The steps and examples in the tutorial are based on tables that are part of the Fusion Order Demo (FOD) schema. This schema is also used as the database for the sample application that ships with Oracle JDeveloper 11g, as well as other collateral in this release. Read more...

It will be convenient to have this schema installed, and you only need to do it once. If you have already installed the FOD schema, you can skip this step and go directly to the next. To install the schema, you will also need to have an Oracle database and access to a privileged (DBA) user which has permissions to create users. Any Oracle 10g version (or later) of the database should work for this schema. To install the schema, you will download and expand a zip file, then use Ant to perform the installation.

1. Download the schema.zip file from OTN.

2. Unzip the file to a convenient location (for example, c:\temp).

3. From the File menu, choose Open. Open the workspace c:\temp\Infrastructure\Infrastructure.jws.

4. If you are prompted to migrate the project, click Yes to confirm, then click OK.

5. In the Application Navigator, expand the MasterBuildScript project. Under Resources double-click build.properties to open it in the editor.

6. Set the appropriate values in the build.properties file (jdeveloper.home, and all the jdbc.* and db.* settings). Keep all other properties set to their default values. The demo user must be named FOD.
   
   The relevant settings are:

   Setting	Description
   jdeveloper.home	The /jdeveloper directory where you have JDeveloper installed, for example, c:/JDeveloper_11/jdeveloper/
   jdbc.urlBase	Base URL for your database, for example, jdbc:oracle:thin:@localhost
   jdbc.port	Port number for your database, for example, 1521
   jdbc.sid	Database System Identifier, for example, XE or ORCL
   db.adminUser	Database user with admin privileges, for example, system
   db.demoUser.tablespace	Tablespace name where the FOD user will be installed, for example, USERS

7. In the MasterBuildScript project, select the build.xml file.

8. In the Structure window, right-click the refreshSchema target and choose Run Target "refreshSchema".

9. When prompted, enter the password for the database user with admin privileges.
   
   After running the Ant task, you should see a build successful message in the JDeveloper Log window.
   
   
   
   If there are errors, you should verify that your database is running (try connecting through SQL*Plus), and that the values you provided in the build.properties file are correct. Also, make sure that the DBA user you specified has the CREATE USER privilege.

1. From the main menu, choose File > New. In the New Gallery, expand the General category and select Applications. Then in the Items list, select Fusion Web Application (ADF) and click OK.

   
The JDeveloper application is the highest level in the organizational structure. While you are developing your application, it stores information about the objects you are working with. Read more... At the same time, it keeps track of your projects and all environment settings.

Based on prebuilt templates, a JDeveloper application allows you to specify a predefined type of environment, depending on the type of application you want to create (web application, Java application, and so on). Application templates provide you with a quick way to create the project structure for standard applications with the appropriate combination of features already specified. The application template also filters the work you do in JDeveloper such that the choices available are focused only on the features you are working with.

In this tutorial, you will use the Fusion Web Application template that is configured for building a databound ADF web application. Once you have created an application using a suitable template, you can still new projects to the application and specify what features are to be included. To do this, in the Application Navigator, right-click the application name and choose New Project. In the New Gallery, you can select any type of project in the Items list.

2. To follow along with the example, enter SecureApplication as the application name.

   
The application template you select determines the initial project structure, that is, the named project folders within the application workspace, and the application libraries that will be added. Read more... The project or projects in the application define the associated features.

A JDeveloper project, which is used to logically group files that are related, keeps track of the source files, packages, classes, images, and other elements that your program may need. Projects manage environment variables such as the source and output paths used for compiling and running your program. Projects also maintain compiler, runtime, and debugging options so that you can customize the behavior of those tools per project.

You can add multiple projects to your application to easily access, modify, and reuse your source code. Different projects might contain files representing different tiers of a multi-tier application, for instance, or different subsystems of a complex application. These files can reside in any directory and still be contained within a single project.

3. Accept the defaults and click Finish.
   
   The Application Overview window opens by default in the editor window area when you create a new application. You can optionally close the window, since you will not be using it to create objects for this application.
   
   

All objects that you create within JDeveloper appear in the Application Overview file summary pages, arranged by object type. You can create new files and artifacts, and view them filtered by status and project. Read more...

The Checklist steps you through the building of a Fusion Web application, according to Oracle recommended best practices. It optionally walks you through the entire process of configuring and building your application, with links to specific dialogs and wizards. Each step is also designed to teach you about the architecture, tools and resulting files using a combination of links to step-by-step instructions, relevant sections of the Developer's Guides, and descriptions of what happens in the IDE as a consequence of doing the work in a step.

The new application created from the template appears in the Application Navigator already partitioned into tiered projects, with the associated features set in each project. The Projects panel in the Application Navigator should look like this:



Projects are displayed as the top level in the hierarchy in the Application Navigator. The Fusion Web Application (ADF) template that you used for your web application partitions your application into two projects: Model and ViewController.

