ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a...
Transcript of ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a...
![Page 1: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/1.jpg)
ADF Security in a Project CentricADF Security in a Project‐Centric Environment
An ADF Case StudyAn ADF Case Study
Jean‐Marc DesvauxJean Marc Desvaux
General Construction Co.Ltd
![Page 2: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/2.jpg)
ADF EMGhttp://groups.google.com/group/adf‐methodology
ADF EMG• A place to discuss best practices and methodologies for JDeveloper ADF enterprise applications
• Founded mid‐2008 by Chris Muir now 600+Founded mid 2008 by Chris Muir, now 600+ members
h k• Focus is Fusion Tech Stack (ADF Faces, ADF BC)
• Online forum plus sessions at major Oracle
<presenter, organisation>
p jconferences (OOW, ODTUG, UKOUG, DOAG…)
![Page 3: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/3.jpg)
About me
Head of Information Systems of a ConstructionHead of Information Systems of a Construction
Company based in Republic of Mauritius
+20 years experience with Oracle technologies :+20 years experience with Oracle technologies :
Database, Development Tools and Middleware.
twitter/jmdesvaux jmdesvaux.blogspot.com
![Page 4: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/4.jpg)
Agendag
The GCC Business Case
The Security problem & the approach taken
Setting up the Infrastructure
Enabling ADF SecurityEnabling ADF Security
Enabling Per Project & Module Security in ADF
General Construction Co.Ltd
![Page 5: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/5.jpg)
The Business Case
General Construction Co.Ltd
![Page 6: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/6.jpg)
The GCC Business ‐ Building & Civil Engineering
GCC = Main Contractor = Builders Work mainly
Operations in Mauritius Only
~3000 Workforce, ~400 Staff (200 HQ, 200 on Sites)Sites).
General Construction Co.Ltd
![Page 7: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/7.jpg)
The GCC IT Team
4 Engineers & Developers 1 ADF dedicated since 2 years + Forms/Reports (6yrs)
1 ADF dedicated since 1 year
1 Forms/Reports dedicated +20 rs1 Forms/Reports dedicated +20yrs
2 dealing with overall infrastructure: DB,AS,Firewalls..
2 Desktop & Peripheral Support TechniciansSites NetworkingSites Networking
Desktop/Clients Configs & Support
General Construction Co.Ltd
![Page 8: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/8.jpg)
Dev Started 1990, kept updated & still growing…
SINGLE ORACLE DATABASE INSTANCE
![Page 9: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/9.jpg)
Today ~1500 Forms & 1500 Reports y pcovering most aspects of line of
services/business unitsservices/business units(Logistics, Professional Support &
Coorporate Services)Coorporate Services)each backing up Sites Operations
General Construction Co.Ltd
![Page 10: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/10.jpg)
Need for our Sites to be Active Players
in thisin this Services Ecosystem
We saw there a good case e sa t e e a good casefor an ADF transition
General Construction Co.Ltd
![Page 11: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/11.jpg)
Connecting Sites to the GCC System with ADF Web applicationswith ADF Web applications
General Construction Co.Ltd
![Page 12: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/12.jpg)
The Security Problem &The Security Problem & The approach taken
General Construction Co.Ltd
![Page 13: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/13.jpg)
Corporate User works t l
Site User always k d P j ttransversely across
projectsworks under a Project
Context
General Construction Co.Ltd
![Page 14: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/14.jpg)
Security is delegated toSecurity is delegated to “Line of Service” Managers
Each “Line of Service” Manager makes service agreements with Sites defining how they will work :‐Who will do what.
“Line of Service” Manager applies Agreement by setting roles in a Security Configuration/Management application.roles in a Security Configuration/Management application.
