tell me more icon Security Policy and Application Roles

In the rest of the steps in this cue card, you will use the jazn-data.xml overview editor to secure the view operation on ADF resources with Java Authentication and Authorization Service (JAAS).

Oracle ADF Security is based on JAAS, that is, security policies identify the principal (the user or application role), the ADF resource (for example, bounded task flow), and the permission (an operation defined by the resource's ADF permission class). It is the security policy on the ADF resource that controls the application user's ability to enter a task flow or view a web page. An application role represents the security policy requirements and defines groups of users with the same view permission rights.

When you develop secure Fusion Web applications in JDeveloper, the jazn-data.xml file is created automatically when you run the Configure ADF Security wizard, and the application security policy, CustomizeApp, is also automatically added for you.

jazn-data editor, Application Roles page

When you use the jazn-data.xml overview editor to add or edit a configuration, JDeveloper updates the jazn-data.xml file for you. The jazn-data.xml file supports easy testing in JDeveloper yet remains compatible with deployment to your production environment. When you finish configuring the jazn-data.xml file using the editor, you can run the application in Integrated WebLogic Server and the contents of the policy will be added to the domain-level store, the system-jazn-data.xml file.

Copyright © 1997, 2009, Oracle. All rights reserved.

false ,,,,,,,,,,,,,,,