0 Replies Latest reply on Apr 28, 2013 7:32 AM by 1005881

    Custom Role Mapping provider and ADF security


      I am trying a PoC where mapping of users and application role is not fixed but to be derived at run time e.g. based on combination of user's data and entitlements.

      In my PoC, I created sample ADF page protected by a application role called ServiceAssociate in jazn-data.xml and I also added this role and the required mapping mapping in web.xml.



      I added a Custom Role Mapping Provider which maps an authenticated user to this test role and that's working fine

      SOP of Custom Role Mapping Provider
      subject = Subject:
      Principal: serviceuser
      Private Credential: serviceuser

      resource = type=<url>, application=TablePaginationApp, contextPath=/TablePaginationApp-ViewController-context-root, uri=/adfAuthentication, httpMethod=GET
      roles = {Anonymous=Anonymous, ServiceAssociate=ServiceAssociate, valid-users=valid-users}

      but ADF Security classes throw error even when the application role seem to present in response from Weblogic Security framework layer -->

      oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'com.redsamurai.view.pageDefs.mainPageDef' 'VIEW'.
      at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:182)
      at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:162)
      at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:116)

      I have spent more than a day on this but didn't find hint.. any help on how to resolve this issue or how to debug the response in ADF security layer/classes will help me.

      Thanks in advance.