In the rest of the steps in this cue card, you will use the
jazn-data.xml overview editor to secure the view operation on ADF resources with Java Authentication and Authorization Service (JAAS).
Oracle ADF Security is based on JAAS, that is, security policies identify the principal (the user or application role), the ADF resource (for example, bounded task flow), and the permission (an operation defined by the resource's ADF permission class). It is the security policy on the ADF resource that controls the application user's ability to enter a task flow or view a web page. An application role represents the security policy requirements and defines groups of users with the same view permission rights.
When you develop secure Fusion Web applications in JDeveloper, the
jazn-data.xml file is created automatically when you run the Configure ADF Security wizard, and the application security policy,
CustomizeApp, is also automatically added for you.
When you use the
jazn-data.xml overview editor to add or edit a configuration, JDeveloper updates the
jazn-data.xml file for you. The
jazn-data.xml file supports easy testing in JDeveloper yet remains compatible with deployment to your production environment. When you finish configuring the
jazn-data.xml file using the editor, you can run the application in Integrated WebLogic Server and the contents of the policy will be added to the domain-level store, the
Copyright © 1997, 2009, Oracle. All rights reserved.