Web Center app ADF Security - login problem

I'm making an Oracle Web Center app.
I have an app page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the http://127.0.0.1:7101/MyApp-ViewController-context-root/
and i get
Error 403--Forbidden
I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the entries are there.
This works fine if i use a Login link with
destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.

Ah so when you try to access a JSPX page it works but when you try to access an HTML page it does not work?
I can't see what the problem could be if it works for a JSPX but not for an HTML. Perhaps something with the filters in the web.xml
Maybe you should ask this at the ADF forum: JDeveloper and ADF
The guys there have way more understanding about this stuff than here.

Similar Messages

  • Web Center app with ADF Security - login problem

    I have a custome Oracle Web Center app.
    I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
    When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
    and i get
    Error 403--Forbidden
    I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
    This works fine if i use a Login link with
    destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
    which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
    Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
    Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
    P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
    Edited by: new_to_webcenter on 18-Jan-2011 05:25

    Thanks for your response Frank.
    The web.xml has
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>adfAuthentication</web-resource-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>valid-users</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/login.html</form-login-page>
    <form-error-page>/error.html</form-error-page>
    </form-login-config>
    </login-config>
    When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
    "/faces/postLogin.jspx"
    this then adds into web.xml
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <init-param>
    <param-name>success_url</param-name>
    <param-value>/faces/postLogin.jspx</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    So the sequence which works is:
    Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
    I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
    So should the form be posting to j_security_check directly or to the adfAuthentication ?

  • Oracle ADF Security Login page

    hi.
    I am using oracle ADF 11.1.2.2.0 (oracle Jdevelopr 11g release 2) in my job environment. There are 3000 users working as client level in our company. They have separated user Id and roles. They can change their passwords. There are expiration period for passwords which is handle by in database level. when the employees are going to terminate or retirement , we can control their login status. that mean we change their Active status as a Inactive status. some times we recruit number of emplooyes for cover our business targets. Their User Id also in database table level.
    My main problem is how we can handle number of employees using Oracle ADF security configuration.
    second one is how user can change their passwords.
    Third is how number of employees going to terminate ,handle their Active/Inactive State.
    Fourth one is If we use this Oracle Security system ,project managers or project cordinator or Adminstrator level authenticator must need to deploy time to time war file, because of adding removing users in jazn-data.xml.
    hoping help from you.Thanking for all.

    So, you can define SQLAuthenticator/SQLReadOnlyAuthenticator on Weblogic which will retrieve users from your db table(instead of jazn-data file) to application server.
    Then, in your application you can enable ADF Security and this will generate login page.
    And, this is it :)
    If you need some custom processing before users login to your app, then you can create custom login page and do whatever you want in Java code:
    http://docs.oracle.com/cd/E16162_01/web.1112/e16182/adding_security.htm#BABDEICH
    >
    But 11g has Database connection in Application Resource. Using that connection I need to log to the system using user's User iD and Password
    >
    This connection is valid only in design time. When you deploy your application to application server, then you can include this connection in .ear file, or you can define Data Source on Weblogic(which is better approach).
    To programmatically retreive db connection, you can create utility method in your Application Module.
    Dario

  • ADF security logout problem in adfAuthentication?logout =true

    Hi,
    I've configured ADF security and implementing logout as in http://blogs.oracle.com/jdevotnharvest/entry/how-to_logout_from_adf_security
    Also I have configured OID in the standalone WL server and when deployed this to the standalone wl, the login works fine. But when I click the logout the page redirects saying 10.4.4 403 Forbidden. and the redirected url is
    /adfAuthentication?logout=true & end_url=/faces/AppLogin.jspx Please help, why the logout is forbidden?
    ver. 11.1.1.4
    my web.xml entries
    <security-constraint>
        <web-resource-collection>
          <web-resource-name>adfAuthentication</web-resource-name>
          <url-pattern>/adfAuthentication</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>valid-users</role-name>
        </auth-constraint>
      </security-constraint>
      <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
          <form-login-page>/faces/AppLogin.jspx</form-login-page>
          <form-error-page>/faces/error.jspx</form-error-page>
        </form-login-config>
      </login-config>
      <security-role>
        <role-name>valid-users</role-name>
      </security-role>and weblogic.xml
    <security-role-assignment>
        <role-name>valid-users</role-name>
        <principal-name>users</principal-name>
      </security-role-assignment>

    What I get is a Error 403--Forbidden and not 404 - not found. The two links provided above talks about 404 error and similar.
    What I have is I can login successfully, but when I use the logout procedure it gives me a 403 --Forbidden error. Any other suggestion?                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  • 500 Internal Server Error while deploying Web Center App

    We have created a simple Web Center application in JDeveloper (10.1.3.2.0). Its runs fine when deployed on Stand Alone OC4J. We tried to deploy the same target .EAR (After following the steps mentioned in Oracle Web Center Documentation) on Oracle Web Center Suite 10.1.3.2.0 (Pre-Configured OC4J_WebCenter ). We ran the Pre Deployment to transform the Generic .EAR to Target .EAR with MDS path.
    We got the following exception when testing index page (i.e. index.jspx)
    http://172.10.130.37/ray/faces/index.jspx
    Exception:
    oracle.mds.exception.MDSRuntimeException: No metadata found for metadata object "/ViewController/public_html/index.jspx"
    No metadata found for metadata object "/ViewController/public_html/index.jspx"
    Here's the[b] log of Application:
    JspServlet: unable to dispatch to requested page: Exception:oracle.mds.exception.MDSRuntimeException: No
    metadata found for metadata object "/ViewController/public_html/index.jspx"
    Any help would be extremely appreciated.

