First page Back Continue Last page Text

oracle adf workshop


Files Modified by Configure ADF Security Wizard: web.xml

The web.xml file contains configuration and deployment information for a Web application. When you define ADF authentication, the Configure ADF Security Wizard modifies the web.xml file as follows:

Defines the authentication servlet

Provides the servlet mapping for enforcing security

Defines a security constraint on authentication Web resource (you may use this page to add further security constraints)

Defines the login configuration

Specifies required security roles (you may use this page to add further roles)

The web.xml file is in the /public_html/WEB-INF subdirectory of the UI project.

Because every user of the application is required to be able to log on, the security constraint defined against the ADF authentication servlet should allow all users to access this Web resource. As such, the security role associated with the constraint should encompass all users. To simplify this task, the valid-users role is provided.

Note: You must not delete the adfAuthentication constraint from the web.xml file. Deleting it would prevent users from logging on to the application in the manner supported by ADF. Any other static security constraints would continue to work and invoke a login if required.