First we make a region with security info so we can see on every page what the security settings are. This region also contains a login and logout button.
I use a backing bean to do this. The login action is done redirecting to this url /adfAuthentication?succes_url=/faces/dept.jspx and the logout is done by this /adfAuthentication?logout=true&end_url=/faces/start.jspx
public class SecurityBean {
public SecurityBean() {
}
public String getSecurityEnabled() {
if (ADFContext.getCurrent().getSecurityContext().isAuthorizationEnabled()){
return "true";
}
return "false";
}
public String getIsAuthenticated() {
if (ADFContext.getCurrent().getSecurityContext().isAuthenticated()){
return "true";
}
return "false";
}
public boolean isAuthenticated() {
return ADFContext.getCurrent().getSecurityContext().isAuthenticated();
}
public String getCurrentUser() {
return ADFContext.getCurrent().getSecurityContext().getUserName();
}
public String doLogOut() throws IOException{
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
String url = ectx.getRequestContextPath()+"/adfAuthentication?logout=true&end_url=/faces/start.jspx";
response.sendRedirect(url);
return null;
}
public String doLogIn() throws IOException{
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
String url = ectx.getRequestContextPath()+"/adfAuthentication?succes_url=/faces/dept.jspx" ;
response.sendRedirect(url);
return null;
}
}
In this example I have two pages , the first page start.jspx doesn't have any security so adf security uses the anomynous account.
the second page have security on the page , you need to have the role users to see this page and the navigation buttons are enabled if the user belows to the oc4j-administrators role.
Now let see how we can add page security to a page. To view this page you need to have view right. We can do this by opening the pagedef.
the next step is to add the view rights to the roles users and oc4j-administrators. We now go the pagedef structure window and select the pagedef node and with the right button we open the authorization window.
These security entries are put in system-jazn-data.xml and jazn use the pagedef name as unique entry so make sure you don't have the same pagedef twice on the production server else both pages has the same security.
You can do this also for the binding actions like next, first etc. Now we make sure that you need to have oc4j-administrator role to press next etc.
and we ready to test it.
Here you have the example project and the system-jazn-data.xml which you have to put in the config dir of the embedded oc4j . this are the users oc4jadmin / welcome , test / test