Friday, December 25, 2009

ADF Security: The Two Most Useful Security Expression - #{securityContext.regionViewable[''] and #{securityContext.taskFlowViewable['']

If you have a requirement to conditionally display a tab, a link, or a toolbar button to prevent navigation to a protected page allowed only for some specific roles then I bet that the following security expression will satisfy your need:
1)#{securityContext.regionViewable['your.page.targetPageDef']}

Chris Muir has a nice blog about conditionally displaying the global tabs of the ADF UI Shell in which I was able to comment: ADF UI Shell + ADF Security.

But if your requirement is to conditionally display a menu or a toolbar that will launch a bounded task flow (just like the in the dynamic UI Shell) then the following security expression is what you'll need:
2) #{securityContext.taskFlowViewable['/WEB-INF/yourTaskFlow.xml#yourTaskFlow']}

The expressions above will return true if you have the applicable permission, so you can use it in the rendered property of your button, tab, link, or menu. But if your requirement is to disable a component then use "!" the negation operator.

It is also likely that you will need to check the permission programmatically just like when you are a creating a dynamic tree menu based on user roles. Please see the methods below for the translation of the EL security expressions above to pure Java:
import oracle.adf.controller.security.TaskFlowPermission;
import oracle.adf.share.ADFContext;
import oracle.adf.share.security.SecurityContext;
import oracle.adf.share.security.authorization.RegionPermission;
//class declaration
...
    public boolean isRegionViewable(String pageDef) {
        if (pageDef == null) {
            return false;
        }
        RegionPermission permission =
            new RegionPermission(pageDef, RegionPermission.VIEW_ACTION);
        SecurityContext ctx = ADFContext.getCurrent().getSecurityContext();
        return ctx.hasPermission(permission);
    }

    public boolean isTaskFlowViewable(String taskflowId) {
        if (taskflowId == null) {
            return false;
        }
        TaskFlowPermission permission =
            new TaskFlowPermission(taskflowId, TaskFlowPermission.VIEW_ACTION);
        SecurityContext ctx = ADFContext.getCurrent().getSecurityContext();
        return ctx.hasPermission(permission);
    }
...
Many thanks to John Stegeman for helping me figure this out.

No comments:

Post a Comment