2 Replies Latest reply: Aug 19, 2013 1:23 AM by Frank Nimphius-Oracle RSS

    recommended way to secure page


      Hi Experts,


      Can u tell me what is the recommended way to secure a page??


      1. secure page def


      2. I have to add page in bounded taskflow and secure TF.



        • 1. Re: recommended way to secure page
          Dimitar Dimitrov

          If you have to restrict access to a whole page which is not part of a BTF, it will be enough to secure the page's PageDef. It is not necessary to wrap the page in a BTF.

          If the page is part of a BTF, you cannot secure it alone but you can secure the whole BTF only. Permissions on a BTF are propagated to all the TF activities within the BTF (including the view activities - pages and fragments).


          If you need to apply security policies only on particular components within a page, then you can use EL expressions like #{securityContext.userInRole['MyRole']} in order to exclude the necessary components from the view tree (e.g. using components' "rendered" attribute), to hide or disable them (e.g. using their "visible" and "disabled" attributes), to make them read-only (e.g. using their "readonly" attribute), etc. Have a look here for other useful EL expressions:



          For example, you can use this approach to secure menu items and command components (e.g. buttons and links) in other pages that navigate to a secured page or BTF. You should disable or hide these components conditionally if the user has no rights to access the corresponding secured page or BTF. If you do not disable/hide these components, an user could use them, the framework would try to navigate to the page and an exception would be thrown because the user had no rights to access the page.