This discussion is archived
2 Replies Latest reply: Aug 18, 2013 11:23 PM by Frank Nimphius RSS

recommended way to secure page

7c3cab86-4efd-4c56-8412-068c886b404a Newbie
Currently Being Moderated

Hi Experts,

 

Can u tell me what is the recommended way to secure a page??

 

1. secure page def

   or

2. I have to add page in bounded taskflow and secure TF.

 

Thanks

  • 1. Re: recommended way to secure page
    Dimitar Dimitrov Expert
    Currently Being Moderated

    If you have to restrict access to a whole page which is not part of a BTF, it will be enough to secure the page's PageDef. It is not necessary to wrap the page in a BTF.

    If the page is part of a BTF, you cannot secure it alone but you can secure the whole BTF only. Permissions on a BTF are propagated to all the TF activities within the BTF (including the view activities - pages and fragments).

     

    If you need to apply security policies only on particular components within a page, then you can use EL expressions like #{securityContext.userInRole['MyRole']} in order to exclude the necessary components from the view tree (e.g. using components' "rendered" attribute), to hide or disable them (e.g. using their "visible" and "disabled" attributes), to make them read-only (e.g. using their "readonly" attribute), etc. Have a look here for other useful EL expressions:

    http://docs.oracle.com/cd/E23943_01/web.1111/b31974/adding_security.htm#BGBIFHDF

     

    For example, you can use this approach to secure menu items and command components (e.g. buttons and links) in other pages that navigate to a secured page or BTF. You should disable or hide these components conditionally if the user has no rights to access the corresponding secured page or BTF. If you do not disable/hide these components, an user could use them, the framework would try to navigate to the page and an exception would be thrown because the user had no rights to access the page.

     

    Dimitar

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points