Securing VBCS Application via Roles

 You use authentication to manage access to the pages and data in your application. In addition to the default authentication roles, you can fine tune access to your application resources by creating user roles and assigning authenticated end users to them.

All app users are automatically assigned either the Anonymous User or Authenticated User authentication role, or both. If access to the app requires authentication, all users are automatically granted the role Authenticated User when they sign in. If anonymous access to the app is also allowed, users that sign in are granted the Authenticated User role and the Anonymous User role, and users who are not signed in are only granted the Anonymous User role.

In addition to the Authenticated User role, users who sign in to your application can be assigned a user role based on their user credentials and the groups they've been assigned to in Oracle Identity Cloud Service (IDCS).User roles can help control what a user sees in your application. For example, you can use role-based permissions to limit access to the app, entire pages or flows, even set restrictions on certain components in a page, so only users with certain roles can view that information.

In the current blog we will show you the steps to control access to VBCS application via User Roles.

  • Create a Basic VBCS App with default flow and pages in it
  • Define Role in User Roles
    • Navigate to App Settings > User Roles > Create Role

                

    • Create a new Role “AUTHORIZED_ROLE” and map it with IDCS groups
        


  • Add Role access in app-flow.json file
    • Navigate to Webapp > Json
    

    • Replace empty security tag with below

    "security": {

    "access":{

      "requiresAuthentication": true,

      "roles": ["AUTHORIZED_ROLE"]

    }


This will enforce the logged in User to have the specific role to access the UI, if user does not have the necessary role, it will not navigate to the app hence restricting unauthorized access

As with every approach this approach also has some Pro's and Con's:
  • Pro's :
    • Easy Setup
    • No custom coding required
  • Con's:
    •  No Control on Error Codes or Message
    • No Control on Router/Navigate functions hence cannot navigate to custom error page

Comments

Post a Comment

Popular posts from this blog

Mavenize an Oracle ADF Application

Image
To Mavenize an Oracle ADF Application first step would be to Setup Maven in Jdeveloper after this we Mavenize Oracle ADF Application . Follow below steps to Setup Maven in Jdeveloper 1.> Navigate to Tools > Preferences > Maven > Settings 2.> Get user settings file path - For me it is : C:\Users\username\.m2\settings.xml 3.> Navigate to path and modify settings file server tag as below  <servers>     <server>     <id>maven.oracle.com</id>     <username>OracleUserName</username>     <password>OraclePwd</password>     <configuration>       <basicAuthScope>         <host>ANY</host>         <port>ANY</port>         <realm>OAM 11g</realm>       </basicAuthScope>       <httpConfiguration>       ...
Read more

Creating Column Filter on a VBCS Table using ListDataProvider(LDP)

Image
 In this blog we will create filter functionality for a table using ListDataProvider (LDP). Create an ADP based Table in VBCS based on any Data Source For this example, I will use a JSON file as Data Source and create an ADP based table for the same Create textboxes on top of columns which will act as filters for the columns Create 5 textboxes on top of each column to act as filters Create searchObject variable and map all filter text values to it Convert the ADP to ListDataProviderView Create function to convert ADP to ListDataProviderView Call custom function getListViewProvider , it takes a custom ADP and filter Criteria as parameters, on Page all data are shown hence filter criteria passed will be null Call on vb-Enter event and assign the same to oj-table data Assign a single value change event for all the filter fields Call custom function getFilterCriterion to get filter criteria for ListDataProviderView Filter the ListDataProviderView based on the filter criteria Run the Ui...
Read more

Using Custom Colors in Sunburst Chart

Image
 In  Previous blogs we have created Sunburst Chart, now we will try to add custom color to the same Create VBCS App with Sunburst Chart Create a Global array and provide it custom rgb color palette values. Now create a custom function which will return an array value randomly or based on any custom logic, for this example i will be passing the color based on the node’s id value. Replace the old function with the newly created one Now you can see custom colors as per our logic and also these colors will remain static and will not change every time the ui is opened.
Read more