Creating a Login Page
Oracle ADF Security allows for implicit and explicit authentication:
- In an implicit authentication scenario, if a user who is not yet authenticated tries to access a web page associated with ADF security-aware resources that are not granted to
anonymous-role, then authentication is triggered dynamically. After the user successfully logs in, another check will be done to verify whether the authenticated user has view access granted on the requested page’s ADF security-aware resource.
- In an explicit authentication scenario, your application has a public page that displays a login link, which, when clicked, triggers an authentication challenge to log in the user. The login link may optionally specify some other target page that should be displayed (assuming the authenticated user has access) after the successful authentication.
The implicit authentication scenario is handled for you by default when you run the Configure ADF Security wizard, as described in Section 30.3.5, “What You May Need to Know About ADF Authentication.”
To handle the explicit authentication scenario you need to replace the
allPages security constraint added to the
web.xml file by the Configure ADF Security wizard and trigger an authentication challenge using the security constraint defined for the ADF authentication servlet.
To explicitly handle user authentication:
- Create a login link component and add it to the public home web page for your application.
- Create managed bean to handle the login attempts by the user.
- Create the login page using ADF Faces components.
- Configure the container-managed deployment descriptor (
web.xmlfile) to use the ADF Faces login page.