About Entitlement Grants in ADF Security of JDeveloper 11.1.1.4

Posted by frank.nimphius on Oracle Blogs See other posts from Oracle Blogs or by frank.nimphius
Published on Sun, 16 Jan 2011 01:56:21 +0000 Indexed on 2011/01/16 2:56 UTC
Read the original article Hit count: 420

Filed under:

Oracle JDeveloper 11.1.1.4 comes with a new ADF Security feature called "entitlement grants". This has nothing to do with Oracle Entitlement Server (OES) but is the ability to group resources into permission sets so they can be granted with a single grant statement. For example, as good practices when organizing your projects, you may have grouped your bounded task flows by functionality and responsibility in sub folders under the WEB-INF directory. If one of the folders holds bounded task flows that are accessible to all authenticated users, you may create an entitlement grant allAuthUserBTF and select all bounded task flows that are accessible for authenticated users as resources. You can then grant allAuthUserBTF to the authenticated-role so that with only a single grant statement all selected bounded task flows are protected.

<permission-sets>
        <permission-set>
            <name>PublicBoundedTaskFlows</name>
            <member-resources>
              <member-resource>
                <resource-name>
                     /WEB-INF/public/home-btf.xml#home-btf
                </resource-name>
                <type-name-ref>TaskFlowResourceType</type-name-ref>
                <display-name> ... </display-name>
                <actions>view</actions>
              </member-resource>
              <member-resource>
                <resource-name>
                        /WEB-INF/public/preferences-btf.xml#preferences-btf
               </resource-name>
                <type-name-ref>TaskFlowResourceType</type-name-ref>

                <display-name>...</display-name>
                <actions>view</actions>
              </member-resource>
            </member-resources>
          </permission-set>
  </permission-sets>

The grant statement for this permission set is added as shown below

<grant>
  <grantee>
    <principals>
       <principal>
            <name>authenticated-role</name>
            <class>oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl</class>
        </principal>
      </principals>
    </grantee>
    <permission-set-refs>
        <permission-set-ref>
           <name>PublicBoundedTaskFlows</name>
        </permission-set-ref>
     </permission-set-refs>
</grant>

© Oracle Blogs or respective owner

Related posts about ADF Security