In the Application Navigator you can collapse and expand any panel. You adjust the size of panels by dragging the splitter between two panels. To group and sort items in the Projects panel, use the Navigator Display Options dropdown menu. For application operations, you can click Application Menu and choose an option from the dropdown menu.

JDeveloper has the capability of recognizing many different file types, displaying each in its appropriate viewer or editor when you double-click the file in the Application Navigator. Closing an application or project closes all open editors or viewers for files in that application or project and unloads the files from memory.

Note: Nodes in italics in the Application Navigator mean that the elements have not yet been saved. A project node is bold when a file in the project is selected.

You will establish a connection to the database you installed, to use the Fusion Order Demo (FOD) schema.

1. From the main menu, choose File > New > General > Connections > Database Connection, then click OK to open the Create Database Connection dialog.

   

2. Select Application Resources as the Create Connection In option.

3. Enter a name for the connection, select the connection type, and enter the username and password. To follow along with this example, use FOD for the connection name and fod for the username.

   

4. Enter the Oracle JDBC settings to point to the host, port and SID for your database.

   

5. Click Test Connection to confirm that you can connect. Click OK if the connection was successful.

6. In the Application Navigator, expand the Application Resources panel, then expand the Connections and Database nodes to see the database objects.

   
The database connection you created (for example, FOD) is included as a resource for your application under the Connections | Database node. Read more...

Expand the connection node you created, then click the various + icons to see the schema and database objects.



After adding the database connection to the application resources, you can optionally contract the Application Resources panel to increase the size of the Projects panel in the Application Navigator.

1. In the Application Navigator, right-click the Model project and choose New > Business Tier > ADF Business Components > Business Components from Table, then click OK.

   
The Create Business Components from Tables wizard allows you to easily create a package of business domain components (entity objects, associations, and domains) from existing database objects and optionally to create a default package of data model components (view objects, view links, and an application module) from these newly generated business domain components. Read more...

The particular database objects that you choose in the wizard are important. Your selections will determine how the generated business components will be related. For instance, if two tables define a one-to-many relationship through their foreign key column, the business components generated by the wizard will also describe this relationship. In the business components terminology, a one-to-many relationship is also known as a master-detail relationship. In the example, the two tables will be used to display data in a master-detail form.

JDeveloper also provides business component wizards that let you edit any business components you create with this wizard, and add new business components later.

The Create Business Components from Tables wizard does not create a user interface (this is governed by the "view" portion of the application), nor does it determine other application logic such as control flow. It just provides a representation of, and access to, data, and implements business logic.

Specifically, Oracle ADF Business Components technology handles all aspects of application plumbing automatically:

• It automatically handles O/R mappings and persistence for instances of its own library classes

• It allows you to make complex requests for data retrieval using SQL

• It automatically handles transaction management, including optimistic or pessimistic locking

• It provides a framework for implementing complex business logic

• It automatically implements many Java EE design patterns

• It has a powerful caching and data passivation system for increasing the performance and scalability of applications

2. In the Initialize Business Components Project dialog, ensure that FOD is the currently selected database connection. Then click OK.

   

3. On step 1, Entity Objects, click Query to populate the Available list.
   
   
   
   If your schema has many tables, you may experience a short delay.

4. Select two tables, PRODUCTS_BASE and WAREHOUSE_STOCK_LEVELS, from the Available list and click to move them to the Selected list. Then click Next.
   
   The tables are related by a foreign key so the resulting business components represent a one-to-many relationship.

   

5. On step 2, Entity-based View Objects, click to move both objects from the Available list to the Selected list. Then click Next.

   

6. Click Next to skip step 3, Query-based View Objects, which aren't needed.

   

7. On step 4, Application Module, change the application module name to ProductsModule and click Finish.

   

8. Click Save All to save your work.
   
   After completing the Create Business Components from Tables wizard, the Model project in the Application Navigator should look similar to this:

   
If you expand the Data Controls panel, then expand ProductsModuleDataControl, you should see the ProductsBaseView and WarehouseStockLevelsView collections. Read more...



The Data Controls panel is a data binding tool that lets you add databound UI controls to user interfaces by dragging and dropping. In a step, you will use the Data Controls panel to design the master portion of a master-detail form.

In the Model project, the navigator displays the business components that you created in this series of steps: entity objects, view objects, associations, view links, and application modules. To display the business components sorted by type, select Sort By Type in the Navigator Display Options menu.

Your wizard selections produced these business domain components that represent features of the data source:
• Entity objects, like ProductsBase, which represent objects in the data source (usually tables, views, and synonyms in a database)

• Associations like WarehouseStockLevelsFkAssoc, which represent relationships between these objects (such as foreign key relationships)
It produced these data model components that collect data and present it to the client model:
• View objects, like ProductsBaseView, which collect data from the data source (usually by using a SQL query)

• View links, like WarehouseStockLevelsFkLink, which represent relationships (such as master-detail relationships) between view object result sets

• Application modules, like ProductsModule, which provide a single point of access to the view objects and view links
The Model.jpx file is the Business Components Project object, which is used for properties shared by all the business components contained in the project.

