❯ /plan
⎿ Enabled plan mode
❯ 目录docs下有两个文件securing-applications.md和securing-applications.txt是Oracle Fusion Cloud Applications Suite 安全用户文档(2种不同的格式),我需要借鉴Oracle Fusion Cloud
Applications Suite 安全设计用于open business 企业管理软件/业务应用软件 的安全;现在需要编写安全需求文档和postgresql数据库设计,但是这两个文件securing-applications.md和securing-applicat
ions.txt有非常明显的问题:没有图形界面设计,关于安全的内部原理没有任何描述,功能描述条理性缺乏,功能描述原子性不够,这都影响了将来的jakarta
ee类的设计及编码。所以我还在docs目录下提供了一些界面设计的图,以及需求文件安全需求规格说明书.docx,要特别主要这个需求文档的第四部分 版本路线图:刚开始的时候主要完成Oracle Fusion Cloud
Applications Suite安全用户文档描述的三个功能 用户,角色和用户类别(User Categories),以及Oracle Fusion
Cloud Applications Suite安全用户文档没有描述的部分:安全内部控制原理,功能菜单的维护,总之,第一个版本需要能够支持open business
企业管理软件/业务应用软件的安全功能跑起来就够了,不追求全面的安全功能。
● Let me explore the docs directory and understand the available materials before planning.
Listed 1 directory (ctrl+o to expand)
● Let me read all the source materials in parallel.
Read 1 file (ctrl+o to expand)
● The files are large. Let me read them in portions and examine the images.
Read 1 file (ctrl+o to expand)
● Let me continue reading the key sections and also examine the UI images.
Read 1 file (ctrl+o to expand)
● Let me read the key sections about User Categories and Roles, and also view the UI images.
Read 1 file (ctrl+o to expand)
● Let me now view the UI images and continue reading the roles section of the Oracle doc. Let me launch parallel explore agents to efficiently gather all remaining information.
● Explore(Read Oracle roles section)
⎿ Done (2 tool uses · 37.0k tokens · 43s)
(ctrl+o to expand)
● Now let me view the UI design images and read the requirements document.
Read 1 file (ctrl+o to expand)
● Let me try reading the images and the docx file.
Read 1 file (ctrl+o to expand)
● Let me try extracting the docx content and reading the images differently.
● Bash(which python3 2>/dev/null && python3 -c "
import zipfile, xml.etree.ElementTree as ET, sys, os...)
⎿ /usr/bin/python3
安全需求规格说明书
用例模板
... +81 lines (ctrl+o to expand)
● Let me also quickly view the UI mockup images and read the key parts of the .txt file.
● Bash(for f in /home/clauder/projects/openbusiness/docs/{2,3,4,5,6,7,8,9,10,11,12}.png; do echo "=== (basename f) ==="; python3 -c "
from PIL import Image...)
⎿ === 2.png ===
Size: (1954, 924), Mode: RGBA
=== 3.png ===
... +19 lines (ctrl+o to expand)
● Now I have a comprehensive understanding of all source materials. Let me summarize what I've gathered before creating the plan:
Sources analyzed:
-
securing-applications.md (2988 lines) - Oracle Fusion Cloud security user documentation
-
安全需求规格说明书.docx - Security requirements specification with V1.0 roadmap
-
UI mockup images (2.png through 12.png)
Key findings:
-
The Oracle docs describe Users, Roles (4 types), User Categories, but lack internal security mechanisms and menu management
-
The requirements doc Section 4 (版本路线图) defines V1.0: password login + basic authorization + account locking
-
V1.0 excludes: Analytics, Certificates, Application Extensions, API Authentication, MFA, SSO/SAML
Now let me launch a Plan agent to design the implementation approach based on all this context.
● Plan(Design security V1.0 plan)
⎿ Done (26 tool uses · 83.4k tokens · 2m 22s)
(ctrl+o to expand)
● Let me read the full plan output.
Read 1 file (ctrl+o to expand)
● Now I have a thorough understanding of all materials. Let me write the final plan.
● Updated plan
⎿ /plan to preview
● The plan covers both deliverables --- the security requirements document (10 chapters with atomic, testable requirements including UI behavior and internal mechanisms) and the PostgreSQL
database schema (16 tables following project principles). Let me submit it for your review.
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Ready to code?
Here is Claude's plan:
╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌
Plan: Open Business V1.0 Security Requirements Document & PostgreSQL Database Design
Context
The user has Oracle Fusion Cloud Applications Suite security documentation (securing-applications.md and securing-applications.txt) plus a requirements specification
(安全需求规格说明书.docx) and UI mockup images in the docs/ directory. The Oracle docs describe Users, Roles, and User Categories but have critical gaps: no graphical UI design, no
internal security mechanism descriptions, poor functional organization, and insufficient atomicity of function descriptions.
The user needs two deliverables for Open Business V1.0:
-
Security Requirements Document --- atomic, well-structured, with UI behavior specs and internal mechanisms
-
PostgreSQL Database Schema Design --- supporting the V1.0 feature set
V1.0 Scope (from 安全需求规格说明书 Section 4 --- 版本路线图)
In scope: Users, Roles, User Categories, security internal mechanisms, function menu maintenance, password-based login, basic authorization, account locking
Out of scope: Analytics, Certificates, Application Extensions, API Authentication, MFA, SSO/SAML
Deliverables
Deliverable 1: Security Requirements Document (docs/openbusiness-security-requirements-v1.md)
Document structure (10 chapters):
-
Introduction & Scope --- Purpose, reference architecture (Jakarta EE 11 three-tier), role type model (4 types), role hierarchy rules, V1.0 scope boundaries
-
Authentication & Account Security --- Password login, account auto-lock, admin unlock, password reset, password expiration
-
User Management --- Search, view, create, edit, delete, compare, copy roles, lock/unlock, role assignment
-
Role Management --- Search, create Job/Abstract/Duty roles (wizard), copy, compare, hierarchy visualization (radial/hierarchical views, table view), edit custom roles
-
User Category Management --- Create, edit, delete, password policy configuration, notification templates, redirect URL, assign/remove users
-
Function Menu Maintenance --- Menu tree CRUD, menu items as function security resources, menu simulator
-
Function Security (Authorization Engine) --- Permission model, runtime permission merging (union of all permissions via recursive hierarchy traversal), menu visibility control,
button/action permissions, direct URL interception, authorization check point API, privilege precedence (DENY overrides GRANT), failure handling
-
Data Security --- Data security policy model, policy lifecycle, runtime data filtering via EJB interceptors, data scope types
-
UI Behavior Specifications --- Security Console navigation structure, page layout pattern, creation wizard pattern, multi-select dialog, comparison view, visualization component
-
Management Tab --- General options, role management options, async job status tracking
Each requirement is atomic, testable, and includes UI behavior where applicable.
Deliverable 2: PostgreSQL Database Schema Design (docs/openbusiness-security-database-schema-v1.sql)
Tables (all use sec_ prefix, standard audit columns, no triggers/procedures):
┌────────────────────────────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Table │ Purpose │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_user_categories │ User categories with embedded password policy fields │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_users │ User accounts with lockout tracking, password tracking │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_role_categories │ Role category classification │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_roles │ All 4 role types with discriminator, predefined flag │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_role_hierarchy │ Parent-child inheritance relationships │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_user_roles │ User-to-role assignments (Job/Abstract only) │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_resources │ Function security resources (menu items, pages, buttons, REST endpoints) --- self-referencing for hierarchy │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_permissions │ Actions on resources (VIEW, EXECUTE, CREATE, EDIT, DELETE, etc.) │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_role_permissions │ Role-to-permission grants (GRANT/DENY) │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_business_objects │ Business objects for data security targeting │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_data_security_policies │ Data security policies with WHERE clause conditions │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_role_data_policies │ Role-to-data-policy grants │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_menu_metadata │ Menu-specific metadata (level, default selection, icons) │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_notification_templates │ Email notification templates per user category │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_audit_logs │ Comprehensive audit trail │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_audit_logs │ Comprehensive audit trail │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_async_jobs │ Background job tracking (role copy, user role copy) │
├────────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ sec_management_config │ Key-value config for Security Console settings │
└────────────────────────────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Key Architectural Decisions
- Authorization Engine --- Stateless EJB computing effective permissions at runtime via recursive hierarchy traversal → union of all permissions → DENY overrides GRANT →
session-scoped cache
-
Data Security --- EJB interceptor pattern injecting WHERE clause conditions from user's effective data security policies
-
Menu = Resources --- sec_resources with resource_type='MENU' and parent self-reference serves as both navigation tree and function security targets
-
Aggregate Privilege --- A role record that links to exactly 1 permission + 1 data security policy, always predefined, never inheritable
Role Hierarchy Rules
-
Job/Abstract roles inherit from Duty roles and Aggregate Privileges
-
Duty roles inherit from other Duty roles and Aggregate Privileges
-
Aggregate Privileges inherit from nothing
-
Users are only directly assigned Job Roles and Abstract Roles
-
Predefined roles (code starting with OB_) are not editable
Implementation Order (for future reference, not this task)
- Database schema → 2. Seed data → 3. Core EJB (AuthorizationEngine, PasswordEncoder, AuditService) → 4. User Category EJB → 5. User Management EJB → 6. Role Management EJB → 7.
Menu/Resources EJB → 8. JSF Pages → 9. Authorization integration → 10. Notification engine
Verification
-
Review the requirements document against 安全需求规格说明书.docx Section 4 to confirm V1.0 scope alignment
-
Validate database schema against project principles: no triggers/procedures, standard audit columns, proper normalization
-
Cross-reference each functional requirement with its supporting database tables
-
Verify role hierarchy rules are enforceable through the schema design
● Plan approved. Let me create tasks and start building both deliverables.
● Now writing the security requirements document.
● Write(docs/openbusiness-security-requirements-v1.md)
⎿ Wrote 1293 lines to docs/openbusiness-security-requirements-v1.md
1 # Open Business V1.0 安全需求规格说明书
2
3 ---
4
5 ## 第1章 引言与范围
6
7 ### 1.1 目的
8
9 本文档定义 Open Business V1.0 安全模块的需求规格,涵盖用户管理、角色管理、用户类别管理、功能菜单维护、功能安全鉴权引擎和数据安全策略。本文档为 Jakarta EE 11 三层架构下的设
计、编码、测试和验收提供依据。
... +1284 lines (ctrl+o to expand)
● Requirements document complete. Now the database schema.
● Write(docs/openbusiness-security-database-schema-v1.sql)
⎿ Wrote 821 lines to docs/openbusiness-security-database-schema-v1.sql
1 -- ============================================================================
2 -- Open Business V1.0 --- Security Database Schema
3 -- Version: 1.0
4 -- Database: PostgreSQL 18+
5 -- Principle: No triggers, no stored procedures. All logic in EJB layer.
6 -- Prefix: sec_ (security module)
7 -- Audit columns on every table: created_by, created_at, updated_by, updated_at
8 -- ============================================================================
9
10 BEGIN;
... +815 lines (ctrl+o to expand)
● Let me verify both deliverables are complete.
Read 1 file (ctrl+o to expand)
● Both deliverables are created. Here's a summary:
Deliverable 1: Security Requirements Document
File: docs/openbusiness-security-requirements-v1.md (1293 lines)
10 chapters covering:
-
Chapter 1: Scope, role type model, hierarchy rules, V1.0 boundaries
-
Chapters 2-5: Authentication (6 reqs), Users (9 reqs), Roles (8 reqs), User Categories (8 reqs) --- each requirement atomic and testable
-
Chapter 6: Function menu maintenance (4 reqs) --- menu tree CRUD, resources, simulator
-
Chapter 7: Function security / authorization engine (9 reqs) --- the internal mechanisms Oracle docs don't describe: permission merging algorithm, DENY precedence, check points,
session cache, EJB interface signatures
-
Chapter 8: Data security (5 reqs) --- policy model, runtime filtering via EJB interceptors, scope types
-
Chapter 9: UI behavior specs (6 reqs) --- navigation structure, page layout, wizard pattern, comparison view, visualization component --- addressing the "no graphical UI design" gap
-
Chapter 10: Management tab (4 reqs)
Deliverable 2: PostgreSQL Database Schema
File: docs/openbusiness-security-database-schema-v1.sql (821 lines, runnable DDL)
17 tables in a single transaction:
┌─────┬────────────────────────────┬─────────────────────────────────────────────────────────┐
│ # │ Table │ Rows in ER │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 1 │ sec_user_categories │ User grouping + embedded password policies │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 2 │ sec_users │ Accounts with lockout/expiry tracking │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 3 │ sec_role_categories │ Role classification │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 4 │ sec_roles │ All 4 role types with discriminator │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 5 │ sec_role_hierarchy │ Inheritance relationships │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 6 │ sec_user_roles │ Direct role assignments │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 7 │ sec_resources │ Menu/button/page/REST resources (self-referencing tree) │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 8 │ sec_permissions │ Resource × Action pairs │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 9 │ sec_role_permissions │ GRANT/DENY function permissions │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 10 │ sec_business_objects │ Data security targets │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 11 │ sec_data_security_policies │ WHERE-clause data policies │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 12 │ sec_role_data_policies │ Data policy grants │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 13 │ sec_menu_metadata │ Menu levels, default selection │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 14 │ sec_notification_templates │ Email templates per category │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 15 │ sec_audit_logs │ Immutable audit trail │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 16 │ sec_async_jobs │ Background job tracking │
├─────┼────────────────────────────┼─────────────────────────────────────────────────────────┤
│ 17 │ sec_management_config │ Key-value configuration │
└─────┴────────────────────────────┴─────────────────────────────────────────────────────────┘
Includes seed data: default user category, IT Security Manager role, Employee abstract role, ADMIN user (password=ADMIN), navigation menu tree, notification templates, and management
config defaults. No triggers or stored procedures.
✻ Baked for 7m 31s