> Samples Tutorial
> CreatingXQueryFilters to Implement Conditional Logic Security
Samples Tutorial
CreatingXQueryFilters to Implement Conditional Logic Security
Data Services Platform can enable security based on the results of conditional logic.
Objectives
After completing this lesson, you will be able to:
Activate security XQuery functions.
Write security XQuery functions.
Overview
Conditional logic can be used to establish very specific security restrictions. For example, access to a social security number can be restricted to managers, as is illustrated in Exercise 30.2 Writing the XQuery Security Function. Security restrictions at the element level are set through the ALDSP Console.
30.1 Creating User Groups
The first step in setting conditional-logic security is establishing security groups.
Objectives
In this exercise, you will:
Create new user groups.
Assign user accounts to user groups.
Instructions
Login to the WebLogic Server Console (http://localhost:7001/console/), using the following credentials:
User Name = weblogic
Password = weblogic
Create two new user groups by completing the following steps:
Choose Security Realms myrealm Groups.
Select Configure a New Group.
Enter LD_Emp in the Name field.
(Optional) Enter "Employee Group" in the Description field.
Click Apply.
Repeat steps 2b through 2e to create a new group for LD_Mgr.
Figure 30-1 Configuring a New User Group
Assign the user Bob to the LD_Emp group, by completing the following steps:
Choose Security Realms myrealm Users.
Click Bob in the User column. The User page for Bob opens.
Figure 30-2 User Page for Bob
Click the Groups tab. The Groups page opens.
Select LD_Emp from the Possible Groups pane.
Click the arrow ( ) to add the group to the Current Groups pane.
Click Apply.
Figure 30-3 Group Assignment Page for Bob
Assign the user Joe in the LD_Mgr group, by completing the following steps:
Choose Security Realms myrealm users.
Click Joe in the User column. The User page for Joe opens.
Click the Groups tab. The Groups page opens.
Select LD_Mgr from the Possible Groups pane.
Click the arrow ( ) to add the group to the Current Groups pane.
Click Apply.
30.2 Writing the XQuery Security Function
You can specify a security function using XQuery syntax. In this example, access to social security numbers is restricted to managers.
Objectives
In this exercise, you will:
Set security access control.
Set a security XQuery function.
Instructions
Login to the ALDSP Console (http://localhost:7001/ldconsole/), using the following credentials:
User Name = weblogic
Password = weblogic
Using the plus ( + ) icon, expand the ldplatform directory.
Note:
If you click the ldplatform name, the Application List page opens. You do not want this page for this lesson.
Click Evaluation. The Administration Control's General page opens.
Select Check Access Control.
Select Allow Default Anonymous Access.
Figure 30-4 Setting Access Control
Select Xquery Functions for Security and enter the following function: