Leaving out security?
Am I the only one who doesn't consider this to be the brightest of ideas?
Just to make sure that this really was what I thought it to be I looked up the ADF Security and ended up on this page (Oracle article). A small quote: "The goal of ADF Security is to ease and promote secure application development based on standard J2EE security features and the Java Authentication and Authorization Service (JAAS).".
Now, I realize that there's always the standard EE layer and the, as mentioned above, JAAS. Even so I think that when you're dealing with web applications the one thing not to ignore is the security part.
It would have made a lot more sense to me if Oracle left out some of the parts which made setting up the "eye candy" easier than actually and effectively risking to reduce security.
Have they already forgotten the issues with Java 7 ?