4 Replies Latest reply: Oct 9, 2012 8:07 AM by ILya Cyclone RSS

    Could someone explain me about ADF Security in UI Shell?

    ILya Cyclone
      Hello.
      I have my application main page implemented with a dynamic region and it's working fine.
      The application is secured using ADF Security and it is fine too.
      All the bounded taskflows are imported as ADF Libs. They have their permissions in jazn-data.xml. All the permissions work fine when the page is implemented with a dynamic region.

      Now I'm trying to rebuild it using UI Shell.
      All the permissions are the same, but now all my taskflows are not available.

      I've checked that it's a security issui by disabling security. Everything began to work fine.
      What changes should I do to permissions to make them work in UI Shell page?

      I've read this article http://one-size-doesnt-fit-all.blogspot.com/2009/12/adf-ui-shell-adf-security.html but didn't get the clue. It seems to me that everything's configured correctly.

      Thanks.
      JDev 11.1.2.2
        • 1. Re: Could someone explain me about ADF Security in UI Shell?
          Frank Nimphius-Oracle
          Hi,

          there is nothing special about the dynamic tab shell. Its launching task flows in dynamic regions. So if you have the permissions defined in the application that has the dynamic region then all should work well.

          Things to try:
          -----------------

          1 - In your the launcher bean (the one launching a task flow in a tab) check task flow authorization programmatically. Does it indicate a missing permission?

          The simplest is to resolve the following EL in Java : #{securityContext.taskflowViewable['target']} . Where "target" is WEB-INF/<full task flow name incl. subfolder, document, ID>

          2 - Double check the permissions are in jazn-data.xml of the dynamic tab shell workspace

          3 - Use EL to verify the user groups and application roles are granted to a user


          Frank
          • 2. Re: Could someone explain me about ADF Security in UI Shell?
            ILya Cyclone
            Hello Frank,
            I've added some test code to the lauching method and it shows no error:
            // name = User Info ;fullFlowId = /WEB-INF/info-tfd.xml#info-tfd
            System.out.println("userInRole = "+
                        JSFUtils.resolveExpression("#{securityContext.userInRole['personal_office-app']}")
                        ); // -> true
            
            System.out.println("taskflowViewable = "+JSFUtils.resolveExpression("#{securityContext.taskflowViewable['"+fullFlowId+"']}")); // -> true
            But still addOrSelectTab opens a new tab with "User Info" as a title but nothing is viewable in it.

            And here's jazn-data.xml part:
            <jazn-policy>
                      <grant>
                        <grantee>
                          <principals>
                            <principal>
                              <name>personal_office-app</name>
                              <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                            </principal>
                          </principals>
                        </grantee>
                        <permissions>
                          <permission>
                            <class>oracle.adf.controller.security.TaskFlowPermission</class>
                            <name>/WEB-INF/info-tfd.xml#info-tfd</name>
                            <actions>view</actions>
                          </permission>
                          ...
            Also, my previous main page wuth a dynamic region in the same application is still working fine.
            • 3. Re: Could someone explain me about ADF Security in UI Shell?
              ILya Cyclone
              Any ideas why new tabs with correct names appear, but nothing viewable in it?
              If I disable security, everything works fine.
              With security enabled another page doing the same (calling taskflows in a dynamic region) without UIShell works fine.

              I've added one of the taskflow to "welcome" facet and it is displaying on page start. But I can't open the same taskflow with UIShell - getting an empty tab.
              • 4. Re: Could someone explain me about ADF Security in UI Shell?
                ILya Cyclone
                Found out the reason.
                There is dynamicTabShellDefinition in imported Web Pages resource which permission had to be granted.