1. In the Application Navigator, expand the ViewController project, Web Content and Page Flows folders, and double-click adfc-config to open it in the diagrammer.

   
You will create control flow cases by drawing them on your ADF task flow diagram. By doing this you will be adding control flow (navigation) rules to the configuration file for your application. Read more...

An ADF task flow includes the view activities and control flow rules that define an application's page flow. There are two types of task flows: bounded and unbounded. A bounded task flow has a single entry point and zero or more exit points; it contains its own set of private control flow rules, activities, and managed beans. An unbounded task flow is for top-level application flows; it consists of all activities and control flows in an application that are not included within any bounded task flow. A typical application is a combination of an unbounded and one or more bounded task flows.

You will first create an ADF task flow diagram that defines the flow of your application: a welcome page, and pages that display product and stock information. To begin creating a task flow, you have opened the blank task flow diagram created by default when you used the Fusion Web Application template. You can also create task flows using the Create ADF Task Flow dialog.

2. In the Component Palette, ADF Task Flow page, Components panel, Control Flow section, click Wildcard Control Flow Rule then drag and drop it on the diagram to add a control flow case icon. You do not need to enter a name for it.

   
By using a task flow diagram you can plan out the pages in your application and define the navigation rules for users to navigate between the pages. Read more...

You add pages and navigation rules to a navigation diagram by selecting elements from the ADF Task Flow page of the Component Palette and dropping them on the diagram, or by creating the pages first, and then dragging them from the Application Navigator onto the diagram.

When you draw navigation on a task flow diagram:

• The required navigation rules and cases are added to the configuration file automatically for you.

• The different cases for each rule are shown on the diagram as arrows connecting pages, with the direction of the arrow indicating the pages from which and to which the user will navigate. A label is associated with each case, to be used to distinguish the different cases from a single page.

3. In the Components panel, Activities section, click View then drag and drop it on the diagram to add a view activity to represent your first application page. Change the view name to welcome.

   

4. Drag and drop two additional View components on the diagram to add the second and third view activities. Change the view names to products and stock.

   

5. In the Component Palette, Control Flow section, click Control Flow Case. Then in the diagram, click on the wildcard control flow rule icon and then the welcome view icon. Enter welcome for the outcome label.

6. Click Control Flow Case again. Then in the diagram, click on the wildcard control flow rule icon and then the products view icon. Enter products for the outcome label.

7. Click Control Flow Case again. Then in the diagram, click on the wildcard control flow rule icon and then the stock view icon. Enter stock for the outcome label.

   
The task flow contains three view activities: welcome, products and stock, and three control flow cases. Read more... The first activity you dropped is the default, as indicated by the green halo or circle. Currently the task flow does not do anything: the ! icon on each view activity indicates that the view activity is not bound to any page. Later you will tie a page to each view activity, and add navigation.

You can see the rules that JDeveloper has added to the task flow file using a visual format by clicking the Overview tab at the bottom of the editor window and selecting the Control Flows navigation tab at the left, for example:



You can see the same rules in the XML source of the task flow file by clicking the Source tab at the bottom:

1. In the Application Navigator, right-click the ViewController project and choose New > Web Tier > JSF/Facelets > ADF Page Template, then click OK to open the Create ADF Page Template dialog.

   
You will create an initial page template with the layout and components that are common to all pages in your application. Read more... Typically you would create and bind navigation components on a page template, then use the template to create your pages. Using a page template also provides the same layout and look and feel for your application pages.

A page template is created in a template definition file written in XML. The template is described in two sections inside the template definition file: a metadata section that contains all the metadata for the template (such as the template display name), and a layout section that contains all the individual ADF Faces components that make up the template page layout.

The Create ADF Page Template dialog helps you to create metadata for the template only, such as the template's display name, and any facet definitions or attributes that the template might include. In the example, you will enter a file name for the template, and add a facet definition. The facet definition you add will allow page authors to add their own page contents when they create their pages using the template. After creating the initial metadata, you will use tools such as the visual editor and Component Palette to define the components for the layout part of the template definition.

2. Enter productTemplate.jsf in the File Name field. Confirm that Facelets is selected as the document type.

3. Select Use a Quick Start Layout. Then click Browse.

   

4. In the Component Gallery, select the Two Column category, the fourth type, and the sixth layout with locks in the top and left facets and no stretching. (You should see Two Column Left, Header (Scrolled) in the Options box on the right.) Then click OK.

   
ADF Faces provides a number of components that you can use to define the overall template layout of the page. JDeveloper includes pre-defined page layouts that use these layout components to provide you with a quick and easy way to correctly determine the template layout. Read more...

