Adf security login system

Similar Messages

• Web Center app with ADF Security - login problem

  I have a custome Oracle Web Center app.
  I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
  P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
  Edited by: new_to_webcenter on 18-Jan-2011 05:25

  Thanks for your response Frank.
  The web.xml has
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.html</form-error-page>
  </form-login-config>
  </login-config>
  When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
  "/faces/postLogin.jspx"
  this then adds into web.xml
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/postLogin.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  So the sequence which works is:
  Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
  I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
  So should the form be posting to j_security_check directly or to the adfAuthentication ?

• Secure Login System

  I know that this might be quite simple to advanced PHP users and CSS coders but I am new to that sort of thing. Although I am very advanced in HTML and with computers in general, and dreamweaver, but I am confused on how I would go about adding in a secure login system for my sites users to use and a member area for their profiles they can use and such. I have done a lot of looking around and research on how to do this and all I have seem to find are terrible youtube videos on how to do MSQL which is doesnt really comply with DW, and other numerous sites offering paid for exstentions for such a thing.
  Is there any easy way to do this such as somone who has (or can) write a easy to cpy and paste code that allows this. I know that sounds weak and lazy but I dont understand any other way to do this. Im kinda on a low budget which is why I make websites in the firstplace. So if anyone can lead me in the right direction or just help me in some or any way at all i would really appreciate it.
  Thanks.

  The Dreamweaver Help files contain instructions on how to build a login system. There's also an online tutorial by Sherri German (a very reliable writer on Dreamweaver). Sherri's article is based on the original release of the user authentication server behaviors as a Dreamweaver extension. The server behaviors are now built into Dreamweaver, so you don't need an extension.

• Oracle ADF Security Login page

  hi.
  I am using oracle ADF 11.1.2.2.0 (oracle Jdevelopr 11g release 2) in my job environment. There are 3000 users working as client level in our company. They have separated user Id and roles. They can change their passwords. There are expiration period for passwords which is handle by in database level. when the employees are going to terminate or retirement , we can control their login status. that mean we change their Active status as a Inactive status. some times we recruit number of emplooyes for cover our business targets. Their User Id also in database table level.
  My main problem is how we can handle number of employees using Oracle ADF security configuration.
  second one is how user can change their passwords.
  Third is how number of employees going to terminate ,handle their Active/Inactive State.
  Fourth one is If we use this Oracle Security system ,project managers or project cordinator or Adminstrator level authenticator must need to deploy time to time war file, because of adding removing users in jazn-data.xml.
  hoping help from you.Thanking for all.

  So, you can define SQLAuthenticator/SQLReadOnlyAuthenticator on Weblogic which will retrieve users from your db table(instead of jazn-data file) to application server.
  Then, in your application you can enable ADF Security and this will generate login page.
  And, this is it :)
  If you need some custom processing before users login to your app, then you can create custom login page and do whatever you want in Java code:
  http://docs.oracle.com/cd/E16162_01/web.1112/e16182/adding_security.htm#BABDEICH
  >
  But 11g has Database connection in Application Resource. Using that connection I need to log to the system using user's User iD and Password
  >
  This connection is valid only in design time. When you deploy your application to application server, then you can include this connection in .ear file, or you can define Data Source on Weblogic(which is better approach).
  To programmatically retreive db connection, you can create utility method in your Application Module.
  Dario

• Web Center app ADF Security - login problem

  I'm making an Oracle Web Center app.
  I have an app page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.

  Ah so when you try to access a JSPX page it works but when you try to access an HTML page it does not work?
  I can't see what the problem could be if it works for a JSPX but not for an HTML. Perhaps something with the filters in the web.xml
  Maybe you should ask this at the ADF forum: JDeveloper and ADF
  The guys there have way more understanding about this stuff than here.

• Process of login with ADF security

  Hi,
  I was looking at how to implement the process of Login with the ADF security using JDev 11g and I feel very good...
  My question is if it is possible to use this tool in case of use a container as Tomcat 6.x or JBoss. If it is possible to use ADF security for these containers, what should be configured to work?

  Hi,
  ok, I'd like to use authorization with ADF security, but as you say it is not possible in Tomcat. well, but could implement it, if there must be 3 users with different roles of the little system that I want to develop. Any idea?. There maybe a small example with user roles to use without authorization of ADF security?.

• Jdev 10.1.3.1 "ADF Security": Application without a custom login page?