General Construction Co.Ltd
![Page 15: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/15.jpg)
Security Model for all applications (ADF, Forms & Reports)
General Construction Co.Ltd
![Page 16: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/16.jpg)
Blocks involved to implement :OID/SSO, Database, ADF Security & UI
OID (LDAP) for USERS and MODULE GROUPSORACLE Single Sign‐On (SSO)
DATA MODEL FOR A SECURITY APPLICATION TO DRIVE PER MODULE/PROJECT ROLES
ADF SECURITY FOR PAGES ON OID GROUPSADF SECURITY FOR PAGES ON OID GROUPS
ADF UI COMPONENTS RENDERED OR NOT USING EL :CUSTOM CLASSES TO CHECK ROLES FROM THE DATABASE
General Construction Co.Ltd
![Page 17: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/17.jpg)
Delegation of management of Project/Module Security
Module Security Manager
General Construction Co.Ltd
![Page 18: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/18.jpg)
Security Management related FormsModules
Who can Manage a Module for one or more ProjectsModules
Grant/Revoke Module Roles to User for Project
OID Group
Module Roles & related privileges
When access granted to a first Site, OID updated with module group using dbms_ldap package
![Page 19: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/19.jpg)
Other advantages of using the Database isth i t ti f it ith HR D tthe integration of security with HR Data
New Users are added to the Site from HR Employees data by theNew Users are added to the Site from HR Employees data by the Security manager.
Auditing Accesses inside the database and Timesheet cross‐gchecking (Absent but logged on, not assigned to a Site but still authorized etc..)
When an employee leaves the company, authorization is automatically revoked
/Ability to do more control as & when needed/decided
Security Data is backed up with Database
General Construction Co.Ltd
![Page 20: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/20.jpg)
S i h I fSetting up the Infrastructure
General Construction Co.Ltd
![Page 21: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/21.jpg)
How to integrate OID/SSO with WebLogic
“Forms (11g) will not be specifically coded to use, nor tested with Oracle Access Manager. Other Oracle products, such as ADF, Web Center and Portal, will also support Oracle Single‐Sign‐on.
Oracle has plans to support Oracle Access Manager in future versions of Oracle Forms 11g.”
b h l Oracle Single Sign‐on/OID
Oracle WebTier 11g Oracle Identity Management 10.1.4
Webcache wls1034.gcc.mu:7785
HTTP 11g wls1034.gcc.mu:7777
Oracle Single Sign‐on/OID
ADF 11g deployment
WebLogic wls1034.gcc.mu:7007
ADF 11g deployment
General Construction Co.Ltd
![Page 22: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/22.jpg)
Proxying WebLogic with HTTP 11g
Webcache wls1034 gcc mu:7785
WebLogic wls1034.gcc.mu:7007
Webcache wls1034.gcc.mu:7785
HTTP 11g wls1034.gcc.mu:7777
General Construction Co.Ltd
![Page 23: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/23.jpg)
Register HTTP server With the OSSO Infra Server
Register the weblogic server URL with webcache port (7785) on theOID/SSO Server :‐/
1/.Create a wls_osso.conf file from the ssoreg.sh tool on the OID/SSO infra server .
2/ Replace the Weblogic server webtier osso conf with the generated file2/.Replace the Weblogic server webtier osso.conf with the generated file
3/.Configure mod_osso.conf to point to the newly copied osso.conf
General Construction Co.Ltd
![Page 24: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/24.jpg)
Setup WebLogic Security Providers
A th ti t t b fi dAuthenticator must be configured for Oracle Internet Directory (OID) Oracle WebTier 11g
Identity Assertion Provider must be configured for SSO
IdM
General Construction Co.Ltd
![Page 25: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/25.jpg)
WebLogic Realm Security Providers
General Construction Co.Ltd
![Page 26: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/26.jpg)
Infrastructure Setup Done
W b h l 1034 7785 Oracle Single Sign‐on/OID
Oracle WebTier 11g Oracle Identity Management 10.1.4
Webcache wls1034.gcc.mu:7785
HTTP 11g wls1034.gcc.mu:7777
Oracle Single Sign on/OID
ADF 11g deployment
WebLogic wls1034.gcc.mu:7007
ADF 11g deployment
General Construction Co.Ltd
![Page 27: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/27.jpg)
Enabling ADF SecurityEnabling ADF Security
General Construction Co.Ltd
![Page 28: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/28.jpg)
Enabling ADF Security
General Construction Co.Ltd
![Page 29: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/29.jpg)
What is done at the back...
