Securing your Oracle ADF pages, task flows, entity objects and attributes is an integral part of any robust ADF application. The Oracle WebLogic container provides many authentication providers for you to choose from, and since you can seamlessly swap them out after creating your application, you can opt to stick with using the jazn-data.xml file during development, then later choose something else, such as an LDAP server or custom database tables.
In this online Oracle ADF training video tutorial, we show you how to enable ADF security through JDeveloper to create the default login.html page. Assuming that you already have a basic ADF application web page that you want to secure, you can implement authentication and authorization by following these steps:
- Go to Application -> Secure -> Configure ADF Security.
- Choose the first option – ADF Authentication and Authorization.
- On the next screen choose form-based authentication. Check “Generate default pages”.
- On the next page, choose the first option – No Automatic Grants.
- On the next page, choose “Redirect Upon Successful Authentication” if you want to automatically be redirected to a welcome page. You can even have the wizard generate the welcome page for you – check “Redirect upon successful authentication” and “Generate Default”.
- Now refresh the Application Navigator, and you should see login.html, error.html, and an optional welcome page.
- Look at the login.html code. The form sends the information to j_security_check, and the username and passwords are the j_username and j_password fields, respectively. When the built-in adfAuthenticationServlet is called, this form information is sent to the servlet, when performs the authentication on our behalf.
- During runtime, if an unauthenticated user attempts to access a protected page, the authentication mechanism automatically kicks in. If authenticatication fails with the provided user credentials, the user is redirected to the error page, which you can of course customize.
- To create users, go to Application -> Secure -> Users. You can add the users to enterprise roles (aka “groups”), then add groups to application roles.
- You can secure several types of resources – web pages, task flows, ADF methods, entity objects, and entity object attributes. To define what roles have access to particular resources, go to Application -> Secure -> Resource Grants. Select the resource type from the drop-down menu, then select the resource you want to protect. If you are trying to configure authentication for a web page and you don’t see the web page in the list, most likely the problem is that the page is lacking a page definition file. To create one, right-click on the web page in the Application Navigator and select “Go to page definition” from the context menu. If you are looking to configure entity object authetication, be sure you have already enabled it from the Entity Object Editor.
Click here to check out our ADF online training courses with Instructor-led classroomsPlease Share This Knowledge With Others!