Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
web.xml :
weblogic.xml :
This file is used as the deployment descriptor for the web application deployed in
the WebLogic server. The security role is assigned in the weblogic.xml file, which
is located in the same folder as that of the web.xml file, using the following code:
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>users</principal-name>
</security-role-assignment>
adf-config.xml :
The runtime configurations for the ADF web application are added to this file. The metadata
for the UI page is configured using adf-config.xml. The JaasSecurityContext element is
added. The authorizationEnforce and authenticationRequire options will be set to true for
the property using the following code:
<sec:JaasSecurityContext initialContextFactoryClass="
oracle.adf.share.security.JAASInitialContextFactory"
jaasProviderClass="oracle.adf.share.security.providers.jps.JpsSecurity Context"
authorizationEnforce="true" authenticationRequire="true"/>
jps-config.xml :(Java Platform Security)
The security service is provided and the service instances are defined in this file.
Oracle Platform Security Services (OPSS) are defined for different security stores.
Credential Store Service Provider , Login Module Service Provider ,
XML-based IdStore Provider , XML-based PolicyStore Provider , and Anonymous
Service Provider are the service providers added to the file.
Different login modules are added. The equivalent file in the WebLogic server is used for
security.
jazn-data.xml :
This file is primarily a policy store. The default security realm (jazn.com) is added to this
file in the same folder. The security realm is determined by the file in the WebLogic server
domain using the following code:
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
</realm>
</jazn-realm>
Security permissions :
1. Security permissions for an ADF web application are given to
business objects, task-flows, pages, and page fragments.
2. Pages and page fragments are protected through the respective page definition files.
Permission class of protectedjsp-oracle.adf.share.security.authorization.RegionPermission
Permission class of task-flow-oracle.adf.controller.security.TaskFlowPermission
Security option is available in the General section for the Entity object.
There are 3 operations for an entity. They are read, update, removeCurrentRow.
These operations are enabled based on the security requirement.
We can apply security for the Entity attribute from the Security section.
Ex: Only the update operation is available as a security option for the attribute Deptno.
Security for task Flows, web pages, and page definition files is configured in the
jazn-data. xml file.