    chao.yang wrote:
    Please check if you have the following files in your server's application directories:
    1. <WAR>/WEB-INF/ad-config.xml
    2. <WAR>/META-INF/connections.xml
    if no, please do the following thing:
    1. copy <EAR>/adf/META-INF/ad-config.xml to <WAR>/WEB-INF/
    2. copy <EAR>/adf/META-INF/connections.xml to <WAR>/META-INF/
    3. Retart your OC4J instance, and test your page again.This did not solve my similar issue. What did solve my issue was the following:
    After deployment, I changed the metadata-store metadata-path property value found in <WAR>\WEB-INF\adf-config.xml to the MDS path specified in Predeployment, where <WAR> is the deployment location.
    My question is, why does the pre/deployment process not update this value correctly?

  • Adf security login system

    Hi I would ask you for advice.
    I have a case:
    1.     On the weblogic are specified users:
    2.     I must make login system which will verified is user exist on weblogic.
    I have seen Franks tutorial http://download.oracle.com/otn_hosted_doc/jdeveloper/11gdemos/AdfSecurity/AdfSecurity.html but it is case where I manually add users to jazn file.
    I must verified users form weblogic.

    jazn-data.xml is used during development (when you are testing on the integrated WLS).
    When you deploy to an external WLS server, it will (or at least can) use the users defined in the WLS's LDAP
    Have you read [url http://docs.oracle.com/cd/E26098_01/web.1112/e16182/adding_security.htm#BGBGJEAH]the docs?

  • Secure Login Client and Java

    Hi All,
    We are having a project to implement NW SSO for NWBC for HTML, Citrix XenApp will be used as the desktop environment. The requirement is that no Java allowed to be installed on the web browser.
    According to PAM, Secure Login Client is not support Microsoft Application Virtualization (App-V), so how can we deploy the Secure Login Client to Citrix environment?
    If we want to use Secure Login Web Client instead of Secure Login Client, does Secure Login Web Client requires Java installed on users' web browsers? In the latest Secure Login implementation guide (SSO 2.0), it does not mentioned anything about Java runtime. However, because as far as I understand, Secure Login Web Client is a feature of Secure Login Server, while Secure Login Server is pure Java application, I suspect that Secure Login Web Client also require Java runtime to run. Is that true?
    Best regards,
    Duy

    Hello Duy,
    The Product Availability Matrix states that Secure Login Web Client needs a Java runtime in the browser. See the footer of the Secure Login Web Client pages for Windows and Linux/MAC OS browser platform support. It says the following:
    For Windows: SupportedJava Runtime: Oracle (Sun) JSE 6, 7 and8, 32bit
    For Linux/MAC OS: Supported Java Runtime: Oracle (Sun) JSE 6.0 and7.0, 32bit/64bit depending on browser
    Best regards,
    Martin

  • ADF Security to J2EE Container Managed Security Problems

    Hi al!
    I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
    For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
    Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
    What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
    Part of my web.xml file:
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <init-param>
    <param-name>success_url</param-name>
    <param-value>/faces/app/index.jspx</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication/*</url-pattern>
    </servlet-mapping>
    <security-role>
    <description>Admins</description>
    <role-name>admin_role</role-name>
    </security-role>
    <security-role>
    <description>Users</description>
    <role-name>user_role</role-name>
    </security-role>
    <security-role>
    <role-name>oc4j-administrators</role-name>
    </security-role>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AllAdmins</web-resource-name>
    <url-pattern>faces/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AllUsers</web-resource-name>
    <url-pattern>faces/app/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>user_role</role-name>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>adfAuthentication</web-resource-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>oc4j-administrators</role-name>
    <role-name>user_role</role-name>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    Do I have to remove this adfAuthentication tags?
    I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
    Thank you in advance!
    Bye
    PS
    Maybe stack trace after login:
    FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

    Hi there!
    I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
    log("method equals start",0);
    log("another type = " + another.getClass(), 0);
    if (another instanceof Principal)
    Principal mine = (Principal)another;
    log("Principal mine.getName() = " + mine.getName(), 0);
    The result is this output (after navigating to page that gives 401 forbidden):
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
    07/10/12 08:46:09 [DBUserPrincipal] method equals start
    07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
    Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
    Thank you!
    BB

