0 Replies Latest reply: Apr 28, 2013 2:32 AM by 1005881 RSS

    Custom Role Mapping provider and ADF security

    1005881
      Hi,

      I am trying a PoC where mapping of users and application role is not fixed but to be derived at run time e.g. based on combination of user's data and entitlements.

      In my PoC, I created sample ADF page protected by a application role called ServiceAssociate in jazn-data.xml and I also added this role and the required mapping mapping in web.xml.

      jazn-data.xml

      <jazn-policy>
      <grant>
      <grantee>
      <principals>
      <principal>
      <name>ServiceAssociate</name>
      <class>oracle.security.jps.service.policystore.ApplicationRole</class>
      </principal>
      </principals>
      </grantee>
      <permissions>
      <permission>
      <class>oracle.adf.share.security.authorization.RegionPermission</class>
      <name>com.redsamurai.view.pageDefs.mainPageDef</name>
      <actions>view</actions>
      </permission>
      </permissions>
      </grant>
      </jazn-policy>

      I added a Custom Role Mapping Provider which maps an authenticated user to this test role and that's working fine

      SOP of Custom Role Mapping Provider
      SimpleSampleRoleMapperProviderImpl.getRoles
      subject = Subject:
      Principal: serviceuser
      Private Credential: serviceuser

      resource = type=<url>, application=TablePaginationApp, contextPath=/TablePaginationApp-ViewController-context-root, uri=/adfAuthentication, httpMethod=GET
      roles = {Anonymous=Anonymous, ServiceAssociate=ServiceAssociate, valid-users=valid-users}

      but ADF Security classes throw error even when the application role seem to present in response from Weblogic Security framework layer -->

      oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'com.redsamurai.view.pageDefs.mainPageDef' 'VIEW'.
      at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:182)
      at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:162)
      at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:116)

      I have spent more than a day on this but didn't find hint.. any help on how to resolve this issue or how to debug the response in ADF security layer/classes will help me.

      Thanks in advance.