I am running JDeveloper 18.104.22.168
ADF Security is enabled for the application.
Security model is ADF Authentication and Authorization.
I have created roles for employee, manager and admin.
The roles are used to hide/display menu items and to allow/disallow access to task flows.
I have dozens of task flows and this approach has worked well for some time.
I added a new task flow that is accessible only to the admin role. The menu item is rendered only if the user is in the admin role. View access to the task flow is only granted to the admin role.
As with new task flows in the past, I created and deployed an .ear file on my stand alone WLS. I then tested the functionality. This works as expected.
I then gave the .ear file to our system admin to deploy on the sun server WLS. The deployment went fine but when I log in as an admin user and try to access the new menu item and task flow, the menu item is rendered but it says that the user is not authorized for the task flow.
ADFC-0619: Authorization check failed: '/WEBINF/PlnDollarsSpentLineGraphTF.xml#PlnDollarsSpentLineGraphTF' 'VIEW'.
Since the menu item is rendered I know that the user is assigned to the admin group. Access to all other menu items and task flows in the application is correct. Only having a problem with the new task flow.
It would appear that the problem is with the .ear file rather than WLS. However, it works fine on my stand alone WLS and I looked at the jazn-data.xml file in the .ear file. It looks normal. The entry for the task flow looks like all the other task flow entries.
Thanks for your help, Steve
appears that the permission grant that is in the jazn-data.xml file did not get copied to the server machine upon deployment. Check system-jazn-data.xml for the permission (you can use Enterprise manager even to add this grant to the server machine). Best usually is to always work with application roles and map these to enterprise roles as this makes the application independent from the environment.
I examimed the system-jazn-date.xml file and found that the entry for the new task flow did not make it from the jazn-data.xml file into the system-jazn-data.xml file. I had the server system administrator do the deploy a second time. This time the system-jazn-date.xml file was updated properly and the new functionality is working.
If anyone has an idea why system-jazn-date.xmp did not get updated in the first deployment I would be very interested.