[Solved] ADF Security permission error

Hi,
I have used ADF Security to authorize access on SRTutorial sample application but I get an error: 'JBO-35108: No permission for action: executeWithParams'. There is not an 'Edit Authorization' context menu item for this method, so how can I set permissions for it?
Thanks,
Saeed
Message was edited by:
Saeed Shafieian

Hi Frank and Saeed,
i get the same error (JBO-35108) like Saeed. The only difference is that the error occurs in my own application (not in SRDemo, i didn't tested this). Is there any workaround or bugfix available, or is waiting for a newer JDeveloper version the only solution?
Solves JDeveloper11g the problem?
Originial error message (in german):
Fehler
JBO-35108: Keine Berechtigung für Aktion: executeWithParams.
My JDeveloper version:
Studio Edition Version 10.1.3.2.0.4066
What means 'RMT'?
TNX in advance
hobbes

Similar Messages

[SOLVED] ADF Security: No success with DBTableOraDataSourceLoginModule

Hi,
because do not have success to implement simple ADF Security to my application for weeks I try it again with this post.
Hopefully someone who was already successful with this issue can give me the hint, missing step or something else.
I have read many forum posts, blogs and documentation (10.x) but because ADF security has been changed from 10g to 11g I'm never sure if a documented step from 10g is necessary for 11g also.
I also posted my problem to posts with similar problems but no response :-(
I use 11g, TP4.
My Requirement:
=============
- user accounts and roles are stored within database tables
- roles are not used (every user has the same rights) but stored in the database table
- Custom Login-Page (jspx)
- At login ADF Security only needs to check if the entered user/password is stored in the database table (no password encryption is used at the moment)
Steps I have done:
ADF Security wizard:
================
Step 1: Enforce Authorization NOT checked (Also tried to CHECK this checkbox)
Redirect upon sucessfull Authentication CHECKED
generate Default CHECKED
Step 2: No identity store CHECKED
Step 3: Enable Credital Store CHECKED
Step 4: No Policy Store CHECKED
Step 5: Enable Anonymous Provider
Step 6: Manage Login Modules --> Add "oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
Name = oracledb.loginmodule
Login Control Flag = Required
Log Level = fine
--> Add "oracledb.loginmodule" as the only "Selected login module"
Step 7: Form-Based Authentication
Generate default is CHECKED
Step 8: WebResources: allPages
Selected Roles: valid-users
Step 9: FINISH Wizard
Then I edit jps-config.xml manually. Here the actual content:
=============================================================
<serviceInstance provider="jaas.login.provider"
name="oracledb.loginmodule">
<property value="true" name="debug"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="addAllRoles"/>
<property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
name="loginModuleClassName"/>
<property value="FINE" name="log.level"/>
<property value="jdbc/TLS-BOBDS" name="data_source_name"/>
<property value="passwort" name="passwordField"/>
<property value="rol_rolle" name="groupMembershipGroupFieldName"/>
<property value="bediener_rollen" name="groupMembershipTableName"/>
<property value="user_kennung" name="usernameField"/>
<property value="bediener" name="table"/>
<property value="persnr" name="user_pk_column"/>
<property value="bed_persnr" name="roles_fk_column"/>
<property value="toupper" name="casing"/>
</serviceInstance>
====================================
Then I start the application. Re-direction to the login-page works fine.
I enter username/password and press submit --> Following error occures in OC4J log:
===================
WARNUNG: TLS-BOB-ViewController-webapp: error encountered during authentication
java.util.MissingResourceException: Can't find resource for bundle oracle.security.jps.internal.common.resources.common.CommonResources, key JPS-02575
     at java.util.ResourceBundle.getObject(ResourceBundle.java:325)
     at java.util.ResourceBundle.getObject(ResourceBundle.java:322)
     at java.util.ResourceBundle.getString(ResourceBundle.java:285)
     at oracle.security.jps.util.JpsBundle.getString(JpsBundle.java:133)
     at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:424)
     at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:401)
     at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:99)
     at oracle.security.jps.fmw.JpsUserManager.getUserFromIdmStore(JpsUserManager.java:1109)
     at oracle.security.jps.fmw.JpsUserManager.getUser(JpsUserManager.java:1022)
     at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
     at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
     at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletRequest.java:3927)
     at com.evermind.server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6965)
     at com.evermind.server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3350)
     at com.evermind.server.http.HttpRequestHandler.doResolveRequestDispatcher(HttpRequestHandler.java:1005)
     at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:822)
     at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:658)
     at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:626)
     at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:417)
     at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:189)
     at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:163)
     at oracle.oc4j.network.ServerSocketReadHandler$ClientRunnable.run(ServerSocketReadHandler.java:275)
     at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:237)
     at oracle.oc4j.network.ServerSocketAcceptHandler.access$800(ServerSocketAcceptHandler.java:29)
     at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:877)
     at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
     at java.lang.Thread.run(Thread.java:595)
==================================================
My questions:
=============
1) Are there additional steps necessary to implement ADF Security for my requirements ?
2) If yes, which? Which files I have to edit manually after ADF security wizard has been finished?
Any help is warmly welcome !
regards
Peter

Hello
Many thanks to CP and Andre who gave the missing hints in this tread:
OC4J 11g and JAZN
The property custom.provider mentioned by cp was the "missing link" --> now it works.
BUT "Nobody knows the trouble I've seen ..." !
I made dozens of trials with the same application and always similar (strange) results.
When I CHECK "enforce Authorization" in the ADF security wizard then
the redirection to the Login Page does NOT work (reason is unclear for me)
If I UNCHECK "enforce Authorization" in the ADF security wizard then
the redirection to the login page works fine BUT the redirect upon succesful Authentication doesn't work.
--> In this case following code is missing in web.xml
=====================
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>welcome.jsp</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
=================================
I think (but not 100%) that SOMETIMES the propertie "<property value="true" name="custom.provider"/>" has been created by the ADF security wizard.
SOMETIMES I was not able to create the default welcome.jsp with the ADF Security Wizard, ....
Maybe someone can reproduce this behaviour and fills a bug.
regards
Peter

Error While Login ADF Security Sample Application

Hi All,
Jdevloper Version : 11.1.1.5.0
we are Creating ADF Login Application contains login.jspx and main.jspx pages.
we define ADF Security on this Sample Application.
when we provide valid credentials to login(username and password) it shows Error:
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
that an old resource is permanently unavailable and has no forwarding address.
ManagedBean(BackingbeanScope) doLogin():
         public String doLogin() {
        String un = _userName;
        byte[] pw = _password.getBytes();
        FacesContext ctx = FacesContext.getCurrentInstance();
        HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
        try {
            Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
            weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
            String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
            HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
            RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
     ctx.responseComplete();
    catch (FailedLoginException fle)
                FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
                ctx.addMessage(null, msg);
        return null;
In ADF Security We Define :
User : admin1
Enterprise Role : ManagerGroup(added user admin1 to this EnterpriseRole)
Application Role : Manager
Resource Grants : Resource Type : Web Page
                           login page
                          main page - Granted Role(Manager)
jazn-data.xml file
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
<jazn-realm default="jazn.com">
    <realm>
      <name>jazn.com</name>
      <users>
        <user>
          <name>admmin1</name>
          <display-name>admmin1</display-name>
          <credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
        </user>
      </users>
      <roles>
        <role>
          <name>ManagerGroup</name>
          <display-name>ManagerGroup</display-name>
          <members>
            <member>
              <type>user</type>
              <name>admmin1</name>
            </member>
          </members>
        </role>
      </roles>
    </realm>
</jazn-realm>
<policy-store>
    <applications>
      <application>
        <name>ADFLogin</name>
        <app-roles>
          <app-role>
            <name>Manager</name>
            <class>oracle.security.jps.service.policystore.ApplicationRole</class>
            <display-name>Manager</display-name>
            <members>
              <member>
                <name>ManagerGroup</name>
                <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
              </member>
            </members>
          </app-role>
        </app-roles>
        <jazn-policy>
          <grant>
            <grantee>
              <principals>
                <principal>
                  <name>Manager</name>
                  <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                </principal>
              </principals>
            </grantee>
            <permissions>
              <permission>
                <class>oracle.adf.share.security.authorization.RegionPermission</class>
                <name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
                <actions>view</actions>
              </permission>
            </permissions>
          </grant>
        </jazn-policy>
      </application>
    </applications>
</policy-store>
</jazn-data>
Please help us how to resolve it.
Thanks,
kumar

A best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
I guess your resource grants are not set correctly.
Timo

ADF Security not working 401 error

I am having problems with securing my ADF using LDAP after the server I was using was rebuilt and all software re-installed.....
This did work before the rebuild so I am guessing that there are some settings that were no configured after the rebuild.
We are using weblogic and Jdeveloper 11.1.1.6 and When I use the Wizard to secure my app and if I pick "ADF Authentication" I get the login in page and I can log into the application and things work.
I then try to go in and use the "ADF Authentication and Authorization" option and deploy and I get a 401 - Unauthorized error..
It used to work so I am pretty sure I am setting the Enterprise roles / Application Roles etc... correctly but wondered if anyone might be able to point me to what settings might be the issue etc.
Thank you in advance for any assistance.

After turning off ADF security in application - it works.
When ADF security is turned on - it doesn't.
When opening the same application with ADF security on in previous version of JDev - it works again.
Our application uses custom login bean, but it is not even reaching login bean after login form submit (sample is made as http://www.youtube.com/watch?v=mAWBezngA1s)

Adf security with upper case user results in 500-internal server error

Hello
JDev 11.1.1.0.2, Integrated WLS
I'v set up ADF security as explained in the documentation.
The only difference being that the role test-all has been removed.
I have one user 'paul' with a password of 'password'
I have one application role 'myrole'
'paul' is a member of 'myrole'
I have one unbounded task flow with one view (view1).
Via the janz-data.xml 'View1' has been granted to 'myrole' (view action)
When running View1 I get the login.html page which is correct.
The fun starts when playing around with the user/password.
If I login with 'paul' and 'password' view1 is display, this is correct
If I login with an unknown user or an incorrect password Windows Explorer 7 shows a generic HTTP 403 error page and not the error.html
If I login with 'PAUL' and 'password' (or Paul, or any mixed cased version of Paul with the correct password) I get the following stack trace :
oracle.adf.controller.security.AuthorizationException: ADFC-0619: Echec de la vérification des autorisations : '/view1.jspx' 'VIEW'.
     at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:145)
     at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:124)
     at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:639)
     at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:449)
     at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:44)
     at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:529)
     at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:118)
     at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:166)
     at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:122)
     at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:68)
     at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:51)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:354)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:175)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:181)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:279)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._invokeDoFilter(TrinidadFilterImpl.java:239)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:196)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:139)
     at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:85)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:257)
     at oracle.security.jps.wls.JpsWlsSubjectResolver.runJaasMode(JpsWlsSubjectResolver.java:250)
     at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:100)
     at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:65)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
The questions are :
- Why do I get the generic HTTP 403 error instead of the error.html (its not the end of the world but I would like to understand) ?
- Why do I get the error 500 if the case of the username is incorrect but the password is correct ?
Best Regards
Paul

