ADF Tutorial: How to map roles to when user logs in.
ADF Security provides you with a really strong and robust security framework which allows you to set up the security for your application in a easy, quickly and understandable way. Also, if its good configured with, for example, Weblogic authenticator providers, then you can have all your enterprise roles coming from, for example, an Oracle Internet Directory (LDAP), mapped automatically with little configuration to your application roles. However, some times you might need to do some of this process manually and we are not going to discuss in this post what would be the best way and practices to achieve the task using the framework rather than implementing it yourself. Instead, we are gong to illustrate a way to do so, based on some assumptions independently if they do or don’t make any sense.
So this is the scenario, we are using ADF Security to authenticate users but they roles are not coming along so we need to add them manually. So lets start by showing what users we have added to our jazn-data. Ideally, users are going to be coming from some kind of authenticator provider. Please note that they don’t have any roles assigned. YET!.
This are the enterprise roles we have created in our jazn-data. Each role is mapped to an Application role.
Also, we have created a simple page displaying to panel box. One is visible to users that have assigned the application role ‘Manager’ and the other to ‘Employee’.
At this point we haven’t done anything else. Let’s see what happens if we run the application as it is. (note that when we configured the adf security, we chose to create a default login page).
Lets log in as TheManager. What should we expect?
Exactly! We need to add permission to the pages.
We try to log in again as TheManager and what do we get?
Exactly again! At this point, the only thing this user has about Manager is its name. The same will happen if we try the with any of the other users. This is when the trick comes in;
There are several ways to execute a java method just after an user has been authenticated. However, for illustrative purposes we will be doing this through an application Filter. So we create a class that will be extending the class Filter.
Then we need to add the Weblogic API to our application (to add the roles to the logged in user at run time via JAVA)
Our class will look like this; overriding the doFilter method to actually apply a very complex logic; In this case we are passing the “Enterprise Roles” so the framework takes care of then and map them to the correct Application Roles.
We are almost there, we need just to add our filter to the web.xml and in this case, this will be executed when a request to the home.jsf is made to the server.
Now, if we try to log in again as TheManager?
Cool! What about TheEmployee?
And TheFirstAssistant?
So this is how you COULD implement the role assignment programatically if you are using ADF Security running on your Weblogic Server.
ohood
on.getCurrentSubject(); not found
oralution
onHi,
Make sure you are using the correct Security object. This is coming from weblogic.security package.
Regards
Anil
onThis example has the user credentials configured in adf what if the user was maintained in Active Directory, how will you manage roles? will the securityContext object have access to these roles and how?
oralution_admin
onHi Anil,
Sorry for the late reply. But basically yes, it will work the same if the user was maintained in Active Directory or any other supported LDAP. That is the beauty of this abstraction.