One of the basic requirements in an enterprise application authorization. Authorization is based on roles which generally come from old legacy systems through db\webserice calls. We need a mechanism to add these roles to the security context of the logged in user to achieve required authorization levels in the application.
Step1: Configure all the roles of the application in the jazndata xml or the weblogic policy store
Step 2: Add a filter to the adfauthentication servlet
Step 3: In the filter invoke the legacy system to get the list of roles (strings)
Step 4: Get the list of application roles as below
JpsContextFactory ctxf = JpsContextFactory.getContextFactory();
JpsContext ctx = ctxf.getContext();
PolicyStore policyStore = ctx.getServiceInstance(PolicyStore.class);
ApplicationPolicy applicationPolicy = policyStore.getApplicationPolicy(APPNAME);
java.util.List<JpsApplicationRole> appRoles = applicationPolicy.getAllAppRoles();
Step 5: After comparing the roles from legacy with roles from application (simple name string comparision) the role can be added to the security context like this
Security.getCurrentSubject().getPrincipals().add(appRole);
'appRole' is one of the elements from appRoles .
Now the roles are available in the security context
Cheers
No comments:
Post a Comment