4 Replies Latest reply: Oct 17, 2013 7:19 AM by user8696578 RSS

    navigating user based on permission access

    user8696578

      HI ADF Experts,

       

      I am using Jdev version 11.1.1.7.0

       

      My current requirement is if a user has a particular permission i.e lets say(user with sap rights) logins with the below url

       

      Scenario 1: If a user(with sap rights) hits the below url

       

      http://server.domain/MyApps/faces/oracle/webcenter/portalapp/pages/FBRFunctions.jspx and logs in, the user will always be redirected to the FBRFunctions.jspx page


      or


      http://server.domain/MyApps/  and logs in, then the user will be navigated to Home.jspx page(yes with this we should navigate to home.jspx page).



      Scenario2: If a user(with no sap rights) hits the below url


      http://server.domain/MyApps/faces/oracle/webcenter/portalapp/pages/FBRFunctions.jspx and logs in, the user will always be redirected to the Home.jspx page


      or


      http://server.domain/MyApps/  and logs in, then the user will be navigated to Home.jspx page.



      Thanks in advance ...


      Regards,

      Animesh




        • 1. Re: navigating user based on permission access
          Frank Nimphius-Oracle

          Hi, you can use a PhaseListener for this (Listen for RESTORE_VIEW) or a servlet filter Frank

          • 2. Re: navigating user based on permission access
            Kartick

            On login button, you can use the following code:

             

                HttpServletResponse response = (HttpServletResponse)ctx.getExternalContext().getResponse();
                HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
                FacesContext ctx = FacesContext.getCurrentInstance();
                RequestDispatcher dispatcher = request.getRequestDispatcher("/adfAuthentication?success_url=/faces/home");

                dispatcher.forward(request, response);

                 ctx.responseComplete();

             

            Thanks,

            Kartick

            • 3. Re: navigating user based on permission access
              user8696578

              Hi Frank,

               

              Thanks for your response.

              I am using PhaseListener. And my question is now if user logins with the url below

              http://server.domain/MyApps/faces/oracle/webcenter/portalapp/pages/FBRFunctions.jspx

               

              Then in my PhaseListener I am unable to get the viewId as "/MyApps/faces/oracle/webcenter/portalapp/pages/FBRFunctions.jspx"

              Instead I am redirected to login.jspx page and the viewId is changed to "/MyApps/faces/oracle/webcenter/portalapp/pages/login.jspx"

               

              For more Info here goes my PhaseListener

               

              public class RenderResponsePhaseListener implements PhaseListener {
                  @SuppressWarnings("compatibility:-6515599299483799466")
                  private static final long serialVersionUID = 1L;
                  private Log log = LogFactory.getLog(RenderResponsePhaseListener.class);
                  private static final int SESSION_TIMEOUT = 30*60;

                  public RenderResponsePhaseListener() {
                      super();
                  }

                  public void afterPhase(PhaseEvent phaseEvent) {
                  }

                  public void beforePhase(PhaseEvent phaseEvent) {
                      FacesContext fctx = phaseEvent.getFacesContext();
                      changeSessionTimeoutIfNecessary(fctx);

                      final String username = JSFUtils.resolveRemoteUser();
                      final String viewId = fctx.getViewRoot().getViewId().;
                      if (log.isDebugEnabled()) {
                          log.debug("username: " +
                                    StringUtils.defaultIfEmpty(username, "null") +
                                    ", viewId: " + viewId);
                      }
                      if (StringUtils.isEmpty(username)) {
                          return;
                      }
                      if(SomeUtil.getFromSession("globalBean")==null){
                          SomeUtil.putInSession("globalBean", new GlobalBean());
                      }
                      IDMUser idmUser =
                          (IDMUser)JSFUtils.getManagedBeanValue(IDMConstants.IDM_USER_BEAN_NAME);
                      if (idmUser == null) {
                          JSFUtils.storeOnSession(LocaleBean.JSF_ACCESSOR_NAME,
                                                  new LocaleBean());

