Here are the instance details:
Jdev cloud build:JDEVADF_18.104.22.168.0CLOUD_GENERIC_121118.1600.6229
Java cloud service version:13.1
I have created a simple ADF Application & enabled security by editing web.xml:
Then I have tried to deploy this Application to Java cloud services.Deployment works fine.
I have 2 users created in Identity console- x & y.In my case x user has manager role enabled & y doesn't have manager role enabled.
Now when I try to access the above deployed ADF Application with 'y' user,the page is accessible.
My question here is that since 'y' user does not have the privilege he should not be able to access this page,could you please let me know if am missing something?
You may refer to the documentation available in the link: Developing Applications for Oracle Java Cloud Service - Release 13.1
Please refer to the section: Securing Java EE Applications- Roles and Constraints
Hope this helps