Security Checkpoint - Web Client considerations

If you are new to "Security Checkpoint" concept then you'd better read About Security Checkpoint first.

After you developed the Security Checkpoint in the database IFS Web Client framework will automatically support it. You don't need to implement anything specific for the Web Client. However there are a few limitations and this document describes them.

The limitations exist because a web interface is less "controlled" than a thick client, and cannot be as tightly controlled. You as a developer must adapt to these limitations when developing a security checkpoint which will affect IFS Web Client.

Basically, IFS Web Client open the authentication dialog and set the working window state to one step back in history whenever an exception of type ifs.fnd.base.ManualDecisionException occurs. When the user submit the password, the framework automatically submit the previous request to the server with the given password and the user id. For this to work smoothly IFS Web Client framework expects followings.

  1. The previously failed action has been implemented  following the standard methods. Such as standard command bar action or custom command action (RMB).
  2. Sine the failed request to the web server will be resent just after the authentication, all the operations will be re-run. Hence it is highly recommend not to have several database transactions which causes the database state to change in that particular (where ever you need a security check point) request. If  you really need to have several  database transactions (which cause a change to database state) in that request make sure to have the  database transaction with security check point as the very first transaction.