  • Weblogic 10 jaas and login.jsp and web.xml/weblogic.xml security constaints

    Hello,
    I struggled through and got the examples.security.jaas.SampleCallbackHandler.java and examples.common.utils.ExampleUtils.java/ExampleConstants.java into eclipse where they compile. A bean I made can call SambleCallbackHandler like such:
    mybean.logmein(username,password,url). I can then do a mybean.getStatus() or even a mybean.returnCode(). It does seem to correctly identlify that it is authenticating me (I see in stdout logs that it shows success or failures. The problem I have is I do not know how to apply this weblogic and web.xml/weblogic.xml so that if authentication works it redirects me to the page requiring the authentication. In web.xml I have the following set up:
    <security-role>
         <role-name>Admins</role-name>
    </security-role>
    <login-config>
         <auth-method>FORM</auth-method>
         <realm-name>default</realm-name>
         <form-login-config>
              <form-login-page>/login.jsp</form-login-page>
              <form-error-page>/badlogin.html</form-error-page>
         </form-login-config>
    </login-config>
    <security-constraint>
         <web-resource-collection>
              <web-resource-name>empower</web-resource-name>
              <description>These pages are only accessible by authorized users.</description>
              <url-pattern>/admin/*</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
         </web-resource-collection>
    <auth-constraint>
    <description>These are the roles who have access</description>
    <role-name>Administrators</role-name>
    </auth-constraint>
         <user-data-constraint>
         <description>This is how the user data must be transmitted</description>
         <transport-guarantee>NONE</transport-guarantee>
         </user-data-constraint>
    </security-constraint>
    My weblogic.xml has:
    <?xml version="1.0" encoding="UTF-8"?>
    <wls:weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">
    <wls:security-role-assignment>
    <wls:role-name>Admins</wls:role-name>
    <wls:principal-name>Administrators</wls:principal-name>
    <wls:principal-name>dashap</wls:principal-name>
    </wls:security-role-assignment>
    </wls:weblogic-web-app>
    With this set up, if I try to go to a page in /admin folder in my application, it correctly pops up the login page. The jaas in the bean is doing a loginContext.login(), which I thought does authentication too, but it never goes back to the /admin page I was going to that needed the authentication. With jaas, can I not use the web.xml FORM security option? Do I Need to use j_security in the login.jsp's form's action= option and j_username and j_password for the input type names? How do I use j_username/j_password things if I am using jaas? I could just ignore using the web.xml security stuff and put something in the pages that need authentication, but it would be easier if I could use jaas with the security featurs without doing all that. Note that my code above is using a realm called default just because that was what was in the example I got from the web. Does that need to be something else?

    Hi John,
    I would like magic of course. However, in this case I want something special: my authentication provider uses special means and contents of headers, cookies and service from external identity management systems to determine the user's identity.
    I do not want the application to present the login dialog! I want to derive the identity and the fact that the user is logged in from whatever the authentication provider returns in terms of Subject.
    Ideally, the flow is something like:
    - user accesses an unprotected resource - resource is shown, no interaction with authentication provider
    - user presses a link or button that takes him/her to a protected resource
    - the authentication provider is contacted to work with the identity asserter to establish the identity of the current user and create a subject object for this user
    - the application can access the subject and principals
    - ADF Security recognizes the identity and the roles (based on the principals) and coordinates access based on this.
    the authentication method is client certificate. presumably this prompts WebLogic/OPS to use an identity asserter to work with custom headers and cookies ("... when you configure a web application to use CLIENT-CERT authentication. In this case, WebLogic can perform identity assertion based on values from request headers and cookies. If the header name or cookie name matches the active token type for the provider, the value is passed to the provider."). No login form should be presented to the user, as all information required to perform the authentication is already available.
    I am trying to understand what I must do to have the ADF application adopt the subject set by the authentication provider - if anything?!
    If you more ideas to share - I would love to hear them.
    best regards,
    Lucas

  • Problem with ADF security and task flow calls

    Hi.
    I am using JDeveloper 11.1.2.0.0.
    I encountered a problem when tried to apply ADF security to my application.
    The way to reproduce the problem:
    1. Create new Fusion Web Application;
    2. Import Business Components from Tables from any existing schema and add at least one table to the ApplicationModule.
    3. Create "welcome page" (for instance, welcome.jsf). Add a button with fixed action outcome "test".
    4. Create test page, for instance, test.jsf. Drag and drop any view object from Data Controls onto the page and create a form with navigation controls. Add a button with fixed action outcome "return".
    5. Create bounded task flow, name it "test", drag and drop our test page on it - the page will be the default activity. Add a task flow return activity. Add a control flow case from the default view activity to the return activity, set From Outcome property to "return". So our return button should cause the task flow to exit.
    6. Open adfc-config.xml in diagram mode and place our welcome page on it. Then drag and drop the test task flow to create a task flow call activity. Add a control flow case from welcome page to task flow call activity, set the From Outcome property to "test". So our test button should call the test task flow.
    7. Configure application to run the unbounded task flow starting with Welcome view activity.
    At this point all works as expected: when application runs, the welcome page is displayed with test button. Pressing the test button results in displaying the test page, return button leads back to the welcome page.
    Now let's configure ADF Security.
    Run the ADF Security configuration wizard, choose ADF Authentication and Authorization.
    On the second page select Form-Based Authentication, check the Generate Default Pages flag.
    On the third page choose No Automatic Grants.
    On the next page keep the Redirect Upon Successful Authentication unchecked. Press Finish.
    Open jazn-data.xml to configure roles, users and resource grants:
    1. Create application role test-role.
    2. Grant the test-role privileges to view the test task flow.
    3. Create user and grant him the test-role.
    Now we have the public available welcome page and the test page with restricted access.
    When application runs, the welcome page is displayed as expected. Pressing the test button redirect us to auto-generated login page. After successful authorization the test page is displayed. But nothing happens if we click now the return button for the first time. When we click the return button once more, the application crushes with Error-500 and message "Target Unreachable, identifier 'bindings' resolved to null". The exact error trace depends on UI control bindings, but looks like this:
    javax.el.PropertyNotFoundException: //C:/Users/DUDKIN/AppData/Roaming/JDeveloper/system11.1.2.0.38.60.17/o.j2ee/drs/Test1/ViewControllerWebApp.war/test.jsf @10,120 value="#{bindings.Id.inputValue}": Target Unreachable, identifier 'bindings' resolved to null
         at com.sun.faces.facelets.el.TagValueExpression.isReadOnly(TagValueExpression.java:122)
         at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer._getUncachedReadOnly(EditableValueRenderer.java:476)
         at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.getReadOnly(EditableValueRenderer.java:390)
         at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.wasSubmitted(EditableValueRenderer.java:345)
         at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.decodeInternal(EditableValueRenderer.java:116)
         at oracle.adfinternal.view.faces.renderkit.rich.LabeledInputRenderer.decodeInternal(LabeledInputRenderer.java:56)
         at oracle.adf.view.rich.render.RichRenderer.decode(RichRenderer.java:342)
         at org.apache.myfaces.trinidad.render.CoreRenderer.decode(CoreRenderer.java:274)
         at org.apache.myfaces.trinidad.component.UIXComponentBase.__rendererDecode(UIXComponentBase.java:1324)
    (the rest of lines skipped).
    Any suggestions?
    Edited by: user13307311 on Apr 16, 2013 11:39 PM