Jdeveloper creates :pjazn‐data.xml: Set security rules & permissions + dev/test store for testing only (skipped on deployment)
and updates :web.xml: Set type of Authentication selected.weblogic.xml : where users are mapped to role (by default a generic principal (user) is mapped to a Weblogic role “valid‐users” (authenticated user)adf‐config.xml: To indicate that ADF security is enabled & handled by JPS (Java Platform Security)
General Construction Co.Ltd
![Page 30: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/30.jpg)
Authentication Type (web.xml)with Oracle Infrastructure Single sign‐ong g
General Construction Co.Ltd
![Page 31: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/31.jpg)
Authorization : Roles & Pages Security
Application RolesADF application specified role, ADF Authorization are set on these roles.
Enterprise RolesRoles assigned to the ADF user from the Credential/Identity Store (Oracle g y (Internet Directory)
Application Role is mapped to Enterprise Role allowing pp pp p gdeveloper to use roles and map them later to final Roles.
Roles are applied to pages with “View” permissionRoles are applied to pages with View permissionOther permissions are only applicable if you use WebCenter
General Construction Co.Ltd
![Page 32: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/32.jpg)
Authorization (Jazn‐data.xml)
General Construction Co.Ltd
![Page 33: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/33.jpg)
What we have at this stageWhat we have at this stage
A user with an OID account and OID Groups (enterpriseA user with an OID account and OID Groups (enterprise roles) gets a SSO login form to identify himself when trying to access an ADF application (all pages being y g pp ( p g gprotected by ADF Security).
Once authenticated, he can navigate to the page if he has the necessary enterprise role (mapped to the application role set to protect the page)application role set to protect the page).
General Construction Co.Ltd
![Page 34: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/34.jpg)
On each page, we only want the authorized UI componentsthe authorized UI components
to be rendered…..
General Construction Co.Ltd
![Page 35: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/35.jpg)
UI components level
Rendering or not a UI component (button, panel etc..)
JSF Expression Language (EL)
CurrentPeriod <= (le for less or equal) Period
#{securityContext.userInRole[‘rolename’]} for “static” role
General Construction Co.Ltd
![Page 36: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/36.jpg)
Enabling Per Project &Enabling Per Project & Module Security in ADF
General Construction Co.Ltd
![Page 37: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/37.jpg)
Application navigation use case pp g(Apps screenshots)
General Construction Co.Ltd
![Page 38: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/38.jpg)
Oracle Single Sign‐On Login Form
Oracle Infrastructure 10.1.4 Default Login FormC i d i h lCustomized with our logo.
One could write a custom Login Form
General Construction Co.Ltd
![Page 39: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/39.jpg)
List of Projects for which the useris entitled to at least one Application Module
![Page 40: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/40.jpg)
List of Modules to which the user is entitled to on the selected Project
![Page 41: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/41.jpg)
User can switch Project Context
Module
Within the Same Module
Actions available or not depending on User’s rights on this specific Project and Module
![Page 42: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/42.jpg)
Oracle Reports integration (Report TaskFlow)
Oracle Report Parameter Form
Report URL not displayed
General Construction Co.Ltd
![Page 43: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/43.jpg)
How it works (Guideline only. To Show extensibility/flexibility of the Framework)
1 User Login is fetched from ADF Context1. User Login is fetched from ADF Context.
2. From a “Project List” module and a “Project Switcher” Taskflow, a selected Project is set in the database. Any direct access to j yModule takes the Project from the database.
3. When accessing an application we store in the AM Session our context parameters: Project Code, User Login, Module Code,etc..
4. Module Access Right for Project is checked from the database (in case Module accessed directly via Module URL)(in case Module accessed directly via Module URL)
5. Database Client Identifier & Module Environment are set in the Database for Auditing purpose & other needsDatabase for Auditing purpose & other needs.
General Construction Co.Ltd
![Page 44: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/44.jpg)
6. A “Module access” audit event is logged in the Database
7. When a page is accessed, session parameters are stored (if not already done) in a Session bean.
8. User’s Privileges Codes for Module/Project is fetched from the Security Database and stored in HTTP session as a Map.
9. Bind Variables on our View Objects (VOs) are automatically replaced by our parameters value to filter data at VO levelreplaced by our parameters value to filter data at VO level when VOs are executed.
