Adding authentication means that users must be authenticated (usually by a login form) before they can access the application. Authorization determines which parts of an application users can access once they are in the application.
When you run the wizard with the default option selected, your application will enforce authorization for ADF security-aware resources. Enforcing authorization for ADF resources means that you intend to define security policies for these resources to make the web pages of your application accessible. Until you do so, all pages that rely on the ADF bounded task flows and ADF page definitions will remain protected.
The other two wizard options to configure Oracle ADF Security should not be used when you want to enable ADF Security. Those options allow you to temporarily disable Oracle ADF Security and run your application without security protection.
ADF Authentication and Authorization (default) enables the ADF authentication servlet so that you can redirect to a configured web page when the user logs in and logs out. This option also enables ADF authorization to enforce permission checking against security policies that you define for ADF resources. This option assumes that you will define application roles and assign explicit grants to those roles to manage access to ADF security-aware resources.
In the second step, you will choose the authentication type.
The first three Authentication options enable you to specify browser authentication, digest authentication, or client-side authentication, respectively.
Form-Based Authentication allows you to specify a user-written HTML form for authentication. Selecting the
Generate Default Pages option cause JDeveloper to generate a default form-based login page named
The wizard-generated login and error pages are HTML pages that are added to the top-level folder of your user interface project,
ViewController. The generated login page defines a form with the standard
j_security_check action. The form takes the user name and password as input to the
j_SecurityCheck method within the container's security model.
Copyright © 1997, 2009, Oracle. All rights reserved.