Wednesday, September 26, 2012

ADF Data Security using a dummy view criteria



Many applications have requirement that a user should has access to a subset of data. In most cases the user access settings are stored in a database table. Using this approach you can implement this feature flexibly on different views of information. Below are the steps.

1.        Create a class that extends ViewObjectImpl.

2.        Override the getCriteriaAdapter method from ViewObjectImpl.
    @Override
    public CriteriaAdapter getCriteriaAdapter() {
        return new DSCustomCriteriaAdapter();
    }

3.        Create a new class that extends CriteriaAdapterImpl.

4.        Override the method getCriteriaClause from CriteriaAdapterImpl. Use this method to generate data security clause.
    @Override
    public java.lang.String getCriteriaClause(oracle.jbo.ViewCriteria criteria) {
}

5.        Use this as the class for all the view object that need data security.
o    For classes that do not have a custom implementation, navigate to view object -> java tab -> Edit Java class -> use class Extends button -> provide this custom class in the Object property. The xml would be modified as below
  ComponentClass="com.adfSpecialists.dataSecurity.model.util.DSViewObjectImpl">
o    For classes that have a java implementation, simply change the code to extend this class.
public class DSViewObjectImpl extends ViewObjectImpl {

            6. Add the dummy view criteria to all the view objects that need data security.
o    Eg: DS_DUMMYVC__EmployeesEO__DEPARTMENT_ID
o    EmployeesEO is the table alias and DEPARTMENT_ID is the constrained column. i.e logged in user would have access to only few departments.
                
7. In the application module configure the view object instance and shuffle the dummy view criteria.

8. Now let’s look in detail at the getCriteriaClause implementation in custom curiteria adapter.
@Override
    public java.lang.String getCriteriaClause(oracle.jbo.ViewCriteria criteria) {
        String viewCriteriaName = criteria.getName();
        if(viewCriteriaName.contains("DS_DUMMYVC")){
            String[] viewCriteriaAttrs = viewCriteriaName.split("__");
            //viewCriteriaAttrs[0] holds the view criteria identifier
            //viewCriteriaAttrs[1] holds the table alias
            //viewCriteriaAttrs[2] holds the attribute alias
            String userName = ((ApplicationModuleImpl)criteria.getViewObject().getApplicationModule()).getUserPrincipalName();
            //now generate a clause using your security clause
            return " "+viewCriteriaAttrs[1]+"."+viewCriteriaAttrs[2]+" IN (" +
                   " Select Department_Id from Data_security where user_name = '"+userName+"')";
        }else{
            return super.getCriteriaClause(criteria);
        }
    }

You can download the full example here.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...