In the Create JSF Template dialog, when you select Use a Quick Start Layout and click Browse, you can choose from one, two, or three column layouts, and then determine how you want the columns to behave. When you use a quick start layout option, JDeveloper adds the components necessary to display the template layout. Once your page template file is created, you can add UI components and work with the page source.

5. With the Facet Definitions tab in front, click to add a facet. Enter main_content in the Name field. Then click OK.

   

6. In the Component Palette, ADF Faces page, Layout panel, drag Panel Group Layout and drop it on the top facet of the template, in the visual editor.

   
To create the user interface, you add ADF Faces components to your pages. Read more...

JDeveloper provides a Component Palette to add user interface and data components to your pages. While inserting, copying, or moving page components, you select an insertion point on the page in the visual editor or in the Structure window in relation to a target page element. JDeveloper provides visual cues to indicate the location of the insertion point before, after, or contained inside a target component.



After adding a component, you can set the properties of the component using the Property Inspector.

7. In the Property Inspector, Common section, select vertical from the Layout dropdown list. Expand the Style section, select the Background tab, and select Black from the Background Color dropdown list.

   

8. In the Component Palette, Text and Selection panel, drag and drop Output Text into the panel group layout you just added.

9. In the Property Inspector, Common section, enter Product Information as the Value. Expand the Style section, select the Text tab, and select White from the Color dropdown list, medium from the Font Size dropdown list, and bold from the Font Weight dropdown list.

   

10. In the Component Palette, Layout panel, drag Panel Group Layout and drop it on the start facet of the template.

    

11. In the Property Inspector, Common section, select vertical from the Layout dropdown list. Expand the Style section, select the Background tab, and select ActiveBorder from the Background Color dropdown list.

12. In the Component Palette, General Controls panel, drag and drop Link into the panel group layout in the start facet. In the Property Inspector, Common section, enter welcome as the Text and the Action property fields.

13. Drop two additional Link components into the panel group layout in the start facet. Enter products as the Text and Action property of the first, and stock as the Text and Action property of the second link.

    

14. In the visual editor, click the blank area to the right of the start facet, below the top facet. (In the editor crumbs, you should see that you have selected the panel group layout.)

    

15. Scroll the Component Palette, Layout panel, to the Core Structure section, then drag and drop Facet into the panel group layout in the center facet, where you will add the custom content for each page. Choose main_content from the dropdown list. Click OK.

    

16. Click Save All to save your work.

    
The links you created are the menu items that will appear on every page, and will navigate to the three pages in your task flow. The action property of each link corresponds to the outcome properties of the control flow cases on your task flow diagram. Read more...

The facet you defined, main_content, will be used for page content. Page template facets define areas on the template where content can be added by page authors when they use the template to create their JSF pages. To allow page authors to add their own content, you define one or more facets as placeholders for future content.

1. Click the adfc-config.xml tab to bring the diagram to the front, then double-click the welcome view icon to open the Create JSF Page dialog.

   
The JSF pages you create for your application using ADF Faces can be Facelets (which have file extension .jsf) or JSP documents written in XML syntax (which have file extension .jspx). Read more...

You can create the pages with the Create JSF Page dialog, opening it from:
• The New Gallery

• The ADF Task Flow diagrammer
You will create the welcome.jsf, products.jsf and stock.jsf pages based on the page template.

When you create a new Facelets (.jsf) page, JDeveloper automatically creates a starter page structure with two xmlns attributes for the ADF Faces and JSF Core tag libraries. The other elements included in a starter file are elements for laying out a page, specifically everything else within <f:view> and </f:view>.

2. Accept the default file name of welcome.jsf and Facelets as the document type. Under Page Layout, select Page Template. Then select productTemplate and click OK.

   

3. In the Component Palette, ADF Faces page, expand the Text and Selection panel. Drag Output Text (Formatted) and drop it into the main_content facet on the page.

   

4. In the Property Inspector, select Expression Builder from the Value context menu. Enter the following in the Expression field and click OK:

   
<p> Please log in to get started. Valid users are:</p><ul><li><b>dfaviet</b> (customer)</li><li><b>sking</b> (staff)</li><li><b>achen</b> (supplier)</li></ul> <p>The password for all users is welcome1.</p>

5. Click the adfc-config.xml tab to bring the diagram to the front, then double-click the products view icon to open the Create JSF Page dialog. Under Page Layout, select Page Template. Confirm that productTemplate is selected and click OK.

6. In the Application Navigator, expand the Data Controls panel and the ProductsModuleDataControl node. Drag and drop the ProductsBaseView1 node onto the main_content facet in the visual editor.

   
The role of the browse page is to allow the user to view and navigate the data objects, one at a time. You will add databound components to the products.jsf page to create a read-only form. At runtime, the products are shown one at a time. Read more...

For navigating through the data, navigation buttons can be included in the read-only form.

