Tuesday 23 September 2014

Expose ADF BC as secured web service

Hello everybody, Today in this post i am going to explain you how to expose ADF Business components as Secured web service (Authentication and authorization).
Create fusion web application and create business components for Employee Table i.e, Entity Object, View Object and Application module.


Next create view criteria based on departmentid as shown below


Now go to application module and create service interface and make sure you select the view criteria as shown below


Next we need to add OWSM policies.

1. oracle/wss_username_token_service_policy (For authentication)
2. oracle/binding_permission_authorization_policy (For authorization)




Open the ApplicationModuleServiceImple.java select "AppModuleServiceImpl" from the structure window and go to property inspector and add the security policies on security attribute.


add the below given security policies.


Now enable security on adf application, Authentication and authorization. In jazn-data.xml, Create user and application role "Managers" and assign the resource to the manager as shown below



You can manually add in jazn-data.xml file as given below
  <jazn-realm default="jazn.com">
    <realm>
      <name>jazn.com</name>
      <users>
        <user>
          <name>user12</name>
          <display-name>user12</display-name>
          <credentials>{903}eQYtnsldQBALw0emi+VoIMG/WFBrGG48</credentials>
        </user>
      </users>
    </realm>
  </jazn-realm>
  <policy-store>
    <applications>
      <application>
        <name>CustomerHistory</name>
        <app-roles>
          <app-role>
            <name>managers</name>
            <class>oracle.security.jps.service.policystore.ApplicationRole</class>
            <members>
              <member>
                <name>user12</name>
                <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
              </member>
            </members>
          </app-role>
        </app-roles>
        <resource-types>
          <resource-type>
            <name>WSFunctionPermissionabc</name>
            <display-name>WSFunctionPermissionaa</display-name>
            <matcher-class>oracle.wsm.security.WSFunctionPermissionaaa</matcher-class>
            <actions-delimiter>,</actions-delimiter>
            <actions>invokeaa</actions>
          </resource-type>
        </resource-types>
        <jazn-policy>
          <grant>
            <grantee>
              <principals>
                <principal>
                  <name>managers</name>
                  <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                </principal>
              </principals>
            </grantee>
            <permissions>
              <permission>
                <class>oracle.wsm.security.WSFunctionPermission</class>
                <name>/model/common/AppModuleService#findEmployeesView1EmployeesViewCriteria</name>
                <actions>invoke</actions>
              </permission>
            </permissions>
          </grant>
        </jazn-policy>
      </application>
    </applications>
  </policy-store>
</jazn-data>



Only users whose role is managers can access the view Criteria method. For other users it throws authorization exception.
Deploy and then test the service in Webservice tester.

Thanks :) Happy Learning :)  NK




6 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. how did you create WSFunctionPermission in jazn-data.xml? I don't see such resource grants.

    ReplyDelete
  4. You can find WSFunctionPermission in Resource Grant dropdown.
    I used Jdv 11.1.1.7

    ReplyDelete
    Replies
    1. Even I use Jdv 11.1.1.7. I don't see that in resource type drop-down. I only see web page & web center stuff which starts with "W". Do we have to enable anything? or how does it know that this app. has web services resources?

      Delete
    2. HI,

      I have updated my blog with complete jazn-data.xml, You can manually add the elements in jazn-data.xml as mentioned above.

      Thanks
      Nitesh

      Delete