6 Replies Latest reply: May 28, 2010 1:37 AM by 764556 RSS

    Urgent - Custom authentication and authorization for ADF application

    764556
      Hi Friends,

      Custom implementation for authentication and authorization for ADF application

      In my project we have to use OID for authentication and for authorization we may need to support both OAM and DB tables ( based on the client preferences while installation ).

      I am new to this and do not have any idea on the same.

      Please guide me how to configure the both in JDeveloper 11g +ADF

      Thanks in advance.
        • 1. Re: Urgent - Custom authentication and authorization for ADF application
          768470
          For Authentication you can configure LDAP Authentication Weblogic Administrative Conole->Security->myRealm->Providers.
          Add new LDAP provider and configure it for OID, and mark the Control Flag as "Sufficient"

          For OAM and DB based Authorization, i dont know the easiest way, but i created a Servlet Context Listener, added it to webapp,
          and on Application Initialization, i am using OPSS API to load the Permissions to JPSPolicyContext.
          • 2. Re: Urgent - Custom authentication and authorization for ADF application
            Alexandar
            Here is something that could help you:
            http://www.oracle.com/technology/products/jdev/11/cuecards111/adf_set_29/ccset29_ALL.html
            • 3. Re: Urgent - Custom authentication and authorization for ADF application
              764556
              Hi,

              Thanks for the reply.

              But my requirements is little different (see below) -

              Application developed using Jdeveloper + ADF
              Authentication - LDAP (OID) - users are stored in LDAP
              Authorization - either in OAM or Database (authorization details are stored in DB tables or OAM)

              At runtime Admin users can -
              create users
              Create roles and assign authorization privileges to the role (for pages and task flows)
              assign (or remove) roles to/from Users.

              Display the pages and task flows based on roles assigned to User.

              want to implement this just using ADF technologies (extending current modules, if required).*

              Please let me if you have implemented the same.

              Thanks.
              • 5. Re: Urgent - Custom authentication and authorization for ADF application
                Frank Nimphius-Oracle
                The answers you got so far all point into the right direction. ADF Security does defer authentication to WLS, same for authorization in respect to enterprise user roles being defined on the WLS server. Upon deployment, ADF Security defined application roles are mapped to enterprise user groups

                Application developed using Jdeveloper ADF+

                This would use WLS for authentication

                Authentication - LDAP (OID) - users are stored in LDAP

                Use OID authentication provider in WLS

                Authorization - either in OAM or Database (authorization details are stored in DB tables or OAM)

                You can't authorize users without authenticating them. So you need to create additional authentication providers if they exist for OAM and RDBMS (there is an existing RDBMA provider you can use to identify users and assign user group memberships). Then you set the flag to optional so that when authentication fails for the additional providers you can still start the application up.

                At runtime Admin users can - create users Create roles and assign authorization privileges to the role (for pages and task flows)
                assign (or remove) roles to/from Users.

                ADF Security uses JAAS permissions that you can change using Enterprise Manager at runtime. Permissions are granted to application roles and application roles are granted to enterprise roles which then users are made members of. If you want to change the user account status, then you don't do this from ADF or EM but use a direct access to the user provider (e.g. OID access, RDBMS access etc.) There is no unified administration API available that would allow you to do this via WLS (which uses OPSS).

                Though your question is in the context of ADF, the documentation you should follow up with is OPSS and WLS authentication providers.

                Frank
                • 6. Re: Urgent - Custom authentication and authorization for ADF application
                  764556
                  Thanks a lot for the replies, specially to Frank.

                  Got the answers, now need to dig deep into the same.

                  Feel Elated from the replies.

                  Thanks a lot Frank.