To begin designing the form and table, use the JDeveloper data binding tool, known as the Data Controls panel. Oracle ADF data controls are represented on the Data Controls panel, where they can be added to the view as UI controls. When you drag a node to the page, the Create menu displays.

7. From the Create context menu, choose Form > ADF Read-only Form.

   

8. In the Edit Form Fields dialog, select all the fields except the following: ProductName, ProductStatus, CostPrice, and ListPrice. Then click Delete.

   

9. Select Include Navigation Controls, and click OK.
   
   
   
   The products.jsf page should look like this, in the visual editor:

   

10. Click the adfc-config.xml tab to bring the diagram to the front, then double-click the stock view icon to open the Create JSF Page dialog. Under Page Layout, make sure Page Template is selected. Confirm that productTemplate is selected and click OK.

11. From the Data Controls panel, drag and drop the ProductsBaseView1 node onto the main_content facet in the visual editor. From the Create context menu, choose Navigation > ADF Navigation List.

    

12. In the Edit List Binding dialog, select ProductName as the display attribute and click OK.

    

13. In the Data Controls panel, expand ProductsBaseView1, scroll down, and select WarehouseStockLevelsView2. Drag it into the Panel Header - Details box on the page and select Graph from the Create menu.

    
Graph is one of many data visualization components available in JDeveloper. Read more...

In addition to Graph, data visualization components include Gauge, Gantt chart, Geographic Map, and Pivot Table. You can choose the type of graph you want to create from the Component Gallery.

Using the Data Controls panel to get started, you will create a bar graph based on the view object WarehouseStockLevelsView2. You will configure the graph in the Create Bar Graph dialog.

14. In the Component Gallery, select Bar as the category and graph type, and click OK.

    

15. In the Create Bar Graph dialog, drag QuantityOnHand from the Available list to the Bars field. Drag WarehouseId from the Available list to the X Axis field. Then click OK.

    

16. In the Property Inspector of the bar graph component, Appearance section, enter Bar graph in the ShortDesc field.

17. Click Save All to save your work.
    
    The stock.jsf page, the last page you updated, should look similar to this page in the visual editor:

    

18. In the editor window, click the adfc-config.xml tab to bring the diagram forward. Right-click the welcome page icon and choose Run.
    
    If the Create Default Domain dialog displays, enter the default password, for example weblogic1, in the Password and Confirm Password fields, then click OK.
    
    When you run the welcome.jsf page, it should look similar to this page in your browser:

    
In the running application, select the products, stock, and welcome links to see the pages. No security has been enabled yet in the application. Read more...

By default, JDeveloper automatically configures an integrated server named Integrated WebLogic Server that references a user-specific instance of Oracle WebLogic Server bundled with the IDE. Integrated WebLogic Server is a Java EE runtime service for packaged archive deployment. Based on zero-copy deployment, Integrated WebLogic Server lets you run and test an application and its projects as a Java EE application in a Java EE container. No special connection setup is required to use Integrated WebLogic Server. You can run the entire application, a project, or individual JSF pages.

When you run the view activity, JDeveloper automatically:
• Starts Integrated WebLogic Server, if not already running.

• Compiles and deploys the application to Integrated WebLogic Server.

• Launches the application in your default browser using a default address. For example:
  http://<your_machine_IP_address>:<http_port>/<application_name>-<project_name>-context-root/faces/<path_to_the_JSP>
To stop the application, click Terminate in JDeveloper and choose the application bound instance from the dropdown menu. Terminating the application stops and undeploys the application from Integrated WebLogic Server but it does not terminate Integrated WebLogic Server.

1. From the main menu, choose Application > Secure > Configure ADF Security to open the Configure ADF Security wizard.

   
The Oracle ADF Security framework is the preferred technology to provide authentication and authorization services to the Fusion web application. Read more... Oracle ADF Security is built on top of the Oracle Platform Security Services (OPSS) architecture, which itself is well-integrated with Oracle WebLogic Server. While other security-aware models exist that can handle user login and resource protection, Oracle ADF Security is ideally suited to provide declarative, permission-based protection for ADF bounded task flows, top-level web pages that use ADF bindings (pages that are not contained in a bounded task flow), and at the lowest level of granularity, rows of data defined by ADF entity objects and their attributes.

You enable ADF Security for Fusion web applications when you run the Configure ADF Security wizard. The wizard configures ADF Security for the entire Fusion web application, so that any web page associated with an ADF security-aware resource is protected by default. This means that after you enable ADF Security, your application is locked down so that the pages are considered secure by default.

The first time you run the Configure ADF Security wizard and enable authentication and authorization, you secure ADF resources at the level of the application. Additionally, you select specific project-level settings for the user interface project, including the authentication type and the authentication welcome. The wizard adds these web application settings to the web.xml file in the project you select.

