Do the URLs in OAM Protect the Right Pages? (Doc ID 1943616.1)

Last updated on JULY 07, 2017

Applies to:

Oracle WebCenter Sites - Version 11.1.1.8.0 and later
Information in this document applies to any platform.

Goal

For integrating WebCenter Sites and Remote Satellite Server with Oracle Access Manager 11.1.1.x:

1. On Remote Satellite Server, according to <Document 1929684.1>, you need this configuration for OAM:

/<RSS_context_root>/<ellipsis>/* Excluded NA NA     (e.g. /ss/.../* Excluded NA NA)

This means that all the resources under /ss/ are excluded by OAM.

2. On Webcenter Sites:
Following the "Table 23-1 Resources" in the doc https://docs.oracle.com/cd/E29542_01/doc.1111/e29751/oam_sites_int.htm#CHDDIBCI you exclude all the resource under the Sites context but you protect resources /<sites_context_root>/ContentServer/.../* and /<sites_context_root>/Satellite/.../*:

/<sites_context_root>/…/* Excluded NA NA
/<sites_context_root>/ContentServer/…/* Protected Protected Protected
/<sites_context_root>/Satellite/…/* Protected Protected Protected

Using /<sites_context_root>/ContentServer/…/* and /<sites_context_root>/Satellite/…/* you protect only URLs like:

/servlet/ContentServer/test/home.htm or
/servlet/Satellite/example/index.htm or
/servlet/Satellite/index.htm

or similar, but you don't protect URLS like

/servlet/ContentServer?pagename=myPage&c=MyAssetType&cid=1230987654321 or
/servlet/Satellite?pagename=myPage&c=MyAssetType&cid=1230987654321

Shouldn't these be protected as well?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms