Declarative Security in JDeveloper/ADF 11g ~ Domain Portal

In JDeveloper 11g, with a help of Oracle ADF framework you can in easy and straightforward way add security to your application. And this way is based on declarative approach, no coding is needed. Main goal of this post is not to describe about how to configure security, but more about how it can be applied in your applications.

Let's take a case when there is a requirement to open the same form in different modes (editable/read-only) for users with different sets of roles assigned. With JDeveloper 11g you can implement this requirement in 3 quick steps. I will describe those steps here, also you can download developed sample application - DeclarativeSecurity.zip. In order to run this sample, you need to have standard HR schema in your database. Additionally, you need to use this system-jazn-data.xml file, where two users are defined - john (managers) and scott (clerks). For both users password - welcome is defined.

Three steps you need to use in order to implement declarative security:

1. Entity Object level security

This step will allow to secure row data. In Entity Object wizard, define Security Operation Mapping. I have secured two standard Actions - Update and Delete for Jobs Entity:

When security options are defined, specify authorization for Jobs Entity. In my sample, I allowed Update and Delete actions only for users with managers role:

2. Page Definition level security

In this step we will secure Actions defined in Page Definition:

Example of Security definition for Delete action:

In Authorization settings, I have specified Delete action availability only for managers role:

3. Expression Language

And last step is to specify using EL, disabled property for button component. This will allow to have button in disabled state, when user is not authorized to perform associated action. EL expression is pointing to Action security in Page Definition: