Sunday, 9 June 2013

Enable the ADF Security

1)Declarative security support for ADF resources, such as the bounded task flow.

With Oracle ADF Security, you can control whether or not the user can enter a task flow. Thus, a single security policy for a task flow can control access to multiple web pages.


2)Simplified permission assignment using application roles that allow for the inheritance of permissions

While Java EE security roles that are used by Java EE security constraints are flat, JAAS permissions are granted to application roles, which can be nested and may be mapped to enterprise roles that the Oracle WebLogic Server domain defines.



3)Utility methods for use in EL expressions to access ADF resources in the security context

You can use the Oracle ADF Security EL expression utility methods to determine whether the user is allowed to perform a known operation. For example, you can determine whether the user is allowed to view a particular task flow.
Steps :
1.Enable Oracle ADF Security for the application:
(a)From the Application menu, choose Secure > Configure ADF Security.
(b)In the ADF Security page, leave the default ADF Authentication and Authorization option selected. Click Next.
(c)In the Authentication Type page> select the authentication type that you want your application to use when the user submits their login information. Click Next.
Select Form-based Authentication, you can also select Generate Default Pages to allow the wizard to generate a default login and error page.
(d)In the Automatic Policy Grants page, leave the default No Automatic Grants option selected. Click Next .

(e)In the Authenticated Welcome page, select Redirect Upon Successful Authentication to direct the user to a specific web page after they log in. Click Next. Then Finish.

2)Creating Application Roles
You create application roles to represent the policy requirements of the application and to define groups of users with the same view permission rights.
(a)Choose Secure > Application Roles from the Application menu in the JDeveloper.


b)Select Add New Role in the Application Roles tab. Provide the name for Role(eg: Admin)
When you add an application role to the policy store, JDeveloper updates the jazn-data.xml file located in the src/META-INF folder relative to the application workspace.

(c)Add users to the newly created Roles


Create the User and select the check box. Click OK.

3)Grant public access to ADF security-aware resources
In the Resource Grants overview editor, click one of the following Resource Type :
Task Flows when you want to make a bounded task flow public. The application displays the web pages under the permission you define for the task flow itself. Thus, all constituent web pages of the bounded task flow will become public.

Web Pages when you want to make individual web pages public. Typically, these pages are defined by an unbounded task flow and are top-level pages in the application, such as a home page.

Add required Application role or User to the TF or web page.

Use EL to specify viewable components on the Page. For Eg:
For login/logout Link:
Text: #{securityContext.authenticated ? "Logout" : "Login"}
Destination: #{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/IndexPage.jspx" : "/adfAuthentication?success_url=/faces/IndexPage.jspx"}

Use EL to configure rendered property of Button/Link for particular Role. For Eg:


#{securityContext.UserInRole['Admin']}
OR
#{securityContext.UserInRoles['Admin','Staff']}

4)Security can be bestowed upon Entity object attributes too.




Once security is enabled, you need to associate roles to it, or no one will be able to edit this attribute.


When 'Edit Authorization' is clicked jazn-data.xml is opened where you can configure the roles for the attributes to be modifiable.
On the starting Page of your Application , to enable view for all users(anonymous), configure the role as 'Anonymous User' for the landing page as follows:



#{securityContext.taskflowViewable['SomeTaskFlow']}:Returns true if the user has access to the specific SomeTaskFlow task flow

#{securityContext.regionViewable['SomePageDef']}:Returns true if the user has access to the specific SomePageDef page definition file associated with a page.

#{securityContext.userName}:
Returns the authenticated user's username.

#{securityContext.authenticated}:Returns true if the user has been authenticated.

#{securityContext.userInAllRoles['roleList']}:Returns true if user has roles in the comma seperated rolesList assigned.

Saturday, 8 June 2013

Table Pagination with JDeveloper 11.1.1.7



One of the new features listed for JDeveloper 11.1.1.7 is pagination for tables, a frequently requested and long awaited feature (http://www.oracle.com/technetwork/developer-tools/jdev/index-088099.html). 
The tag documentation about this feature states that to switch pagination on you simply set the scrollPolicy property to page.Truth to be told, there is a little bit more for you to do.

1. You need to set the
autoHeightRows property to 0

2. You need to make sure the surrounding container provides a floating layout and doe not stretch (e.g. using a panelGroupLayout)

3. To bring the table into shape (full width) you then
set styleClass="AFStretchWidth"

All changes at a glance:

scrollPolicy="page" autoHeightRows="0" styleClass="AFStretchWidth"
Once you did this, the table renders as shown in the image below.

Friday, 7 June 2013

commiting the record from bean

In many situation we need to get binding container from our backingbean to execute some of the operation as ( Commit - Rollback - Next - Last - Execute With Param - ............. ) or get your Iterator to get some information as (get Current Row - get View Object - get number of row count - refresh iterator - .............. ) There are two way to get your binding container from backingbean :

1-BindingContainer bindngs=BindingContext.getCurrent().getCurrentBindingsEntry();
then you can use bindings object to execute some of binding operation as commit operation as:


OperationBinding operationBinding = bindings.getOperationBinding("Commit");
operationBinding.execute();


2- The second way to get binding container is to define a method that return binding container as :

private BindingContainer bindings;
public BindingContainer getBindings() {
if (this.bindings == null) {
FacesContext fc=FacesContext.getCurrentInstance();
this.bindings = (BindingContainer)fc.getApplication().evaluateExpressionGet(fc,"#{bindings}",
BindingContainer.class);
}
return this.bindings;
}

to get binding and execute a commit operation :
BindingContainer bindings = getBindings();
OperationBinding operationBinding = bindings.getOperationBinding("Commit");
Object result = operationBinding.execute();
if (!operationBinding.getErrors().isEmpty()) {
return null;
}

this is also use ful code when creating a button through managedbean


BindingContainer bindings = (BindingContainer)BindingContext.getCurrent().getCurrentBindingsEntry();
OperationBinding operationBinding = (OperationBinding)bindings.getOperationBinding("CreateInsert");
Object result = operationBinding.execute();
if (!operationBinding.getErrors().isEmpty())
{
FacesMessage fm = new FacesMessage(operationBinding.getErrors().get(0).toString());
fm.setSeverity(FacesMessage.SEVERITY_ERROR);
FacesContext context = FacesContext.getCurrentInstance();
context.addMessage(null, fm);
}