2. On Step 1, select ADF Authentication and Authorization, then click Next.

   
Adding authentication means that users must be authenticated (usually by a login form) before they can access the application. Authorization determines which parts of an application users can access once they are in the application. Read more...

When you run the wizard with the default option selected, your application will enforce authorization for ADF security-aware resources. Enforcing authorization for ADF resources means that you intend to define security policies for these resources to make the web pages of your application accessible. Until you do so, all pages that rely on the ADF bounded task flows and ADF page definitions will remain protected.

The other two wizard options to configure Oracle ADF Security should not be used when you want to enable ADF Security. Those options allow you to temporarily disable Oracle ADF Security and run your application without security protection.

ADF Authentication and Authorization (default) enables the ADF authentication servlet so that you can redirect to a configured web page when the user logs in and logs out. This option also enables ADF authorization to enforce permission checking against security policies that you define for ADF resources. This option assumes that you will define application roles and assign explicit grants to those roles to manage access to ADF security-aware resources.

3. On Step 2, select Form-Based Authentication and Generate Default Pages. Then click Next.

   
The first three Authentication Type options enable you to specify browser authentication, digest authentication, or client-side authentication, respectively. Read more...

Selecting Form-Based Authentication allows you to specify a user-written HTML form for authentication. Selecting the Generate Default Pages option causes JDeveloper to generate a default form-based login page named login.html.

The wizard-generated login and error pages are HTML pages that are added to the top-level folder of your user interface project, ViewController. The generated login page defines a form with the standard j_security_check action. The form takes the user name and password as input to the j_SecurityCheck method within the container's security model.

4. Click Next to accept the defaults in the remaining steps, then click Finish. Click OK in the message prompt.

   
The Configure ADF Security wizard updates all security-related configuration files and secures all resources in your application. This means that before you run your application again you must define some users and allow them to access the application. Read more...

After you run the Configure ADF Security wizard with the default ADF Authentication and Authorization option selected in the ADF Security page, you will have:
• Enabled ADF authentication to prompt the user to log in and to allow page redirects

• Enabled ADF permission checking so that only authorized users will have access to ADF resources
The web.xml file now specifies form-based authentication and identifies the location of the pages, adding the following code:
<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login.html</form-login-page>
    <form-error-page>/error.html</form-error-page>
  </form-login-config>
</login-config>
The security-related configuration files display in the Application Resources panel in the Application Navigator:



The wizard-generated login.html and error.html pages are added to the ViewController project.

1. From the main menu, choose Application > Secure > Application Roles to open the Application Roles page of the overview editor.

   
In ADF security, as in Java EE security, users are assigned one or more roles, and permissions are granted to roles. Read more...

After you enable ADF Security you must grant users access rights so that they may view the web pages of the Fusion web application. Access rights that you grant users are known as a security policy that you specify for the page's corresponding ADF security-aware resource. Ultimately, it is the security policy on the ADF resource that controls the user's ability to enter a task flow or view a web page.

You create application roles to represent the policy requirements of the application and to define groups of users with the same view permission rights. The application roles that you create in the application policy store are specific to your application. For example, in the context of the work flow, there may be application roles such as customer, staff, and supplier.

At runtime, the access rights are conferred on the user through the application role for which the user is defined as a member. Thus, before you can define security policies, the policy store must contain the application roles that you intend to issue grants to.

2. In the overview editor, click to the right of Roles and select Add New Role, then enter customer as the name of the new role.

   
   
   
In the jazn-data.xml overview editor you can create both application and enterprise roles. Read more...

An application role is a role used by an ADF application. It is specific to the application, defined by the application policy, and not necessarily known to the Java EE container. Application roles are scoped in the sense that they can contain only users and roles defined in the application.

After you create the application role, you will:
• Grant permissions to the application roles

• Associate test users with each application role
An enterprise role is a role that is maintained in the domain policy store (as opposed to an application policy store). Enterprise roles are available to every application deployed in the domain and defined in the domain identity store, typically represented by an ordered list of authenticators configured in the domain.

You use the Enterprise Roles page to group users that you add to the identity store. You can use this mechanism to assign entire groups of users to application roles that you have defined for the purpose of conferring access rights defined by ADF security policies. However, Integrated WebLogic Server does not require you to create enterprise roles to run the application within JDeveloper. For the purpose of testing the application, it is sufficient to create a few test users and assign them directly to application roles.

Ultimately, when you deploy an application for staging outside of JDeveloper, you migrate the policy store to the target server.

3. Click to the right of Roles again and select Add New Role > at Root Level. Enter staff as the name of the additional role. Repeat to add another new role, supplier.

   

4. Click the Users tab, then click to the right of Users to add a new user. Enter dfaviet as the name and welcome1 in the Password and Confirm Password fields.

   

5. Click to the right of Assigned Roles and choose Assign Application Role. Select customer from the Select Application Roles dialog and click OK.

