Saturday, August 2, 2014

SecurityContext TaskFlowViewabe in ADF

Many times in our ADF Applications, we create Module workspaces which are specific to module and use these workspaces as ADF Shared Libraries in the Master Application. Master application has JSPX pages which uses adf task flows from shared libraries as regions in them.

While enabling ADF Security and granting permissions, authorizations are given to only Pages and task flows. There are other components on the page which also requires authorizations. For example Widgets/Buttons/Headers ,they should be shown to the user only when they are authorize to.

So for the above said use case, most common solution is SecurityContext which is provided by ADF Framework. Below code is being set to rendered/visible property.

#{securityContext.userInRole['UserRoles']}



Using this approach has one big disadvantage. Using above approach, one has to hardcode all the user roles. e.g. #{securityContext.userInRole['Customer,Partner,Sales]}. So here if the user belongs to Customer, Partner or Sales, this condition will be true. Till this it is fine but what about if there are 10 roles which needs to have access. Developer has to add these 10 roles in UserRoles. Also what if the requirement comes that in addition to these 10 roles, another 5 roles needs to be added. 
Secondly , every time there is a role addition/removal source code needs to be modified. JSPX tags needs to be modify and application needs to be build again.

So a better way to this is by using :   #{securityContext.taskflowViewable[]}.

This actually means that all the UserRoles which have authorization to the task flow defined in taskflowViewable['taskFlow Id'] will be having authorization to this component. So all the 'taskFlow Id' replaces all the UserRoles which have permissions to this task flow.

The syntax for this is :
#{securityContext.taskflowViewable['/WEB-INF/testTaskFlow.xml#testTaskFlow']}
where /WEB-INF/testTaskFlow.xml#testTaskFlow is the name defined in jazn-data.xml.




Lets Create a use case in Jdev and use taskFlowViewable:

Created a simple ADF Application with a task flow - testTaskFlow. This task flow has one default View Activity.


The default view activity just has a output text "Default View Activity".



Set up ADF Security and created three Roles - AdminRole, SalesRole and PartnerRole. Then created three users admin, sales and partner associated with three roles respectively.

Next gave permissions to testTaskFlow in jazn-date.xml Resource Grants. AdminRole and SalesRole have been given permission to this task flow. 


Next created a jspx page - Taskflowviewable.jspx. Dragged testTaskFlow as region. Added a command button. Now command button needs to be rendered only when task flow is rendered i.e. for users associated with SalesRole and AdminRole and not for PartnerRole. 
So rendered property of command button is set to taskFlowViewable[] .

rendered="#{securityContext.taskflowViewable['/WEB-INF/testTaskFlow.xml#testTaskFlow']}"



Thats it. Lets run the application and login with SalesRole user.

The command button will be rendered because sales user belongs to SalesRole which has permission to testTaskFlow in jazn-data.xml.



Now lets login with partner user.

The command button will not be rendered because partner user belongs to PartnerRole which do not have permission to testTaskFlow in jazn-data.xml.


So you can see using taskFlowViewable on SecurityContext can decouple your jspx code from security roles and how useful it is.

Happy Learning !!



4 comments: