401 - unauthorised in ADF Security.

Hi.
Am trying to develop a login page using ADF security in jdeveloper 11.1.1.6.0.
I have followed this link
ADF security on my jspx  page as login page
This is my code which i have used in my login bean.
public String doLogin() {
String un = _username;
byte[] pw = _password.getBytes();
FacesContext ctx = FacesContext.getCurrentInstance();
HttpServletRequest request =
(HttpServletRequest)ctx.getExternalContext().getRequest();
CallbackHandler handler = new SimpleCallbackHandler(un, pw);
try {
Subject mySubject = Authentication.login(handler);
ServletAuthentication.runAs(mySubject, request);
ServletAuthentication.generateNewSessionID(request);
/*   String loginUrl = "/adfAuthentication?success_url=/faces" +
ctx.getViewRoot().getViewId();*/
String loginUrl = "/adfAuthentication?success_url=/faces/Runtime.jspx";
System.out.println ("Loginto to be printed"+loginUrl);
HttpServletResponse response =
(HttpServletResponse)ctx.getExternalContext().getResponse();
sendForward(request, response, loginUrl);
} catch (FailedLoginException fle) {
FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR,
"Incorrect Username or Password",
"An incorrect Username or Password" +
" was specified");
ctx.addMessage(null, msg);
} catch (LoginException le) {
reportUnexpectedLoginError("LoginException", le);
return null;
private void sendForward(HttpServletRequest request,
HttpServletResponse response,
String forwardUrl){
FacesContext ctx = FacesContext.getCurrentInstance();
RequestDispatcher dispatcher = request.getRequestDispatcher(forwardUrl);
System.out.println ("dispatcher inside send forward :"+dispatcher);
try {
dispatcher.forward(request, response);
} catch (ServletException se) {
reportUnexpectedLoginError("ServletException", se);
} catch (IOException ie) {
reportUnexpectedLoginError("IOException", ie);
ctx.responseComplete();
private void reportUnexpectedLoginError(String errType, Exception e){
FacesMessage msg =
new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected error                                                          
during login",
"Unexpected error during login (" + errType +
"), please consult logs for detail");
FacesContext.getCurrentInstance().addMessage(null, msg);
e.printStackTrace();
When i entered my username and password it shows an error as 401 - Unauthorized.
Dont know where i went wrong? pls help me.!
Regards,
Prasad K T.

Prasad, the link is a bit older. You may want to check this article from Frank: Oracle ADF: Security for Everyone
which comes with a working sample.
Timo

Similar Messages

  • ADF Security not working 401 error

    I am having problems with securing my ADF using LDAP after the server I was using was rebuilt and all software re-installed.....
    This did work before the rebuild so I am guessing that there are some settings that were no configured after the rebuild.
    We are using weblogic and Jdeveloper 11.1.1.6 and When I use the Wizard to secure my app and if I pick "ADF Authentication" I get the login in page and I can log into the application and things work.
    I then try to go in and use the "ADF Authentication and Authorization" option and deploy and I get a 401 - Unauthorized error..
    It used to work so I am pretty sure I am setting the Enterprise roles / Application Roles etc... correctly but wondered if anyone might be able to point me to what settings might be the issue etc.
    Thank you in advance for any assistance.

    After turning off ADF security in application - it works.
    When ADF security is turned on - it doesn't.
    When opening the same application with ADF security on in previous version of JDev - it works again.
    Our application uses custom login bean, but it is not even reaching login bean after login form submit (sample is made as http://www.youtube.com/watch?v=mAWBezngA1s)

  • ADF Security to J2EE Container Managed Security Problems

    Hi al!
    I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
    For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
    Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
    What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
    Part of my web.xml file:
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <init-param>
    <param-name>success_url</param-name>
    <param-value>/faces/app/index.jspx</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication/*</url-pattern>
    </servlet-mapping>
    <security-role>
    <description>Admins</description>
    <role-name>admin_role</role-name>
    </security-role>
    <security-role>
    <description>Users</description>
    <role-name>user_role</role-name>
    </security-role>
    <security-role>
    <role-name>oc4j-administrators</role-name>
    </security-role>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AllAdmins</web-resource-name>
    <url-pattern>faces/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AllUsers</web-resource-name>
    <url-pattern>faces/app/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>user_role</role-name>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>adfAuthentication</web-resource-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>oc4j-administrators</role-name>
    <role-name>user_role</role-name>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    Do I have to remove this adfAuthentication tags?
    I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
    Thank you in advance!
    Bye
    PS
    Maybe stack trace after login:
    FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

