Tuesday, September 3, 2013

ADF UI: Add Security to ViewController Project

  • Start the weblogic server from Application Server Navigator aside in jdeveloper.
  • Open http:\\127.0.0.1\console in your browser
  • Login to your weblogic server administration
  • From left aside go to Service -> DataSource -> New Generic DataSource
    • Keep defaults and enter you database connection 
  • From left aside go to Myrelam -> Providers tab -> New
    • Name -> DB_Users
    • Type -> SQL Authenticator
  • Select reorder to move DB_Users providers to top of the list
  • Select DB_Users
    • Change Control Flag  to SUFFICIENT
    • Switch to the another tab and enter as specifies in attached file 'according to our project there are table exist contain users' and blank for the not specified fields.
  • Open your application in jdeveloper
    • Right-Click in project name and select Secure to 'enable & configure/disable' authentication
    • Add Login bean to your project to validate the login page 'attached'
    • Add binding in login page submit button action to "#{LoginBean.doLogin}"


Attachment:
Settings of DB_Users Providers

Plaintext Passwords Enabled
Is Selected
Data Source Name
ADF_GRP_DS
Group Membership Searching:
unlimited
Max Group Membership Search Level:
0
Password Style Retained
Is Selected
Password Algorithm
SHA-1
Password Style
PLAINTEXT
SQL Get Users Password
SELECT USER_PWD FROM STY_USER_PROFILE WHERE USER_ID = ?
SQL Set User Password
UPDATE STY_USER_PROFILE SET USER_PWD = ? WHERE USER_ID = ?
SQL User Exists
SELECT USER_ID FROM STY_USER_PROFILE  WHERE USER_ID = ?
SQL List Users
SELECT USER_ID FROM STY_USER_PROFILE WHERE USER_ID LIKE ?
SQL List Groups
SELECT STY002_ID FROM STY_GROUP_PROFILE WHERE GROUP_CODE LIKE ?
SQL Group Exists
SELECT STY002_ID FROM STY_GROUP_PROFILE WHERE GROUP_CODE = ?
SQL Is Member
SELECT STY002_ID FROM STY_GROUP_USERS_ADMIN WHERE STY002_ID = (SELECT STY002_ID FROM STY_GROUP_PROFILE WHERE GROUP_CODE=?) AND STY014_ID IN (SELECT STY014_ID FROM STY_USER_PROFILE WHERE USER_ID LIKE ?)
SQL List Member Groups
SELECT STY002_ID FROM STY_GROUP_USERS_ADMIN WHERE STY014_ID  = (SELECT STY014_ID FROM STY_USER_PROFILE WHERE USER_ID = ?)
SQL Get User Description
SELECT A_NM FROM STY_USER_PROFILE  WHERE USER_ID = ?
SQL Get Group Description
SELECT A_RMRK FROM STY_GROUP_PROFILE WHERE GROUP_CODE= ?

Login Bean:
import java.io.IOException;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.security.auth.Subject;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.security.URLCallbackHandler;
import weblogic.security.services.Authentication;
import weblogic.servlet.security.ServletAuthentication;
import weblogic.servlet.security.ServletAuthentication;
public class LoginBean {
    
    private String _username;
    private String _password;


    public void setUsername(String _username) {
        this._username = _username;
    }

    public String getUsername() {
        return _username;
    }

    public void setPassword(String _password) {
        this._password = _password;
    }

    public String getPassword() {
        return _password;
    }
    
    public String doLogin() throws ServletException, IOException, LoginException {
        String un = _username;
        byte[] pw = _password.getBytes();
        FacesContext ctx = FacesContext.getCurrentInstance();
        HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
        Subject mysubject;
        RequestDispatcher dispatcher;

        try {
            mysubject = Authentication.login(new URLCallbackHandler(un, pw));
            ServletAuthentication.runAs(mysubject, request);
            ServletAuthentication.generateNewSessionID(request);
            String loginUrl;
            loginUrl = "/adfAuthentication?success_url=/faces/welcome.jspx";
            HttpServletResponse response = (HttpServletResponse)ctx.getExternalContext().getResponse();
            dispatcher = request.getRequestDispatcher(loginUrl);
            dispatcher.forward(request, response);
            FacesContext.getCurrentInstance().responseComplete();
        } catch (FailedLoginException e) {
            FacesMessage msg =
                new FacesMessage(FacesMessage.SEVERITY_ERROR, "Invalid userName or Password", "Invalid userName or Password");
            ctx.addMessage(null, msg);
        }
        return null;
    }
}

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)