Nope nothing in there that looks out of place...
Here's the contents of the web.xml file ..
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>addAllRoles</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jaas.mode</param-name>
<param-value>doasprivileged</param-value>
</init-param>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
Regards
Paul

Error during ADF Security logout in 12c

Hello,
I'm in the process of migrating my application from 11.1.2.4 to 12.1.2.0, and one thing I've noticed is the following error message in the weblogic logs when logging out of ADF Security:
<Error> <oracle.adf.share.http.HttpSessionScopeAdapter> <BEA-000000> <HttpSessionScopeAdapter: Request is in an invalid state. Could not access the request session.>
The logout still seems to work fine however. Currently I'm logging out with the following code (from here):
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
ectx.redirect(ectx.getRequestContextPath() + "/adfAuthentication?logout=true&end_url=/faces/home");
FacesContext.getCurrentInstance().responseComplete();
Every time I press logout, the above error happens 5 times in the logs.
I've also tried using the logout code from the 12c documentation and that produces the same error, but interestingly only produces that error 4 times.
Is there something extra or different that is supposed to be done to log out of ADF security in 12c? I can't imagine that getting an error repeatedly is what should be expected.
Thanks!

Hello,
I gave that idea a try, and it was the same result as the very similar manual logout code given in the documentation I tried earlier: http://docs.oracle.com/middleware/1212/adf/ADFFD/adding_security.htm#ADFFD21669
The logout happens successfully, but that error message shows up in the logs at least once. Whenever I do a logout without going through the authentication servlet, the error is always logged exactly 1 time fewer. In my application I migrated from 11gR2 to 12c, the error would happen 4 times (5 through the servlet), and in the fresh sample 12c app I made earlier this week, it happens 1 time (2 through the servlet).
I should also add that all of this testing has just been done in the integrated weblogic 12c server that comes with JDeveloper 12c.

WLS 7.0 SP2 - deploy error using security-permission in weblogic.xml on Win NT (jdk1.3.1)

I am trying to use this in my weblogic.xml and this is the error that I get:
weblogic-web-app>
<description>Test Web App</description>
<reference-descriptor>
<resource-description>
<res-ref-name>jdbc/TestDSRef</res-ref-name>
<jndi-name>TestJdbc</jndi-name>
</resource-description>
</reference-descriptor>
<security-permission>
<security-permission-spec>
     // grant ability to read any file
     grant codeBase "http://server/virtual_directory/-"
     permission java.io.FilePermission "<<ALL FILES>>", "read";
     </security-permission-spec>
</security-permission>
</weblogic-web-app>
Error parsing descriptor in Web appplication "e:\bea7_2\user_projects\mydomain\.\applications\.wlnotdelete\wl_comp15697.war"
[Path="e:\bea7_2\user_projects\mydomain\.\myserver\upload\ourpeople", URI="ourpeople.war"]
Any ideas on what I might be doing wrong? When I remove the security-permissions,
the application deploys fine.

I am trying to use this in my weblogic.xml and this is the error that I get:
weblogic-web-app>
<description>Test Web App</description>
<reference-descriptor>
<resource-description>
<res-ref-name>jdbc/TestDSRef</res-ref-name>
<jndi-name>TestJdbc</jndi-name>
</resource-description>
</reference-descriptor>
<security-permission>
<security-permission-spec>
     // grant ability to read any file
     grant codeBase "http://server/virtual_directory/-"
     permission java.io.FilePermission "<<ALL FILES>>", "read";
     </security-permission-spec>
</security-permission>
</weblogic-web-app>
Error parsing descriptor in Web appplication "e:\bea7_2\user_projects\mydomain\.\applications\.wlnotdelete\wl_comp15697.war"
[Path="e:\bea7_2\user_projects\mydomain\.\myserver\upload\ourpeople", URI="ourpeople.war"]
Any ideas on what I might be doing wrong? When I remove the security-permissions,
the application deploys fine.

Error when trying to see pages in webcenter app with adf security activated

Greetings
I have this problem
I developed a WebCenter Application that uses ADF Security with form authentication. This App has
two JSPX the first one is the login page and the second one is the page where i manage runtime created pages
using the CREATE PAGE task flow and a page tree iterator to see my created pages.
when i deploy de application on the weblogic server i am able to login successfully and create as many pages as
i want and also see them using the link generated. the problem is that when a delete the application from the weblogic
server, i mean the deployed application, then redeploy the same application on the server i can login again and
see the pages i created before but when i try to reach them i get this error showed in my internet browser:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46)
containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization
header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that
authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response,
and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was
given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained
in section 11.
Does anybody now what kind of configuration i am missing or what is happening?
thanks for your help

this issue has a solution showed on the this thread Re: ERROR when trying to see pages created with create page task flow

Error in page when ADF Security enabled

Hi,
I have created a sample JSF page having only a 'Hello World!' output text.
When I run the page without enabling ADF Security, it runs fine.
I have enabled ADF Security as per "29.3 Enabling Oracle ADF Security" in Dev Guide for ADF.
Now when I run the page, it shows default login page. I enter username and password there and 'Submit'.
After that it shows an error page with following error:
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContext
     at javax.faces.webapp.UIComponentClassicTagBase.getFacesContext(UIComponentClassicTagBase.java:1855)
     at javax.faces.webapp.UIComponentClassicTagBase.setJspId(UIComponentClassicTagBase.java:1672)
     at jsp_servlet.__testpage1_jspx._jspService(__testpage1_jspx.java:85)
     at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:408)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:318)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Any suggestion/help in this regard is appreciated.
Thanks

Please find below the web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/TestPage2.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
I have uploaded Application zip file on gmail docs:
https://docs.google.com/leaf?id=0B6W2rsWyyNGMNTk1NjQ5NTYtMGVlOS00OWYxLThkY2UtNGMzOTJkZGFiZTE5&hl=en
Please check if you can access it.
Thanks

How to define permission in ADF Security programmatically

Hi
I try to develop an application in ADF and I need to declare Application-Role, Permission, Principal programmatically and store them in policy store.
I found an example in chapter 19 of E10043-12 but it just creates Application-Role!! . I need know how can I detect my TaskFlow, PageDefination and other resources of my application at RunTime to protect them after deployment through a custom security console. In other word i try to find a way in which i store my pageDef or TaskFlow name in database or detect them programmatically in runtime and Grant Permission to my users or enterprise role for access/denied to my application pages, TaskFlow and also if possible entities and their attributes.
[link to chapet 19 of E10043-12|http://docs.oracle.com/cd/E23943_01/core.1111/e10043/intregrating.htm#BABECICC]
Thank you so much

Hi,
you can configure WLS to use the database as the policy store, which then means that you write permissions to the database infrastructure. However, you should be able to update the default file based policy store or OID based store as well
For database OPSS store See: http://docs.oracle.com/cd/E15586_01/core.1111/e10043/cfgauthr.htm#CHDHAIBJ
I am not sure if OPSS supports direct updates to the policy tables. Here's a blog post of how to update policies with WLST scropts: http://enterprisesecurityinjava.blogspot.de/2010/03/ok-more-details-here.html
Bottom line is that this is less a ADF Security question than a general WLS/OPSS question of how to administer policies using a custom interface. For this you can use WLS MBeans and WLST script, which is my understanding.
Frank

How to use ADF Security policies in OID Ldap

Hello
My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
Introduction to ADF Security in JDeveloper 10.1.3.2
An Oracle JDeveloper Article
Written by Frank Nimphius, Oracle Corporation
February, 2007
I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: EF37EAA603C611DDBFAE635A1BB60EE0
orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
orcljaznjavaclass: java.security.UnresolvedPermission
orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissionactions:
uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
The system-jazn-data.xml includes all entries correctly.
rgds

Eurika
finally solved,
runing the JAZNMigrationTool requires setting the correct classpath,
Setting the classpath to the following
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
if however, you add the adfshare.jar to the classpath
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
now the tool will migrate the permission policies , the following shows an extract from the LDIF file
dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: A5E662E204D411DDBF8807BC4864C5C2
orclGuid: A5E662E204D411DDBF8807BC4864C5C2
orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
orcljaznpermissionactions: read,update
uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Ammar Sajdi
www.e-ammar.com/Oracle.html

Creating a WebCenter Application with PageCutomizable and ADF Security

I created a Webcenter App in Jdev 11.1.1.2.0 with webcenter extension.
I have 2 JSPX files.
One called mainTemplate.jspx
- contains header, footer in ADF and a center facet.
One called Welcome.jspx created from mainTemplate
- contains page customizable > panel customizable > layout customizable > various custom panel configs.
ADF security is configured with BASIC, authentication only. Because form authentication seems harder to get working.
We have one weblogic user, and currently deploy to the integrated WLS, although we'll deploy out to a full server once security/composer is working.
The problem is, when we run the Welcome.jspx, and because we added a reference to a logged in var, it requests http login fine.
We then refresh the page and see that we are indeed logged in as 'weblogic'.
Is weblogic a special user? should I create a new one? Is there any setup required on the Integrated WLS to get this working?
However when we click on 'add Content' using the composer we get a permission error.
+<RegistrationConfigurator><handleError> Server Exception during PPR, #1+
javax.el.ELException: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at com.sun.el.parser.AstValue.invoke(AstValue.java:161)+
+...+
Caused by: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.setDialogHelp(DialogBean.java:129)+
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.showResourceCatalog(DialogBean.java:356)+
+     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+...+
I tried using the Customization allowed var in the property inspector, but could not map 'allowed by' to a user or role that my setup would recognise. The doco specifies 'admin' which does not work for me.
In my catalog I have a WCM portlet taskflow, which will require its own permissions.
I tried enabling permissions for the test-all role to all of my pages/taskflows, leaving just the 'view' permission to the anonymous role.
I also tried authentication/authorization profiles, and building my own jspx login/error pages, but no luck there either, the login button doesn't seem to tirgger my java doLogin class, even though I set the binding on the button using the method expression builder to the bean method.
*note: I didn't try the welcome/login/error page auto create as they generate html files, I created JSFs with full UI in there. Am I required to use those html types instead of jspx? I found that the redirection worked by appending the jspx reference with '/faces/Login.jspx'. The problem seemed to have been somewhere else.
If we have any Webcenter Composer / Security gurus out there, help would be greatly appreciated.
Our main goal is to create a Webcenter App which has security/composer/navigation and a catalog with WCM/Siebel portlets similar to the Avitek demo without using WC Spaces.
Thanks.
Thanks.
Edited by: Guillaume_Davies_SC on Apr 20, 2010 7:28 PM

When you want to achieve this you need to configure ADF security with basic authentication & authorization. THe authorization is the part that takes care of what a user may and may not do in an application. Authentication is just the log in part.
When you have configured your application for authorization as well, you have to create roles and groups.
You will also have to set the authorization of your pages. Open a jsxp and in the design or source view, right click and "edit authorization". You then have to add roles to your pages and define their rights. Then you can set the authorization for edit,cuustomize,personlise,view,...
Hope this helps.

