Defining Users and Roles in the Identity Store

In ADF security, a realm is a set of users and roles in an identity store. You create the users and roles, and then you assign the users to roles.

You can use the same realm for many different applications. Within a realm, applications participate in browser-based single sign-on, so that being authenticated in one application in a realm means that you do not have to be authenticated again in another application in the same realm, as long as you do not close the browser between requests.

A default realm is a policy space that is used whenever no realm is explicitly mentioned during the user login process. The default realm is, but you can create additional realms as needed.

The identity store can be file-based or LDAP-based, with grants stored in an LDAPv3-compliant directory, such as Oracle Internet Directory. You may want to seed the identity store with a temporary set of users to mirror the actual users’ experience in your production environment.

To add test users, perform the following steps:

1. Right-click jazn-data.xml and select Properties.

2. In the Edit JPS Identity & Policy Store dialog box, expand the realm and select the Users node, and click Add to add logon name and credentials. (If there is no node, you can add it, or create an additional realm.)

Note: By default, the anonymous-role built-in role is a member of the test-all role, so any resources granted to test-all do not require a login.