  Hi,
  We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
  After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
  Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
  Thanks,
  Annie

  Brenden,
  Thank you so much for the reply. This is our code in the web.xml:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
  If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
  regards,
  Annie

• Error While Login ADF Security Sample Application

  Hi All,
  Jdevloper Version : 11.1.1.5.0
  we are Creating ADF Login Application contains login.jspx and main.jspx pages.
  we define ADF Security on this Sample Application.
  when we provide valid credentials to login(username and password) it shows Error:
  Error 404--Not Found
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.5 404 Not Found
  The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
  If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
  The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
  that an old resource is permanently unavailable and has no forwarding address. 
  ManagedBean(BackingbeanScope) doLogin():
           public String doLogin() {
          String un = _userName;
          byte[] pw = _password.getBytes();
          FacesContext ctx = FacesContext.getCurrentInstance();
          HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
          try {
              Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
              weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
              String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
              HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
              RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
       ctx.responseComplete();
      catch (FailedLoginException fle)
                  FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
                  ctx.addMessage(null, msg);
          return null;
  In ADF Security We Define :
  User : admin1
  Enterprise Role  : ManagerGroup(added user admin1 to this EnterpriseRole)
  Application Role : Manager
  Resource Grants  : Resource Type : Web Page
                             login page
                            main  page -  Granted Role(Manager)
  jazn-data.xml file
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
    <jazn-realm default="jazn.com">
      <realm>
        <name>jazn.com</name>
        <users>
          <user>
            <name>admmin1</name>
            <display-name>admmin1</display-name>
            <credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
          </user>
        </users>
        <roles>
          <role>
            <name>ManagerGroup</name>
            <display-name>ManagerGroup</display-name>
            <members>
              <member>
                <type>user</type>
                <name>admmin1</name>
              </member>
            </members>
          </role>
        </roles>
      </realm>
    </jazn-realm>
    <policy-store>
      <applications>
        <application>
          <name>ADFLogin</name>
          <app-roles>
            <app-role>
              <name>Manager</name>
              <class>oracle.security.jps.service.policystore.ApplicationRole</class>
              <display-name>Manager</display-name>
              <members>
                <member>
                  <name>ManagerGroup</name>
                  <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
                </member>
              </members>
            </app-role>
          </app-roles>
          <jazn-policy>
            <grant>
              <grantee>
                <principals>
                  <principal>
                    <name>Manager</name>
                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                  </principal>
                </principals>
              </grantee>
              <permissions>
                <permission>
                  <class>oracle.adf.share.security.authorization.RegionPermission</class>
                  <name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
                  <actions>view</actions>
                </permission>
              </permissions>
            </grant>
          </jazn-policy>
        </application>
      </applications>
    </policy-store>
  </jazn-data>
  Please help us how to resolve it.
  Thanks,
  kumar

  A best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
  I guess your resource grants are not set correctly.
  Timo

• Login.jspx page refreshing in infinite loop in adf security

  HI,
  I have applied adf security to my application. If i create page def for login.jspx page it is refreshing in infinite loop.
  Thanks,
  Nitesh

  troubleshoot this issue as described in the post
  Thanks
  KT

• About login authentication in ADF Security

  I have applied ADF Security in application which I learned from the Cue Cards example and I did it successfully but I wanted to change the login page.
  So I created a PopUp which I learned from "Oracle JDeveloper 11g Handbook A Guide to Oracle Fusion Web Development" and instead of the Menu Button, I used a Go Link Button as I had done in the Cue Cards example.
  But the problem is how to manage the login/logout authentication. As in the book I created a managed bean to handle login and the code is :
  package inventory.controller;
  import java.io.IOException;
  import javax.faces.application.FacesMessage;
  import javax.faces.context.FacesContext;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.login.FailedLoginException;
  import javax.security.auth.login.LoginException;
  import javax.servlet.RequestDispatcher;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import weblogic.security.SimpleCallbackHandler;
  import weblogic.security.services.Authentication;
  import weblogic.servlet.security.ServletAuthentication;
  public class LoginHandler {
  private String _username;
  private String _password;
  public LoginHandler() {
  super();
  public String performLogin() {
  byte[] pw = _password.getBytes();
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  CallbackHandler handler = new SimpleCallbackHandler(_username, pw);
  try {
  Subject mySubject = Authentication.login(handler);
  ServletAuthentication.runAs(mySubject, request);
  String loginUrl =
  "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId();
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  sendForward(request, response, loginUrl);
  } catch (FailedLoginException fle) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
  "An incorrect Username or Password" +
  " was specified");
  ctx.addMessage(null, msg);
  } catch (LoginException le) {
  reportUnexpectedLoginError("LoginException", le);
  return null;
  private void sendForward(HttpServletRequest request,
  HttpServletResponse response, String loginUrl) {
  FacesContext ctx = FacesContext.getCurrentInstance();
  RequestDispatcher dispatcher = request.getRequestDispatcher(loginUrl);
  try {
  dispatcher.forward(request, response);
  } catch (ServletException se) {
  reportUnexpectedLoginError("ServletException", se);
  } catch (IOException ie) {
  reportUnexpectedLoginError("IOException", ie);
  ctx.responseComplete();
  private void reportUnexpectedLoginError(String errType, Exception e) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected Error During Login",
  "Unexpected Error during Login (" + errType +
  "), please consult logs for detail");
  FacesContext.getCurrentInstance().addMessage(null, msg);
  e.printStackTrace();
  public String performLogout() {
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  String logoutUrl =
  "/adfAuthentication?logout=true&end_url=/faces/home";
  sendForward(request, response, logoutUrl);
  return null;
  public void setUsername(String _username) {
  this._username = _username;
  public String getUsername() {
  return _username;
  public void setPassword(String _password) {
  this._password = _password;
  public String getPassword() {
  return _password;
  But as I run the page and click the login link, it displays the PopUp box but I think it can't get the username and password from the field inserted and displays the error message specified in the above code(ie in try/catch) when I enter the required username and password and click the login button. So is there something in the code, I ran the application TUHRA which I downloaded, which was an example in the book I specified. and it went well and the login popup worked well.
  And I want to know that how to work the button by just pressing Enter key without clicking the button ? And also is there procedural change in the ADF configuration in jDev 11.1.1.1.0 and jDev 11.1.1.5.0 as I have jDev 11.1.1.5.0 installed and there was something different in following the steps specified in the book but I managed it by looking at the cure cards example. So is this the steps problem or something else?
  Thanks in advance.

  I didn't design the login page but I just created a PopUp window and in the popup window I inserted two Input text fields for username and password.
  And i set the 'value' of the username field as "#{login.username}" and the 'value' of the password field as "#{login.password}"
  Also in the login button the "action" set to #{login.performLogin}.
  And the button which I use to display the popup is a Go Link button, the "Destination" is set to "#{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/home.jspx" : "/adfAuthentication?success_url=/faces/home.jspx"} ".
  I inserted the popup inside the Go Button in the structure window.
  And Added the managed bean in the adfc config.xml with the following properties:
  Name as “login”
  Class as “inventory.controller.LoginHandler”
  Scope as “request”
  If I don't use the popup and login with the default generated login form , the login is successful
  And also when i removed the ADF security configuration, the meta data didn't go away and when i reconfigured the security some error is diplayed in the log details as cannot create or something like rewrite the users.
  Please help I don't have much time to complete my project. its an emergency.
  Edited by: SudeepShakya on Nov 4, 2011 10:06 AM

• Show images without login in ADF security

  Hi,
  I use JDeveloper 11.1.1.0.0.
  I use ADF Authentication Security. I use some images to login.html page but I can't see these images without authentication.
  can anybody help me?
  Thanks very much

  Hi,
  this is because you protect the application root "/". I assume you only enabled ADF Security for authentication.
  Frank

• ADF Security using sqlauthenticator issue unable to login

  Hi,
  AM using jdev 11.1.2.3
  I followed these blogs to configure adf security using sql authenticator
  http://biemond.blogspot.in/2008/12/using-database-tables-as-authentication.html
  http://hazem-adf-tips.blogspot.in/2012/06/adf-security-database-authentication.html
  am unable to login.. I can able to see the users and roles in WL admin console. When i am giving the user credentials it is redirecting to error page saying unauthorized .
  plz can anybody help me out from this issue.
  Thanks,
  Nitesh

  HI Timo,
  I have created application roles admin and user. Unable to create enterprise role with same name. When i am trying to map application role with enterprise role it is not displaying in mapping window..
  The following log message
  Removing existing role admin
  creating new role admin.
  with this it is recreating the new role and role id gets change when ever i m restarting my server and deploying the application..
  Thanks,
  Nitesh

• Configure BO System to Accept Secure Login Certificate

  Hello,
  I installed Netweaver SSO 2.0 Secure Login Server.
  Configured ABAP and Java Systems' SSO.
  I have also Business Object system in my landscape.
  Is it possible to login BO system using secure login server certificate?
  If yes how can we configure? Is there a document for this?
  Thanks.
  Yuksel AKCINAR

  Hello Yuksel,
  Please, find the documentation - BI Platform Administrator Guide: http://help.sap.com/businessobject/product_guides/sbo41/en/sbo41sp3_bip_admin_en.pdf
  Look at the section: "9.2.4 Enabling Trusted Authentication"
  I hope this will help you to find a solution.
  Best regards,
  Donka Dimitrova

