Documente Academic
Documente Profesional
Documente Cultură
in
ADF Applications
Application
Choices:
Application XML:
Used for small-scale applications or testing
Uses the Oracle Platform Security for Java's file-based
repository
Configured in JDeveloperuser and role information stored
in jazn-data.xml
LDAP:
Identity store configured outside of JDeveloper
Scalable and secure
Integrates with Oracle Single Sign On
web.xml modifications:
ADF authentication servlet definition
and mapping
Security constraint
Login configuration
Adding a user to
a role in the
identity store
Policy store is in
jazn-data.xml.
Users
Roles
clerk manager
Purpose is to:
Prevent unauthorized access to entity objects or attributes
Enable developers to:
Secure access to an entire entity object or only certain
attributes
Specify the actions that members of a role can perform on
entity objects or attributes
Two types:
Implicit: Based on JAAS permissions for anonymous-
role role
Explicit: Based on security constraint on authentication
servlet that you can define by using the Configure ADF
Security Wizard
J2EE Security
4
Container Authentication
submit=j_security_check() Logic BOB
1
/adfAuthentication?success_url=/app/Public.jspx
J2EE Container
User: Bob
J2EE Security Constraint J2EE Security
2 Enterprise
Identity
Authentication servlet
protected by J2EE No
Management
Redirect to success
Security Constraint, Session URL=/app/MyPage.jspx
Triggers Container 4 as per #1
login process
adfAuthentication
Servlet
Container Authentication
BOB
submit=j_security_check() Logic
/app/MyPage.jspx View
Privilege is
/app/Public.jsp *.jsp granted to a Role
*.jspx of which Bob is a
MyPage.jspx member.
User: Bob
PageDefs JAAS AuthZ
request View Privilege
granted to the
PageDefs used as or anyone
Security Def end Role.
points Public.jsp
Example: UI expression:
#{userInfo.admin}
Expression Purpose
#{securityScope.securityEnabled} Is security on?
Expression Purpose
#{securityContext.userName} User name of the authenticated
user
#{securityContext.userInRole Is the user in any of these roles?
['role list']}
#{securityContext.userInAllRoles Is the user in all of these roles?
['role list']}
#{securityContext. Does the user have this
userGrantedPermission permission granted?
['permission']}