                          idmUser = IDMHelper.fetchIDMData(username, false);
                          JSFUtils.setManagedBeanValue(IDMConstants.IDM_USER_BEAN_NAME,
                                                       idmUser);
                          log.info("Stored idmUser to bean: " +
                                   IDMConstants.IDM_USER_BEAN_NAME + ", data: " + idmUser);
                          if (idmUser.isSomeUser()) {
                              log.info("User is a YYYY user so we will stay on the current page.");
                              setLocaleToViewAndInvalidateSiteStructureCache(fctx);
                              return;
                          } else if (!idmUser.isMoreThanOneSitePresent()) {
                              log.info("User has access to only one site.");
                              YYYYUtil.redirectTo(YYYYConstants.HOME_PAGE);
                              return;
                          }
                      } else if (idmUser.isMoreThanOneSitePresent() &&
                                 !idmUser.isSiteExplicitelySelected() &&
                                 !viewId.endsWith(YYYYConstants.SELECT_SITE_PAGE)) {
                          log.info("User cannot access page " + viewId +
                                   " until he selects a site.");
                          YYYYUtil.redirectTo(YYYYConstants.SELECT_SITE_PAGE);
                          return;
                      } else if (idmUser.isSomeUser() &&
                                 !idmUser.isSiteExplicitelySelected() &&
                                 !viewId.endsWith(YYYYConstants.SELECT_SITE_PAGE)) {
                          log.info("User is a YYYY user and cannot access page " +
                                   viewId + " until he selects a site.");
                          YYYYUtil.redirectTo(YYYYConstants.SELECT_SITE_PAGE);
                          return;
                      } else if (idmUser.isSomeUser() &&
                                 viewId.equals("/MyApps/faces/oracle/webcenter/portalapp/pages/FBRFunctions.jspx") && ) {
                          log.info("User is aYYYY user and cannot access page " +
                                   viewId + " until he selects a site.");
                          YYYYUtil.redirectTo(YYYYConstants.SUI_PAGE);
                          return;
                      }
                     
                      setLocaleToViewAndInvalidateSiteStructureCache(fctx);

                      notifyUserAboutFakeIdmDataIfNecessary(fctx, idmUser);
                  }

                  public PhaseId getPhaseId() {
                      return PhaseId.RENDER_RESPONSE;
                  }

                  private void notifyUserAboutFakeIdmDataIfNecessary(FacesContext fctx,
                                                                     IDMUser idmUser) {
                      if (idmUser != null && idmUser.isFake() &&
                          !idmUser.isYYYYUser() &&
                          JSFUtils.getManagedBeanValue(IDMConstants.IS_FAKE_IDM_USER_NOTIFIED_BEAN_NAME) ==
                          null) {
                          if (log.isDebugEnabled()) {
                              log.debug("Notifying user about technical problems in portal - IDM connection.");
                          }
                          String messageText =
                              SWDPortalBundleUtils.getMessage("fake.idm.data.used",
                                                              "There are technical problems in portal - IDM connection.");
                          FacesMessage fm = new FacesMessage(messageText);
                          fm.setSeverity(FacesMessage.SEVERITY_WARN);
                          fctx.addMessage(null, fm);

                          JSFUtils.setManagedBeanValue(IDMConstants.IS_FAKE_IDM_USER_NOTIFIED_BEAN_NAME,
                                                       Boolean.valueOf(true));
                      }
                  }

                  private void setLocaleToViewAndInvalidateSiteStructureCache(FacesContext fctx) {
                      LocaleBean localeBean = LocaleBean.getInstance();
                      Locale userLocale = localeBean.getUserLocale();
                      fctx.getViewRoot().setLocale(userLocale);

                      //if (log.isDebugEnabled()) {
                      //    log.debug("Locale: " + userLocale +
                      //              ". Invalidating the site structure cache.");
                      //}
                      try {
                          SiteStructureContext ctx = SiteStructureContext.getInstance();
                          SiteStructure model = ctx.getDefaultSiteStructure();
                          model.invalidateCache();
                      } catch (ResourceNotFoundException e) {
                          log.error("getDefaultSiteStructure() failed", e);
                      }
                  }

                  /**
                   * Changes session timeout for logged in user to 30 minutes.
                   * @param fctx
                   */
                  private void changeSessionTimeoutIfNecessary(FacesContext fctx) {
                      final ExternalContext ectx = fctx.getExternalContext();
                      final SecurityContext secCtx =
                          ADFContext.getCurrent().getSecurityContext();

                      if (secCtx.isAuthenticated()) {
                          final HttpServletRequest httpServletRequest =
                              (HttpServletRequest)ectx.getRequest();
                          httpServletRequest.getSession().setMaxInactiveInterval(SESSION_TIMEOUT);
                          //if (log.isDebugEnabled()) {
                          //    log.debug("Session timeout was set to " + SESSION_TIMEOUT);
                          //}
                      }
                  }
              }

               

              Thanks,

              Animesh

              • 4. Re: navigating user based on permission access
                user8696578

                Thanks Karthick for response. But I want to handle it before logging in aswell, so that the view Id entered by user persists.

                See reply to Frank for details.

                 

                Regards,

                Animesh