SharePoint 2010 SQL Permission Errors

We occasionally receive errors in the Event Log for SQL permission errors. I am not able to find what exactly is causing the issue and don't want to grant rights to something if I don't know what it is doing. There error is not specific
to a particular list or library. Below is one example of the ULS log output. I see references to a deadlock but also permission denied.
Name=Request (GET:https://subsite.contoso.com:443/HomePage/Forms/AllItems.aspx)
Site=/
Leaving Monitored Scope (PostResolveRequestCacheHandler). Execution Time=13.8458
Videntityinfo::isFreshToken reported failure.
Begin Query the AD to get the user email and display name.
End Query the AD to get the user email and display name.
System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object 'proc_SecAddUser', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.
The EXECUTE permission was denied on the object 'proc_AddListItem', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.
The EXECUTE permission was denied on the object 'proc_UpdateDiskUsed', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior)
at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command, CommandBehavior behavior, SqlQueryData monitoringData, Boolean retryForDeadLock)
at Microsoft.SharePoint.SPSqlClient.ExecuteQueryInternal(Boolean retryfordeadlock)
at Microsoft.SharePoint.SPSqlClient.ExecuteQuery(Boolean retryfordeadlock)
at Microsoft.SharePoint.Library.SPRequestInternalClass.OpenWebInternal(String bstrUrl, Guid& pguidID, String& pbstrRequestAccessEmail, UInt32& pwebVersion, String& pbstrServerRelativeUrl, UInt32& pnLanguage, UInt32& pnLocale, String& pbstrDefaultTheme, String& pbstrDefaultThemeCSSUrl, String& pbstrThemedCssFolderUrl, String& pbstrAlternateCSSUrl, String& pbstrCustomizedCssFileList, String& pbstrCustomJSUrl, String& pbstrAlternateHeaderUrl, String& pbstrMasterUrl, String& pbstrCustomMasterUrl, String& pbstrSiteLogoUrl, String& pbstrSiteLogoDescription, Object& pvarUser, Boolean& pvarIsAuditor, Int32& plSiteFlags, Boolean& pbOverwriteMUICultures, Boolean& pbMUIEnabled, String& pbstrAlternateMUICultures, Int32& puiVersion, Int16& pnClientTag)
at Microsoft.SharePoint.Library.SPRequest.OpenWebInternal(String bstrUrl, Guid& pguidID, String& pbstrRequestAccessEmail, UInt32& pwebVersion, String& pbstrServerRelativeUrl, UInt32& pnLanguage, UInt32& pnLocale, String& pbstrDefaultTheme, String& pbstrDefaultThemeCSSUrl, String& pbstrThemedCssFolderUrl, String& pbstrAlternateCSSUrl, String& pbstrCustomizedCssFileList, String& pbstrCustomJSUrl, String& pbstrAlternateHeaderUrl, String& pbstrMasterUrl, String& pbstrCustomMasterUrl, String& pbstrSiteLogoUrl, String& pbstrSiteLogoDescription, Object& pvarUser, Boolean& pvarIsAuditor, Int32& plSiteFlags, Boolean& pbOverwriteMUICultures, Boolean& pbMUIEnabled, String& pbstrAlternateMUICultures, Int32& puiVersion, Int16& pnClientTag)
at Microsoft.SharePoint.SPWeb.InitWebPublic()
at Microsoft.SharePoint.SPWeb.get_Url()
at Microsoft.SharePoint.SPGroup.InitMember()
at Microsoft.SharePoint.SPGroup..ctor(SPWeb web, SPSecurableObject scope, SPUser user, String GroupName, Object[,] arrGroupsData, UInt32 index, Int32 iByParamId, SPGroupCollectionType groupCollectionType)
at Microsoft.SharePoint.SPGroupCollection.get_Item(String name)
at Microsoft.SharePoint.Administration.SPFarm.PerformCentralAdministratorsGroupOperation(AdminGroupOperation operation, String[] usersToAdd, String[] usersToRemove, Boolean& groupExists)
at Microsoft.SharePoint.Administration.SPFarm.CurrentUserIsAdministrator(Boolean allowContentApplicationAccess)
at Microsoft.SharePoint.SPSite.set_AdministratorOperationMode(Boolean value)
at Microsoft.SharePoint.SPFeatureManager.EnsureSiteAndWeb(SPUrlZone zone, Guid databaseid, Guid siteid, Guid webid, SPSite& site, SPWeb& web)
at Microsoft.SharePoint.SPFeatureManager.<>c__DisplayClass19.<GetFeatureRootAndListSchemaPaths>b__18()
at Microsoft.SharePoint.SPSecurity.RunAsUser(SPUserToken userToken, Boolean bResetContext, WaitCallback code, Object param)
at Microsoft.SharePoint.SPFeatureManager.GetFeatureRootAndListSchemaPaths(Byte[]& userToken, Guid& tranLockerId, Int32 nZone, Guid databaseid, Guid siteid, Guid webid, Guid featid, Int32 ltid, String& sPathToFeatureRoot, String& sPathToSchemaXml)
at Microsoft.SharePoint.Library.SPRequestInternalClass.GetViewsSchemaXml(String bstrUrl, String bstrListName, Boolean bFullBlown, Boolean bNeedInitAllViews, ISP2DSafeArrayWriter p2DWriter, Int32& plDefaultViewIndex, Int32& plMobileDefaultViewIndex)
at Microsoft.SharePoint.Library.SPRequest.GetViewsSchemaXml(String bstrUrl, String bstrListName, Boolean bFullBlown, Boolean bNeedInitAllViews, ISP2DSafeArrayWriter p2DWriter, Int32& plDefaultViewIndex, Int32& plMobileDefaultViewIndex)
at Microsoft.SharePoint.SPViewCollection.EnsureViewSchema(Boolean fullBlownSchema, Boolean bNeedInitallViews)
at Microsoft.SharePoint.SPList.get_Views()
at Microsoft.SharePoint.SPList.get_DefaultViewUrl()
at Microsoft.SharePoint.Publishing.CachedList..ctor(SPList list, CachedObjectFactory factory)
at Microsoft.SharePoint.Publishing.CachedArea.GetChildListByGuid(Guid listIdGuid)
at Microsoft.Office.DocumentManagement.MetadataNavigation.MetadataNavigationSettings.GetCachedList(SPWeb web, Guid listId)
at Microsoft.Office.DocumentManagement.MetadataNavigation.MetadataNavigationSettings.GetMetadataNavSettingsXml(SPWeb web, Guid sourceListId, Boolean& listExists)
