ADF Security Framework: Overview
The goal of the Oracle ADF security framework is to provide a standard set of security features that typical ADF applications require, so that the individual applications need not contain their own mechanisms.
JAAS requires custom code at the application level that makes implementing authorization more difficult. Oracle ADF Security simplifies the implementation of a JAAS authorization model by exposing it in a declarative way on various Fusion Web application resources that JDeveloper supports.
Java EE security roles are flat, but ADF security provides simplified permission assignment by using hierarchical roles, allowing for inheritance of permissions.
You can use the ADF Security utility methods in EL to determine whether the user is allowed to perform a known operation, such as accessing a particular task flow or data value.
Within the Oracle ADF framework, JAAS-based security is enforced by the ADF binding servlet filter and the ADF Model Layer of the application. The filter is configured to protect ADF resources and requires the current user to have sufficient access right grants to view the ADF resource, thus providing a much more granular approach to security.