    @Lovin_JV_941794
    The welcome page is public available since it does not have appropriate PageDef file.
    Login page comes not from the welcome page, it comes after attempt to access the test page. So after the login succeeded the test page appears, because redirect to welcome page after successful login is not configured. I do not need to return the welcome page at this moment, I need to go to the test page.
    It seems the task flow call stack to be destroyed after redirect to login page.
    Edited by: user13307311 on Apr 17, 2013 12:45 AM

  • Error While Login ADF Security Sample Application

    Hi All,
    Jdevloper Version : 11.1.1.5.0
    we are Creating ADF Login Application contains login.jspx and main.jspx pages.
    we define ADF Security on this Sample Application.
    when we provide valid credentials to login(username and password) it shows Error:
    Error 404--Not Found
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.5 404 Not Found
    The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
    If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
    The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
    that an old resource is permanently unavailable and has no forwarding address. 
    ManagedBean(BackingbeanScope) doLogin():
             public String doLogin() {
            String un = _userName;
            byte[] pw = _password.getBytes();
            FacesContext ctx = FacesContext.getCurrentInstance();
            HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
            try {
                Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
                weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
                String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
                HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
                RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
         ctx.responseComplete();
        catch (FailedLoginException fle)
                    FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
                    ctx.addMessage(null, msg);
            return null;
    In ADF Security We Define :
    User : admin1
    Enterprise Role  : ManagerGroup(added user admin1 to this EnterpriseRole)
    Application Role : Manager
    Resource Grants  : Resource Type : Web Page
                               login page
                              main  page -  Granted Role(Manager)
    jazn-data.xml file
    <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
    <jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
      <jazn-realm default="jazn.com">
        <realm>
          <name>jazn.com</name>
          <users>
            <user>
              <name>admmin1</name>
              <display-name>admmin1</display-name>
              <credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
            </user>
          </users>
          <roles>
            <role>
              <name>ManagerGroup</name>
              <display-name>ManagerGroup</display-name>
              <members>
                <member>
                  <type>user</type>
                  <name>admmin1</name>
                </member>
              </members>
            </role>
          </roles>
        </realm>
      </jazn-realm>
      <policy-store>
        <applications>
          <application>
            <name>ADFLogin</name>
            <app-roles>
              <app-role>
                <name>Manager</name>
                <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                <display-name>Manager</display-name>
                <members>
                  <member>
                    <name>ManagerGroup</name>
                    <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
                  </member>
                </members>
              </app-role>
            </app-roles>
            <jazn-policy>
              <grant>
                <grantee>
                  <principals>
                    <principal>
                      <name>Manager</name>
                      <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                    </principal>
                  </principals>
                </grantee>
                <permissions>
                  <permission>
                    <class>oracle.adf.share.security.authorization.RegionPermission</class>
                    <name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
                    <actions>view</actions>
                  </permission>
                </permissions>
              </grant>
            </jazn-policy>
          </application>
        </applications>
      </policy-store>
    </jazn-data>
    Please help us how to resolve it.
    Thanks,
    kumar

    A best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
    I guess your resource grants are not set correctly.
    Timo

