This discussion is archived
12 Replies Latest reply: May 21, 2012 3:27 AM by djazia RSS

Find role and redirect to another page

854927 Newbie
Currently Being Moderated
Hi All,

I'm working on adf security issue.I want to find out the application role in the adf security configuration.If the application role is anonymous role then i want to redirect it to another page.I'm very new to adf.Please give me the suggestions?

Thanks!

Edited by: 851924 on Apr 2, 2012 5:05 AM
  • 1. Re: Find role and redirect to another page
    854927 Newbie
    Currently Being Moderated
    Anybody please suggest me.Thanks!
  • 2. Re: Find role and redirect to another page
    915091 Newbie
    Currently Being Moderated
    I would use a router activity in my taskflow. There you can check vie the EL expression #{securityContext.userInRole['MYROLE']} if the user is in the specific role. With the outcome of this expression you can route to different activities (pages).
  • 3. Re: Find role and redirect to another page
    djazia Explorer
    Currently Being Moderated
    Hello,

    I'm using Jdev 11.1.1.4.

    I have the same needs and I did what Alex said but I have a problem.

    I created a router after login page checking the user's role. Into a session Bean I have this method called by the router:
      public boolean isAdminRole() {
        ADFContext adfCtx = ADFContext.getCurrent();
        SecurityContext secCtx = adfCtx.getSecurityContext();
        LOGGER.info("ADMIN?: " + secCtx.isUserInRole("ADMIN"));
        return secCtx.isUserInRole("ADMIN");
      }
    But this method always returns false just after my login page.
    I am using ADF authentication and authorization and my login page has anonymous rights.

    I added those logs into my method:
       for (String role : secCtx.getUserRoles()) {
          LOGGER.info("\trole: " + role);
        }
     
    and here the result on the first call after login:
          role: anonymous-role
    ADMIN?: false
     
    If I remove the router, access my authorized page and call again the method from my view Bean I got the correct roles:
          role: authenticated-role
          role: ADMIN
          role: anonymous-role
    ADMIN?: true
     
    Here is my code of the doLogin method of my login page:
      public String doLogin() {
        String un = login;
        byte[] pw = password.getBytes();
        FacesContext ctx = FacesContext.getCurrentInstance();
        HttpServletRequest request =
          (HttpServletRequest)ctx.getExternalContext().getRequest();
        try {
          Subject subject = Authentication.login(new URLCallbackHandler(un, pw));
          ServletAuthentication.runAs(subject, request);
          ServletAuthentication.generateNewSessionID(request); 
         } catch (FailedLoginException fle) {
                FacesMessage msg =
                 new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
                                  "An incorrect Username or Password was specified");
                ctx.addMessage(null, msg);
          return null;
        } catch (LoginException le) {
          reportUnexpectedLoginError("LoginException", le);
          return null;
        }
        return "goCheckRole";
      }
     
    Anyone has an idea of why the role is not set into the security context just after login so I can use it into the Router??

    Thx

    Jack
  • 4. Re: Find role and redirect to another page
    ramandeep singh - oracle Journeyer
    Currently Being Moderated
    Are you trying to redirect to different pages depending upon user role just after login ?

    If you want to access just after login. I'd suggest to actually connect to a identitystore and then use getGrantedRoles and then do a redirect. You can refer to the ADF security guide that shows the example on how to connect to identity store.

    Refer to getAllUserRoles method.

    http://ramannanda.blogspot.in/2011/09/opss-adf-security-utility.html

    Then iterate over them to see whether the user is in desired role and then change the login success url depending upon your requirement.
    /adfAuthentication?success_url=/faces+<your url>
  • 5. Re: Find role and redirect to another page
    djazia Explorer
    Currently Being Moderated
    Hello

    Thx for your answer but I am not using LDAP for my users, I'm using a Database with SQLAuthenticator from Weblogic Server.
    And I would like to do My role check with application role rather than Entreprise role.

    Jack
  • 6. Re: Find role and redirect to another page
    djazia Explorer
    Currently Being Moderated
    HEllo,

    I finally found a solution:
    I created the page definition of the router into my unbounded task flow and granted authorization to it. Then the SecurityContext seems to be updated before the router check and I can filter the role with it.

    Jack
  • 7. Re: Find role and redirect to another page
    Jan Vervecken Journeyer
    Currently Being Moderated
    fyi
    djazia wrote:
    ... I'm using a Database with SQLAuthenticator from Weblogic Server.r ...
    Be wary when using ADF Security (OPSS) with a SQLAuthenticator.

    This is feedback I got in SR 3-4124753004 :

    "If the you want to use DB as the identity store, then the supported way is to buy OVD server license and configure DB adapter in OVD and then configure an OVD authenticator in Weblogic. SQLAuthenticator will not be used as identity store. And, we do not recommend to use LibOVD for DB identity store. OVD server is the recommended and supported way."

    related bugs are :
    - bug 13876651, "FMW CONTROL SHOULD NOT ALLOW MANAGING USERS GROUPS FROM SQL AUTHENTICATOR"
    - enhancement request 12864498, "OPSS : ADDMEMBERSTOAPPLICATIONROLE : THE SEARCH FOR ROLE FAILED"

    related forum threads are :
    - "ADF Security : identity store : tables in a SQL database"
    - "OPSS : addMembersToApplicationRole : The search for role failed"

    regards
    Jan Vervecken
  • 8. Re: Find role and redirect to another page
    Frank Nimphius Employee ACE
    Currently Being Moderated
    Hi,

    the real problem described in this post seemed to be why a router in the bounded task flow does not work as the router in the unbounded task flow, which seems to respond much better to the redirect. I am sue there is a reason for this which however I can't tell from the information we have. First I would change the isAdmin method from being in a session scoped bean to be in the task flow's pageFlowScope the router accesses. I then would ensure the region (if this is in a region)refreshes when the page refreshes

    Frank
  • 9. Re: Find role and redirect to another page
    Sanjeeb M Newbie
    Currently Being Moderated
    Hi Djazia,

    I also have a similar requirement to redirect to different pages based on user roles.
    Can you please explain the steps u did to resolve that.

    Thanks
    Sanjeeb
  • 10. Re: Find role and redirect to another page
    djazia Explorer
    Currently Being Moderated
    Hello,

    in your adfc-config.xml file, I right-clicked on the router and selected "Create Page Definition".
    Then into jazn-data.xml file, into the Resource Grants, I granted the router pageDef to my application roles.
    Somehow, this works fine for me

    Jack
  • 11. Re: Find role and redirect to another page
    Sanjeeb M Newbie
    Currently Being Moderated
    Hi djazia,

    My use case is as in the below link. Please do post some feasible approach if it quite matches with your requirement .

    This is really very urgent for me.

    Re: Redirecting to pages after successful authntication : ADF security

    Thanks
    Sanjeeb
  • 12. Re: Find role and redirect to another page
    djazia Explorer
    Currently Being Moderated
    Hello,

    I cannot give you more info since all I did is into this thread.
    My case is only one login page and the router checks the role AFTER the login page.

    Jack

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points