When you work with WebCenter Portal navigation model you do not have the possibility to set the security there or to define which element which user or role for example is able to see it. You can go even farther and for example define some navigation model, which should be rendered based on ID naming convention.
To solve this issue in WebCenter you do have the possibility to develop custom navigation filter. This filter extends exactly the same interface like the custom catalog, this is the CatalogDefinitionFilter interface. This is the example code of how to do it:
import java.util.Hashtable;
import oracle.adf.rc.catalog.CatalogElement;
import oracle.adf.rc.spi.plugin.catalog.CatalogDefinitionFilter;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import oracle.adf.share.ADFContext;
import oracle.adf.share.security.SecurityContext;
public class NavigationFilter implements CatalogDefinitionFilter { public NavigationFilter() { super();
}
public boolean includeInCatalog(CatalogElement catalogElement,
Hashtable hashtable) {
// ExternalContext ectx =
// FacesContext.getCurrentInstance().getExternalContext();
System.out.println("----!!!---Custom navigation filter"); System.out.println("----!!!---Custom filter value: " + catalogElement.getId());
if ("home".equalsIgnoreCase(catalogElement.getId()) || "pages".equalsIgnoreCase(catalogElement.getId())) { System.out.println("----!!!---This is the home page"); return true;
}
if (isAuthenticated()) { System.out.println("User is authenticated, his name is: " + getCurrentUser());
for (String role :
ADFContext.getCurrent().getSecurityContext().getUserRoles()) {
System.out.println("role " + role);
}
SecurityContext sec = ADFContext.getCurrent().getSecurityContext();
if (sec.isUserInRole("baRole")) { System.out.println("--!! Yes USER is in ROLE"); return true;
}
}
System.out.println("----!!!--- Non of the above get out"); return false;
}
// is the user authenticated
public boolean isAuthenticated() { return ADFContext.getCurrent().getSecurityContext().isAuthenticated();
}
// get current user
public String getCurrentUser() { return ADFContext.getCurrent().getSecurityContext().getUserName();
}
}
Now this example of custom filter shows you some technics you can use inside, to choose if some navigation is able to render or not. For example using this you can approve if the user is authenticated
public boolean isAuthenticated() { return ADFContext.getCurrent().getSecurityContext().isAuthenticated();
}
or you can check if the user has the specific role to load this navigation model:
SecurityContext sec = ADFContext.getCurrent().getSecurityContext();
if (sec.isUserInRole("baRole")) { System.out.println("--!! Yes USER is in ROLE"); return true;
}
Also inside this filter you have access to the ID’s of the elements into the navigation model:
so you can also check for example if specific ID should be rendered or not:
if ("home".equalsIgnoreCase(catalogElement.getId()) || "pages".equalsIgnoreCase(catalogElement.getId())) { return true;
}
Knowing this you can bind for example security with element ID’s, or you can render navigation model element depending on the context path for example.
How to use this filter? Very simple, inside your navigation model put the name of the Navigation Filter class you implemented: <namespace>.CustomNavigationFilter, like shown bellow.
