12 Replies Latest reply: May 21, 2012 5:27 AM by djazia RSS

    Find role and redirect to another page

    854927
      Hi All,

      I'm working on adf security issue.I want to find out the application role in the adf security configuration.If the application role is anonymous role then i want to redirect it to another page.I'm very new to adf.Please give me the suggestions?

      Thanks!

      Edited by: 851924 on Apr 2, 2012 5:05 AM
        • 1. Re: Find role and redirect to another page
          854927
          Anybody please suggest me.Thanks!
          • 2. Re: Find role and redirect to another page
            915091
            I would use a router activity in my taskflow. There you can check vie the EL expression #{securityContext.userInRole['MYROLE']} if the user is in the specific role. With the outcome of this expression you can route to different activities (pages).
            • 3. Re: Find role and redirect to another page
              djazia
              Hello,

              I'm using Jdev 11.1.1.4.

              I have the same needs and I did what Alex said but I have a problem.

              I created a router after login page checking the user's role. Into a session Bean I have this method called by the router:
                public boolean isAdminRole() {
                  ADFContext adfCtx = ADFContext.getCurrent();
                  SecurityContext secCtx = adfCtx.getSecurityContext();
                  LOGGER.info("ADMIN?: " + secCtx.isUserInRole("ADMIN"));
                  return secCtx.isUserInRole("ADMIN");
                }
              But this method always returns false just after my login page.
              I am using ADF authentication and authorization and my login page has anonymous rights.

              I added those logs into my method:
                 for (String role : secCtx.getUserRoles()) {
                    LOGGER.info("\trole: " + role);
                  }
               
              and here the result on the first call after login:
                    role: anonymous-role
              ADMIN?: false
               
              If I remove the router, access my authorized page and call again the method from my view Bean I got the correct roles:
                    role: authenticated-role
                    role: ADMIN
                    role: anonymous-role
              ADMIN?: true
               
              Here is my code of the doLogin method of my login page:
                public String doLogin() {
                  String un = login;
                  byte[] pw = password.getBytes();
                  FacesContext ctx = FacesContext.getCurrentInstance();
                  HttpServletRequest request =
                    (HttpServletRequest)ctx.getExternalContext().getRequest();
                  try {
                    Subject subject = Authentication.login(new URLCallbackHandler(un, pw));
                    ServletAuthentication.runAs(subject, request);
                    ServletAuthentication.generateNewSessionID(request); 
                   } catch (FailedLoginException fle) {
                          FacesMessage msg =
                           new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
                                            "An incorrect Username or Password was specified");
                          ctx.addMessage(null, msg);
                    return null;
                  } catch (LoginException le) {
                    reportUnexpectedLoginError("LoginException", le);
                    return null;
                  }
                  return "goCheckRole";
                }
               
              Anyone has an idea of why the role is not set into the security context just after login so I can use it into the Router??

              Thx

              Jack
              • 4. Re: Find role and redirect to another page
                ramandeep singh - oracle
                Are you trying to redirect to different pages depending upon user role just after login ?

                If you want to access just after login. I'd suggest to actually connect to a identitystore and then use getGrantedRoles and then do a redirect. You can refer to the ADF security guide that shows the example on how to connect to identity store.

                Refer to getAllUserRoles method.

                http://ramannanda.blogspot.in/2011/09/opss-adf-security-utility.html

                Then iterate over them to see whether the user is in desired role and then change the login success url depending upon your requirement.
                /adfAuthentication?success_url=/faces+<your url>
                • 5. Re: Find role and redirect to another page
                  djazia
                  Hello

                  Thx for your answer but I am not using LDAP for my users, I'm using a Database with SQLAuthenticator from Weblogic Server.
                  And I would like to do My role check with application role rather than Entreprise role.

                  Jack
                  • 6. Re: Find role and redirect to another page
                    djazia
                    HEllo,

                    I finally found a solution:
                    I created the page definition of the router into my unbounded task flow and granted authorization to it. Then the SecurityContext seems to be updated before the router check and I can filter the role with it.

                    Jack
                    • 7. Re: Find role and redirect to another page
                      Jan Vervecken
                      fyi
                      djazia wrote:
                      ... I'm using a Database with SQLAuthenticator from Weblogic Server.r ...
                      Be wary when using ADF Security (OPSS) with a SQLAuthenticator.

                      This is feedback I got in SR 3-4124753004 :

                      "If the you want to use DB as the identity store, then the supported way is to buy OVD server license and configure DB adapter in OVD and then configure an OVD authenticator in Weblogic. SQLAuthenticator will not be used as identity store. And, we do not recommend to use LibOVD for DB identity store. OVD server is the recommended and supported way."

                      related bugs are :
                      - bug 13876651, "FMW CONTROL SHOULD NOT ALLOW MANAGING USERS GROUPS FROM SQL AUTHENTICATOR"
                      - enhancement request 12864498, "OPSS : ADDMEMBERSTOAPPLICATIONROLE : THE SEARCH FOR ROLE FAILED"

                      related forum threads are :
                      - "ADF Security : identity store : tables in a SQL database"
                      - "OPSS : addMembersToApplicationRole : The search for role failed"

                      regards
                      Jan Vervecken
                      • 8. Re: Find role and redirect to another page
                        Frank Nimphius-Oracle
                        Hi,

                        the real problem described in this post seemed to be why a router in the bounded task flow does not work as the router in the unbounded task flow, which seems to respond much better to the redirect. I am sue there is a reason for this which however I can't tell from the information we have. First I would change the isAdmin method from being in a session scoped bean to be in the task flow's pageFlowScope the router accesses. I then would ensure the region (if this is in a region)refreshes when the page refreshes

                        Frank
                        • 9. Re: Find role and redirect to another page
                          Sanjeeb M
                          Hi Djazia,

                          I also have a similar requirement to redirect to different pages based on user roles.
                          Can you please explain the steps u did to resolve that.

                          Thanks
                          Sanjeeb
                          • 10. Re: Find role and redirect to another page
                            djazia
                            Hello,

                            in your adfc-config.xml file, I right-clicked on the router and selected "Create Page Definition".
                            Then into jazn-data.xml file, into the Resource Grants, I granted the router pageDef to my application roles.
                            Somehow, this works fine for me

                            Jack
                            • 11. Re: Find role and redirect to another page
                              Sanjeeb M
                              Hi djazia,

                              My use case is as in the below link. Please do post some feasible approach if it quite matches with your requirement .

                              This is really very urgent for me.

                              Re: Redirecting to pages after successful authntication : ADF security

                              Thanks
                              Sanjeeb
                              • 12. Re: Find role and redirect to another page
                                djazia
                                Hello,

                                I cannot give you more info since all I did is into this thread.
                                My case is only one login page and the router checks the role AFTER the login page.

                                Jack