ADF desktop integration leverages ADF security to provide access to published spreadsheets within your application. In this article I discussed a good security practice for your existing as well as any new spreadsheets that you create.

ADF Desktop integration uses the adfdiRemoteServlet to process and send request back and fort from and to the ADFmodel which is allocated in the Java EE container where our application is deployed. In other words this is one of the entry points to the application server. Having said that, we need to make sure that container-based security is provided to avoid vulnerabilities.

So what is needed? For existing an new ADFdi applications you need to create a Security Constraint for the ADFdi servlet on the Web.xml file of our application. Fortunately JDeveloper 11g provides a nice visual editor to do this. Open the web.xml file and go to the security category

Add a new Web Resource Collection give it a meaningful name and on the URL Pattern add /adfdiRemoteServlet click on the Authorization tab and make sure the valid-users  role is selected for authorization and Voila! your application now is more secured.