  • ADF Login problem

    Hi,
    I have implemented ADF Security along with a login bean and a home managed bean according to Frank Nimphius's article in the Oracle Magazine.
    Problems:
    1. In design view the login link is visible, but not in the browser (Firefox vers. 19).
    2. Only the logout link is visible
    3. When trying to logout the current page only refreshes
    Login bean
    package demo.view;
    import java.io.IOException;
    import java.util.Map;
    import javax.faces.application.FacesMessage;
    import javax.faces.context.ExternalContext;
    import javax.faces.context.FacesContext;
    import javax.security.auth.Subject;
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.login.FailedLoginException;
    import javax.security.auth.login.LoginException;
    import javax.servlet.RequestDispatcher;
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import oracle.adf.share.ADFContext;
    import oracle.adf.view.rich.event.DialogEvent;
    import weblogic.security.SimpleCallbackHandler;
    import weblogic.security.URLCallbackHandler;
    import weblogic.security.services.Authentication;
    import weblogic.servlet.security.ServletAuthentication;
    public class LoginBean {
        String _username = null;
        String _password = null;
        public static String USERNAMETOKEN = "_____demoOnlyUsernameAttrString___________";
        public static String PASSWORDTOKEN = "_____demoOnlyPasswordAttrString___________";
        public LoginBean() {
            super();
        public void setUsername(String _username) {
            this._username = _username;
        public String getUsername() {
            return _username;
        public void setPassword(String _password) {
            this._password = _password;
        public String getPassword() {
            return _password;
      public void onLoginAction(DialogEvent dialogEvent) {
          if (dialogEvent.getOutcome()== DialogEvent.Outcome.ok ){
            doLogin();
          else{
            //cancel, do nothing
      private String doLogin() {
          String un = _username;
          byte[] pw = _password.getBytes();
          FacesContext ctx = FacesContext.getCurrentInstance();
          HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
          try {         
              CallbackHandler handler = new URLCallbackHandler(un,pw);
              Subject mySubject = weblogic.security.services.Authentication.login(handler);
              weblogic.servlet.security.ServletAuthentication.runAs(mySubject, request);
              ServletAuthentication.generateNewSessionID(request);
              //save username and password. Note that in a real application this is
              //*NOT* what you should do unencrypted. Note that this is a demo
              //Store username , password in session for later use
              //when connecting to Twitter
              ADFContext adfctx = ADFContext.getCurrent();
              Map sessionScope = adfctx.getSessionScope();
              sessionScope.put(this.USERNAMETOKEN, un);
              sessionScope.put(this.PASSWORDTOKEN, new String(pw));
                String loginUrl;
                loginUrl = "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId();
              HttpServletResponse response = (HttpServletResponse)ctx.getExternalContext().getResponse();
              sendForward(request, response, loginUrl);
          } catch (FailedLoginException fle) {
              FacesMessage msg =
                  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
                                   "An incorrect Username or Password" +
                                   " was specified");
              ctx.addMessage("d2:it35", msg);
          } catch (LoginException le) {
              reportUnexpectedLoginError("LoginException", le);
          return null;
      private void sendForward(HttpServletRequest request,
                               HttpServletResponse response, String forwardUrl) {
          FacesContext ctx = FacesContext.getCurrentInstance();
          RequestDispatcher dispatcher = request.getRequestDispatcher(forwardUrl);
          try {
              dispatcher.forward(request, response);
          } catch (ServletException se) {
              reportUnexpectedLoginError("ServletException", se);
          } catch (IOException ie) {
              reportUnexpectedLoginError("IOException", ie);
          ctx.responseComplete();
      private void reportUnexpectedLoginError(String errType, Exception e) {
          FacesMessage msg =
              new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected error during login",
                               "Unexpected error during login (" + errType +
                               "), please consult logs for detail");
          FacesContext.getCurrentInstance().addMessage("d2:it35", msg);
          e.printStackTrace();
        public String logout() {
            FacesContext ctx = FacesContext.getCurrentInstance(); 
            ExternalContext ectx = ctx.getExternalContext();
            String logoutUrl = "faces" + ctx.getViewRoot().getViewId();
            ((HttpServletRequest)ectx.getRequest()).getSession().invalidate();
            try {
                ectx.redirect(logoutUrl);
            } catch (IOException e) {
                e.printStackTrace();
            return null;
    }Home managed bean
    package demo.view;
    import java.io.IOException;
    import java.util.Iterator;
    import java.util.List;
    import java.util.Map;
    import javax.el.ELContext;
    import javax.el.ExpressionFactory;
    import javax.el.ValueExpression;
