How to pass security context in

Similar Messages

• How OSB pass Initial Context parameters to EJB

  For security reasons I have to pass a ticket (through initial context) to legacy system from OSB for calling EJB, below is a code
  Hashtable env = new Hashtable(2);
  env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
  env.put(Context.PROVIDER_URL, connectionUrl);
  env.put(javax.naming.Context.SECURITY_PRINCIPAL, ticket);
  env.put(javax.naming.Context.SECURITY_CREDENTIALS, "");
  InitialContext ctx = new InitialContext(env);
  Object homeRef = ctx.lookup("com.cih.services.contact.interfaces.IContactServiceRemote");
  IContactServiceRemoteHome home = (IContactServiceRemoteHome) javax.rmi.PortableRemoteObject
  .narrow(homeRef, IContactServiceRemoteHome.class);
  IContactServiceRemote ejb = home.create();
  Please let me know how we can pass Initial context parameter from Business service or proxy service to legacy system.
  Thanks

  Hi Russ
  Yes, I've done this too. Basic SQL though will not allow the updating of a table inside a function, so we have to get clever. The trick is to use the PRAGMA AUTONOMOUS TRANSACTION command. Here's an example:
  FUNCTION UPDATE_MYTABLE(P_VALUE IN NUMBER)
  RETURN VARCHAR2 IS
  PRAGMA AUTONOMOUS_TRANSACTION;
  BEGIN
  UPDATE SCHEMA_OWNER.MY_TABLE SET MY_VALUE = P_VALUE;
  COMMIT;
  RETURN('Done');
  END UPDATE_TABLE;
  When the update has been completed the Discoverer worksheet will respond with 'Done'.
  Everyone: don't forget to grant EXECUTE on this function to all of the necessary users, including the EUL owner, and also don't forget to import the function using the Admin edition so that it is available for the users. You will also need to make sure that all necessary users have been granted the UPDATE privilege on the table.
  I hope this helps
  Regards
  Michael

• How to share security context between different application ?

  Hi all,
  I have two applications(ADF faces + BC, JDev 10.1.3.1) deployed into OAS 10.1.3.1.
  The two applications are :
  1) SalesApp -> main menu page = SalesMenu.jspx
  2) ReportApp -> main menu page = ReportMenu.jspx
  I want implement security using CustomLogin.
  The question is :
  How can I share security context between the applications ?
  What I mean is, from SalesMenu.jspx there is one menu item to jump into ReportMenu.jspx, and I want user no need to Login again, Login is once and the user is recognized in the two apps. How to achieve that ?
  Thank you for your help,
  xtanto

  Xtanto,
  actually you can't if these are separate J2EE application deployments. The session is not shared and thus the authentication is lost. I heard that OracleAs is planning to implement a feature that allows you to share the session and thus a context between two J2EE deployments. I am not 100 % sure this is the case and will check with OC4J Product Management
  Frank

• How to get security context in BPEL to get Logged in UserId

  Hi All,
  We have a requirement of getting security context in BPEL flow and from that we want to extract currentUserId. The requirement is to know who has initiated the composite flow. We are not passing userId in the event payload. In ADF we get the same through following expression:
  ADFContext.getCurrent().getSecurityContext().getUserName()
  Is there any similar api which we can access to get currentUserId?
  Thanks,
  Naga

  Hi,
  If your BPEL has oracle/wss_username_token_service_policy you can retrieve the username from the SOAP headers...
  Have a look at this...
  http://yuanmengblog.blogspot.com.au/2012/09/extracting-and-passing-wss-name-token.html
  Cheers,
  Vlad

• How to pass the context from Portal to Database for fine grain access?

  Hi,
  I am developing an omniportlet and I need to pass on the context of the logged in user to the database so that when the user tries to access data in the omniportlet, he can see data relevant to him only. Does anyone know how to do that?
  I have set up a light weight user scott and also has a schema in the database by the same name (scott)..
  what I am trying is when the user logs in as scott in the portal site and runs an omniportlet, he should be dynamically be logged in to scott the schema so that the data visible to him can be restricted. Same should happen for other users as well.
  Does anyone know in which table in the PORTAL schema is this connection information stored, so that I can override it using some API..?
  Thanks,
  Abhi

  I had tried sending the user_name in the sql and that works fine. but my requirement is that the user should login to his schema and only his schema directly and automatically.. such that even if an omniportlet is created using some default schema, when user logs in he can access only the schema meant for him..
  e.g. While running the omniportlet when logged-in as user scott, he should be logged-in to scott schema in the database, so that the fine grain access can be enabled ..
  Edited by: user6386347 on Mar 12, 2009 12:15 PM

• How to pass Security Header from the Physical Service in ODSI

  We have to call a secured Web service using ODSI. We are trying to build a physical service in ODSI using a WSDL which has username token with password text policy inside it. The requests to that web service are bound by the security policy. But ODSI is not allowing us to create a Physical service usin a WSDL with a security policy in it. How can we then pass the security header from the ODSI physical service to the external web service.

