(Create the
required tables as provided at end of this document.Also create the
Data Source required)
1.Select the
Security Realms link > select the default realm "myrealm"
.
2.Go to Providers
tab. Here we can create a new authentication provider.
3.Give a suitable
name and select 'SQLAuthenticator' in the Type of authentication
provider selection. Click OK.
4.Select your just created provider
('db_users') and change the Control flag to 'Sufficient'.
Click Save.
The control flag determines how the SQL
Authenticator will behave if the Login Module Succeeds or fails. The
possible values and outcomes are as follows:
- A
REQUIREDvalue specifies this LoginModule must succeed. Even if it fails, authentication proceeds down the list of LoginModules for the configured Authentication providers. - A
REQUISITEvalue specifies this LoginModule must succeed. If other Authentication providers are configured and this LoginModule succeeds, authentication proceeds down the list of LoginModules. Otherwise, control is return to the application. - A
SUFFICIENTvalue specifies this LoginModule need not succeed. If it does succeed, return control to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list. - An
OPTIONALvalue specifies this LoginModule need not succeed. Whether it succeeds or fails, authentication proceeds down the LoginModule list. This setting is the default.
5.Go to the 'Provider Specific' tab
where we can add the details of the provider.
Other
Settings for detail fields are listed as follows:
data-source-name
: HRDS (Whatever DS you want to use for security)
plaintext-passwords-enabled:true
(Checkbox)
password-style
: PLAINTEXT
sql-get-users-password : SELECT password FROM jhs_users WHERE username = ?
sql-set-user-password : UPDATE jhs_users SET password = ? WHERE username = ?
sql-user-EXISTS : SELECT username FROM jhs_users WHERE username = ?
sql-list-users : SELECT username FROM jhs_users WHERE username LIKE ?
sql-create-user : INSERT INTO jhs_users ( id,username , password , display_name) VALUES (jhs_seq.NEXTVAL, ? , ? , ? )
sql-remove-user: DELETE FROM jhs_users WHERE username = ?
sql-list-groups : SELECT short_name FROM jhs_roles WHERE short_name LIKE ?
sql-group-EXISTS : SELECT short_name FROM jhs_roles WHERE short_name = ?
sql-create-GROUP: INSERT INTO jhs_roles(id, short_name, name) VALUES (jhs_seq.NEXTVAL, ?, ?)
sql-remove-GROUP: DELETE FROM jhs_roles WHERE short_name = ?
sql-is-member : SELECT u.username FROM jhs_user_role_grants g ,jhs_users u WHERE u.id = g.usr_id AND rle_id = ( SELECT id FROM jhs_roles WHERE short_name = ? ) AND usr_id = ( SELECT id FROM jhs_users WHERE username = ? )
sql-list-member-groups : SELECT short_name FROM jhs_user_role_grants g ,jhs_roles r,jhs_users
u WHERE g.usr_id = u.id AND g.rle_id = r.id AND u.username = ?
sql-list-group-members: SELECT username FROM jhs_user_role_grants g ,jhs_roles r,jhs_users u
WHERE g.usr_id = u.id AND g.rle_id = r.id AND r.short_name = ? AND u.username LIKE ?
sql-remove-group-memberships: DELETE FROM jhs_user_role_grants WHERE rle_id = ( SELECT id
FROM jhs_roles WHERE short_name = ? ) OR usr_id = ( SELECT id FROM jhs_users WHERE username = ? )
sql-add-member-to-GROUP : INSERT INTO jhs_user_role_grants (id,rle_id,usr_id) VALUES( jhs_seq.NEXTVAL , ( SELECT id FROM jhs_roles WHERE short_name = ?),(SELECT id FROM jhs_users WHERE username = ?))
sql-remove-member-from-GROUP: DELETE FROM jhs_user_role_grants WHERE rle_id = ( SELECT id
FROM jhs_roles WHERE short_name = ? ) AND usr_id = ( SELECT id FROM jhs_users WHERE username =
? )
sql-remove-group-member: DELETE FROM jhs_user_role_grants WHERE rle_id = ( SELECT id FROM
jhs_roles WHERE short_name = ? )
sql-get-user-description : SELECT display_name FROM jhs_users WHERE username = ?
