Programmatically Accessing ADF Security Context
You can use methods of the ADF Security context to obtain information about users and roles.
Because the enforcement of Oracle ADF Security can be turned on and off at the container level independent from the application, you should determine if Oracle ADF Security is enabled before making permission checks. You can evaluate the isAuthorizationEnabled() method to achieve this.
It is not possible to check if the user principal is null to determine if the user has logged on or not, because it is either anonymous for unauthenticated users or the actual user name for authenticated users. You can use the isAuthenticated() method to determine if the user has authenticated.
You can determine the current user name (either anonymous for unauthenticated users or the actual user name for authenticated users) with the getUserName() method.
You can use the isUserInRole() method to determine if the user is a member of a specified role.
It is a good idea to make user and role information available throughout the application by using session-scoped beans.