but ADF Security classes throw error even when the application role seem to present in response from Weblogic Security framework layer -->
oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'com.redsamurai.view.pageDefs.mainPageDef' 'VIEW'.
I have spent more than a day on this but didn't find hint.. any help on how to resolve this issue or how to debug the response in ADF security layer/classes will help me.
ADF has nothing to do with what you are trying and only relies on OPSS. The role mapping is a functionality by WLS and dynamically changing the roles in WLS requires OPSS to pick this change up for ADF to be able to check premissions against it (note that ADF should only check permissions and not roles to ensure you implement a level of abstraction between the application and he security provider). So what you need to do is
1. verify that the dynamic roles are recognized by WLS at runtime
2. Verify that OPSS acknowledges your dynamic roles
If 1 and 2 works then it would be okay to look into why ADF doesn't authorize users, which may have to do with when policies are read and how they are cached.
Ps.: Your use case is better handed by Oracle entitlement server (but I think this is the hint you got on the Oracle mailing list already)
Thanks for clarification but can you be more specific on how to check If OPSS acknoledges the Application role I added at WLS layer. WLS Service provider uses Security Service Provider interfaces (SSPI) which I followed to code my custom Role Mapping provider. Only relevent method in my custom role mapper is getRoles() which returns a map with role code as key and custom SecurityRole impl as value. Whereas OPSS uses different APIs all together(oracle.security.jsp.*). The only common thing connecting them is Application Role code (String). My question is -
Is there any filter/listner I can hook in OPSS to check If OPSS layer receives the application roles added by custom Application Role code ?