  You would need to write a webservice handler for your physical data service to implement the security.
  http://download.oracle.com/docs/cd/E13162_01/odsi/docs10gr3/datasrvc/How%20To%20Create%20SOAP%20Handlers%20for%20Imported%20WSDLs.html

• How to pass kerberos ticket at api level?

  Hi,
  Am relatively new in the domain of Java Security, JAAS and JGSS. After reading the tutorials and examples, I was able to do authentication and message transfer using Kerberos LoginModule. All the examples demonstrates message transfer and credential passing at socket level.
  But in normal scenario's a server application exposes its APIs and the clients invokes remote methods on the server instead of sending data at a socket level.
  My question is can I use kerberos and JGSS to pass security context at api level without adding an arguement for security context in each api call?
  In simple terms, Is it possible to implicitly pass user credential's to server at each api call instead of exchanging/encrypting data at socket level?
  Is there any other mechanism that meets this kind of requirement?
  Thanks,
  Kapil

  Seema, could you please elaborate on how GSS context is established?
  The examples show that context is established after series of message passing between client and server inside a while loop
  while (!peerContext.isEstablished()) {
                     byteToken = peerContext.initSecContext(byteToken, 0, byteToken.length);
                  if (byteToken != null) {
                      outStream.writeInt(byteToken.length);
                      outStream.write(byteToken );
                      outStream.flush();
                  }//if
                  if (!peerContext.isEstablished()) {
                      byteToken  = new byte[inStream.readInt()];
                      inStream.readFully(byteToken );
                  }//if
              }//while (!peerContext...)Is there any other way to establish GSS context ?
  Thanks & Regards,
  Kapil

• How to pass the security context between different OC4J servers

  My problem is the following: it seems that there is no standard J2EE solution in a production environment with more than one J2EE application server products to pass the security context between different J2EE application servers.
  I have a distributed application on two different OC4J servers, let's say that we have the web layer (with servlets) deployed on a server instance Server1 and the EJBs deployed on a second OC4J server Server2. If an user is authenticated at the web tier (in Server1) it gets a Principal object. It seems that the same Principal object cannot be used for authorization in the second application server, Server2. This means that in the server Server2 the authentication should be done again. It means that it should be duplicated the mechanism for authentication on Server2 (together with the passwords, users, and so on), thing that is a clear disadvantage of this approach.
  Do you know if there is a specific OC4J solution for this approach?
  Thank you,
  Marinel

  I have a simmilar issue? Did you succeeded to find a solution?

• Can we pass J2EE security context to a xdp form?

  I am doing a J2ee application developement that a user will logon to the application and open the form,fill it and press submit button to call a web service. The form submit button is pointing to a web service that needs security authentication such as:
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken>
    <wsse:Username>user</wsse:Username>
    <wsse:Password>password</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
  I am wondering how to pass the security header info to the SOAP header so user doesn't have to type user name and password again when hiting submit button since he already logon to the apllication. Can and how the LiveCycle Forms server take the header info from Java API call and fill the submit button SOAP security header?  I got stucked here and I would really appreciate if someone can guide me on this.  Thanks.
  Jinyu

  Is my question in a wrong topic? I want to know how your guys handle the forms web service call with wsse:UsernameToken authentication enabled. Can forms API be used to pass the security header info? Thanks.

