About Entitlement Grants in ADF Security of JDeveloper 11.1.1.4

Oracle JDeveloper 11.1.1.4 comes with a new ADF Security feature called "entitlement grants". This has nothing to do with Oracle Entitlement Server (OES) but is the ability to group resources into permission sets so they can be granted with a single grant statement. For example, as good practices when organizing your projects, you may have grouped your bounded task flows by functionality and responsibility in sub folders under the WEB-INF directory. If one of the folders holds bounded task flows that are accessible to all authenticated users, you may create an entitlement grant allAuthUserBTF and select all bounded task flows that are accessible for authenticated users as resources. You can then grant allAuthUserBTF to the authenticated-role so that with only a single grant statement all selected bounded task flows are protected.

<permission-sets>
        <permission-set>
            <name>PublicBoundedTaskFlows</name>
            <member-resources>
              <member-resource>
                <resource-name>
                     /WEB-INF/public/home-btf.xml#home-btf
                </resource-name>
                <type-name-ref>TaskFlowResourceType</type-name-ref>
                <display-name> ... </display-name>
                <actions>view</actions>
              </member-resource>
              <member-resource>
                <resource-name>
                        /WEB-INF/public/preferences-btf.xml#preferences-btf
               </resource-name>
                <type-name-ref>TaskFlowResourceType</type-name-ref>

                <display-name>...</display-name>
                <actions>view</actions>
              </member-resource>
            </member-resources>
          </permission-set>
  </permission-sets>

The grant statement for this permission set is added as shown below

<grant>
  <grantee>
    <principals>
       <principal>
            <name>authenticated-role</name>
            <class>oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl</class>
        </principal>
      </principals>
    </grantee>
    <permission-set-refs>
        <permission-set-ref>
           <name>PublicBoundedTaskFlows</name>
        </permission-set-ref>
     </permission-set-refs>
</grant>

Comments:

Post a Comment:
Comments are closed for this entry.
About

A blog on Oracle JDeveloper, ADF, MAF, MCS and other mobile and web topics inspired by questions and answers posted on the OTN forums.



Frank Nimphius

Search

Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today