Archive for the ‘Security’ Category

Warning of Uncommitted/Unsaved Changes in ADF Faces Pages

Posted: August 11, 2014 in ADF Programmatically, Security, Step-By-Step
Tags: , ,
0

Shay Shmeltzer's Oracle JDeveloper and ADF Blog

Ever wondered how to notify users of your ADF Faces application that they have uncommitted changes on their ADF page before they go off and check their facebook page (or just close the browser’s tab)?

Well there is a little nifty feature in ADF Faces that makes this trivial – the uncommittedDataWarning property of your af:document tag.

I don’t remember at which specific version of JDeveloper this feature was added, but a quick google for “unsaved changes in ADF” brought up some older solutions and I figured I’ll raise the awareness of this relatively newer feature with a little video.

By the way there is a longer explanation of this un-saved changes feature in relation to bounded taskflows here.

Another thing I show in the video is something that often causes newbies to stumble – and that’s the reason why commit/rollback are not enabled on your page. This is…

View original post 86 more words

Oracle ADF Essentials Security

Posted: May 7, 2014 in ADF Programmatically, Security
Tags: , , , , , , ,
12

As you might know Oracle ADF security is not included in ADF Essentials. For more information please refer to: http://www.oracle.com/technetwork/developer-tools/adf/overview/adfessentialsfaq-1837249.pdf

There are several solutions to secure your application for free. You may implement security totally by yourself in java code, you may use other security frameworks like Apache Shiro or use the Glassfish JAAS – based authentication. In this post I will explain the last option:

For more information about Glassfish JAAS based authentication check: http://docs.oracle.com/cd/E19879-01/821-0027/gepfq/index.html

– In your database create a table (or view) that will contain the application users and roles.

– In your Glassfish go to Configurations > server-config > Realms and press New to create a new Realm

realm1

 

– Select Class Name from the drop down:
com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm

– Fill the values as needed for your application

realm2

* You may insert the Digest Algorithm and Password Encryption Algorithm if the password of the users is stored encrypted. JAAS will make the encryption/decryption by itself without hard-coding anything.

– Back into your Fusion Web Application. Create two pages: login.jsf and error.jsf. In error.jsf just inform the user about the wrong credentials inserted. The code in login.jsf should be something like this:

 

– Open your application web.xml file and insert the login configuration. The REALM name is the one you created in glassfish.

loginConfig

 

You have to create a security-constraint in your web.xml to define the web resources that should be accessed from a certain role. You may have many security-constraints within your web.xml.

loginConfig2

 

– Create a glassfish-web.xml file in your WEB-INF folder and define your application user roles there. This is a necessary step when deploying in glassfish.

glassfishXML

 

 

The configuration is now complete. Once you run your application in Glassfish, the login.jsf page will open automatically and access to the requested resource (page) will be allowed only if credentials are valid. If authentication fails you will be redirected at error.jsf.

– The username of the user that accesses the application through the JAAS authentication can be taken from FacesContext as below:


Principal principal = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal();
String username = principal.getName();