How to approach authorization taking data into account (?)

hi
I have been similar to "Introduction to ADF Security in JDeveloper 10.1.3.2" for an approach to authorization taking data into account.
For example to solve something like this:
Some users should be able to update SCOTT.EMP.SAL, but only for those records where they "are manager" (e.g. based on SCOTT.EMP.MGR).
Because the current (10.1.3) "OracleAS JAAS Provider" Re: ADF Security : custom SecurityContext seem to provide the API hooks or customization features I think I need for this, I tried the following approach:
(1) A solution implementation should preferably be "JAAS like", using classes from the "java.security" package like java.security.Permission or java.security.AccessControlContext etc. This way it is more likely to be future proof and could possibly more easily be integrated with future JAAS solutions from Oracle.
(2) To minimize dependencies in my application, I introduced only one custom interface that does what I really want to do, that is "to check permissions":
package accesscontrolstuff.common.security;
import java.security.AccessControlException;
import java.security.Permission;
public interface PermissionChecker
     public void checkPermission(Permission pPermission)
          throws AccessControlException;
}(3) It should be possible to easily check permissions in the business service implementation (ADF BC) and the view/controller layer (JSF managed beans).
I have created an example application that implements this approach (check README.txt) :
http://verveja.footsteps.be/~verveja/files/oracle/AccessControlStuffApp-v0.01.zip
It has an updateAllEmp.jspx page that has a button for each EMP row to give a raise (that is update SCOTT.EMP.SAL). It will show an error message when the user is not allowed to give a raise.
It has an updateSomeEmp.jspx page that has a button only for the EMP rows where the user is allowed to give a raise.
question :
All suggestions for improvement, on the approach or the example application, are welcome.
(using JDeveloper 10.1.3.3.0 : ADF Business Components and ADF Faces)
regards
Jan Vervecken

Thanks for you reply Frank and for going through the example.
(a1) about "... the example could be coded without JAAS in the application as well ..."
I'm not sure I understand when an application is "with JAAS" or "without JAAS" (in an Oracle context)?
(The AccessControlStuffApp-v0.01.zip example includes an orion-application file that has a jaas-mode configured, which I could probably use for an implementation variation the works with a javax.security.auth.Subject instance, but the current implementation works with the "no jaas-mode" variant using the getUserPrincipalName() method.)
(a2) about "This makes it hard to manage security roles ..."
I don't think I understand. For the example, all authorization configuration is in the EMP table, why would that be hard to manage?
What alternative would you suggest to "manage" security on the EMP table as is intended in the example?
(a3) about "I think the required enhancement would be to add the dynamic permissions to an existing ADFSecurityContext ..."
That sounds like what I have been looking for (see forum thread "ADF Security : custom SecurityContext").
(a4) about "... and make this available to the business service as well ..."
That would probably be useful.
see also http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
that says : "The defense-in-depth security design pattern demands that application developers implement application security with multiple lines of defense. ..."
Thank you for pointing developers to this thread.
regards
Jan

Similar Messages

  • How to Get the Current data into Planning Layout from the Planning cube

    Hi,
    I have a problem in BPS.   I am selecting the data from cube based on Month org details but I want to see the latest data.   How can i get this data into planning cube.
    Like
    data
    Tran           cal month            org               amt
    1                 jan                        a                  100
    1                 feb                        a                   200
    if i want to read based on Tran org as input values I shoud get the below data but I am getting the previous data.   
    Tran           cal month            org               amt
    1                 feb                        a                   200
    Kindly help me in this regard
    Thanks
    Naveen

    Naveen,
        Are yo having issue when you save something in the layout, the data doesn't appear in the listcube ? Or do you have issue that the latest data you see in the cube doesn't appear in the layout ?
    For the former issue, please look at your selections of listcube and for the second issue, please check your planning level definition, make sure all the restrictions you have applied are valid for this latest data to be presented in the layout.
    Hope this helps.
    Cheers
    Srini

  • How to populate the Quering data into Excel sheet in Oracle

    Dear Guys,
    How to populate the Quering data into Excel sheet in oracle.
    Please provide a solution.
    Thanks & Regards,
    Senthil K Kumar

