How to enable ADF security and deploy in Standalone WebLogic server

Home/ADF/How to enable ADF security and deploy in Standalone WebLogic server

How to enable ADF Security and deploy in standalone application

020517_2114_Howtoenable1 How to enable ADF security and deploy in Standalone WebLogic server

One of my previous post. I explained deploying an ADF secured application into an Integrated WebLogic Server. I only added some test-users in jazn-data.xml , and deployed. It works well because the Integrated server takes care of everything.

In real time, a project may have many roles. Each role in a project has rules established (policy) to whom to see what and what not (resource).

For example, In an organization, an employee has not authorized to see others salary but an HR is allowed to see the salary. In this example, we defined the following items    

Roles => Employee and HR

Resource => Salary

Policy => Associating Role to Resource

Now the question is where to define the above items  in my ADF application?

Resource:

The resources are already defined in your application. The bounded task flows, JSF page, images, Entity Object attributes are resources. The Salary we mentioned above might present in an attribute in Entity Object.

Role:

There are two roles, Application and Enterprise Role.

Application roles are specific to the application. Employee and HR are application role.

Enterprise roles are global roles. They are not specific to application. The enterprise roles are same as WebLogic Group under security realm. In a production environment, most likely it present in LDAP or database.

During the development, the application role should map to the Enterprise Role.

Policy:

It is about authorization. What a role can see and cannot. Say, an HR role can authorize to see a task flow but employee role cannot.

In this post, I tried to cover most of the things that I have explained above. For demo purpose, I have a sample ADF application created already. The project is downloadable at the bottom of the page.

The following are the series of steps covered here

1. About my sample ADF Application

2. Enable ADF Security

3. Create Enterprise Role & Map it to ADF resources

4. Create Application Role & Map it to Enterprise Role

5. Deploy the Secured ADF  application into Standalone WebLogic

6. Create  users & Map it to Enterprise Role in WebLogic

7. Understand the Security Policy and Role in WebLogic em console

8. Test the application


1. About my Sample ADF Application

As shown in the below image, I have two bounded task flows, Employee and Manager. Each has their JSFF pages.

020517_2114_Howtoenable2 How to enable ADF security and deploy in Standalone WebLogic server

 

2. Enable ADF Security

1. Create an ADF Fusion Application

2. Create a Form based authentication which requires two JSF pages, Login.jsf, and Error.jsf. Create those pages under viewController. Name it as Login.jsf and Error.jsf page.

Read my other post ADF_Security_Login_Logout  or downlad the project in bottom. Create Login.jsf, Error.jsf, Home.jsf and LoginHandler.java as explained there. 

Note: Make sure the JSF page has page definition defined. If not Open the JSF page, Right click and select Go to Page definition T to create the file. 

Create two bounded task flows, one for a manager and other for an employee. Create a view in each task flow. Name it as, employee.jsff and manager.jsff. The employee.jsff contains an outputText ‘Employee’ and  Manager.jsff page has outputText ‘manager’. Both the task flows are added to the home.jsf. 

 

3. Enable the ADF Security: Click on the Application >> Secure >> Configure ADF Security

020517_2114_Howtoenable3 How to enable ADF security and deploy in Standalone WebLogic server

 

4. Select ADF Authentication and Authorization & Click Next

 

020517_2114_Howtoenable4 How to enable ADF security and deploy in Standalone WebLogic server

 

5. Choose the Login.jsf & Error.jsf page & click Next

 

020517_2114_Howtoenable5 How to enable ADF security and deploy in Standalone WebLogic server

 

6. Select No Grants and Click Finish

 

020517_2114_Howtoenable6 How to enable ADF security and deploy in Standalone WebLogic server

 

7. This will create the following files jazn-data.xml and jps-config.xml under the Descriptors

 

020517_2114_Howtoenable7 How to enable ADF security and deploy in Standalone WebLogic server

3. Create Enterprise Role & Map it to ADF resources

1. Open the janz-data.xml under Application Resources >> Descriptors >> META-INF >> jazn-data.xml.

Once opened, Select the Resource Grants >> Select Resource Type as Web Page

 

020517_2114_Howtoenable8 How to enable ADF security and deploy in Standalone WebLogic server

 

2. Create the Enterprise Role: Select the page you want to secure, Click the Green Plus icon in Granter to, add the roles Enterpriseole_Employee and EnterpriseRole_Manager

 

020517_2114_Howtoenable9 How to enable ADF security and deploy in Standalone WebLogic server

 

3. Now Secure the Task Flow: Select the Task Flow in Resource Type and associate Enterprise Role as shown below. The view under Action should be enabled

  • Select the employee Task flow and assign EnterpriseRole_Employee
  • Select the Manager task flow and assign EnterpriseRole_manager

020517_2114_Howtoenable10 How to enable ADF security and deploy in Standalone WebLogic server

4. Create Application Role & Map it to Enterprise Role

1. Create Application Role: select the Application Roles on the left, Click the Green Plus icon, and create two application roles EmployeeRole and ManagerRole as shown below

