Skip to main content

User Database Tables to implement authentication in ADF

It is always a common requirement for a developer to use the database to store user authentication info, such as user name, password, user role, etc. User authentication database provider is available both in iAS 10g and Weblogic 11g, but it's different in their implementations.

In Oracle Application server 10g, the security guide is well documented on how to setup and use the custom login module to implement security using database tables as the source provider. Frank has well documented the steps here. Several good blogs have also noted on this (link 1, link 2). The custom login module DBTableOraDataSourceLoginModule is avaiable in OC4J 10g.

As in Weblogic 11g, the login module is not available directly but instead another provider called SQL Authenticator takes the role. Edwin Biemond has documented an working example on setup SQL authenticator in 11g: Using database tables as authentication provider in WebLogic  and Using a WebLogic provider as authentication for ADF Security in 11G

Edwin's examples is based on Jdeveloper 11g with version: 11.1.1.0.31.51.88. If you are using the most recent version which is 11.1.1.2.36.55.36 up to now, there is slightly difference in setup of ADF security wizard in Jdeveloper 11g. Actually it's easier, because you just need to take the defaults in the wizard and make some changes in only 3 files: jazn.xml, web.xml and weblogic.xml.

It is very common and reasonable that you cannot take clear text as the password stored in the database. So you need to encypted it. You will find very useful info on Chris Muir's blog (part I and part II)

Chris used the Oracle Stored procedure (dbms_crypto) to encrypt clear text password into encrypted one,  but we can always use java API to do this task. Here is codes:
public String encodePassword(String clearTextPassword) {
        DBLoginModuleSHA1Encoder pwEncoder = new DBLoginModuleSHA1Encoder();
        String encodedPassword = pwEncoder.getKeyDigestString(clearTextPassword, null);
        String wlsEncodedPassword = "{SHA-1}" + encodedPassword;
        return wlsEncodedPassword;
    }

Comments

Unknown said…
They talk with them through the phone to discuss complaints and other issues. Mails, snail or electronic, are send to make sales invitations.

Database Provider