at Microsoft.Office.DocumentManagement.MetadataNavigation.MetadataNavigationSettings.GetMetadataNavigationSettings(SPWeb web, Guid sourceListId, Boolean checkWebPropHint)
at Microsoft.Office.DocumentManagement.MetadataNavigation.MetadataNavigationContext.get_NavigationSettings()
at Microsoft.Office.DocumentManagement.MetadataNavigation.MetadataNavigationContext.EnsurePageInitEventHandling(Control controlOnPage)
at Microsoft.Office.Server.WebControls.MetadataHierarchyDataSourceControl.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at Microsoft.SharePoint.WebControls.DelegateControl.AddControlResilient(Control ctl)
at Microsoft.SharePoint.WebControls.DelegateControl.CreateChildControls()
at System.Web.UI.Control.EnsureChildControls()
at Microsoft.SharePoint.WebControls.DelegateControl.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at System.Web.UI.ControlBuilder.BuildChildren(Object parentObj)
at System.Web.UI.TemplateBuilder.InstantiateIn(Control container)
at Microsoft.SharePoint.WebControls.UIVersionedContent.CreateChildControls()
at System.Web.UI.Control.EnsureChildControls()
at Microsoft.SharePoint.WebControls.UIVersionedContent.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
SqlError: 'The EXECUTE permission was denied on the object 'proc_SecAddUser', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.' Source: '.Net SqlClient Data Provider' Number: 229 State: 5 Class: 14 Procedure: 'proc_SecAddUser' LineNumber: 1 Server: 'sqlserver.contoso.com'
SqlError: 'The EXECUTE permission was denied on the object 'proc_AddListItem', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.' Source: '.Net SqlClient Data Provider' Number: 229 State: 5 Class: 14 Procedure: 'proc_AddListItem' LineNumber: 1 Server: 'sqlserver.contoso.com'
SqlError: 'The EXECUTE permission was denied on the object 'proc_UpdateDiskUsed', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.' Source: '.Net SqlClient Data Provider' Number: 229 State: 5 Class: 14 Procedure: 'proc_UpdateDiskUsed' LineNumber: 1 Server: 'sqlserver.contoso.com'
Insufficient SQL database permissions for user 'Name: contoso\user1 SID: S-1-5-21-1326408308-1533151006-945732055-253740
ImpersonationLevel: Impersonation' in database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99' on SQL Server instance 'sqlserver.contoso.com'.
Additional error information from SQL Server is included below.
The EXECUTE permission was denied on the object 'proc_SecAddUser', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.
The EXECUTE permission was denied on the object 'proc_AddListItem', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.
The EXECUTE permission was denied on the object 'proc_UpdateDiskUsed', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.
ConnectionString: 'Data Source=sqlserver.contoso.com;
Initial Catalog=SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99;
Integrated Security=True;
Enlist=False;
Asynchronous Processing=False;
Connect Timeout=15' ConnectionState: Closed ConnectionTimeout: 15
SqlCommand:
'SET NOCOUNT ON;
DECLARE @DN nvarchar(256),@LN nvarchar(128),@@DocUIVersion int,@@Level tinyint,@@S uniqueidentifier;
DECLARE @ItemId int;
DECLARE @@iRet int;
DECLARE @ExtraItemSize int;
DECLARE @Login nvarchar(255);
DECLARE @Title nvarchar(255);
DECLARE @Email nvarchar(255);
DECLARE @Notes nvarchar(1023);
DECLARE @MobilePhone nvarchar(127);
DECLARE @AddedToTable bit;
DECLARE @UserIdOut int;
DECLARE @LoginOut nvarchar(255);
DECLARE @TitleOut nvarchar(255);
DECLARE @EmailOut nvarchar(255);
DECLARE @NotesOut nvarchar(1023);
DECLARE @MobilePhoneOut nvarchar(127);
DECLARE @DeletedOut bit;
DECLARE @NeedtoAddtoList bit;
DECLARE @IsGroup bit;
SET @IsGroup = 0;
SET @@Level = 1;
SELECT @Login = @wssp0;
SELECT @Title = @wssp1;
SELECT @Email = @wssp2;
SELECT @Notes = @wssp3;
SELECT @MobilePhone = @wssp4;
SELECT @@S=@wssp5;
EXEC @@iRet = proc_SecAddUser @@S, @wssp6, @wssp7, @wssp8, @wssp9, @wssp10, @Login, @Title, @Email, @Notes, @MobilePhone, @wssp11, @wssp12, @wssp13, @wssp14, @AddedToTable OUTPUT, @UserIdOut OUTPUT, @LoginOut OUTPUT, @TitleOut OUTPUT, @EmailOut OUTPUT, @NotesOut OUTPUT, @MobilePhoneOut OUTPUT, @DeletedOut OUTPUT, @NeedtoAddtoList OUTPUT;
IF @@iRet <> 0 BEGIN GOTO DONE;
END ;
SELECT @ItemId = @UserIdOut;
IF @NeedtoAddtoList = 0 BEGIN GOTO DONE;
END ;
BEGIN TRAN IF NOT EXISTS( SELECT tp_ID FROM UserData WHERE tp_ListId = 'E97F9667-B512-4AF9-8F98-ABA92DA3D4A2' AND tp_ID = @ItemId AND tp_Level = 1 AND tp_RowOrdinal =0) BEGIN SELECT @ExtraItemSize = 0 EXEC @@iRet = proc_AddListItem @SiteId =@wssp15,@WebId=@wssp16,@ListID=@wssp17,@RowOrdinal=@wssp18,@ItemDocType=@wssp19,@SortTypeReversed=@wssp20,@RetainId=@wssp21,@RetainObjectIdentity=@wssp22,@ItemId = @ItemId OUTPUT,@ItemDirName=@DN OUTPUT,@ItemLeafName=@LN OUTPUT,@UserID=@wssp23,@tp_Author = @ItemId,@tp_Editor = @ItemId,@TimeNow=@wssp24,@CopySecurityFromMasterID=@wssp25,@UseNvarchar1ItemName=@wssp26,@ServerTemplate=@wssp27,@IsNotUserDisplayed=@wssp28,@Basetype=@wssp29,@Level=@wssp30,@UIVersion=@wssp31,@tp_GUID=@wssp32,@CheckSchemaVersion=@wssp33,@OnRestore=@wssp34,@AddNamespace=@wssp35,@CheckDiskQuota=@wssp36, @tp_ContentTypeId = @wssp37, @nvarchar1 = @wssp38, @tp_ModerationStatus = @wssp39, @nvarchar3 = @wssp40, @nvarchar4 = @wssp41, @nvarchar5 = @wssp42, @nvarchar6 = @wssp43, @bit2 = @wssp44, @bit3 = @wssp45, @nvarchar9 = @wssp46, @nvarchar10 = @wssp47, @bit4 = @wssp48, @Size=@wssp49, @ExtraItemSize = @ExtraItemSize , @eventData=@wssp50, @acl=@wssp51, @DocClientId=@wssp52;
