Security in ADF - http://docs.oracle.com/cd/E16162_01/web.1112/e16182/adding_security.htm
Security along with Role management - http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html
Edited by: Sudipto Desmukh on May 15, 2012 2:37 PM
When you deploy a production application the Users and Roles are going to be stores in an LDAP repository and the Java EE server is going to read those from there.
With ADF Security we basically hand off authentication to the WebLogic security system - it goes off and reads from whatever repository WebLogic is set up to use as the storage for the user/roles.
Watch the ADF Insider about ADF Security to learn more.