   
   
   

6. Click to the right of Users. Enter sking as the name and welcome1 in the Password and Confirm Password fields.

7. Click to the right of Assigned Roles and choose Assign Application Role. Select staff from the Select Roles dialog and click OK.

8. Repeat the previous two steps to create a third user. Enter achen as the name and welcome1 as the password. Select supplier as the application role.
   
   The Users page shows the assigned role for the selected user.

   
When you add an application role to the policy store, JDeveloper updates the jazn-data.xml file. Read more... Because the policy store element names the application, at runtime all application roles that you create will be visible to your application only.

For the purpose of testing the application, it is sufficient to create a few test users and assign them directly to application roles.

1. In the overview editor, select the Resource Grants navigation tab.

A resource grant is an access right that you define to allow users to access a resource in your application. You can define resource grants for web pages and task flows. Read more...

In this application, you will define resource grants in the Fusion web application for resource instances associated with web pages to make web pages accessible to users.

To begin defining resource grants you will open the Web Page page of the overview editor for jazn-data.xml.

2. In the overview editor for jazn-data.xml, select Web Page from the Resource Type dropdown.

   

3. In the Resources list, select products, then click to the right of Granted To and choose Add Application Role. Select authenticated-role and click OK.

   
   
   
It is a common requirement that some web pages be available to all users, regardless of their specific access privileges. Read more... For example, the home or welcome page should be seen by all visitors to the site, while a corporate site should be available only to those who have identified themselves through authentication.

In both cases, the page may be considered public, because the ability to view the page is not defined by the users' specific permissions. Rather, the difference is whether the user is anonymous or a known identity.

In the Oracle ADF Security model, you differentiate between the absence of security and public access to content by granting access privileges to the anonymous-role principal. The anonymous role encompasses both known and anonymous users, thus permission granted to anonymous-role allows access to a resource by unauthenticated users, for example, guest users. To provide access to authenticated users only, the policy must be defined for the authenticated-role principal.

Roles are selected in the Select Roles dialog.

4. In the Resources list, select stock, then click to the right of Granted To and choose Add Application Role. Select supplier and click OK.
   
   The Resource Grants page should now look like this:

   
Each time you create a new bounded task flow or ADF page definition file in your user interface projects, the new resource instance will be visible in the Resource Grants page. Read more... You use the overview editor to define security policies for resources associated with web pages for the entire application. You can also use the overview editor to sort resource instances and easily view those that have no security policy yet defined.

In the development environment, this is the jazn-data.xml file. After you configure the jazn-data.xml file using the editors, you can run the application in Integrated WebLogic Server and the contents of the policy store will be added to the domain-level store, the system-jazn-data.xml file, while the test users will be migrated to the embedded LDAP server that Integrated WebLogic Server uses for its identity store. The domain-level store allows you to test the security implementation by logging on as test users that you have created.

1. In the Application Navigator, expand ViewController and Web Content, and double-click productTemplate.jsf to open it in the visual editor.

In this step you will add a link to your page template that allows users to log in and log out of your application, and text to display the name of the current user. Read more...

You will also add two icons to your page, to indicate whether or not the user is logged in. You can use key.png (for not logged in) and listLockIcon.png (for logged in) from jdev_home\jdeveloper\ide\lib\oicons.jar.

You will use the Property Inspector and Expression Builder to enter the syntax that determines what is rendered.

2. In the Component Palette, ADF Faces page, Layout panel, drag Panel Group Layout and drop it below the Product Information title in the visual editor. In the Property Inspector, select horizontal from the Layout dropdown list.

   

3. In the Component Palette, Text and Selection panel, drag and drop Output Text (Formatted) into the panel group layout you just added.

4. In the Property Inspector, select Expression Builder from the Rendered context menu.

   

5. In the Expression builder, expand ADF Bindings and securityContext and select authenticated. Confirm that #{securityContext.authenticated} is the expression and click OK.

   

6. In the Property Inspector, select Expression Builder from the Value context menu. In the Expression field, enter Welcome followed by a space. Expand ADF Bindings and securityContext and select userName. Confirm that Welcome #{securityContext.userName} is the expression and click OK.

   

7. In the Property Inspector, expand the Style section, select the Text tab, and select White from the Color dropdown list, small from the Font Size dropdown list, and bold from the Font Weight dropdown list.

8. In the Component Palette, General Controls panel, drag and drop Image to the right of the output text you just modified. (You should see the target box Panel Group Layout - horizontal.) In the Insert Image dialog, click the Source dropdown arrow (on the right) and then click Edit on the context menu.

   

9. Browse to jdev_home\jdeveloper\ide\lib\oicons.jar\oracle\javatools\icons, select key.png then click OK. Click Yes to copy the image to the resources directory, click Save to save it, then click OK.

10. In the Property Inspector of the image component, select Reset to Default from the Source context menu.
    
    This clears the field without removing the image file from the project.

