Posts Tagged ‘authentication’

Oracle ADF Essentials Security

Posted: May 7, 2014 in ADF Programmatically, Security
Tags: , , , , , , ,
12

As you might know Oracle ADF security is not included in ADF Essentials. For more information please refer to: http://www.oracle.com/technetwork/developer-tools/adf/overview/adfessentialsfaq-1837249.pdf

There are several solutions to secure your application for free. You may implement security totally by yourself in java code, you may use other security frameworks like Apache Shiro or use the Glassfish JAAS – based authentication. In this post I will explain the last option:

For more information about Glassfish JAAS based authentication check: http://docs.oracle.com/cd/E19879-01/821-0027/gepfq/index.html

– In your database create a table (or view) that will contain the application users and roles.

– In your Glassfish go to Configurations > server-config > Realms and press New to create a new Realm

realm1

 

– Select Class Name from the drop down:
com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm

– Fill the values as needed for your application

realm2

* You may insert the Digest Algorithm and Password Encryption Algorithm if the password of the users is stored encrypted. JAAS will make the encryption/decryption by itself without hard-coding anything.

– Back into your Fusion Web Application. Create two pages: login.jsf and error.jsf. In error.jsf just inform the user about the wrong credentials inserted. The code in login.jsf should be something like this:

 

– Open your application web.xml file and insert the login configuration. The REALM name is the one you created in glassfish.

loginConfig

 

You have to create a security-constraint in your web.xml to define the web resources that should be accessed from a certain role. You may have many security-constraints within your web.xml.

loginConfig2

 

– Create a glassfish-web.xml file in your WEB-INF folder and define your application user roles there. This is a necessary step when deploying in glassfish.

glassfishXML

 

 

The configuration is now complete. Once you run your application in Glassfish, the login.jsf page will open automatically and access to the requested resource (page) will be allowed only if credentials are valid. If authentication fails you will be redirected at error.jsf.

– The username of the user that accesses the application through the JAAS authentication can be taken from FacesContext as below:


Principal principal = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal();
String username = principal.getName();