• When and how does the message context get removed from the message when we use pass thru send port

  Friends,
  i have a doubt regarding message context.
  Assume i have used XMLRecieve pipeline in the receive side to receive the message so that the message context is created. I.e properties are promoted/written.
  now if we use pass thru transmit pipe line at send side, how and when does the message context get removed from the message?? Since pass thru does not have any stages/components, how does the message context removed and sent out a pure message to destination???
   i mean what exactly happens here to remove the context??
  Ravindar

  Thanks for the reply.
  "The Context is created by the Adapter, regardless of any Pipeline or Pipeline Component.  It has nothing to do with PassThrough vs. XmlReceive, although XmlReceive will write Promoted Properties to the existing Context,
  as can any other Component."
  yeah yeah, adapter does create some properties in context. You are right, i am aware of it. I just missed to explain it clearly. what i meant is addition of context properties will not happen if pass thru used. Thanks its clear.
  "No.  The Context already exists on the Message when it comes from the MessageBox and
  is equally available to any Component in any Stage.  The Context that hits the Pipeline is whatever was last Persisted, either by a Receive Port or Orchestration.  It is not created by the XmlAssembler (XmlTransmit)"
  You are right , the context already exists on the message while it leaves the receive port, and once it persists
  to message box the context and message context gets stored in messages in relative tables.
  Now as you said the components get the message from the last persistence, assume i have a send port(with passthru)
  subscriber and a orchestration subsrciber for this message.
  Orchestration gets the message with context right!!
  if the send sendport(with passthru) also gets message along with context, then where is this context removed/demoted
  while sending it out?.  i guess as per SAAkhlaq said,
  here sendport(with passthru) should get a pure message without context as passthru used. 
  or is it that ultimately send adapter removes the context completely?
  or is it something like biztalk run time load the context from database into cache and both orchestration and send port gets pure message, and if needed they use context from cache???
  sorry i may be troubling you, but i am confused. i hope i am not creating any nuisance with this
  post.
  Ravindar

• Secure empty trash: How many passes?

  When performing a +Secure Empty Trash+ I presume the deleted files are zeroed out, much like when using the +Erase Free Space+ function in the Disk Utility. My question is, if this is indeed the case, how many passes are performed during a +Secure Empty Trash+?

  Way too many. I believe it's seven passes. Don't use it if you are deleting a large number of files because it could literally take days to complete.
  Unless you work for an employer that mandates such security I wouldn't suggest using it. If it needs to be securely erased, then it needs to be encrypted. If it's encrypted then there really isn't a need to use the secure erase option.

• Passing a security context over JMS?

  After using certificate authentication from a browser at the front end, we have to pass some sort of security context over a JMS queue. Whatever I pass needs to be sufficient for reconnection to a 'Data Access' server.
  Has anybody got any ideas/experience?

  Ryan - I ran into the same problem. All the reference info is
  gone once you serialize the object. I have tried
  registerClassAlias('flas.net.FileReference') and that keeps the
  object in tact, but the info is all gone.
  Any other ideas? I need some flex magic here.

• How to pass context based parameters to subquery?

  Hello to All!
  How to pass context based parameters to subquery of custom folder when I schedule workbook?
  Thanks, Oleg

  Hi Russ
  Yes, I've done this too. Basic SQL though will not allow the updating of a table inside a function, so we have to get clever. The trick is to use the PRAGMA AUTONOMOUS TRANSACTION command. Here's an example:
  FUNCTION UPDATE_MYTABLE(P_VALUE IN NUMBER)
  RETURN VARCHAR2 IS
  PRAGMA AUTONOMOUS_TRANSACTION;
  BEGIN
  UPDATE SCHEMA_OWNER.MY_TABLE SET MY_VALUE = P_VALUE;
  COMMIT;
  RETURN('Done');
  END UPDATE_TABLE;
  When the update has been completed the Discoverer worksheet will respond with 'Done'.
  Everyone: don't forget to grant EXECUTE on this function to all of the necessary users, including the EUL owner, and also don't forget to import the function using the Admin edition so that it is available for the users. You will also need to make sure that all necessary users have been granted the UPDATE privilege on the table.
  I hope this helps
  Regards
  Michael

• Set security context

  While using business objects we set the security context as we connect to the database. How would we do that with Crystal Reports?

  Crystal doesn't support it in that way. You simply enter the log on info, User Name and Password, and Cr connects. You can use a Universe to set up Security Context and Cr then passes the user info through and the Universe handles what the user can and can not see.
  This generalizing because you did not say what DB you are using or what version of Crystal Reports.
  Or if you are using the OEM build for Business One...
  There is in later versions a Special Field to get/set the CEUser which you can use in the record selection formula.
  Don

• How to pass a list of parameters to a query?