sql-set-user-description: UPDATE jhs_users SET display_name = ? WHERE username = ?
sql-get-group-description: SELECT name FROM jhs_roles WHERE short_name = ?
sql-set-group-description : UPDATE jhs_roles SET name = ? WHERE short_name = ?
sql-set-user-password : UPDATE jhs_users SET password = ? WHERE username = ?
sql-user-EXISTS : SELECT username FROM jhs_users WHERE username = ?
sql-list-users : SELECT username FROM jhs_users WHERE username LIKE ?
sql-create-user : INSERT INTO jhs_users ( id,username , password , display_name) VALUES (jhs_seq.NEXTVAL, ? , ? , ? )
sql-remove-user: DELETE FROM jhs_users WHERE username = ?
sql-list-groups : SELECT short_name FROM jhs_roles WHERE short_name LIKE ?
sql-group-EXISTS : SELECT short_name FROM jhs_roles WHERE short_name = ?
sql-create-GROUP: INSERT INTO jhs_roles(id, short_name, name) VALUES (jhs_seq.NEXTVAL, ?, ?)
sql-remove-GROUP: DELETE FROM jhs_roles WHERE short_name = ?
sql-is-member : SELECT u.username FROM jhs_user_role_grants g ,jhs_users u WHERE u.id = g.usr_id AND rle_id = ( SELECT id FROM jhs_roles WHERE short_name = ? ) AND usr_id = ( SELECT id FROM jhs_users WHERE username = ? )
sql-list-member-groups : SELECT short_name FROM jhs_user_role_grants g ,jhs_roles r,jhs_users
u WHERE g.usr_id = u.id AND g.rle_id = r.id AND u.username = ?
sql-list-group-members: SELECT username FROM jhs_user_role_grants g ,jhs_roles r,jhs_users u
WHERE g.usr_id = u.id AND g.rle_id = r.id AND r.short_name = ? AND u.username LIKE ?
sql-remove-group-memberships: DELETE FROM jhs_user_role_grants WHERE rle_id = ( SELECT id
FROM jhs_roles WHERE short_name = ? ) OR usr_id = ( SELECT id FROM jhs_users WHERE username = ? )
sql-add-member-to-GROUP : INSERT INTO jhs_user_role_grants (id,rle_id,usr_id) VALUES( jhs_seq.NEXTVAL , ( SELECT id FROM jhs_roles WHERE short_name = ?),(SELECT id FROM jhs_users WHERE username = ?))
sql-remove-member-from-GROUP: DELETE FROM jhs_user_role_grants WHERE rle_id = ( SELECT id
FROM jhs_roles WHERE short_name = ? ) AND usr_id = ( SELECT id FROM jhs_users WHERE username =
? )
sql-remove-group-member: DELETE FROM jhs_user_role_grants WHERE rle_id = ( SELECT id FROM
jhs_roles WHERE short_name = ? )
sql-get-user-description : SELECT display_name FROM jhs_users WHERE username = ?
sql-set-user-description: UPDATE jhs_users SET display_name = ? WHERE username = ?
sql-get-group-description: SELECT name FROM jhs_roles WHERE short_name = ?
sql-set-group-description : UPDATE jhs_roles SET name = ? WHERE short_name = ?
After saving the changes
listed above, restart the Weblogic server (mandatory).
After the reboot ,Go the 'User and
Group' tab of your default security realm ('myrealm') where we can
change or add users and roles. This is similar to adding the roles
and users in jazn-data.xml.
Tables
required for users and roles:
CREATE TABLE JHS_ROLES
(
ID NUMBER(*, 0) NOT NULL,
ORG_KEY VARCHAR2(30) DEFAULT 'DEFAULT' NOT NULL,
SHORT_NAME VARCHAR2(10) NOT NULL,
NAME VARCHAR2(40) NOT NULL
);
CREATE TABLE JHS_USER_ROLE_GRANTS
(
ID NUMBER(*, 0) NOT NULL,
USR_ID NUMBER(*, 0) NOT NULL,
RLE_ID NUMBER(*, 0) NOT NULL
);
CREATE TABLE JHS_USERS
(
ID NUMBER(*, 0) NOT NULL,
EMAIL_ADDRESS VARCHAR2(240),
USERNAME VARCHAR2(240) NOT NULL,
ORG_KEY VARCHAR2(30) DEFAULT 'DEFAULT',
PASSWORD VARCHAR2(240),
DISPLAY_NAME VARCHAR2(240),
LOCALE VARCHAR2(10)
);
ALTER TABLE JHS_ROLES
ADD CONSTRAINT JHS_RLE_PK PRIMARY KEY
( ID ) ENABLE;
ALTER TABLE JHS_ROLES
ADD CONSTRAINT JHS_RLE_UK1 UNIQUE
( SHORT_NAME,ORG_KEY ) ENABLE;
ALTER TABLE JHS_USER_ROLE_GRANTS
ADD CONSTRAINT JHS_URG_PK PRIMARY KEY
( ID ) ENABLE;
ALTER TABLE JHS_USER_ROLE_GRANTS
ADD CONSTRAINT JHS_URG_UK1 UNIQUE
( RLE_ID, USR_ID ) ENABLE;
ALTER TABLE JHS_USERS
ADD CONSTRAINT JHS_USR_PK PRIMARY KEY
( ID ) ENABLE;
CREATE SEQUENCE JHS_SEQ INCREMENT BY 1 MAXVALUE 999999999999999999999999999 MINVALUE 1 CACHE 20 ;
-- Create two users SKING and AHUNOLD
INSERT INTO jhs_users (ID, EMAIL_ADDRESS, USERNAME, ORG_KEY, PASSWORD, DISPLAY_NAME)
SELECT jhs_seq.NEXTVAL,'SKING,'SKING','DEFAULT','SKING', 'Steven King'
from dual
where not exists (select '1' from jhs_users where username='SKING');
insert into jhs_users (ID, EMAIL_ADDRESS, USERNAME, ORG_KEY, PASSWORD, DISPLAY_NAME)
select jhs_seq.nextval,'AHUNOLD','AHUNOLD','DEFAULT','AHUNOLD', 'Alexander Hunold'
from dual
where not exists (select '1' from jhs_users where username='AHUNOLD');
-- set up two roles: Administrator and User
insert into jhs_roles(id, SHORT_NAME, name)
select jhs_seq.nextval, 'ADMIN','Administrator'
from dual
where not exists (select '1' from jhs_roles where short_name='ADMIN');
insert into jhs_roles(id, SHORT_NAME, name)
select jhs_seq.nextval, 'USER','User'
from dual
where not exists (select '1' from jhs_roles where short_name='USER');
-- Make Steven King Administrator
insert into jhs_user_role_grants (id,rle_id,usr_id)
select jhs_seq.nextval, rle.id, usr.id
from jhs_roles rle, jhs_users usr
where rle.short_name='ADMIN'
and usr.username='SKING'
and not exists (select '1' from jhs_user_role_grants urg2
where urg2.usr_id = usr.id
and urg2.rle_id = rle.id);
-- Make Alexander Hunold User
insert into jhs_user_role_grants (id,rle_id,usr_id)
select jhs_seq.nextval, rle.id, usr.id
from jhs_roles rle, jhs_users usr
where rle.short_name='USER'
and usr.username='AHUNOLD'
and not exists (select '1' from jhs_user_role_grants urg2
where urg2.usr_id = usr.id
and urg2.rle_id = rle.id);
commit;
(
ID NUMBER(*, 0) NOT NULL,
ORG_KEY VARCHAR2(30) DEFAULT 'DEFAULT' NOT NULL,
SHORT_NAME VARCHAR2(10) NOT NULL,
NAME VARCHAR2(40) NOT NULL
);
CREATE TABLE JHS_USER_ROLE_GRANTS
(
ID NUMBER(*, 0) NOT NULL,
USR_ID NUMBER(*, 0) NOT NULL,
RLE_ID NUMBER(*, 0) NOT NULL
);
CREATE TABLE JHS_USERS
(
ID NUMBER(*, 0) NOT NULL,
EMAIL_ADDRESS VARCHAR2(240),
USERNAME VARCHAR2(240) NOT NULL,
ORG_KEY VARCHAR2(30) DEFAULT 'DEFAULT',
PASSWORD VARCHAR2(240),
DISPLAY_NAME VARCHAR2(240),
LOCALE VARCHAR2(10)
);
ALTER TABLE JHS_ROLES
ADD CONSTRAINT JHS_RLE_PK PRIMARY KEY
( ID ) ENABLE;
ALTER TABLE JHS_ROLES
ADD CONSTRAINT JHS_RLE_UK1 UNIQUE
( SHORT_NAME,ORG_KEY ) ENABLE;
ALTER TABLE JHS_USER_ROLE_GRANTS
ADD CONSTRAINT JHS_URG_PK PRIMARY KEY
( ID ) ENABLE;
ALTER TABLE JHS_USER_ROLE_GRANTS
ADD CONSTRAINT JHS_URG_UK1 UNIQUE
( RLE_ID, USR_ID ) ENABLE;
ALTER TABLE JHS_USERS
ADD CONSTRAINT JHS_USR_PK PRIMARY KEY
( ID ) ENABLE;
CREATE SEQUENCE JHS_SEQ INCREMENT BY 1 MAXVALUE 999999999999999999999999999 MINVALUE 1 CACHE 20 ;
-- Create two users SKING and AHUNOLD
INSERT INTO jhs_users (ID, EMAIL_ADDRESS, USERNAME, ORG_KEY, PASSWORD, DISPLAY_NAME)
SELECT jhs_seq.NEXTVAL,'SKING,'SKING','DEFAULT','SKING', 'Steven King'
from dual
where not exists (select '1' from jhs_users where username='SKING');
insert into jhs_users (ID, EMAIL_ADDRESS, USERNAME, ORG_KEY, PASSWORD, DISPLAY_NAME)
select jhs_seq.nextval,'AHUNOLD','AHUNOLD','DEFAULT','AHUNOLD', 'Alexander Hunold'
from dual
where not exists (select '1' from jhs_users where username='AHUNOLD');
-- set up two roles: Administrator and User
insert into jhs_roles(id, SHORT_NAME, name)
select jhs_seq.nextval, 'ADMIN','Administrator'
from dual
where not exists (select '1' from jhs_roles where short_name='ADMIN');
insert into jhs_roles(id, SHORT_NAME, name)
select jhs_seq.nextval, 'USER','User'
from dual
where not exists (select '1' from jhs_roles where short_name='USER');
-- Make Steven King Administrator
insert into jhs_user_role_grants (id,rle_id,usr_id)
select jhs_seq.nextval, rle.id, usr.id
from jhs_roles rle, jhs_users usr
where rle.short_name='ADMIN'
and usr.username='SKING'
and not exists (select '1' from jhs_user_role_grants urg2
where urg2.usr_id = usr.id
and urg2.rle_id = rle.id);
-- Make Alexander Hunold User
insert into jhs_user_role_grants (id,rle_id,usr_id)
select jhs_seq.nextval, rle.id, usr.id
from jhs_roles rle, jhs_users usr
where rle.short_name='USER'
and usr.username='AHUNOLD'
and not exists (select '1' from jhs_user_role_grants urg2
where urg2.usr_id = usr.id
and urg2.rle_id = rle.id);
commit;
For Logout from ADF Security we could
also invoke the logout
by
a redirect performed from an action method in a managed bean as
follows :
public String logoutAction() {
FacesContext fctx = FacesContext.getCurrentInstance();
ExternalContext ectx = fctx.getExternalContext();
String url = ectx.getRequestContextPath() + "/adfAuthentication? logout=true&end_url=/faces/Homepage.jspx";
try {
ectx.redirect(url);
}
catch (IOException e) {
e.printStackTrace();
}
fctx.responseComplete();
return null;
}
FacesContext fctx = FacesContext.getCurrentInstance();
ExternalContext ectx = fctx.getExternalContext();
String url = ectx.getRequestContextPath() + "/adfAuthentication? logout=true&end_url=/faces/Homepage.jspx";
try {
ectx.redirect(url);
}
catch (IOException e) {
e.printStackTrace();
}
fctx.responseComplete();
return null;
}
In the above method, HomePage.jspx
refers
to a public page in the application that the user is redirected to
after successful logout.
Hi Gourav,
ReplyDeleteYour posts are excellent .They are of very useful and of good quality.
Please keep posting.
Thanks for your work.
Regards,
Vishnu.