    import javax.faces.context.ExternalContext;
    import javax.faces.context.FacesContext;
    import javax.faces.event.ActionEvent;
    import oracle.adf.model.binding.DCIteratorBinding;
    import oracle.adf.view.rich.component.rich.RichPopup;
    import oracle.adf.view.rich.component.rich.data.RichTree;
    import oracle.adf.view.rich.component.rich.layout.RichPanelGroupLayout;
    import oracle.adf.view.rich.component.rich.nav.RichCommandImageLink;
    import oracle.adf.view.rich.context.AdfFacesContext;
    import oracle.jbo.Key;
    import oracle.jbo.uicli.binding.JUCtrlHierBinding;
    import oracle.jbo.uicli.binding.JUCtrlHierNodeBinding;
    import oracle.jbo.uicli.binding.JUCtrlHierTypeBinding;
    import oracle.jbo.uicli.binding.JUIteratorBinding;
    import org.apache.myfaces.trinidad.component.UIXSwitcher;
    import org.apache.myfaces.trinidad.event.SelectionEvent;
    import org.apache.myfaces.trinidad.model.CollectionModel;
    import org.apache.myfaces.trinidad.model.RowKeySet;
    public class HomeManagedBean {
        private RichTree locationsTree;
        private UIXSwitcher formSwitcher;
        private RichPanelGroupLayout formPanelGroup;
        private RichPopup popupP1;
        public HomeManagedBean() {
        public void setLocationsTree(RichTree locationsTree) {
            this.locationsTree = locationsTree;
        public RichTree getLocationsTree() {
            return locationsTree;
       * Custom managed bean method that takes a SelectEvent input argument to generically
       * set the current row corresponding to the selected row in the tree. Note that this
       * method is a way to replace the "makeCurrent" EL expression (#{bindings.<tree binding>.
       * treeModel.makeCurrent}that Oracle JDeveloper adds to the tree component SelectionListener
       * property when dragging a collection from the Data Controls panel. Using this custom
       * selection listener allows developers to add pre- and post processing instructions. For
       * example, you may want to enforce PPR on a specific item after a new tree node has been
       * selected. This methods performs the following steps
       * i.   get access to the tree component
       * ii.  get access to the ADF tree binding
       * iii. set the current row on the ADF binding
       * iv.  get the information about target iterators to synchronize
       * v.   synchronize target iterator
       * @param selectionEvent object passed in by ADF Faces when configuring this method to
       * become the selection listener
       * @author Frank Nimphius
      public void onTreeSelect(SelectionEvent selectionEvent) {
        /* REPLACES */
        //#{bindings.allLocations.treeModel.makeCurrent}
       /* custom pre processing goes here */
      //get the tree information from the event object
      RichTree tree1 = (RichTree) selectionEvent.getSource();
      //in a single selection case ( a setting on the tree component ) the added set only
      //has a single entry. If there are more then using this method may not be desirable.
      //Implicitly we turn the multi select in a single select later, ignoring all set
      //entries than the first
      RowKeySet rks2 = selectionEvent.getAddedSet();
      //iterate over the contained keys. Though for a single selection use case we only expect
      //one entry in here
      Iterator rksIterator = rks2.iterator();
      //support single row selection case
      if (rksIterator.hasNext()){
        //get the tree node key, which is a List of path entries describing the
        //location of the node in the tree including its parents nodes
        List key = (List)rksIterator.next();
       //get the ADF tree  binding to work with
        JUCtrlHierBinding treeBinding = null;
        //The Trinidad CollectionModel is used to provide data to trees and tables. In the
        //ADF binding case, it contains the tree binding as wrapped data
        treeBinding = (JUCtrlHierBinding) ((CollectionModel)tree1.getValue()).getWrappedData();
        //find the node identified by the node path from the ADF binding layer. Note that
        //we don't need to know about the name of the tree binding in the PageDef file because
        //all information is provided
        JUCtrlHierNodeBinding nodeBinding = nodeBinding = treeBinding.findNodeByKeyPath(key);
        //the current row is set on the iterator binding. Because all bindings have an internal
        //reference to their iterator usage, the iterator can be queried from the ADF binding
        //object
        DCIteratorBinding _treeIteratorBinding = null;
        _treeIteratorBinding = treeBinding.getDCIteratorBinding();
        Key rowKey = nodeBinding.getRowKey();
        JUIteratorBinding iterator = nodeBinding.getIteratorBinding();
        iterator.setCurrentRowWithKey(rowKey.toStringFormat(true));
        //get selected node type information
        JUCtrlHierTypeBinding typeBinding =  nodeBinding.getHierTypeBinding();
        // The tree node rule may have a target iterator defined. Target iterators are
        // configured using the Target Data Source entry in the tree node edit dialog
        // and allow developers to declaratively synchronize an independent iterator
        // binding with the node selection in the tree.
        String targetIteratorSpelString = typeBinding.getTargetIterator();     
        //chances are that the target iterator option is not configured. We avoid
        //NPE by checking this condition
        if (targetIteratorSpelString != null && !targetIteratorSpelString.isEmpty()) {
          //resolve SPEL string for target iterator
