About Entitlement Grants in ADF Security of JDeveloper 11.1.1.4

Oracle JDeveloper 11.1.1.4 comes with a new ADF Security feature called "entitlement grants". This has nothing to do with Oracle Entitlement Server (OES) but is the ability to group resources into permission sets so they can be granted with a single grant statement. For example, as good practices when organizing your projects, you may have grouped your bounded task flows by functionality and responsibility in sub folders under the WEB-INF directory. If one of the folders holds bounded task flows that are accessible to all authenticated users, you may create an entitlement grant allAuthUserBTF and select all bounded task flows that are accessible for authenticated users as resources. You can then grant allAuthUserBTF to the authenticated-role so that with only a single grant statement all selected bounded task flows are protected.

<permission-sets>
        <permission-set>
            <name>PublicBoundedTaskFlows</name>
            <member-resources>
              <member-resource>
                <resource-name>
                     /WEB-INF/public/home-btf.xml#home-btf
                </resource-name>
                <type-name-ref>TaskFlowResourceType</type-name-ref>
                <display-name> ... </display-name>
                <actions>view</actions>
              </member-resource>
              <member-resource>
                <resource-name>
                        /WEB-INF/public/preferences-btf.xml#preferences-btf
               </resource-name>
                <type-name-ref>TaskFlowResourceType</type-name-ref>

                <display-name>...</display-name>
                <actions>view</actions>
              </member-resource>
            </member-resources>
          </permission-set>
  </permission-sets>

The grant statement for this permission set is added as shown below

<grant>
  <grantee>
    <principals>
       <principal>
            <name>authenticated-role</name>
            <class>oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl</class>
        </principal>
      </principals>
    </grantee>
    <permission-set-refs>
        <permission-set-ref>
           <name>PublicBoundedTaskFlows</name>
        </permission-set-ref>
     </permission-set-refs>
</grant>

Comments:

Post a Comment:
Comments are closed for this entry.
About

The Oracle JDeveloper forum ranks in the Top 5 of the most active forums on the Oracle Technology Network (OTN).



The OTN Harvest blog is a summary of selected topics posted on the OTN Oracle JDeveloper forum.



It is an effort to turn knowledge exchange into an interesting read for developers who enjoy little nuggets of wisdom





Frank Nimphius

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today