• ADF Security: javax.servlet.jsp.JspException: Cannot find FacesContext

  Hi,
  In my ADF Application, new users are to be allowed to Register by clicking a button in login page. The Application is based on ADF Security Wizard and I have created default pages for Login and Error, so the application's login page is login.html.
  Now when I’m trying to navigate to 'NewUserRegistrationPage.jspx' Im getting javax.servlet.jsp.JspException: Cannot find FacesContext error.
  I thought the issue might be from calling a .jspx from .html so I created a 'NewLogin.jspx' Page with below code and specified this page in ADF Security Wizard for Login Page.
  Please advice me some way of calling the 'newRegistrationpage.jspx' from my login page.
  Im using JDeveloper 10.1.3.4.
  Page Code:
  <?xml version='1.0' encoding='windows-1252'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:af="http://xmlns.oracle.com/adf/faces"
  xmlns:afh="http://xmlns.oracle.com/adf/faces/html">
  <jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
  doctype-system="http://www.w3.org/TR/html4/loose.dtd"
  doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN"/>
  <jsp:directive.page contentType="text/html;charset=windows-1252"/>
  <f:view>
  <html>
  <head>
  <title>Login</title>
  </head>
  <body><form method="POST" action="j_security_check">
  <font face="Verdana" color="Navy">
  <table cellspacing="2" cellpadding="3" border="0" align="center">
  <tr>
  <th>Username:</th>
  <td>
  <input type="text" name="j_username"/>
  </td>
  </tr>
  <tr>
  <th>Password:</th>
  <td>
  <input type="password" name="j_password"/>
  </td>
  </tr>
  </table>
  </font>
  <p align="center">
  <input type="submit" name="submit" value="Submit"/>
  <input type="button" name="" value="Request Password"/>
  <input type="button" name="" value="New User Registration"/>
  </p>
  </form></body>
  </html>
  </f:view>
  </jsp:root>
  Error::
  javax.servlet.jsp.JspException: Cannot find FacesContext     at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:427)     at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java:125)     at webpages.REACHLoginPage_jspx._jspService(_REACHLoginPage_jspx.java:47)     [WebPages/REACHLoginPage.jspx]     at com.orionserver[Oracle Containers for J2EE 10g (10.1.3.4.0) ].http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)     at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)     at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594)     at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.unprivileged_forward(ServletRequestDispatcher.java:259)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.access$100(ServletRequestDispatcher.java:51)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher$2.oc4jRun(ServletRequestDispatcher.java:193)     at oracle.oc4j.security.OC4JSecurity.doPrivileged(OC4JSecurity.java:284)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:198)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.FormHttpAuthenticator.reject(FormHttpAuthenticator.java:83)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6435)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3030)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:738)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)     at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)     at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234)     at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29)     at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)     at java.lang.Thread.run(Thread.java:595)
  Edited by: Manasa Tadi on Jul 1, 2009 11:52 PM

  Hi Branislav,
  Thanks a lot for your suggestion through which now Im able to navigate to NewRegistration page from login.html.
  In my application login.html is under public_html folder where as the NewRegistration page in public_html/WebPages.
  Code I used:
  New User Registration
  But the issue now is, the NewUserRegistrationPage was also under the ADFSecurity, so inorder to navigate to it again the user had to provide authentication. So, I have removed this particular page from Security and it has started to work.
  But the issue now I face is something else. In the NewUserRegistrationPage I have a selection to be made by user about the type of user he is and based on the selection he would be navigated to next page, This next page has a VO on it as a 'create form', through which he can directly fill the form and submit his details to database table.
  But as I have removed these pages from ADF Security and authentication, the form fields/attributes in the VO are not getting binded, Im getting this Exception:
  500 Internal Server Error
  javax.faces.el.PropertyNotFoundException: Error testing property 'inputValue' in bean of type null
  For testing purpose when I have provided link from application page to NewRegistrationPage the flow is working properly, able to navigate to second page and submit the filled form to database, I think this is working because we have entered the application after providing the login credentials.'
  Help in this greatly needed.
  Thanks,
  Manasa.

• Oracle ADF security integration with Oracle E-Business Suite SDK JAAS

  I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
  When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
  I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
  When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
  Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  Any thoughts on why that would be?
  Thanks
  Dan

  Thanks Juan.
  With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
  [JpsAuth] Check Permission
  PolicyContext: [TestApp]
  Resource/Target: [untitled1PageDef]
  Action: [view]
  Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
  Result: [FAILED]
  Evaluator: [ACC]
  Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
  CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
  Principals=total 2 of principals(
  1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
  2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
  When I access the same page from my integrated weblogic server I see:
  [JpsAuth] Check Permission
  PolicyContext: [TestApp]
  Resource/Target: [untitled1PageDef]
  Action: [view]
  Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
  Result: [FAILED]
  Evaluator: [ACC]
  Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
  CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
  Principals=total 2 of principals(
  1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
  2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
  When I review my EAR - I do see jazn-data.xml at:
  /META-INF/jazn-data.xml
  I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
  Thanks.
  -Dan