10 We have a session bean method (SecurityScope userinRole)10. We have a session bean method (SecurityScope.userinRole) that is used in EL to check Privileges from our HTTP session Map to Render or not a Component.
General Construction Co.Ltd
![Page 45: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/45.jpg)
Normal EL Expression to check from static rolep f
#{securityContext.userInRole[‘Role Name']}
Custom EL Expression to check from Database privileges Codes assigned to Role
#{securityScope.userInRole[‘Priv List Code']}
General Construction Co.Ltd
![Page 46: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/46.jpg)
Reusability
Task Flows, Libraries & Page Templates
General Construction Co.Ltd
![Page 47: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/47.jpg)
ReusabilityTask Flows, Libraries, Page templates..
ADF Framework Base Classes
GCCC W kGCCCommon Workspace
adf‐extensions project
gcc‐security project
gcc‐template Project
GCCLibraries
GCC AppsApplicationM d l GCC Apps
Module…… ……Modules
Workspaces
T kFl W k
Task Flows …… ……Task FlowsWorkspaces
TaskFlowWorkspace
General Construction Co.Ltd
![Page 48: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/48.jpg)
The FuturePotential grounds for improvementsPotential grounds for improvements
O l A MOracle Access Manager When Forms/Reports support it
Oracle WebCenterApplication Entry point (Portal) + Customization for tasks shortcuts (Approving Requests etc..)Improve Application Structure using CatalogsContent Integration & Web 2.0 features g(ex: Project Site Communications Module extended with Chat/Forum/Workspace)
ADF MobileP i f A li i ( ll i l h i )Pervasiveness of our Applications (ex: allowing an approval anywhere on site)
General Construction Co.Ltd
![Page 49: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/49.jpg)
Oracle Technology Network (OTN)Our Main Resources
Oracle Technology Network (OTN)ADF Code Corner
JDev/ADF Forum
Tutorials
Non‐Oracle
L J ll A d j B ki Ch i M i
ADF Experts bloggersAnd more..
Lucas Jellema, Andrejus Baranovski, Chris Muir,..
Oracle
Frank Nimphius, Grant Ronald, Steve Muench, Duncan Mills,..
And more…
ADF books
General Construction Co.Ltd
![Page 50: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/50.jpg)
More info on this ADF case studyd th t diand other case studies
http://tinyurl.com/2e7y3zp
Or from OTN Jdeveloper Page:http://www.oracle.com/technetwork/developer‐tools/jdev/overview/index.html
General Construction Co.Ltd
![Page 51: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/51.jpg)
Th k YThank You.
General Construction Co.Ltd
![Page 52: ADF Security in a Project‐Centric Environment Security in a... · ADF Security in a Project‐Centric Environment An ADF Case Study Jean‐Marc Desvaux General Construction Co.Ltd](https://reader034.fdocuments.net/reader034/viewer/2022042020/5e77c850a91209343e4bb015/html5/thumbnails/52.jpg)
VOs Bind Variables are automatically replaced by our parameters value to filter data per Project at VO level
Parameter naming convention : Parameter name must be consistent,For ex. a projectCode parameter defined in the AM must have the same name as the VO bind variable name.
All ViewObjects use a custom based class “BaseFilteredViewObject” where executeQuery and executeQueryForCollection are overridden :
setGlobalVariablesValues();super.executeQuery();
private void setGlobalVariablesValues() {VariableValueManager vm = ensureVariableManager();Variable[] vars =vm.getVariablesOfKind(Variable.VAR_KIND_WHERE_CLAUSE_PARAM);
for (Variable var : vars) {Object voVarValue = vm getVariableValue(var getName());Object voVarValue = vm.getVariableValue(var.getName());if (voVarValue == null || voVarValue.toString().isEmpty()) {vm.setVariableValue(var.getName(),
getApplicationModule().getSession().getUserData().get(var.getName()));}
}}
General Construction Co.Ltd