  Hi,
  I use OracleXE 10 Database with JDeveloper 11g.
  In my project I use a Toplink mapping to get access to the database (Toplink Object Map file). This mapping xml file is called crmMap.xml.
  In the crmMap.xml file I define a mapping to a "User table" which has the four columns id (number), title (varchar2), firstName (varchar2) and lastName (varchar2). A title can have the four values Bachelor, Master, Doctor and Professor.
  I do define a query in crmMap.xml which has to find all the users that have a special title. I do give the query one parameter called "title" which has the type "java.util.ArrayList". The parameter "title" is a list that has for example the two values "Bachelor" and "Doctor", if I want to find all the users that are Bachelor or Doctor. The query looks like this ...
  Select * from User where title in(?title)I do use an EJB Session Bean to call the query. The code looks like this ...
  public List<User> findUserByStatus() {
      Session session = getSessionFactory().acquireSession();
      Vector params = new Vector(1);
      List stati = new ArrayList();
      stati.add("Doctor");
      stati.add("Bachelor");
      params.add(stati);
      List<User> result = (List<User>)session.executeQuery("findUserByStatus", User.class, params);
      session.release();
      return result;
  }Doing this I get an error, in the line
  List<User> result = (List<User>)session.executeQuery("findUserByStatus", User.class, params);while the app is trying to execute the query.
  Part of my log
  WARNING: ADFc: Invalid column type
  java.sql.SQLException: Invalid column type
       at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:70)
       at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:116)
       at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:177)
       at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:233)
       at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:407)
       at oracle.jdbc.driver.OraclePreparedStatement.setObjectCritical(OraclePreparedStatement.java:7931)
       at oracle.jdbc.driver.OraclePreparedStatement.setObjectInternal(OraclePreparedStatement.java:7511)
       at oracle.jdbc.driver.OraclePreparedStatement.setObjectInternal(OraclePreparedStatement.java:8168)
       at oracle.jdbc.driver.OraclePreparedStatement.setObject(OraclePreparedStatement.java:8149)
       at oracle.jdbc.driver.OraclePreparedStatementWrapper.setObject(OraclePreparedStatementWrapper.java:229)
       at oracle.toplink.internal.databaseaccess.DatabasePlatform.setPrimitiveParameterValue(DatabasePlatform.java:1694)
       at oracle.toplink.internal.databaseaccess.DatabasePlatform.setParameterValueInDatabaseCall(DatabasePlatform.java:1684)
       at oracle.toplink.platform.database.oracle.Oracle9Platform.setParameterValueInDatabaseCall(Oracle9Platform.java:339)
       at oracle.toplink.internal.databaseaccess.DatabasePlatform.setParameterValuesInDatabaseCall(DatabasePlatform.java:1669)
       at oracle.toplink.internal.databaseaccess.DatabaseCall.prepareStatement(DatabaseCall.java:649)
       at oracle.toplink.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:517)
       at oracle.toplink.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:467)
       at oracle.toplink.threetier.ServerSession.executeCall(ServerSession.java:447)
       at oracle.toplink.internal.queryframework.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:193)
       at oracle.toplink.internal.queryframework.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:179)
       at oracle.toplink.internal.queryframework.DatasourceCallQueryMechanism.executeSelectCall(DatasourceCallQueryMechanism.java:250)
       at oracle.toplink.internal.queryframework.DatasourceCallQueryMechanism.selectAllRows(DatasourceCallQueryMechanism.java:583)
       at oracle.toplink.queryframework.ReadAllQuery.executeObjectLevelReadQuery(ReadAllQuery.java:467)
       at oracle.toplink.queryframework.ObjectLevelReadQuery.executeDatabaseQuery(ObjectLevelReadQuery.java:874)
       at oracle.toplink.queryframework.DatabaseQuery.execute(DatabaseQuery.java:674)
       at oracle.toplink.queryframework.ObjectLevelReadQuery.execute(ObjectLevelReadQuery.java:835)
       at oracle.toplink.queryframework.ReadAllQuery.execute(ReadAllQuery.java:445)
       at oracle.toplink.internal.sessions.AbstractSession.internalExecuteQuery(AbstractSession.java:2260)
       at oracle.toplink.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1074)
       at oracle.toplink.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1058)
       at oracle.toplink.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1032)
       at oracle.toplink.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:945)
       at de.virtual7.crmTL.model.crmFacadeBean.findUserByStatus(crmFacadeBean.java:720)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:126)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:114)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
       at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:15)
