In one of our ADF Training batches, we had noticed an issue related to ADF Security not working on the authorization part when enabled on a Oracle ADF REST API.The authentication part was working fine, but the authorization was failing on ADF 12.2.1.2.0
After scratching the head for few hours, the solution has been arrived at...Thanks to Google Search and Andrejus Post.
Issue : Authentication was working but Authorization was not working in ADF REST API.
http://andrejusb.blogspot.in/2016/02/basic-authentication-hint-for-adf-bc.html
Please modify following on the web.xml to fix the issue.
Replace
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
With
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>RESTServlet</web-resource-name>
<url-pattern>/rest/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
