FROM THE BLOG

ADF Tips: OPSS User and Roles API – Part 1: Introduction + Retrieving all users.

So, you have your ADF Application and most important, you are using ADF Security. One of your requirement is to manipulate users and roles from your security framwork within your app. Do you need to worry about what your authenticator provider is? Well, certainly if you are using DB Authenticator then you could write few ViewObjects and implement the requirements accessing the DB and that will do the job but…

What happens if later the business decides to use OID (LDAP) instead? That will mean that all the work you did will be lost and that you need to rewrite it all to support now the OID infrastructure. In order to avoid this kind of scenario, when applicable you should always use OPSS or Oracle Platform Security Services API which provides an User and Role API which is an abstraction on top of your Weblogic security.

We are planning to write a series of post regarding this subject being this the first where we will show how to query all users from our security context. We will be showing the process rather than a detailed steps description. The idea is that the developer get to know what is possible to be done with the API and leave the rest to their imagination.

First of all we created a new custom project

opss_adf_custom_project

with the BC4J Security library to start with.

opss_adf_libraries

We created a factory class to get instances of the Identity Store.

opss_adf_idstore_factory
The service class will query the IdStore and will return all available users.

opss_adf_idstore_service

 

Because we are just interested in the user’s name and description we create a business object called MyUser with these two attributes.

opss_adf_idstore_myuser

Now, we have created a service wrapper which will return a list of MyUser

opss_adf_idstore_service_wrapper

with the help of a utility class to convert from idm users to MyUser.

opss_adf_converting_tool

 

Last step is to create a Data Control based in our wrapper class

opss_adf_create_data_control

and consume that in your ViewController.

opss_adf_table

We run now the application

opss_adf_users

Wecompare with the data in Weblogic Server.

opss_adf_wls_users

The next post will show how to retrieve the roles for each user using the OPSS API.

For a detailed API Javadoc please refer here.

 

4 comments

  1. Florin Marcus

    on

    Reply

    I am looking forward to seeing the episode where you will create/modify user and roles independent of underlying platform, where you will be able to switch between database-based security to LDAP-based one.
    You will convince me that the right architecture for your proposed use case is NOT a custom security provider.

    • oralution

      on

      Reply

      Hi Florin, what do you mean by switching? I am not planning to actually ‘switch’ between one provider or another. For this tutorial for example, I am retrieving users from the defaultAuthenticator of my Weblogic. If I use the API to create a new user and assign a new role to it, it will do it in the defaultAuthenticator. Now, if I configure my weblogic to use OID(LDAP), and move it to the top and change the control flag appropriately, when I run the code I will list all users stored in my LDAP, and, if I create a new user, it will be created in the LDAP directory without the need of modifying the underlying code. This is different than simply switching the authenticator in your app; in fact I don’t know whether this is possible or not.

  2. Caroline

    on

    Reply

    Hi, Is there a blog or doc which documents creating a user with multiple roles using OPSS

Leave a comment

Your email address will not be published. Required fields are marked *