oracle.apps.fnd.applcore.dataSecurity.util
Class FNDEcsfSecurityPlugin

java.lang.Object
  oracle.ecsf.impl.DefaultSearchPlugin
      oracle.apps.fnd.applcore.dataSecurity.util.FNDEcsfSecurityPlugin

All Implemented Interfaces:

oracle.ecsf.Securable

public class FNDEcsfSecurityPlugin
extends oracle.ecsf.impl.DefaultSearchPlugin

This class serves as a bridge to enable ApplCore Grants based data security rules defined in the transactional system to be applied to ECSF-SES framework for search feature. Search feature in Applications is implemented using ECSF/SES. Search VOs are defined in ECSF. This plugin can be used as the Security Plugin in ECSF for Search VO. In SES, documents are secured with ACLs at searchable object level. For example, each invoice will be formed as a document to be stored and indexed by SES with one or more ACLs. At query time, for a given user, a set of keys for each ACL must match with the ACLs of a document in order for the document to show in the results. While there are significant differences in terms how the security rules are enforced between SES and Database, which ApplCore Data Security operates on, there are many cases where rules defined in Data security can be mapped to SES, hence used for secure searchable objects in SES. The ApplCore SES security plug-in is meant to enforce those rules, and help Applications streamline their security plugin development for Search. The following is the high level feature list that will be supported by ApplCore Plugin: A searchable object is secured by: 1. creator or owner - this rule basically means whoever creates the record can view the record 1. by extending this applcore security plugin, managers of creator/owner can view records created/owned by their directs. 2. MOAC - this rule means a person can view the document based on the list of Organization Units he has access to for a given privilege. 3. static filters - this rule means any data set that can be defined via a simple static filter, for example, amount < 50000 The plugin can be used only where the Data Security rules are defined in the form of Filters. If the security rules are defined as SQL Predciates, they are ignored by the plugin. The filter must be static (no dynamic context, but for currentUserGuid expression). In the case of MOAC, the data security rules may be in the form of SQL Predicates or Filters. The filters may be static or dynamic. This is handled as a special case. There are no restrictions for MOAC use case. The plugin implements 2 key methods to generate ACL and Keys. It implements getAcl() and getSecurityKeys() methods. These methods handle the scenarios mentioned above. If your scenario does not fit into these patterns, you will have to implement a custom security plugin. The plugin also has a protected method to get the managers of creator/owner of the document. The default implementation returns null. If you want to have managers or creator/owner to be able to view the document, you should override the method getUserManagers() in this class. See http://aseng-wiki.us.oracle.com/asengwiki/display/ATG/ECSF+Data+Security+Plugin for more details about the plugin.

Field Summary

Fields inherited from interface oracle.ecsf.Securable

RCS_ID, RCS_ID_RECORDED

Constructor Summary

FNDEcsfSecurityPlugin()

Method Summary

protected void	gatherOrgAcl(oracle.ecsf.SearchContext ctx, oracle.ecsf.IndexableDocument indexableDocument, java.util.Vector acls)
protected void	gatherOrgKeys(oracle.ecsf.SearchContext ctx, DataSecurityAMImpl dam, java.util.Vector keys)
java.lang.String[]	getAcl(oracle.ecsf.SearchContext ctx, oracle.ecsf.IndexableDocument indexableDocument)
java.lang.String[]	getSecurityKeys(oracle.ecsf.SearchContext ctx)
protected java.util.Vector<java.lang.String>	getUserManagers(oracle.ecsf.SearchContext ctx, oracle.ecsf.IndexableDocument indexableDocument, DataSecurityAMImpl dam, java.lang.String userGuid)

Methods inherited from class oracle.ecsf.impl.DefaultSearchPlugin

getSecurableParams, getSecureAttrAcl, getSecureAttrKeys, isAclEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

FNDEcsfSecurityPlugin

public FNDEcsfSecurityPlugin()

Method Detail

getAcl

public java.lang.String[] getAcl(oracle.ecsf.SearchContext ctx,
                                 oracle.ecsf.IndexableDocument indexableDocument)

Specified by:

getAcl in interface oracle.ecsf.Securable

Overrides:

getAcl in class oracle.ecsf.impl.DefaultSearchPlugin

gatherOrgAcl

protected void gatherOrgAcl(oracle.ecsf.SearchContext ctx,
                            oracle.ecsf.IndexableDocument indexableDocument,
                            java.util.Vector acls)

gatherOrgKeys

protected void gatherOrgKeys(oracle.ecsf.SearchContext ctx,
                             DataSecurityAMImpl dam,
                             java.util.Vector keys)

getSecurityKeys

public java.lang.String[] getSecurityKeys(oracle.ecsf.SearchContext ctx)

Specified by:

getSecurityKeys in interface oracle.ecsf.Securable

Overrides:

getSecurityKeys in class oracle.ecsf.impl.DefaultSearchPlugin

getUserManagers

protected java.util.Vector<java.lang.String> getUserManagers(oracle.ecsf.SearchContext ctx,
                                                             oracle.ecsf.IndexableDocument indexableDocument,
                                                             DataSecurityAMImpl dam,
                                                             java.lang.String userGuid)