,
    Yes we have a SecurityMode property at pageLayout level, but by default it should be standard then the system will take care of the security
    like user->Responsibility->Menu->Function(which is associated with the page).

    If you set to SelfSecured, the developer's responsibility to grant the function, menu to the user...etc.

    Check your page's SecurityMode, I am sure it will be standard.

    And USER1 and USER2 are accessing the page via same responsibility?

    Can you try assigning to the page to diff responsibility and give access to the page using diff responsibility and try the copy paste URL


    Thanks,

    With regards,
    Kali.
    OSSi.
  • 4. Re: Preventing URL Copy & Paste in OAF
    NarenPasuleti Newbie
    Currently Being Moderated
    Hi kali,

    Here, By doing copy & Paste, USER2 is able to see USER1 Notifications page.
    Even if they have the same responsibility, system should allow them to see their own Notifications, but not others.

    This is the requirement here.

    Thanks in Advance.

    Regards,
    Naren.
  • 5. Re: Preventing URL Copy & Paste in OAF
    NarenPasuleti Newbie
    Currently Being Moderated
    Hi Team,

    Any Clue on this?

    Regards,
    Naren.
  • 6. Re: Preventing URL Copy & Paste in OAF
    shreevat Pro
    Currently Being Moderated
    If the first user is logged off the system then copy & pasting same URL will not work (it should by default ask for credentials if the page is associated with EBS menu/function). It might be possible that user 1 is not logged off completely due to which the credentials are cached in the browser. Standard oracle security would take care of your requirement but if you still see issues check if you can encode/encrypt the URL (check OAF Developer's guide for the details).

    Thanks
    Shree
  • 7. Re: Preventing URL Copy & Paste in OAF
    NarenPasuleti Newbie
    Currently Being Moderated
    Hi Shree,

    As I mentioned in my first post of this thread, USER1 copied the URL & Did Logout. then USER2 Did login then pasted this URL. Then there is no question of asking for login credentials after pasting the URL.

    I hope U understood my scenario.

    Regards,
    Naren.
  • 8. Re: Preventing URL Copy & Paste in OAF
    NarenPasuleti Newbie
    Currently Being Moderated
    Hi Team,

    Any pointers on this.

    Thanks in Advance.

    Regards,
    Naren.
  • 9. Re: Preventing URL Copy & Paste in OAF
    shreevat Pro
    Currently Being Moderated
    If the page is associated with EBS function/menu then by default it is tied to EBS security policies. Even if you paste the complete URL by default it would check for authentication, which should ask for credentials again. Anyways, did you try the encoding/encryption section in OAF guide, as I mentioned?

    Thanks
    Shree
  • 10. Re: Preventing URL Copy & Paste in OAF
    NarenPasuleti Newbie
    Currently Being Moderated
    Hi Shree,

    Thanks for your response.I have not tried encoding/encryption section in OAF guide.
    since this is a huge custom application, adding encryption/decryption logic at n number of places may be huge task. So just i am thinking is there any property or profile option to achieve this.

    Anyways I will through encryption section in OAF guide.


    Thanks in Advance.

    Regards,
    Naren.
  • 11. Re: Preventing URL Copy & Paste in OAF
    NarenPasuleti Newbie
    Currently Being Moderated

    Hi Team,

     

    Any clue on this.

    I found that this issue is happening at Notifications page URL. USER1 logged in and visited notification page.

    then copied the URL and did logout.

     

    USER2 logged in and pasted the URL, which was copied from above then Notification page is getting open which is having USER1 notifications.

    so USER2 is able to see USER1 Notifications, how to overcome this issue.

     

    Regards,

    Naren.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points