020517_2114_Howtoenable11 How to enable ADF security and deploy in Standalone WebLogic server

 

5. Map Application Role to Enterprise Role: Select the Application on the left and map it to the Enterprise Role.

  • Assigned Employee_Role to EnterpriseRole_Employee
  • Assigned Managed_Role to EnterpriseRole_Manager

020517_2114_Howtoenable12 How to enable ADF security and deploy in Standalone WebLogic server

5. Deploy the ADF Secured application in Standalone WebLogic

We are done with securing the application. Now, it’s time to deploy the ADF application into a Standalone WebLogic Server

1. Go to Application and Select Application Properties

020517_2114_Howtoenable13 How to enable ADF security and deploy in Standalone WebLogic server

 

2. Select the WebLogic under Deployment and select the option as below. This will migrate Application and Enterprise Roles to WebLogic Server

Note: If your WebLogic Group created already in WebLogic security realm then disable the check box Users and Groups

020517_2114_Howtoenable14 How to enable ADF security and deploy in Standalone WebLogic server

 

3. Deploy the Application into WebLogic Server

6. Create users & Map it to Enterprise Role in WebLogic

1. Login into WebLogic console, Security Realm, User and Group. You will find the Enterprise Roles created automatically in the Groups section.

020517_2114_Howtoenable15 How to enable ADF security and deploy in Standalone WebLogic server

 

2. Create some users and associate the user to Group. I created three users and associated them to groups

  • User admin is associated to Enterprise_Employee & Enterprise_Manager. He can see both the task flows
  • User vasanth is associated to Enterprise_Employee. He can see only Employee task flow
  • User Ganesh is associated to Enterprise_Manager. He can see only Manager Task Flow

Below screen is for admin user

020517_2114_Howtoenable16 How to enable ADF security and deploy in Standalone WebLogic server

 

7. Understand the Policies and Roles in WebLogic em console

In this section, we explore how the Security Policy and Security role are defined inside WebLogic. Oracle EM allows you to alter the security policy and mapping at runtime. 

1. Login into WebLogic Enterprise Manager. The default URL is http://localhost:7001/em

2. Right click on the WebLogic domain, Select Security, and select Application Policies

Note: Your UI might look different than this. In that case, expand the WebLogic domain, Right click on the domain name and select Security > Application Roles 

020517_2114_Howtoenable17 How to enable ADF security and deploy in Standalone WebLogic server

 

3. Select the Application in Application Stripe, select the Group in Principal Type, Do a search. You will find the Group (Enterprise Role) and it’s  ADF Resources as shown below.

Click the Edit button to add or remove ADF Resource from the Group

020517_2114_Howtoenable18 How to enable ADF security and deploy in Standalone WebLogic server

 

4. Now Select Application Roles

 

020517_2114_Howtoenable19 How to enable ADF security and deploy in Standalone WebLogic server

 

5. Select the Application, Click the search button. You will find the mapping between the Application and Enterprise Role. Click on the Edit button to alter the mapping

 

020517_2114_Howtoenable20 How to enable ADF security and deploy in Standalone WebLogic server

 

8. Test the application

I deployed the application in WebLogic server. Let’s test the app

1. Go to the Home.jsf page. The page will redirect to the Login screen. Enter as admin user who has access to both the task flows.

Home Page URL: http://localhost:7001/ADF_SECURITY_EXAMPLE-ViewController-context-root/faces/Home.jsf

020517_2114_Howtoenable21 How to enable ADF security and deploy in Standalone WebLogic server

020517_2114_Howtoenable22 How to enable ADF security and deploy in Standalone WebLogic server

2. Logout & Go to Home page again and Login as Ganesh. He has employee Role assigned. He could see only employee task flow

Home Page URL: http://localhost:7001/ADF_SECURITY_EXAMPLE-ViewController-context-root/faces/Home.jsf

020517_2114_Howtoenable23 How to enable ADF security and deploy in Standalone WebLogic server

3. Logout and Go to Home page and log-in as vasanth, He has Manager role assigned. He could see only Manager task flow

020517_2114_Howtoenable24 How to enable ADF security and deploy in Standalone WebLogic server

 

Download the Project: ADF Security Example

govindan How to enable ADF security and deploy in Standalone WebLogic server
Connect me

Govind

Thank you for visiting my personal blog. Myself Govindan, Software Developer by profession since 2006 and hence I started this blog early in 2016 and ever since I've been writing about technologies experienced and learnings of everyday life.

The views expressed on this blog are my personal views and do not necessarily reflect the views of my employer.

Please feeling free to reach me on any comments and feedbacks you have. Would be more than glad to listen and reply 🙂
govindan How to enable ADF security and deploy in Standalone WebLogic server
Connect me
By | 2017-02-05T20:03:45+00:00 February 5th, 2017|Categories: ADF|Tags: , , , |0 Comments
Like us on Facebook.
Connect!