Monday, August 30, 2010

Oracle OpenWorld 2010 Sessions

This year I will talk on Oracle Develop:

Session ID: S313355

Title: Developing Large Oracle Application Development Framework 11g Applications

Abstract: Oracle Application Development Framework (ADF) is an end-to-end development framework that offers unparalleled productivity for application developers. This session will show how data passivation and activation phases should be managed in large applications and demonstrate different UI Shell templates for separate Oracle ADF applications integration. Based on personal experience from retail industry projects, the speaker will describe how Oracle ADF applications can be tuned for the best runtime performance and show how developers can apply Oracle ADF architecture best practices. There will also be multiple demos about Oracle ADF Task Flows and Libraries usage for application integration and reusability.

Place: Monday, September 20, 4:00PM | Hotel Nikko, Carmel

Don't miss ADF EMG event on Oracle OpenWorld 2010, please read Chris Muir blog post. I will demo there two production systems.

See you in San Francisco !

Sunday, August 29, 2010

Migrating User Personalizations and Customizations in WebCenter Spaces

Each time when you extend WebCenter Spaces, previously done user personalizations and customizations are lost for obvious reasons - new WebCenter Spaces library is deployed and MDS is refreshed. Even user Group Space membership will be removed - default WebCenter Spaces screen:

Of course, we need to preserve user personalizations and customizations, we can't just extend and ask users to start once again from the beginning. We can achieve this with Oracle Enterprise Manager 11g, it allows us to export and import WebCenter Spaces application. Export and import includes user personalizations/customizations, security and services configurations - thats very helpful, it allows to create WebCenter Spaces backups and apply them later to restore WebCenter Spaces state. In order to run Export/Import, go to WebCenter Spaces application accessible from Oracle Enterprise Manager 11g and invoke it from the menu:

In my specific use case, I was extending WebCenter Spaces with custom ADF Task Flows. When extended WebCenter Spaces library was deployed, I have imported WebCenter Spaces application backup (of course you shouldn't forget to export it before extending WebCenter Spaces :) ) with all personalizations/customizations, service configurations and security settings:

Import is in progress:

Finished successfully:

User redsam1 opens WebCenter Spaces, when it was extended and backup applied:

User personalizations and customizations remain present, also Group Spaces are available as it was before extending WebCenter Spaces:

If we would take a look into custom Resource Catalog, we would see one more custom ADF Task Flow added - Employees by Departments:

This means we have successfully extended WebCenter Spaces and preserved previous setup by exporting and importing it through Oracle Enterprise Manager.

Both custom ADF Task Flows can be added now to user space:

Sunday, August 22, 2010

Applying Personalization and Customization in Oracle ADF 11g and Oracle WebCenter 11g

Let me start with simple definition of personalization and customization. Term personalization means user can perform changes visible only to that user. Term customization means user with admin privileges can perform global changes, visible to all users. I decided give you this simple explanation, because while browsing Oracle resources and related blogs, I saw many confusing statements. For example, something similar like - we can apply personalization by customizing. In this blog post I'm not describing predefined seeded customizations, but focusing on user performed runtime personalization and customization. You can achieve personalization functionality within standard ADF framework enabled with MDS. For customization functionality need to use Oracle WebCenter component - Composer. Today I will describe how to use these two together.

First we should take a look, what we can get from Oracle documentation:
My goal today is to join all this information together and provide more hints not described in documentation. Download sample application - All examples from this post are based on this sample, you need to have Oracle WebCenter JDeveloper extension installed to run this application.

UserCC class from Oracle documentation contains static user reference scott. I have modified this to retrieve current user name from security context:

As per documentation, I have created all required Java classes to support Edit and View layers:

User customizations and personalizations are enabled to be stored across sessions with MDS. This option is needed to store changes for ADF components, Oracle WebCenter Composer is working without this option as well:

I have change customization class from SiteCC to UserCC, this enables personalization:

Session options factory is class must be configured in adf-config.xml to enable customization:

As per documentation, additionally you need to declare Oracle WebCenter Composer servlet in web.xml.

