In this post I will describe step-by-step how to deploy your Web application with ADF Security enabled on standalone WebLogic server. You can download my sample application, I was deploying and testing - ADFSecurityWL.zip. ADF BC Application Module is configured to use JDBC DataSource - java:comp/env/jdbc/HrDS, dont forget to define jdbc/HrDS JNDI on your server, before running application.
So, what is not clearly described in documentation is that standalone WebLogic server can see only so called Enterprise roles defined with following class:
- oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl defined in jazn-data.xml
- weblogic.security.principal.WLSGroupImpl converted to WebLogic class after Policies migration
You need to know, that Enterprise roles are not used to define policies. For ADF Policies are used Application class roles. During development, those roles are defined under Application Policy Store.
And its very important - if you want your Application class role to be functional on standalone WebLogic server with Authentication Provider, you need to map Application role to appropriate Enterprise role. This mapping can be done in jazn-data.xml file. In this example, Application class role - managers is mapped to Enterprise class role - managersApplication:
Enterprise role later will be defined in standalone WebLogic server Authentication Provider. This will allow to define new application users, not only those used during development.
Here is an example of Application class role usage to define ADF Security Policy related to a Web page access:
I'm using second Application role - managers, in order to disable/enable specific button in my application:
You should now, there is no need in this case to map your Enterprise class roles to WebLogic roles in weblogic.xml. Its enough to have mapping generated by ADF Security wizard - valid-users to users:
ADF Security role - valid-users, charachterize defined Enterprise class roles.
When roles are defined, its time to deploy your application. I have configured Application Module to use JDBC DataSource - java:comp/env/jdbc/HrDS:
I should mention very funny bug here. Its impossible to define JDBC DataSource with different name comparing to your defined name for database connection. Let's say if we have defined DB connection with a name Hr, when you will choose JDBC DataSource option, JDeveloper automatically will supply following JDBC DataSource - java:comp/env/jdbc/HrDS. JDeveloper takes DB connection name Hr and adds DS. If you will change this JDBC DataSource name to anything else, for example - java:comp/env/jdbc/HrDSMY and will define same JDBC DataSource on standalone WebLogic - it will not work. Why??? Simply, because during EAR generation process, JDeveloper adds additional JDBC DataSource configuration to web.xml file. And no difference what name you have specified, it will always put into web.xml JNDI name constructed by default from your DB connection name. Here is this entry in web.xml, it is added only during EAR generation process and is not available in application under development:
I wish, Oracle will fix this bug.
Ok, when application is deployed, you can migrate your ADF Security Policies as it is described in Steve Muench article. After migration, in your system-jazn-data.xml on standalone WebLogic domain, you will have similar entries:
You can see two Enterprise class roles, visible to WebLogic, defined:
Second is - anuhold:
First user have both two roles, second is assigned with only one role.
On runtime, if application will be accessed by anuhold:
User will be authorized to open a page, however - Salary Graph button will be disable, since user is not assigned with managersApplication role:
When opening application with sking user:
Authorization is passed for both - page and Salary Graph button:
Here is a graph with Salary values:
Titulo: Como desplegar aplicaciones ADF (que usan la característica de seguridad ADF Security) en servidores BEA WebLogic.
Resumen: Andrejus en este capitulo, no muestra de manera practica como crear un repositorio de usuarios y roles en BEA WebLogic y aplicarlos a las politicas de seguridad de nuestras aplicaciones ADF.