This content has been marked as final. Show 9 replies
I have read adf mobile security given in dev guide many times. But my requirement is little different.
In iOS settings all the applications are listed and there we can specify application specific properties.
I want to have user password info there.
Please suggest how can i put few properties about my application there and how can i read them?
I want to pass that user pasword in all my webservice call and if the credential is not correct then user will be redirected to a login page.
Please suggest how can i implement this.
I'm not exactly sure what you are asking for.
If you want to store the username and password for a user as a preference of an application then you can use application preferences to do that:
However instead of doing it this way, I think a better approach is to use ADF Mobile's built in feature for local authentication - where ADF Mobile handles this for you.
local—Select if the application will allow users to authenticate against locally stored credentials on the device. After the user's first successful authentication to a remote server, ADF Mobile persists the credentials locally within a credential store in the device. These credentials are used for subsequent access to the application feature. See also Section 18.4.11, "What You May Need to Know about Web Service Security."
Thanks Shay. That was helpful.
As per dev guide:
For secured web services, the user credentials are dynamically injected using ADF Mobile uses Oracle Web Services Manager (OWSM) Lite Mobile ADF Application Agent to create and configure proxies, as well as to request services through the proxies. The user credentials are injected into the OWSM enforcement context when proxies are configured.
a) Is it possible i can programatically set credentials in the header by getting it from preferences or i can somehow update credential key ?
b) Is it possible to inject user credentials with webservice request without creating "regular" web ADF application, secure it, and deploy it on a server?
c) Is configuration Services any how related to this?
I already have a secured webservice and i don`t want any extra authentication through login page or by creating a new app as login server.
I just want pass username/password stored in application level preferences in the header of all my webservices ?
B - You don't need a regular ADF application on the server - you just need to have a URL that is protected with a basic security on the server - so it will prompt for login process.
This will be the recommended way to go as ADF Mobile will just take care of every subsequent request for a service for you.
For example on why and how to use the configuration server see: