ADF authentication based on database tables

Version 1.1

September 29, 2011

By : Sanjeeb Mahakul

ADF Authentication based on Db tables

Revision History
Version 1.0 Date 29/09/2011 Modified By Sanjeeb Mahakul Change Control Revision Description Initial Document

Requirements List
No. 1 CaliberRM ID <nnnnn> Description <List the requirements which are described in this document.>

References
Document <Document> Author <Author> Status <Status> Version <n.n>

ii

September 29, 2011

ADF Authentication based on Db tables

Contents
1.ADF Authentication based on database tables......................................................1 1.1Steps to be carried out to implement security....................................................1

iii

ADF Authentication based on Db tables

1. ADF Authentication based on database tables

In WebLogic you can use database tables as authentication provider for your web applications. In these tables you can store your application users with its roles. WebLogic will use these tables for your application authentication. WebLogic even provides you a web interface where you can add or change users / roles. You can use this SQL authenticator for your container security or use it for your JDeveloper 11G ADF security

1.1 Steps to be carried out to implement security

Step 1: First we need to have some authorization tables.Attached is the ddl/dml scripts with some sample users.Modify the table name or the Users if required and run all the sqls in the local database.

authentication_sql_s cripts.txt

Step 2:Create a datasource in the weblogic server and remember the datasource name ( not the jndi name) We needs this value for the provider.Follow below steps to create a new datasource in weblogic. a. In Jdeveloper goto RUN menu and click on Start Server Instance as shown below :

ADF Authentication based on Db tables

b. Once the server get started open the weblogic console in IE and click on the Datasource tab in the home page. Create a New generic type datasource with datasource name as HPSADFDS ,JNDI Name as jdbc/HPSADFDS and database type as Oracle .

c. Click Next next and in connection properties feed in the connection details as shown below

ADF Authentication based on Db tables

d. Click next and test your connection configuration. If the connection is successful click Finish.

ADF Authentication based on Db tables

Step 3: Select the Security Realms link then select the default realm "myrealm" and go to providers tab. Here we can create a new authentication provider

Give a name of provider like db_users and select SQLAuthenticator as Type :

Select your just created provider and change the Control flag to SUFFICIENT

ADF Authentication based on Db tables

After this we can go to the provider specific tab where we can add the details of the provider.We need to fill in the datasource name, select a password algorithm and add many SQL statements.

Copy sql one by one as per the correct tag and paste in the console. The sqls are as below :

ADF Authentication based on Db tables

<wls:sql-get-users-password>SELECT password FROM jhs_users WHERE username = ?</wls:sql-get-users-password> <wls:sql-user-exists>SELECT username FROM jhs_users WHERE username = ?</wls:sql-user-exists> <wls:sql-list-member-groups>SELECT short_name FROM jhs_user_role_grants g ,jhs_roles r,jhs_users u WHERE g.usr_id = u.id and g.rle_id = r.id and u.username = ?</wls:sql-list-member-groups> <wls:sql-list-users>SELECT username FROM jhs_users WHERE username LIKE ?</wls:sql-list-users> <wls:sql-get-user-description>SELECT display_name FROM jhs_users WHERE username = ?</wls:sql-get-user-description> <wls:sql-list-groups>SELECT short_name FROM jhs_roles WHERE short_name LIKE ?</wls:sql-list-groups> <wls:sql-group-exists>SELECT short_name FROM jhs_roles WHERE short_name = ?</wls:sql-group-exists> <wls:sql-is-member>SELECT u.username FROM jhs_user_role_grants g ,jhs_users u WHERE u.id = g.usr_id and rle_id = ( select id from jhs_roles where short_name = ? ) AND usr_id = ( select id from jhs_users where username = ? )</wls:sql-is-member> <wls:sql-get-group-description>SELECT name FROM jhs_roles WHERE short_name = ?</wls:sql-get-group-description> <wls:password-style>PLAINTEXT</wls:password-style> <wls:sql-create-user>INSERT INTO jhs_users ( id,username , password , display_name) VALUES (jhs_seq.nextval, ? , ? , ? )</wls:sqlcreate-user> <wls:sql-remove-user>DELETE FROM jhs_users WHERE username = ?</wls:sql-remove-user> <wls:sql-remove-group-memberships>DELETE FROM jhs_user_role_grants WHERE rle_id = ( select id from jhs_roles where short_name = ? )</wls:sql-remove-group-memberships> <wls:sql-set-user-description>UPDATE jhs_users SET display_name = ? WHERE username = ?</wls:sql-set-user-description> <wls:sql-set-user-password>UPDATE jhs_users SET password = ? WHERE username = ?</wls:sql-set-user-password> <wls:sql-create-group>insert into jhs_roles(id, short_name, name) values (jhs_seq.nextval, ?, ?)</wls:sql-create-group> <wls:sql-set-group-description>UPDATE jhs_roles SET name = ? WHERE short_name = ?</wls:sql-set-group-description> <wls:sql-add-member-to-group>INSERT INTO jhs_user_role_grants (id,rle_id,usr_id) VALUES( jhs_seq.nextval , ( select id from jhs_roles where short_name = ?),(select id from jhs_users where username = ?))</wls:sql-add-member-to-group> <wls:sql-remove-member-from-group>DELETE FROM jhs_user_role_grants WHERE rle_id = ( select id from jhs_roles where short_name = ? ) AND usr_id = ( select id from jhs_users where username = ? )</wls:sql-remove-member-from-group> <wls:sql-remove-group>DELETE FROM jhs_roles WHERE short_name = ?</wls:sql-remove-group> <wls:sql-remove-group-member>DELETE FROM jhs_user_role_grants WHERE rle_id = ( select id from jhs_roles where short_name = ? )</wls:sql-remove-group-member> <wls:sql-list-group-members>SELECT username FROM jhs_user_role_grants g ,jhs_roles r,jhs_users u WHERE g.usr_id = u.id and g.rle_id = r.id and r.short_name = ? and u.username like ?</wls:sql-list-group-members>

Click Save and go to myrealms and Providers, reorder all the authenticator and bring db_users to first

ADF Authentication based on Db tables

Step 4: We need to restart the WebLogic server. After the reboot we can go the User and Group tab of your default security realm where we can change or add users and roles. Here is an overview where we can see SKING