          DCIteratorBinding targetIterator = resolveTargetIterWithSpel(targetIteratorSpelString);
          //synchronize the row in the target iterator
          targetIterator.setCurrentRowWithKey(rowKey.toStringFormat(true));
        /********************* DISPLAY INPUT FORM FOR SELECTED NODE **********************/
        //get the name of the selectected tree node object. In this sample the value is
        //adf.sample.model.DepartmentsView,adf.sample.model.EmployeesView or
        //adf.sample.model.LocationsView
        String selectedNodeObjectRef = typeBinding.getStructureDefName();
        //write selected node object reference to session
        AdfFacesContext adfFacesCtx = AdfFacesContext.getCurrentInstance();
        Map viewScope = adfFacesCtx.getViewScope();
        viewScope.put("nodeRef",selectedNodeObjectRef);
        //refresh form display
        adfFacesCtx.addPartialTarget(this.getFormPanelGroup());
       * Helper method to resolve EL expression into DCIteratorBinding instance
       * @param spelExpr the SPEL expression starting with ${...}
       * @return DCIteratorBinding instance
      private DCIteratorBinding resolveTargetIterWithSpel(String spelExpr){
       FacesContext fctx = FacesContext.getCurrentInstance();
       ELContext elctx = fctx.getELContext();
       ExpressionFactory elFactory = fctx.getApplication().getExpressionFactory();
       ValueExpression valueExpr = elFactory.createValueExpression(elctx, spelExpr,Object.class);
       DCIteratorBinding dciter = (DCIteratorBinding) valueExpr.getValue(elctx);  
       return dciter;
        public void setFormPanelGroup(RichPanelGroupLayout formPanelGroup) {
            this.formPanelGroup = formPanelGroup;
        public RichPanelGroupLayout getFormPanelGroup() {
            return formPanelGroup;
        //based on the current state of the login link,
        //log user in or out
        public void onLoginLogout(ActionEvent actionEvent) {
            RichCommandImageLink rcil = (RichCommandImageLink) actionEvent.getComponent();
            String commandLinkIcon = rcil.getIcon();
            if (commandLinkIcon.indexOf("glbl_login_msg.gif") >0){
              //login
              RichPopup.PopupHints hints = new RichPopup.PopupHints();
              popupP1.show(hints);
            else{
              //logout        
              FacesContext fctx = FacesContext.getCurrentInstance();
              ExternalContext ectx = fctx.getExternalContext();
                try {
                    ectx.redirect("/adfAuthentication?logout=true&end_url=/faces/home.jspx");
                } catch (IOException e) {
                    e.printStackTrace();
        public void setPopupP1(RichPopup popupP1) {
            this.popupP1 = popupP1;
        public RichPopup getPopupP1() {
            return popupP1;
    }Source code in home page
    <af:commandImageLink text="Logout" id="commandImageLink1"
                                                              icon="#{resource['images:glbl_logout.gif']}"
                                                         rendered="#{securityContext.authenticated}" partialSubmit="true"
                                                         immediate="false"
                                                              inlineStyle="font-family:Arial, Helvetica, sans-serif; font-size:11px; color:White;"
                                                                 action="#{LoginBean.logout}"/>
                                         <af:commandImageLink text="Login" id="cil1"
                                                              icon="#{resource['images:glbl_login_msg.gif']}"
                                                         rendered="#{!securityContext.authenticated}"
                                                              inlineStyle="font-family:Arial, Helvetica, sans-serif; font-size:11px; color:White;"
                                                              action="#{LoginBean.toString}">
                                        <af:showPopupBehavior popupId="p1" triggerType="action" align="startAfter"
                                                              alignId="cil1"/>
                                    </af:commandImageLink>
                                    <af:popup id="p1" binding="#{HomeManagedBean.popupP1}">
                                        <af:dialog id="d2" title="Please Login" type="okCancel" closeIconVisible="false"
                                                   modal="true" stretchChildren="none"
                                                   dialogListener="#{LoginBean.onLoginAction}">
                                            <af:panelFormLayout id="pfl5">
                                                <af:inputText label="Username" id="it34" columns="20"
                                                              value="#{LoginBean.username}"/>
                                                <af:inputText label="Password" id="it35" secret="true" columns="20"
                                                              value="#{LoginBean.password}"/>
                                                <af:message id="m2" for="it35" messageType="error"/>
                                            </af:panelFormLayout>
                                        </af:dialog>
                                    </af:popup>Other settings:
    1. No welcome page set in web.xml
    2. No redirect page set in jazn-data.xml
    3. Users, Enterprise and application roles set in ADF Security
    4. Managed Beans registered in adfc-config.xml
    Help greatly appreciated!

    Without going through all the code:
    the visibility of the links depends on
    logout:
    rendered="#{securityContext.authenticated}"
    login:
    rendered="#{!securityContext.authenticated}"This means, if you see the logout link, but not the loging link, the framework assumes that you are logged in already.
    Investigate in this direction.
    Timo

  • About login authentication in ADF Security

    I have applied ADF Security in application which I learned from the Cue Cards example and I did it successfully but I wanted to change the login page.
    So I created a PopUp which I learned from "Oracle JDeveloper 11g Handbook A Guide to Oracle Fusion Web Development" and instead of the Menu Button, I used a Go Link Button as I had done in the Cue Cards example.
    But the problem is how to manage the login/logout authentication. As in the book I created a managed bean to handle login and the code is :
    package inventory.controller;
    import java.io.IOException;
    import javax.faces.application.FacesMessage;
    import javax.faces.context.FacesContext;
    import javax.security.auth.Subject;
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.login.FailedLoginException;
    import javax.security.auth.login.LoginException;
    import javax.servlet.RequestDispatcher;
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import weblogic.security.SimpleCallbackHandler;
    import weblogic.security.services.Authentication;
    import weblogic.servlet.security.ServletAuthentication;
    public class LoginHandler {
    private String _username;
    private String _password;
    public LoginHandler() {
    super();
    public String performLogin() {
    byte[] pw = _password.getBytes();
    FacesContext ctx = FacesContext.getCurrentInstance();
    HttpServletRequest request =
    (HttpServletRequest)ctx.getExternalContext().getRequest();
    CallbackHandler handler = new SimpleCallbackHandler(_username, pw);
    try {
    Subject mySubject = Authentication.login(handler);
    ServletAuthentication.runAs(mySubject, request);
    String loginUrl =
    "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId();
    HttpServletResponse response =
    (HttpServletResponse)ctx.getExternalContext().getResponse();
    sendForward(request, response, loginUrl);
    } catch (FailedLoginException fle) {
    FacesMessage msg =
    new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
    "An incorrect Username or Password" +
    " was specified");
    ctx.addMessage(null, msg);
    } catch (LoginException le) {
    reportUnexpectedLoginError("LoginException", le);
    return null;
    private void sendForward(HttpServletRequest request,
    HttpServletResponse response, String loginUrl) {
    FacesContext ctx = FacesContext.getCurrentInstance();
    RequestDispatcher dispatcher = request.getRequestDispatcher(loginUrl);
    try {
    dispatcher.forward(request, response);
    } catch (ServletException se) {
    reportUnexpectedLoginError("ServletException", se);
    } catch (IOException ie) {
    reportUnexpectedLoginError("IOException", ie);
    ctx.responseComplete();
    private void reportUnexpectedLoginError(String errType, Exception e) {
    FacesMessage msg =
    new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected Error During Login",
    "Unexpected Error during Login (" + errType +
    "), please consult logs for detail");
    FacesContext.getCurrentInstance().addMessage(null, msg);
    e.printStackTrace();
    public String performLogout() {
    FacesContext ctx = FacesContext.getCurrentInstance();
    HttpServletRequest request =
    (HttpServletRequest)ctx.getExternalContext().getRequest();
    HttpServletResponse response =
    (HttpServletResponse)ctx.getExternalContext().getResponse();
    String logoutUrl =
    "/adfAuthentication?logout=true&end_url=/faces/home";
    sendForward(request, response, logoutUrl);
    return null;
    public void setUsername(String _username) {
    this._username = _username;
    public String getUsername() {
    return _username;
    public void setPassword(String _password) {
    this._password = _password;
    public String getPassword() {
    return _password;
    But as I run the page and click the login link, it displays the PopUp box but I think it can't get the username and password from the field inserted and displays the error message specified in the above code(ie in try/catch) when I enter the required username and password and click the login button. So is there something in the code, I ran the application TUHRA which I downloaded, which was an example in the book I specified. and it went well and the login popup worked well.
    And I want to know that how to work the button by just pressing Enter key without clicking the button ? And also is there procedural change in the ADF configuration in jDev 11.1.1.1.0 and jDev 11.1.1.5.0 as I have jDev 11.1.1.5.0 installed and there was something different in following the steps specified in the book but I managed it by looking at the cure cards example. So is this the steps problem or something else?
    Thanks in advance.

    I didn't design the login page but I just created a PopUp window and in the popup window I inserted two Input text fields for username and password.
    And i set the 'value' of the username field as "#{login.username}" and the 'value' of the password field as "#{login.password}"
    Also in the login button the "action" set to #{login.performLogin}.
    And the button which I use to display the popup is a Go Link button, the "Destination" is set to "#{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/home.jspx" : "/adfAuthentication?success_url=/faces/home.jspx"} ".
    I inserted the popup inside the Go Button in the structure window.
    And Added the managed bean in the adfc config.xml with the following properties:
    Name as “login”
    Class as “inventory.controller.LoginHandler”
    Scope as “request”
    If I don't use the popup and login with the default generated login form , the login is successful
    And also when i removed the ADF security configuration, the meta data didn't go away and when i reconfigured the security some error is diplayed in the log details as cannot create or something like rewrite the users.
    Please help I don't have much time to complete my project. its an emergency.
    Edited by: SudeepShakya on Nov 4, 2011 10:06 AM

  • Error when trying to see pages in webcenter app with adf security activated

    Greetings
    I have this problem
    I developed a WebCenter Application that uses ADF Security with form authentication. This App has
    two JSPX the first one is the login page and the second one is the page where i manage runtime created pages
    using the CREATE PAGE task flow and a page tree iterator to see my created pages.
    when i deploy de application on the weblogic server i am able to login successfully and create as many pages as
    i want and also see them using the link generated. the problem is that when a delete the application from the weblogic
    server, i mean the deployed application, then redeploy the same application on the server i can login again and
    see the pages i created before but when i try to reach them i get this error showed in my internet browser:
    Error 401--Unauthorized
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.2 401 Unauthorized
    The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46)
    containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization
    header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that
    authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response,
    and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was
    given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained
    in section 11.
    Does anybody now what kind of configuration i am missing or what is happening?
    thanks for your help

    this issue has a solution showed on the this thread Re: ERROR when trying to see pages created with create page task flow

  • Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

    Hi,
    We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
    Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
    Regards,
    Joonas

    Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

Maybe you are looking for

  • Place images in XML workflow

    Hi I have placed figures to its nearest citations in non XML workflow. For XML workflow, I have placed figure and its captions in two frames and grouped them. I move the group to the corresponding citation page. My xml structure remains unchanged. No

  • Recordsets in server side includes

    I often find that when I am building websites that I have numerous recordsets that are common across many, if not all of the pages of the site. What I tend to do is create a template that has all of these recordsets in place before I build the site a

  • Apps freeze when selecting a file

    Freezing is not quite correct but I experienced in a few apps (CB and BeBuzz) the following behaviour : When I select a file from the device / SD card (in CB to attach a pic or in BeBuzz to select a notification sound), the app get stuck in the file

  • Is there a case for iphone 5 that actually opens up on its own like iron mans head

    Is there a case that actually opens up like iron mans helmet Doesn't have to be an iron man case preferably not Money doesn't matter For iphone 5

  • Experts? Colors completely off when printing images edited in LR-Help, Please!

    I have one week left to get ready for a show that I have already dumped 3,000 worth of supplies into, but now that I'm ready to print, and I've imported and edited everything in my new trial of Light Room, my prints are completely off from my images.