IF @@iRet <> 0 BEGIN ROLLBACK TRAN;
GOTO DONE;
END END ;
COMMIT TRAN;
EXEC proc_UpdateDiskUsed @@S, 1;
DONE:
SELECT @@iRet, @ItemId, @AddedToTable, @LoginOut, @TitleOut, @EmailOut, @NotesOut, @MobilePhoneOut, @DeletedOut '
CommandType: Text
CommandTimeout: 0
Parameter: '@wssp0'
Type: NVarChar
Size: 4000
Direction: Input
Value: 'NT AUTHORITY\LOCAL SERVICE'
Parameter: '@wssp1'
Type: NVarChar
Size: 4000
Direction: Input
Value: 'UserLast, UserFirst'
Parameter: '@wssp2'
Type: NVarChar
Size: 4000
Direction: Input
Value: ''
Parameter: '@wssp3'
Type: NVarChar
Size: 4000
Direction: Input
Value: ''
Parameter: '@wssp4'
Type: NVarChar
Size: 4000
Direction: Input
Value: ''
Parameter: '@wssp5'
Type: UniqueIdentifier
Size: 0
Direction:
Input Value: 'eb7d8a16-18a1-46d7-a35d-36eedccb321b'
Parameter: '@wssp6'
Type: VarBinary
Size: 8000
Direction: Input
Parameter: '@wssp7'
Type: VarBinary
Size: 8000
Direction: Input
Parameter: '@wssp8'
Type: DateTime
Size: 0
Direction: Input
Value: '04/24/2014 13:49:03'
Parameter: '@wssp9'
Type: Bit Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp10'
Type: Bit
Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp11'
Type: Int
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp12'
Type: UniqueIdentifier
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp13'
Type: Bit
Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp14'
Type: Bit
Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp15'
Type: UniqueIdentifier
Size: 0
Direction: Input
Value: 'eb7d8a16-18a1-46d7-a35d-36eedccb321b'
Parameter: '@wssp16'
Type: UniqueIdentifier
Size: 0
Direction: Input
Value: 'c3cfb850-7d5e-4fd1-bea7-c2add4127427'
Parameter: '@wssp17'
Type: UniqueIdentifier
Size: 0
Direction: Input
Value: 'e97f9667-b512-4af9-8f98-aba92da3d4a2'
Parameter: '@wssp18'
Type: TinyInt
Size: 1
Direction: Input
Value: '0'
Parameter: '@wssp19'
Type: TinyInt
Size: 1
Direction: Input
Value: '0'
Parameter: '@wssp20'
Type: Bit
Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp21'
Type: UniqueIdentifier
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp22'
Type: Bit
Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp23'
Type: Int
Size: 0
Direction:
Input Value: '-1'
Parameter: '@wssp24'
Type: DateTime
Size: 0
Direction: Input
Value: '04/24/2014 13:49:03'
Parameter: '@wssp25'
Type: Int
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp26'
Type: Bit
Size: 0
Direction: Input
Value: 'True'
Parameter: '@wssp27'
Type: Int
Size: 0
Direction: Input
Value: '112'
Parameter: '@wssp28'
Type: Bit
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp29'
Type: Int
Size: 0
Direction: Input
Value: '0'
Parameter: '@wssp30'
Type: TinyInt
Size: 1
Direction: Input
Value: '1'
Parameter: '@wssp31'
Type: Int
Size: 0
Direction: Input
Value: '512'
Parameter: '@wssp32'
Type: UniqueIdentifier
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp33'
Type: Int
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp34'
Type: Bit
Size: 0
Direction:
Input Value: 'False'
Parameter: '@wssp35'
Type: Bit
Size: 0
Direction: Input
Value: 'True'
Parameter: '@wssp36'
Type: Bit
Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp37'
Type: VarBinary
Size: 8000
Direction: Input
Parameter: '@wssp38'
Type: NVarChar
Size: 4000
Direction: Input
Value: 'UserLast, UserFirst'
Parameter: '@wssp39'
Type: Int
Size: 0
Direction: Input
Value: '0'
Parameter: '@wssp40'
Type: NVarChar
Size: 4000
Direction: Input
Value: 'NT AUTHORITY\LOCAL SERVICE'
Parameter: '@wssp41'
Type: NVarChar
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp42'
Type: NVarChar
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp43'
Type: NVarChar
Size: 0
Direction:
Input Value: ''
Parameter: '@wssp44'
Type: Bit
Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp45'
Type: Bit
Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp46'
Type: NVarChar
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp47'
Type: NVarChar
Size: 0
Direction: Input
Value: ''
Parameter: '@wssp48'
Type: Bit
Size: 0
Direction: Input
Value: 'False'
Parameter: '@wssp49'
Type: Int
Size: 0
Direction: Input
Value: '82'
Parameter: '@wssp50'
Type: VarBinary
Size: 0
Direction: Input
Parameter: '@wssp51'
Type: VarBinary
Size: 8000
Direction: Input
Parameter: '@wssp52'
Type: VarBinary
Size: 0
Direction: Input
System.Data.SqlClient.SqlException:
The EXECUTE permission was denied on the object 'proc_SecAddUser', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.
The EXECUTE permission was denied on the object 'proc_AddListItem', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.
The EXECUTE permission was denied on the object 'proc_UpdateDiskUsed', database 'SharePoint_AdminContent_d4605df0-8a2d-44e0-8805-8d65c4d73d99', schema 'dbo'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior)
at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command, CommandBehavior behavior, SqlQueryData monitoringData, Boolean retryForDeadLock)
at Microsoft.SharePoint.SPSqlClient.ExecuteQueryInternal(Boolean retryfordeadlock)
at Microsoft.SharePoint.SPSqlClient.ExecuteQuery(Boolean retryfordeadlock)
Videntityinfo::isFreshToken reported failure.
Leaving Monitored Scope (CachedList:HomePage). Execution Time=15.1112
Leaving Monitored Scope (Load CachedList:151c2f9a-be3a-42ad-a4c6-379cb6ec05ad). Execution Time=825.2132
Leaving Monitored Scope (Request (GET:https://subsite.contoso.com:443/HomePage/Forms/AllItems.aspx)). Execution Time=966.741

