Saturday, August 2, 2014

SecurityContext TaskFlowViewabe in ADF

Many times in our ADF Applications, we create Module workspaces which are specific to module and use these workspaces as ADF Shared Libraries in the Master Application. Master application has JSPX pages which uses adf task flows from shared libraries as regions in them.

While enabling ADF Security and granting permissions, authorizations are given to only Pages and task flows. There are other components on the page which also requires authorizations. For example Widgets/Buttons/Headers ,they should be shown to the user only when they are authorize to.

So for the above said use case, most common solution is SecurityContext which is provided by ADF Framework. Below code is being set to rendered/visible property.

#{securityContext.userInRole['UserRoles']}



Using this approach has one big disadvantage. Using above approach, one has to hardcode all the user roles. e.g. #{securityContext.userInRole['Customer,Partner,Sales]}. So here if the user belongs to Customer, Partner or Sales, this condition will be true. Till this it is fine but what about if there are 10 roles which needs to have access. Developer has to add these 10 roles in UserRoles. Also what if the requirement comes that in addition to these 10 roles, another 5 roles needs to be added. 
Secondly , every time there is a role addition/removal source code needs to be modified. JSPX tags needs to be modify and application needs to be build again.

So a better way to this is by using :   #{securityContext.taskflowViewable[]}.

This actually means that all the UserRoles which have authorization to the task flow defined in taskflowViewable['taskFlow Id'] will be having authorization to this component. So all the 'taskFlow Id' replaces all the UserRoles which have permissions to this task flow.

The syntax for this is :
#{securityContext.taskflowViewable['/WEB-INF/testTaskFlow.xml#testTaskFlow']}
where /WEB-INF/testTaskFlow.xml#testTaskFlow is the name defined in jazn-data.xml.




Lets Create a use case in Jdev and use taskFlowViewable:

Created a simple ADF Application with a task flow - testTaskFlow. This task flow has one default View Activity.


The default view activity just has a output text "Default View Activity".



Set up ADF Security and created three Roles - AdminRole, SalesRole and PartnerRole. Then created three users admin, sales and partner associated with three roles respectively.

Next gave permissions to testTaskFlow in jazn-date.xml Resource Grants. AdminRole and SalesRole have been given permission to this task flow. 


Next created a jspx page - Taskflowviewable.jspx. Dragged testTaskFlow as region. Added a command button. Now command button needs to be rendered only when task flow is rendered i.e. for users associated with SalesRole and AdminRole and not for PartnerRole. 
So rendered property of command button is set to taskFlowViewable[] .

rendered="#{securityContext.taskflowViewable['/WEB-INF/testTaskFlow.xml#testTaskFlow']}"



Thats it. Lets run the application and login with SalesRole user.

The command button will be rendered because sales user belongs to SalesRole which has permission to testTaskFlow in jazn-data.xml.



Now lets login with partner user.

The command button will not be rendered because partner user belongs to PartnerRole which do not have permission to testTaskFlow in jazn-data.xml.


So you can see using taskFlowViewable on SecurityContext can decouple your jspx code from security roles and how useful it is.

Happy Learning !!



4 comments:

  1. Very informative and useful post. Was looking for this..

    Thanks

    ReplyDelete
  2. I am glad you liked the post.

    Thanks
    Rohan

    ReplyDelete
  3. CIITN is located in Prime location in Noida having best connectivity via all modes of public transport. CIITN offer both weekend and weekdays courses to facilitate Hadoop aspirants. Among all Hadoop Training Institute in Noida , CIITN's Big Data and Hadoop Certification course is designed to prepare you to match all required knowledge for real time job assignment in the Big Data world with top level companies. CIITN puts more focus in project based training and facilitated with Hadoop 2.7 with Cloud Lab—a cloud-based Hadoop environment lab setup for hands-on experience.

    CIITNOIDA is the good choice for Big Data Hadoop Training in NOIDA in the final year. I have also completed my summer training from here. It provides high quality Hadoop training with Live projects. The best thing about CIITNOIDA is its experienced trainers and updated course content. They even provide you placement guidance and have their own development cell. You can attend their free demo class and then decide.

    Hadoop Training in Noida
    Big Data Hadoop Training in Noida

    ReplyDelete