11. In the Property Inspector of the image component, from the Source context menu again, select Edit. Browse to jdev_home\jdeveloper\ide\lib\oicons.jar\oracle\javatools\icons, select listLockIcon.png and click OK, then click Yes and Save to copy the image into your project. Then enter #{securityContext.authenticated ? resource['images:listLockIcon.png'] : resource['images:key.png']} in the Source field of the Property Inspector.

    
The conditional expression entered for the image sets the image to show a different icon depending on whether you are authenticated (logged in) or not. You selected an image source file twice to copy two image files into your project. Read more...

The conditional expression entered in the next step for the Go Link sets the text of the link to Logout if the user is authenticated, Login if not.

This expression sets the destination of the link to call the ADF authentication servlet, which is the standard way to handle login and logout. Different parameters are passed depending on which action is required: logout if the user is authenticated (logged in); and login if the user is not authenticated. The login action automatically redirects to the login page, then to the page specified by the success_url parameter (products.jsf in this case). The logout action redirects to the page specified by the end_url parameter (welcome.jsf).

12. In the Structure window, select the af:image component you added in the previous step. In the Component Palette, General Controls panel, drag and drop Link (Go) below the af:image component in the Structure window so that it appears to the right of the image in the page.

    

13. In the Property Inspector, enter #{securityContext.authenticated ? "Logout" : "Login"} in the Text field. Then enter the following in the Destination field:
    #{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/welcome.jsf"
: "/adfAuthentication?success_url=/faces/products.jsf"}

    

14. Expand the Style section, select the Text tab, and select White from the Color dropdown list, small from the Font Size dropdown list, and bold from the Font Weight dropdown list.
    
    The productTemplate.jsf page now looks similar to this in the visual editor:

    

15. In the editor window, click the adfc-config.xml tab to bring the diagram forward. Right-click the welcome page icon and choose Run.
    
    When you run the application, the first page should look similar to this page in your browser:

    
In the running application, select Login. On the Login page that displays, enter the username achen and the password welcome1, then click Submit. Read more...



Notice that the Welcome message now displays below the page title, and the icon and the text next to the icon have changed. The contents of the products page also display:



Click stock to view the stock page.



Log out and log in again, this time as dfaviet. Then select the stock link. You will see an authentication exception, because dfaviet is a customer and doesn't have permission to access the stock page.

1. Click the products.jsf tab to bring the page to the front in the editor window, and select the label for the Cost Price field.

   
In this step, you add conditional logic to hide the menu links for pages that the current user is not permitted to access. Read more... You also use conditional logic to hide the Cost Price field in the products.jsf page, so that only staff can view that field.

The expressions are entered in the Expression Builder, which you open from the Property Inspector.

2. In the Property Inspector, confirm that the Panel Label and Message component is shown, then select Expression Builder from the Rendered context menu. Enter #{securityContext.userInRole['staff']} in the Expression field and click OK.

   
Menu items and page components are hidden in this application through the use of the following three expressions: Read more...

#{securityContext.userInRole['staff']}

This expression sets the Rendered property to true if the user has "staff" as one of their roles. In other words, the field will only be displayed to staff.

#{securityContext.authenticated}

We allow all authenticated users to access the products page, so we are going to display the link only to authenticated users.

#{securityContext.regionViewable['view.pageDefs.stockPageDef']}

This expression causes the link to be rendered only if the stock page (or more correctly its page def file) is viewable in the current security context.

3. In the editor window, click the productTemplate.jsf tab to bring the page to the front, and select the products link on the left.

   

4. In the Property Inspector, select Expression Builder from the Rendered context menu. Enter #{securityContext.authenticated} in the Expression field and click OK.

   

5. Select the stock link in the page, and select Expression Builder from the Rendered context menu. Enter #{securityContext.regionViewable['view.pageDefs.stockPageDef']} in the Expression field and click OK.

   

6. In the editor window, click the adfc-config.xml tab to bring the diagram forward. Right-click the welcome page icon and choose Run.
   
   The welcome.jsf page should now look like this in your browser before you log in:

   
In the running application, log in as each user and verify that: Read more...

• The products and stock links are not displayed if you're not logged in.

• The stock link is not displayed unless you are logged in as achen.

• In the products page, the Cost Price field is not displayed unless you are logged in as sking.

In this tutorial you created a small Fusion Web Application and then configured ADF security. You learned how to:

• Create an ADF task flow, a template for all the pages in the application, and starter pages based on the template.
• Use the Configure ADF Security wizard to enable security in the application.
• Define users, roles and grants for application resources.
• Use the Expression Builder to add login links to the login page, and add conditional logic to the application.

To learn more about enabling security and Fusion Web Applications, refer to:

• "Enabling ADF Security in a Fusion Web Application" in Fusion Developer's Guide for Oracle ADF
• Developing Rich Web Applications With Oracle ADF
• Web User Interface Developer's Guide for Oracle ADF