    Hi
    To make Excel sheets from sqlplus, you can use the markup html tag in sqlplus.
    Here's an example.
    Example
    <code>
    SET LINESIZE 4000
    SET VERIFY OFF
    SET FEEDBACK OFF
    SET PAGESIZE 999
    SET MARKUP HTML ON ENTMAP ON SPOOL ON PREFORMAT OFF
    SPOOL c:\test_xls.xls
    SELECT object_type
    , SUBSTR( object_name, 1, 30 ) object
    , created
    , last_ddl_time
    , status
    FROM user_objects
    ORDER BY 1, 2
    SPOOL OFF
    SET MARKUP HTML OFF ENTMAP OFF SPOOL OFF PREFORMAT ON
    SET LINESIZE 2000 VERIFY ON FEEDBACK ON
    </code>

  • How to download the Dynamic data into PPT format

    Hi Friends,
    I have one doubt on WDJ. How to download the Dynamic data into PPT format. For Example Some Dynamic data is available in to View in that One Download Link or button available. Click on Download link or button download that data into PPT Format
    Is it possible for WDJ. If possible please tell me.
    Or
    How to create Business Graphics in Web Dynpro Applications depening up on Excel Data and finally we can download the  Business Graphics  into powerpoint presentation.
    Thank you,
    Regards
    Vijay Kalluri
    Edited by: KalluriVijay on Mar 11, 2011 6:34 AM

    Hi Govindu,
    1. I have one doubt on WDJ. Click on either Submit Buttion or LinkToURL UI we can download the file that file having ppt formate(Text.PPT).
    I am using NWDS Version: 7.0.09 and Java Version: JDK 1.6
    2. is it possible to download the business Graphics in to the PPT by using Java DynPro
    Regards
    VijayK

  • How to  send ALV output data into Excel sheet format via Mail to the user?

    Hi friends,
    I have a doubt ie,
    How to  send ALV output data into Excel sheet format via Mail to the user?
    regards
    Moosa

    Hi,
    Provide the output internal table to the objbin in the below FM
    Send Message
      CALL FUNCTION 'SO_NEW_DOCUMENT_ATT_SEND_API1'
           EXPORTING
                document_data              = i_docdata
                put_in_outbox              = c_x
           TABLES
                packing_list               = i_objpack
                object_header              = i_objhead
                contents_bin               = i_objbin
                contents_txt               = i_objtxt
                receivers                  = i_reclist
    and specify the document type
      i_objpack-doc_type   = 'XLS'.
    and try.
    Regards,
    Nandha

  • How to save the form data into adobe db?

    Hi All,
    How to save the form data into adobe db?
    I have designed one xdp file.
    Through processFormSubmission(), I got the submitted form data as Document obj.
    Then I have called the workflow kickoff program.
    code:
    InvocationRequest request = myFactory.createInvocationRequest ("myprocessname", //Specify the long-lived process name
    "invoke", //Specify the operation name
    params, //Specify input values (HashMap obj)
    false); //Create an asynchronous request
    It successfulyy started the workflow, but the submitted form data is not saved anywhere.
    And also, How get the form data from tables?
    Please provide the solution for the above.
    Thanks in advance.
    Regards,
    Saravanan G

    You need to create a process variable of type IN if you want to be able to pass data to your process. Then the params parameter (HashMap) contains a list of all the IN variables with their content that you want to pass to your process. They key is the name of the variable and the value the content. That way you should get it in your process.
    Now LiveCycle will create a column in the database for every process variable, so the content will be saved in the database just by creating that process variable.
    Jasmin

  • How to download the script data into pdf file

    how to download the script data into pdf file
    i have one option to download the script data to pdf file --->rstxpdft4 program.
    i have one doubt how to use this proogram.or any function module to download the script data to pdf file.
    Thanks and regards,
    Sri.

    Hi      Sri Sai,
    I know one method to convert the sapscript to pdf file :
    first generate a Spool Request for the required Sapscript
    then goto transaction SP01 and copy the generated Spool Request number
    now execute the SAP report RSTXPDFT4
    here enter the copied Spool request number and the target directory into the parameters
    execute the report
    required pdf file will be generated into the target directory
    i hope it will help you out
    Please refer this simple program:
    http://www.sapdevelopment.co.uk/reporting/rep_spooltopdf.htm
    Reward points if found helpful....
    Cheers,
    Eshwar.

  • How to pull the table data into SAP BI

    hi all,
    i have connected to oracle database and i can see the view of the tables in sap BI.can u please help me out how to see the data inside the table and how to load that table data into info cube.

    Hi Vamshi ,
    In R3 there is a t-code RSDBC through that t-code you make your data source .
    I know you already make a connection between r3 and sql2000.
    in RSDBC in logical system name you enter your connection name,and in table /view u should enter sql table name and make sure the table name which u enter in this text box should be store in sql in capital letters and fields should be in capital letters.
    and generate your data source and execute it it show all the record .
    Thanks for material its really gud
    Ankit modi

  • How to insert one table data into multiple tables by using procedure?

    How to insert one table data into multiple tables by using procedure?

    Below is the simple procedure. Try the below
    CREATE OR REPLACE PROCEDURE test_proc
    AS
    BEGIN
    INSERT ALL
      INTO emp_test1
      INTO emp_test2
      SELECT * FROM emp;
    END;
    If you want more examples you can refer below link
    multi-table inserts in oracle 9i
    Message was edited by: 000000

  • How to batch upload some data into SAP system?

    Hi All:
    I'm a SAP key user in our company, I want to know how to batch upload master data into SAP system? What t-code we can use for batch input?
    Thanks in advance!

    Hi,
    I think at least there are four methods for batch input which you can use in SAP system:
    Standard mass change t-code: for example, MM17 for mass change of material master data, you can find the mass change t-code under the relevant function module;
    T-code SCAT, you can use to record and generate the simple batch input template, it's easy to use for key user;
    T-code LSMW, it's another transaction to generate batch input template, it's often used at the beginning of SAP rollout;
    ABAP program, of course, ABAP is a universal tool for everything, you can use ABAP to generate a batch input program to upload data into SAP system as well.
    So you had better contact your SAP support department, help you to upload data!
    Good luck
    Tao

  • How to download internal table data into xml file?

    Hi,
    Experts,
    I have downloaded internal table data into XLS format using GUI_DOWNLOAD Function module, But i didn't Know how to download internal table data into XML format please post some ideas/inputs on this issue.
    Thank you,
    Shabeer ahmed.

    check this
    data : gd_repid type sy-repid.
    GD_REPID = SY-REPID.
    DATA : L_DOM TYPE REF TO IF_IXML_ELEMENT,
           M_DOCUMENT TYPE REF TO IF_IXML_DOCUMENT,
           G_IXML TYPE REF TO IF_IXML,
           W_STRING TYPE XSTRING,
           W_SIZE TYPE I,
           W_RESULT TYPE I,
           W_LINE TYPE STRING,
           IT_XML TYPE DCXMLLINES,
           S_XML LIKE LINE OF IT_XML,
           W_RC LIKE SY-SUBRC.
    DATA: XML TYPE DCXMLLINES.
    DATA: RC TYPE SY-SUBRC,
          BEGIN OF XML_TAB OCCURS 0,
          D LIKE LINE OF XML,
          END OF XML_TAB.
    data : l_element           type ref to if_ixml_element,
           xml_ns_prefix_sf     type string,
           xml_ns_uri_sf        type string.
    CLASS CL_IXML DEFINITION LOAD.
    G_IXML = CL_IXML=>CREATE( ).
    CHECK NOT G_IXML IS INITIAL.
    M_DOCUMENT = G_IXML->CREATE_DOCUMENT( ).
    CHECK NOT M_DOCUMENT IS INITIAL.
    CALL FUNCTION 'SDIXML_DATA_TO_DOM'
    EXPORTING
       NAME = 'REPAIRDATA'
       DATAOBJECT = IT_FINAL_LAST1[]
    IMPORTING
       DATA_AS_DOM = L_DOM
    CHANGING
       DOCUMENT = M_DOCUMENT
    EXCEPTIONS
       ILLEGAL_NAME = 1
       OTHERS = 2.
    CHECK NOT L_DOM IS INITIAL.
    W_RC = M_DOCUMENT->APPEND_CHILD( NEW_CHILD = L_DOM ).
    *Start of code for Header
    * namespace
    t_mnr = sy-datum+4(2).
    CALL FUNCTION 'IDWT_READ_MONTH_TEXT'
      EXPORTING
        LANGU         = 'E'
        MONTH         = t_mnr
    IMPORTING
       T247          = wa_t247
    concatenate sy-datum+6(2)
                wa_t247-ktx
                sy-datum(4) into t_var1.
    concatenate sy-uzeit(2)
                sy-uzeit+2(2)
                sy-uzeit+4(2) into t_var2.
    clear : xml_ns_prefix_sf,
            xml_ns_uri_sf.
    l_element  = m_document->get_root_element( ).
    xml_ns_prefix_sf = 'TIMESTAMP'.
    concatenate t_var1 t_var2 into xml_ns_uri_sf separated by space.
    clear : t_var1,
            t_var2,
            t_mnr,
            wa_t247.
    l_element->set_attribute( name  = xml_ns_prefix_sf
                              namespace = ' '
                              value = xml_ns_uri_sf ).
    clear : xml_ns_prefix_sf,
            xml_ns_uri_sf.
    xml_ns_prefix_sf  = 'FILECREATOR'.
    xml_ns_uri_sf    =   'SAP'.
    l_element->set_attribute( name  = xml_ns_prefix_sf
                              namespace = ' '
                              value = xml_ns_uri_sf ).
    clear : xml_ns_prefix_sf,
            xml_ns_uri_sf.
    xml_ns_prefix_sf  = 'CLAIMGROUP'.
    xml_ns_uri_sf    = '1'.
    l_element->set_attribute( name  = xml_ns_prefix_sf
                              namespace = ' '
                              value = xml_ns_uri_sf ).
    clear : xml_ns_prefix_sf,
            xml_ns_uri_sf.
    xml_ns_prefix_sf  = 'CLAIMTYPES'.
    xml_ns_uri_sf    = 'W'.
    l_element->set_attribute( name  = xml_ns_prefix_sf
                              namespace = ' '
                              value = xml_ns_uri_sf ).
    *End of Code for Header
    CALL FUNCTION 'SDIXML_DOM_TO_XML'
    EXPORTING
      DOCUMENT = M_DOCUMENT
    IMPORTING
      XML_AS_STRING = W_STRING
      SIZE = W_SIZE
    TABLES
      XML_AS_TABLE = IT_XML
    EXCEPTIONS
      NO_DOCUMENT = 1
      OTHERS = 2.
    LOOP AT IT_XML INTO XML_TAB-D.
    APPEND XML_TAB.
    ENDLOOP.
    *Start of Code for File name
    concatenate p_file
                '\R'
                '000_119481'
                sy-datum+6(2) sy-datum+4(2) sy-datum+2(2)
                sy-uzeit(2)   sy-uzeit+2(2) sy-uzeit(2) '.xml' into p_file.
    *End of Code for File name
    CALL FUNCTION 'WS_DOWNLOAD'
    EXPORTING
      BIN_FILESIZE = W_SIZE
      FILENAME = p_file
      FILETYPE = 'BIN'
    TABLES
      DATA_TAB = XML_TAB
    EXCEPTIONS
      OTHERS = 10.
    IF SY-SUBRC  = 0.
                  MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
                  WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.

  • Can any body tell me how to pull SAP-CRM data into BW

    Hi BW guru`s,
    Does anybody tell me how to pull SAP-CRM data into BW.
    Is there any configuaration setings takes place in CRM system or BW system?
    Provide few of CRM datasources names (Transaction data Datasources)
    Please explain indetail and give some examples.
    Thanks in advance,
    venkat

    Hi.......
    SAP CRM uses BW Adapter to extract data from SAP CRM and send it to SAP Business Information Warehouse and SAP NetWeaver Business Intelligence. For mBDocs, BW Adapter extracts objects for CRM business transactions and CRM billing use the BAdI CRM_BWA_MFLOW. However, in releases prior to SAP CRM 2005, after using transaction code RSA5 to activate business content in SAP CRM, you must use transaction code BWA5 to activate the business content for the BW Adapter.
    Check this link :
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f2910623-0c01-0010-de8f-d1926988a986
    Hope this helps you.........
    Regards,
    Debjani........

  • How to load Matrix report data into basic table data using ODI

    Hi,
    How to load Matrix report data into basic table data using oracle Data Integrator ?
    Requirement Description:
    Following is the matrix report data:
    JOB                       DEPT10                DEPT20 
    ANALYST                                           6000
    CLERK                   1300                     1900 Need to convert it into below format:
    JOB                             Dept                        Salary
    ANALYST                  DEPT10     
    ANALYST                  DEPT20                     6000
    CLERK                       DEPT10                    1300
    CLERK                       DEPT20                    1900
        Thanks for your help in advance. Let me know if any further explanation is required.

    Your list seems to be a little restrictive, you can do a lot more with ODI procedures.
    If you create new procedure, and add a step. In the 'command on source' tab set you technology and schema as per your source database. Use the unpivot functionality as described in the link, please, rather than using 'SELECT *' use the appropriate column names and alias them for eg:
    SELECT job as job,
    deptsal as deptsal,
    saldesc as saledesc
    FROM pivoted_data
    UNPIVOT (
    deptsal --<-- unpivot_clause
    FOR saldesc --<-- unpivot_for_clause
    IN (d10_sal, d20_sal, d30_sal, d40_sal) --<-- unpivot_in_clause
    Then in your 'command on target' tab set the technology and schema to your target db, then put your INSERT statement for eg:
    INSERT INTO job_sales
    (job,
    deptsal,
    saledesc
    VALUES
    :job,
    :deptsal,
    :saledesc
    Therefore you are using bind variables from source to load data into target.
    Obviously if the source and target table are in the same database, then you can have it all in one statement in the 'command on target' as
    INSERT INTO job_sales
    (job,
    deptsal,
    saledesc
    SELECT job as job,
    deptsal as deptsal,
    saldesc as saledesc
    FROM pivoted_data
    UNPIVOT (
    deptsal --<-- unpivot_clause
    FOR saldesc --<-- unpivot_for_clause
    IN (d10_sal, d20_sal, d30_sal, d40_sal) --<-- unpivot_in_clause
    also set the log counter as 'Insert' on the tab where your INSERT statement is, so you know how many rows you insert into the table.
    Hope this helps.
    BUT remember that this feature only came out in Oracle 11g.

  • How do I authorize more than five accounts? I have an AppleTV2, two iPhones, MacPro, and iPad2. What must I do to include my MacBook?

    How do I authorize more than five accounts? I have an AppleTV2, two iPhones, MacPro, and iPad2. What must I do to include my MacBook?

    You can have up to 5 computers authorized with the same iTunes account.
    An iPod, iPhone, and iPad don't count against this and neither does an Apple TV.

  • How do you make your data into a chart?

    How do you make your data into a chart?

    Dick,
    Your table should look like this:
    You're looking at 1 Header Row and 1 Header Column. Headers are shaded by default. Adding a shading to a regular column doesn't make it a header. Use the Table Inspector.
    When you Select the data and Insert a Table, you will get this:
    Got it?
    Jerry

Maybe you are looking for

  • Dúvidas sobre a solução de salvar os xml de entradas no GRC

    Bom dia! Estamos analisando a solução de salvarmos o xml recebido dos fornecedores no GRC. 1. É obrigatório que somente os xml autorizados sejam salvos no GRC? 2. Se sim, a solução std contempla a consulta no site da Sefaz? 3. Precisamos ter o número

  • Help! Bought Adobe Pro but dont have Acrobat 7 Serial Number

    I bought Adobe Pro X  and have a valid serial number now for that and its saying i need to have a serial number for Adobe Acrobat 7 as well...i only had adobe reader 9.0 prior to purchase! HELP *

  • How to repear a corrupt file with Numbers

    How to open a "corrupt" file with Numbers. With excel it is possible to open such a file with the following error message : "The file you are trying to open, 'filename.xls', is in a different format than specified by the file extension. Verify that t

  • Make Adobe default program for PDF's

    My son in law school just got a new MacBook and sent me the following email question. Hey Dad, Do you know how to set Adobe as the default app to open PDF's. Currently is set to open with "preview", and I can't figure out how to change. The option to

  • Using a Third Party Network Adapter

    I would like to use a third-party network adapter instead of the Realtek network adapter built in to my L955-S5370. Are there any changes I need to make to the laptop before I connect the third-party network adapter? I thought I might want to disable