Skip Headers
Oracle® Application Development Framework Developer's Guide For Forms/4GL Developers
10g (10.1.3.1.0)
Part Number B25947-01
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

30.4 Configuring the ADF Business Components Application to Use Container-Managed Security

When you want to work with security in an Oracle ADF Business Components application, the ADF Business Components application module must be enabled to recognize the authenticated user. This will permit the application to create the application module based on the presence of an authenticated user. If the user attempts to login and is not authenticated, no application module will be created for the session.

30.4.1 How to Configure Security in an Oracle ADF Business Components Application

To enable security in an Oracle ADF Business Components application, you must edit the jbo.security.enforce property of the application modules configuration (maintained in the bc4j.xcfg file). The jbo.security.enforce property set to Must specifies that an authenticated user must be logged in before the application module will be created. This is a requirement for any business components application that will work with container-managed security.

To configure security for Oracle ADF Business Components:

  1. In the Application Navigator, expand the data model project and located the application module node.

  2. Right-click the application module node and choose Configurations.

  3. In the Configuration Manager, select the configuration for your application and click Edit.

  4. In the Oracle Business Components Configuration dialog, select the Properties tab.

    The dialog display the full list of ADF Business Components configuration properties. The security properties begin with jbo.security.

  5. Scroll to locate the jbo.security.enforce property and enter the value Must.

  6. Click OK to close the dialogs and save the configuration changes.

Figure 30-6 shows the application module configuration SRServiceLocal and security property as they appear in the SRDemo application for ADF Business Components.

Figure 30-5 ADF BC Configuration Dialog, Properties Panel

Sample login page from the SRDemo application.

In order to use the JAZN realm in an ADF Business Components application, you must export the BC4J Security library to your user interface project. This will ensure that the jazn.jar is available to the user interface project at runtime. Without this library defined, an exception such as NullPointerException in JboJAZNUserManager.isUserInRole() will be returned when your application attempts to verify the logged in user.

To add required libraries for ADFBC Security to the user interface project:

  1. In the Application Navigator, right-click the user interface project and choose Project Properties.

  2. In the Project Properties dialog, select Libraries to view the list of available libraries.

  3. Scroll to locate BC4J Security and make sure that Export is enabled.

  4. Click OK to close the dialog and save the setting.

Figure 30-6 shows the BC4J Security library as it should appear for the user interface project.

Figure 30-6 Project Properties Dialog, Libraries Panel

Sample login page from the SRDemo application.

30.4.2 What Happens When You Configure Security in an ADF Business Components Application

The jbo.security.enforce property in the ADF Business Components application module's configuration settings when set to Must requires the application module to obtain an authenticated user principal from the SecurityContext before the application module is created for the specified configuration.

30.4.3 What You May Need to Know About the ADF Business Components Security Property

The security mechanism provided by ADF Business Components can be combined with ADF Security when you want to want to configure security constraints against the adfAuthentication servlet. You enable ADF Security when you want to grant authorization permissions to ADF binding objects in the application. For details about the authorization features provided by ADF security, see Section 30.7, "Implementing Authorization Using Oracle ADF Security".


Tip:

Starting in JDeveloper 10.1.3.1 maintenance release, you need only set the ADF Security property authorizationEnforce to true and you will automatically enable security in an ADF Business Components application. In this case, the jbo.security.enforce property is not required.

When you enable ADF Security in an ADF Business Components application, the application module obtains the principal from the security context under the ADF context instead of the JAAS security context. For details about enabling ADF servlet authentication, see Section 30.3.3, "How to Enable Oracle ADF Authentication".

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Contact Us