did you check this post,
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/5f8003a0-f845-4fb6-8b43-a0a234bcb1ea/the-execute-permission-was-denied-on-the-object-multiple-alerts?forum=sharepointadminprevious
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

ADF Security, Task Flow as a region in a page resource grant

JDeveloper 12c (12.1.2); Application uses ADF form based security, external LDAP provider (Active Directory)
After sign-in page (upon successful authentication/authorization) user is forwarded to a page that executes VO method prior to render. I am new to task flow concept and am told to achieve this like:
- create bounded task flow, with method call activity (execute exposed AM method that calls VO method, runs custom SQL) and view activity as page fragment.
- then drop the above task flow into a page as a region
In ADF security setup, I gave resource grant task-flow to certain application role. Started the application, login and got 403 error. Then went back and gave resource grant 'view' to the actual page that contains task flow. It worked fine.
So the question is, when protecting application (implemented with task flows) with ADF security, I thought it is enough to grant those task flows to whatever application roles (groups) and inherently any page that uses that task flow(s) (as a region) will be protected?
From this test, it seems that I have to assign each page (that has task flow as a region) to application roles individually?

Hi,
any page that is contained in a bounded task flow is protected by the task flow permission grant, this is correct. If this is not what you see, please file a bug with support or send me a simple reproducible test case please. My mail address (replace all < name > with the described symbol.
frank <dot> nimphius <at> oracle <dot> com
The test case will need to be in a ZIP file nemaed to "unzip" and should be able for me to run stand alone (please no database scripts to run prior to try the test case)
Frank

Web Center app with ADF Security - login problem

I have a custome Oracle Web Center app.
I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
and i get
Error 403--Forbidden
I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
This works fine if i use a Login link with
destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
Edited by: new_to_webcenter on 18-Jan-2011 05:25

Thanks for your response Frank.
The web.xml has
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
"/faces/postLogin.jspx"
this then adds into web.xml
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/postLogin.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
So the sequence which works is:
Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
So should the form be posting to j_security_check directly or to the adfAuthentication ?

[Solved] ADF Security permission error

Similar Messages

Maybe you are looking for