1. Oracle Visual Builder Page Model Reference
  2. Understand the Page Model
  3. Security
  4. Security Provider

Security Provider

Security for an application is enabled using a pluggable mechanism called Security Providers.

In the application model, app-flow.json, you can specify a "userConfig" element. The userConfig element selects which Security Provider to use and how to configure it:

Example of an entry in app-flow.json to specify the Security Provider

"userConfig": {
  "type": "vb/DefaultSecurityProvider",
  "configuration": {
    "url": "url to some security api"
  }
}

A Security Provider takes a configuration object with a url. The url property should point to a REST API. It must be possible to retrieve the current Security Provider configuration via this REST API. The configuration contains user information and configuration information such as loginUrl and logoutUrl.

A Security Provider performs the following functions.

Function Description
fetchCurrentUser(config) Fetch the configuration from the url and initialize the userInfo property as well as the loginUrl and logoutUrl properties.
static getUserInfoType() Return an object describing the type of the user info.
isAccessAllowed(type, path, accessInfo Check if the current user can access a resource with the given access info. If the user is not authenticated, this method returns false. Otherwise, if the user role is one of the roles in accessInfo, or if the user permission is one of the permissions in accessInfo, then the method returns true.
handleLoadError(error, returnPath) This function is called by the client when an error occurs while loading a page. It attempts to handle the load error for a Visual Builder artifact, and returns true if it does.
handleLogin(returnPath) Handle the user login process. Redirects to the login page using the login URL given by the security provider configuration. If defined, the returnPath is added to the login URL using the query parameter name. This is defined in the 'returnPathQueryParam' property of the SecurityProvider class.
handleLogout(logoutUrl) Handle the user logout process. The default implementation navigates to the URL defined by the logoutUrl argument. If the logoutUrl argument is not defined, it uses the logoutUrl of the SecurityProvider configuration.