ADF Security defines two application level roles - admin and customer. Admin role is granted with Customization permission:

Customer role is granted with Personalization permission only:

Session options factory class as per documentation, defines two layers - Edit and View. You can see that Edit layer is applied on global level (its when Oracle WebCenter Composer is invoked to perform customization). View layer is applied on global and user levels (this means each user will see global customizations and their own personalizations):

If Oracle WebCenter Composer is On, Edit layer is enabled, otherwise - View layer:

I have declared two users - scott (admin role) and john (customer role). Now I open application with admin role user scott - it brings blank screen and option to invoke Oracle WebCenter Composer (Edit):

Oracle WebCenter Composer invoked to perform customization visible to all users:

I can add my custom ADF Task Flow with Employees data from extended Resource Catalog:

Through composer we can change visual and layout properties:

Customization is done, user scott can close Oracle WebCenter Composer. Now the same user performs personalization - removes PhoneNumber column from Employees table. This change will not be visible to other users, because it is personalization:

In order to perform personalization on table and column components, you must declare them in tag configuration:

We can see two folders in MDS repository - site and user. All customizations are stored inside site and personalizations inside user. This means customizations will be visible to all users and personalizations per specific user only:

I login as user john and can see Employees table added by user scott (customization), I can see PhoneNumber column as well (because it was user scott personalization):

User john is not allowed to perform customization, only personalization - Oracle WebCenter Composer is disabled for this user. User removes all columns, except FirstName, LastName and PhoneNumber:

As we can expect, this personalizations are not visible for user scott:

Now we take a better look, what Personalize permission means. Let's revoke it from customer role:

We can't personalize anymore elements created by Oracle WebCenter Composer - WebCenter Customizable Components (in a Panel Customizable or Show Detail Frame). There is no option to disclose, resize or delete:

I enable Personalize permission again:

Now user with customer role is able to do personalization and remove Employees table added through Oracle WebCenter Composer customization:

Personalization is successful, however user granted with Personalize permission only is not allowed to invoke Oracle WebCenter Composer and add custom ADF Task Flow from Resource Catalog:

Only user scott, who is granted with Customize permission can do this:

Now I will describe how to apply personalization through Oracle WebCenter Composer, so user who is not granted with Customize permission will be able to invoke Composer as well.

We need to add one more customization layer, this time only UserCC:

I gave Edit Personal Layer name for this layer. Now we need to modify layer switch logic. Edit layer will be initialized only in that case, when current user is granted with admin role. In all other cases, Oracle WebCenter Composer will be opened in Edit Personal Layer - this means personalization will be applied:

In order to open Oracle WebCenter Composer, in addition to Personalize permission, we need to grant Edit permission:

User john, with Personalize and Edit permissions is able to open Oracle WebCenter Composer and perform personalization:

Personalization - Employees table:

John Employees List personalized table:

Because user john was allowed to do only personalization, another user scott will not see any changes:

We know that user scott is allowed to perform customization, let's test how it works. User scott will add the same Employees ADF Task Flow and name it - Global Employee List:

It should be visible for user john as well, because it is customization. Yes, user john can see both tables now - one comes from personalization and another from customization:

If user john, don't want to see global list of employees, he can perform personalization further and remove this customization. It will be removed only for this specific user:

Now user john can see only his personalizations, no global customizations:

As expected, another user scott, can see customizations (even they were removed by user john - personalized):

Sunday, August 8, 2010

Managing ADF Security Permissions Using Oracle Enterprise Manager 11g

One of my previous blog posts describes how to Manage ADF Security Using Oracle Enterprise Manager 11g. Today I will specifically describe how to manage ADF Security Permissions without application redeployment. It is very common use case, especially when using ADF libraries. Developers who are implementing ADF libraries, often even are not aware what application roles will be used from main application to protect ADF Task Flows, etc. Its extremely important to be able to manage application permissions after deployment and without redeployment.

Download sample application - This sample implements one ADF library application, it brings Employees ADF Task Flow region:

Main application consumes ADF Task Flow region from ADF library and defines mapping between Enterprise and Application roles (Financials and accountants):

Let's assume, at this moment we don't have any permissions defined for ADF Task Flow imported from ADF library:

Deployment will be done without granted permission for this ADF Task Flow, we will specify it later from Oracle Enterprise Manager 11g.

There is permission for main page defined - every authenticated user can open main page:

Application was deployed on standalone WebLogic server, scott/welcome1 user authenticates to access main application page:

Main page loads successfully, however region is not rendered - as expected:

This happens, because there is no permission defined for ADF Task Flow imported from ADF library, as you saw few steps above.

We could go back to JDeveloper, assign permission there and redeploy our application. However, in production environment its hardly acceptable by the management, usually we want to do a fix without redeployment to minimize application down time.

We can go to Application Policies section accessible through Oracle Enterprise Manager 11g instead:

Review current permissions (only one available for authenticated users to view main page):

We can create new permission - define permission class and grantee (application role - accountants):

First you need to define TaskFlowPermission class, it should point to the address of ADF Task Flow we are defining permission for. Specify permission action as well (view):

Add application role in grantee section. This means defined permission will be available for all the users granted with this application role (accountants):

Complete new permission screen:

Now we have two permissions available:

Without redeployment, ADF evaluates new permission for user granted accountants application role, and renders ADF region successfully: