ADF Tips: OPSS User and Roles API – Part 1: Introduction + Retrieving all users.

So, you have your ADF Application and most important, you are using ADF Security. One of your requirement is to manipulate users and roles from your security framwork within your app. Do you need to worry about what your authenticator provider is? Well, certainly if you are using DB Authenticator then you could write few ViewObjects and implement the requirements accessing the DB and that will do the job but…

What happens if later the business decides to use OID (LDAP) instead? That will mean that all the work you did will be lost and that you need to rewrite it all to support now the OID infrastructure. In order to avoid this kind of scenario, when applicable you should always use OPSS or Oracle Platform Security Services API which provides an User and Role API which is an abstraction on top of your Weblogic security.

We are planning to write a series of post regarding this subject being this the first where we will show how to query all users from our security context. We will be showing the process rather than a detailed steps description. The idea is that the developer get to know what is possible to be done with the API and leave the rest to their imagination.

First of all we created a new custom project


with the BC4J Security library to start with.


We created a factory class to get instances of the Identity Store.

The service class will query the IdStore and will return all available users.



Because we are just interested in the user’s name and description we create a business object called MyUser with these two attributes.


Now, we have created a service wrapper which will return a list of MyUser


with the help of a utility class to convert from idm users to MyUser.



Last step is to create a Data Control based in our wrapper class


and consume that in your ViewController.


We run now the application


Wecompare with the data in Weblogic Server.


The next post will show how to retrieve the roles for each user using the OPSS API.

For a detailed API Javadoc please refer here.



  1. Florin Marcus



    I am looking forward to seeing the episode where you will create/modify user and roles independent of underlying platform, where you will be able to switch between database-based security to LDAP-based one.
    You will convince me that the right architecture for your proposed use case is NOT a custom security provider.

    • oralution



      Hi Florin, what do you mean by switching? I am not planning to actually ‘switch’ between one provider or another. For this tutorial for example, I am retrieving users from the defaultAuthenticator of my Weblogic. If I use the API to create a new user and assign a new role to it, it will do it in the defaultAuthenticator. Now, if I configure my weblogic to use OID(LDAP), and move it to the top and change the control flag appropriately, when I run the code I will list all users stored in my LDAP, and, if I create a new user, it will be created in the LDAP directory without the need of modifying the underlying code. This is different than simply switching the authenticator in your app; in fact I don’t know whether this is possible or not.

  2. Caroline



    Hi, Is there a blog or doc which documents creating a user with multiple roles using OPSS

Leave a comment

Your email address will not be published.

Social Media

Stay up-to-date with our latest ADF and related technical posts via your favourite social network services.