J2EE Container-Managed Authentication

It was quite long ago, but I still remember my first work with J2EE container-managed authentication. However, now it is more easy, authentication implementation using JDeveloper 10.1.3.1 becomes very simple thing. In fact, there is only two places where authentication related information must be declared to activate authentication process - jazn-data.xml and web.xml files. Below I will describe how to do this and also how to use this.

I have developed sample application - Authentication.zip, which use jazn-data.xml and web.xml files for the authentication logic implementation. This application is developed based on material available in Oracle Application Development Framework Developer's Guide 10.1.3 and Oracle Application Development Framework Tutorial 10.1.3.1. I have tried to aggregate information available in those documents and show how authentication can be used in ADF.

The first thing you should do when enabling authentication for your application is to declare users and their roles. In this sample, I'm using jazn-data.xml for embedded JDeveloper OC4J, to store users/roles. Detailed information about how to create jazn-data.xml and declare users/roles is available in Chapter 6 of Oracle Application Development Framework Tutorial 10.1.3.1.

When users/roles are declared in jazn-data.xml, edit your web.xml using JDeveloper wizard. Add there security roles as you have declared in jazn-data.xml, define security constraints, each constraint can have accessible URL Patterns and can be assigned to one or more roles. Final step is to define login configuration, in this sample I'm using HTTP Basic Authentication. Complete instructions about how to configure web.xml are available in Section 18.3.3 of Oracle Application Development Framework Developer's Guide 10.1.3.

For basic authentication it is enough to pass described two steps. However, if you want to use authentication related information for authorization implementation, you need to have a managed bean, this bean will acquire information from J2EE container and pass it through expressions to ADF Faces components. In my sample, information about user name and his roles is acquired in managed bean class constructor, managed bean also implements getter methods.

I'm using four users (all of them with 'welcome' password) and three roles:

1. alex (developer)
2. scott (tester)
3. diana (developer, tester)
4. john (manager)

Managed bean code for providing information about user and his roles is straightforward:


ADF Faces components can use authorization information in their properties through expressions like this - #{authRoles.manager}, where authRoles is a name of managed bean. Below I demonstrate results of using authorization information in ADF Faces components.

User with name 'diana' have two roles assigned, developer's and tester's panels will be displayed for her:


While to user 'john' is assigned only one role - 'manager', only manager's panel will be shown: