Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "And there was more news..."] [Next entry: "OraDep - A tool for analysing dependencies"]

Frank Nimphius talks about showing/hiding UIX components based on isUserInRole()



I was surfing the other day and found a post on Frank Nimphius' web log. He writes about Oracle and also about security in J2EE with an Oracle slant. So I check out his site from time to time. I found this post entitled J2EE security: Dynamically show/hide UIX components based on an isUserInRole() J2EE security evaluation. This is an interesting post from Frank.

The post starts by referencing a new paper that he has recently written called http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf - (broken link) J2EE Security in Oracle ADF Web Applications. This is a 54 page paper and focuses on applying J2EE security to web applications built with the Oracle Application Developer Framework (Oracle ADF) and Apache struts. I have not read it yet, i will do tonight I hope but from skimming it after downloading it looks very interesting.

Franks blog entry is about how dynamically show / hide UIX components based on the users J2EE security role membership. Frank says that he shows how to do this in his paper for JavaServer pages using the struts request tag library. This is not possible for UIX pages. Frank goes on to explain how to do this with an example that uses Expression Language and an indirect way of accessing isUserInRole().