Discussions
Categories
- 381.9K All Categories
- 2.1K Data
- 207 Big Data Appliance
- 1.9K Data Science
- 447.4K Databases
- 220.8K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 23 Multilingual Engine
- 516 MySQL Community Space
- 463 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 469 SQLcl
- 3.9K SQL Developer Data Modeler
- 185.9K SQL & PL/SQL
- 20.9K SQL Developer
- 292.6K Development
- 7 Developer Projects
- 124 Programming Languages
- 289.4K Development Tools
- 95 DevOps
- 3K QA/Testing
- 645.5K Java
- 23 Java Learning Subscription
- 36.9K Database Connectivity
- 150 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.8K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 16 Java Essentials
- 143 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 197 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 243 LiveLabs
- 35 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 166 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 225 Portuguese
Securing REST resources
I have one question about securing REST Resources. Let's say that idea is to grant access on 2 resources (view objects) to 2 users. One user is supposed to see first resource, and second user is supposed to see second resource.
And here's the problem. When I add two users, either of them can see both resources. I tried with different roles but cannot separate resources to users.
According to oracle document about creating ADF RESTful web services (https://docs.oracle.com/middleware/1221/adf/develop/GUID-8F85F6FA-1A13-4111-BBDB-1195445CB630.htm#ADFFD54061), this is straight forward procedure.
Thank you in advance.
Answers
-
Timo Hahn Senior Principal Technical Consultant - Oracle ACE Director Member, Moderator Posts: 37,545 Red DiamondUser, tell us your exact JDev version, please!
Yes, from the document it looks easy. Problem is, that we can't see your application and configuration.
Can you provide a reproducible test case (build on the HR DB schema)?
Timo
-
Shay Shmeltzer-Oracle Director of Product Management for Oracle's Cloud Development Tools Posts: 16,852 EmployeeDid you define policies on the data objects that you exposed as REST endpoints?
-
Are two separate resource grants created for the two different user->resource?
-
I have two view objects based od custom query without entities. Reading provided document, I saw that there is option to grant select on entitiy object, but there's not similar option in view object.
-
I'm not sure what you asking me :D