Saturday, July 21, 2012

ADF Security - Part 1


ADF Security can be implemented for:

1)Declarative security support for ADF resources, such as the bounded task flow.
With Oracle ADF Security, you can control whether or not the user can enter a task flow. Thus, a single security policy for a task flow can control access to multiple web pages.
2)Simplified permission assignment using application roles that allow for the inheritance of permissions
While Java EE security roles that are used by Java EE security constraints are flat, JAAS permissions are granted to application roles, which can be nested and may be mapped to enterprise roles that the Oracle WebLogic Server domain defines.
3)Utility methods for use in EL expressions to access ADF resources in the security context
You can use the Oracle ADF Security EL expression utility methods to determine whether the user is allowed to perform a known operation. For example, you can determine whether the user is allowed to view a particular task flow.



Steps :
1.Enable Oracle ADF Security for the application:
(a)From the Application menu, choose Secure > Configure ADF Security.

 

 
(b)In the ADF Security page, leave the default ADF Authentication and Authorization option selected. Click Next
 

 
(c)In the Authentication Type page> select the authentication type that you want your application to use when the user submits their login information. Click Next.
Select Form-based Authentication, you can also select Generate Default Pages to allow the wizard to generate a default login and error page.

 

 
(d)In the Automatic Policy Grants page, leave the default No Automatic Grants option selected. Click Next .


 

 
 
(e)In the Authenticated Welcome page, select Redirect Upon Successful Authentication to direct the user to a specific web page after they log in. Click Next. Then Finish.

 


 
2)Creating Application Roles
You create application roles to represent the policy requirements of the application and to define groups of users with the same view permission rights.
(a)Choose Secure > Application Roles from the Application menu in the JDeveloper

 


 
(b)Select Add New Role in the Application Roles tab. Provide the name for Role(eg: Admin)
When you add an application role to the policy store, JDeveloper updates the jazn-data.xml file located in the src/META-INF folder relative to the application workspace.

 

 
(c)Add users to the newly created Roles

 


 
Create the User and select the check box. Click OK.

 

 
3)Grant public access to ADF security-aware resources

In the Resource Grants overview editor, click one of the following Resource Type :
  • Task Flows when you want to make a bounded task flow public. The application displays the web pages under the permission you define for the task flow itself. Thus, all constituent web pages of the bounded task flow will become public.
  • Web Pages when you want to make individual web pages public. Typically, these pages are defined by an unbounded task flow and are top-level pages in the application, such as a home page.
 

 
Add required Application role or User to the TF or web page.




Use EL to specify viewable components on the Page.
For login/logout Link:
  1. #{securityContext.authenticated ? "Logout" : "Login"}
Text:


Destination:
  1. #{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/IndexPage.jspx" : "/adfAuthentication?success_url=/faces/IndexPage.jspx"}




Use EL to configure rendered property of Button/Link for particular Role. For Eg:

#{securityContext.UserInRole['Admin']}
OR
#{securityContext.UserInRoles['Admin','Staff']}

4)Security can be bestowed upon Entity object attributes too.



Once security is enabled, you need to associate roles to it, or no one will be able to edit this attribute.




When 'Edit Authorization' is clicked jazn-data.xml is opened where you can configure the roles for the attributes to be modifiable.




Method/Expression Description

#{securityContext.taskflowViewable['SomeTaskFlow']}
Returns true if the user has access to the specific SomeTaskFlow task flow.


#{securityContext.regionViewable['SomePageDef']}


Returns true if the user has access to the specific SomePageDef page definition file associated with a page.


#{securityContext.userName}


Returns the authenticated user's username.


#{securityContext.authenticated}


Returns true if the user has been authenticated.


#{securityContext.userInAllRoles['roleList']}


Returns true if user has roles in the comma seperated rolesList assigned.

On the starting Page of your Application , to enable view for all users(anonymous), configure the role as 'Anonymous User' for the landing page as follows:
 



1 comment: