Overview
This post is about configuring public access to web resources like images, javascript, css, fonts etc in ADF/Webcenter application.
Assumption
Adf security already configured for the application.
Implementation
There are two ways to implement security in any ADF/Webcenter application, one is the container-managed security and the other is the ADF security. Container managed security is common for any J2EE web application. It includes container-managed authentication, authorization, and data protection.
Using ADF secuirty you can secure taskflows and databound web pages (having page definition) by configuring grants in jazn-data.xml.Now, lets say you want to allow public access to images in the folder /Portal/public_html/images/*. I am not sure if it is possible to do with ADF security. I define the new security constraint in application web.xml(Portal/public_html/WEB_INF/web.xml).
Steps to create security constraint -
1. Open web.xml and click on Security Tab.
2. Click on create icon and create a new Security Constraint for public resources.
3. Under Web Resource Collection add the web resource name as "Public Images". Add the URL Pattern relative to public_html folder e.g /images/*. Select all HTTP Methods.
You can define multiple URL patterns under the same web resource name or group URL patterns under different web resource names.
4. Under Authorization don't select any weblogic mapped role.
Note: If ADF security is enabled, by default valid-users role created in public_html/WEB-INF/weblogic.xml and mapped to weblogic default group users. All the authenticated users get the valid-users role.
Done.
Now, you can see without authentication you can access all the images under public_html/WEB-INF/images folder.
This post is about configuring public access to web resources like images, javascript, css, fonts etc in ADF/Webcenter application.
Assumption
Adf security already configured for the application.
Implementation
There are two ways to implement security in any ADF/Webcenter application, one is the container-managed security and the other is the ADF security. Container managed security is common for any J2EE web application. It includes container-managed authentication, authorization, and data protection.
Using ADF secuirty you can secure taskflows and databound web pages (having page definition) by configuring grants in jazn-data.xml.Now, lets say you want to allow public access to images in the folder /Portal/public_html/images/*. I am not sure if it is possible to do with ADF security. I define the new security constraint in application web.xml(Portal/public_html/WEB_INF/web.xml).
Steps to create security constraint -
1. Open web.xml and click on Security Tab.
2. Click on create icon and create a new Security Constraint for public resources.
3. Under Web Resource Collection add the web resource name as "Public Images". Add the URL Pattern relative to public_html folder e.g /images/*. Select all HTTP Methods.
You can define multiple URL patterns under the same web resource name or group URL patterns under different web resource names.
4. Under Authorization don't select any weblogic mapped role.
Note: If ADF security is enabled, by default valid-users role created in public_html/WEB-INF/weblogic.xml and mapped to weblogic default group users. All the authenticated users get the valid-users role.
Done.
Now, you can see without authentication you can access all the images under public_html/WEB-INF/images folder.
No comments:
Post a Comment