       at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
       at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:30)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:126)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:114)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
       at $Proxy90.findUserByStatus(Unknown Source)
       at de.virtual7.crmTL.model.crmFacade_etlagg_crmFacadeLocalImpl.findUserByStatus(crmFacade_etlagg_crmFacadeLocalImpl.java:838)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at oracle.adf.model.binding.DCInvokeMethod.invokeMethod(DCInvokeMethod.java:563)
       at oracle.adf.model.binding.DCDataControl.invokeMethod(DCDataControl.java:2119)
       at oracle.adf.model.bc4j.DCJboDataControl.invokeMethod(DCJboDataControl.java:2929)
       at oracle.adf.model.bean.DCBeanDataControl.invokeMethod(DCBeanDataControl.java:396)
       at oracle.adf.model.binding.DCInvokeMethod.callMethod(DCInvokeMethod.java:258)
       at oracle.jbo.uicli.binding.JUCtrlActionBinding.doIt(JUCtrlActionBinding.java:1441)
       at oracle.adf.model.binding.DCDataControl.invokeOperation(DCDataControl.java:2126)
       at oracle.adf.model.bean.DCBeanDataControl.invokeOperation(DCBeanDataControl.java:414)
       at oracle.adf.model.adapter.AdapterDCService.invokeOperation(AdapterDCService.java:311)
       at oracle.jbo.uicli.binding.JUCtrlActionBinding.invoke(JUCtrlActionBinding.java:697)
       at oracle.adf.model.binding.DCInvokeAction.refreshInternal(DCInvokeAction.java:46)
       at oracle.adf.model.binding.DCInvokeAction.refresh(DCInvokeAction.java:32)
       at oracle.adf.model.binding.DCBindingContainer.internalRefreshControl(DCBindingContainer.java:2970)
       at oracle.adf.model.binding.DCBindingContainer.refresh(DCBindingContainer.java:2639)
       at oracle.adf.controller.v2.lifecycle.PageLifecycleImpl.prepareModel(PageLifecycleImpl.java:110)
       at oracle.adf.controller.faces.lifecycle.FacesPageLifecycle.prepareModel(FacesPageLifecycle.java:77)
       at oracle.adf.controller.v2.lifecycle.Lifecycle$2.execute(Lifecycle.java:135)
       at oracle.adfinternal.controller.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:190)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.mav$executePhase(ADFPhaseListener.java:19)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.startPageLifecycle(ADFPhaseListener.java:229)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$1.after(ADFPhaseListener.java:265)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:69)
       at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:51)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:354)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:175)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:181)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:279)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._invokeDoFilter(TrinidadFilterImpl.java:239)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:196)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:139)
       at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:85)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:257)
       at oracle.security.jps.wls.JpsWlsSubjectResolver.runJaasMode(JpsWlsSubjectResolver.java:250)
       at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:100)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:65)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  07.09.2009 11:50:16 oracle.adf.controller.faces.lifecycle.FacesPageLifecycle addMessage
  WARNUNG: ADFc: EJB Exception: : Lokaler Exception Stack:
  Exception [TOPLINK-4002] (Oracle TopLink - 11g (11.1.1.0.1) (Build 081030)): oracle.toplink.exceptions.DatabaseException
  Interne Exception: java.sql.SQLException: Ungültiger Spaltentyp
  Fehlercode:17004
  Aufruf:Select * from User where title in(?title)
       bind => [[Doctor,Bachelor]]Does anyone know a way how to pass a list of parameters
  Thanks Bodhy

  Hi,
  One alternative way is to create String with , sepearted as pass the string to in clause.For example ,create a string ('Bachelor','Doctor') and pass this string to in clause.
  Session session = getSessionFactory().acquireSession();
  String params=( 'Bachelor','Doctor);
  List<User> result = (List<User>)session.executeQuery("findUserByStatus", User.class, params);
  session.release();
  This is an alternative way and workaround which can work for Strings .
  Or you can use EXpression to build the query to pass the collection as example given below.
  Expression addressExpression;
  ReadObjectQuery query = new ReadObjectQuery(Employee.class);
  ExpressionBuilder emp = query.getExpressionBuilder();
  addressExpression =
  emp.get("address").get("city").equal(
  emp.getParameter("employee").get("address").get("city"));
  query.setName("findByCity");
  query.setSelectionCriteria(addressExpression);
  query.addArgument("employee");
  Vector v = new Vector();
  v.addElement(employee);
  Employee e = (Employee) session.executeQuery(query, v);
  Hope this helps.
  Regards,
  Vinay Kumar