    Hi there!
    I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
    log("method equals start",0);
    log("another type = " + another.getClass(), 0);
    if (another instanceof Principal)
    Principal mine = (Principal)another;
    log("Principal mine.getName() = " + mine.getName(), 0);
    The result is this output (after navigating to page that gives 401 forbidden):
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
    07/10/12 08:46:09 [DBUserPrincipal] method equals start
    07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
    Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
    Thank you!
    BB

  • Oracle ADF security integration with Oracle E-Business Suite SDK JAAS

    I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
    When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
    I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
    When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
    Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
    Error 401--Unauthorized
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.2 401 Unauthorized
    Any thoughts on why that would be?
    Thanks
    Dan

    Thanks Juan.
    With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
    [JpsAuth] Check Permission
    PolicyContext: [TestApp]
    Resource/Target: [untitled1PageDef]
    Action: [view]
    Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
    Result: [FAILED]
    Evaluator: [ACC]
    Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
    CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
    Principals=total 2 of principals(
    1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
    2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
    When I access the same page from my integrated weblogic server I see:
    [JpsAuth] Check Permission
    PolicyContext: [TestApp]
    Resource/Target: [untitled1PageDef]
    Action: [view]
    Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
    Result: [FAILED]
    Evaluator: [ACC]
    Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
    CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
    Principals=total 2 of principals(
    1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
    2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
    When I review my EAR - I do see jazn-data.xml at:
    /META-INF/jazn-data.xml
    I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
    Thanks.
    -Dan

  • I accessed the page protected by ADF security using direct url access attac

    hi,
    I played with my application which is based on SRDemo code (with added ADF security handling protection of resources) using direct url access scenarios. I was able to access a protected page as authenticated but not authorized user. I'll try to explain what I did.
    There are two folders/web resources in my application, faces/folderA/* and faces/folderB/*.
    roleA only is configured to access first web resource and the roleB is configured to access the second resource.
    I used ADF security to authorize only roleA for page in folderA and to authorize only roleB for page in folderB.
    I configured error pages in web.xml:
    <error-page>
    <error-code>400</error-code>
    <location>faces/error/error400.jspx</location>
    </error-page>
    <error-page>
    <error-code>401</error-code>
    <location>faces/error/error401.jspx</location>
    </error-page>
    <error-page>
    <error-code>403</error-code>
    <location>faces/error/error403.jspx</location>
    </error-page>
    <error-page>
    <error-code>404</error-code>
    <location>faces/error/error404.jspx</location>
    </error-page>
    <error-page>
    <exception-type>java.lang.Throwable</exception-type>
    <location>faces/error/error500.jspx</location>
    </error-page>
    Other config params are:
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>infrastructure/ABLogin.jspx</form-login-page>
    <form-error-page>faces/error/error401.jspx</form-error-page>
    </form-login-config>
    </login-config>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AB Prototype</web-resource-name>
    <url-pattern>faces/ABAbout.jspx</url-pattern>
    <url-pattern>faces/ABHelp.jspx</url-pattern>
    <url-pattern>faces/ABLogout.jspx</url-pattern>
    <url-pattern>faces/ABWelcome.jspx</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>A</role-name>
    <role-name>B</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AZone</web-resource-name>
    <url-pattern>faces/folderA/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>A</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>BZone</web-resource-name>
    <url-pattern>faces/folderB/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>B</role-name>
    </auth-constraint>
    </security-constraint>
    <filter>
    <filter-name>adfBindings</filter-name>
    <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
    <init-param>
    <param-name>unauthorizedErrorPage</param-name>
    <param-value>faces/error/error401.jspx</param-value>
    </init-param>
    </filter>
    <filter>
    <filter-name>adfFaces</filter-name>
    <filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>adfBindings</filter-name>
    <url-pattern>*.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfBindings</filter-name>
    <url-pattern>*.jspx</url-pattern>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfFaces</filter-name>
    <url-pattern>*.jsp</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfFaces</filter-name>
    <url-pattern>*.jspx</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>
    <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
    <servlet-name>resources</servlet-name>
    <servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    Once I authenticated as user in roleA I was trying to directly access URLs accessible only by users in roleB. In the beginning everything worked OK: I was dispatched to error401.jspx page with message Not authorized... etc.
    But I kept trying to access different URLs, like http://localhost:8988/AB/faces, http://localhost:8988/AB/faces/folderB, http://localhost:8988/AB/faces/folderB/pageB.jspx, http://localhost:8988/AB
    (not necessarily in that order, I played for a couple of minutes and the system would always dispatch to error401.jspx page if unauthorized attempt. But all of sudden, to my surprise, I got the pageB.jspx page while logged in as user belonging to roleA!)
    Not sure how that happened but the connectedUser on pageB (#{userInfo.authenticated}) shows that I am logged in as user whose role is A.
    I checked Authorization in ADF security and it is still correct: pageB is only accessible to roleB and pageA is only accessible to roleA.
    I hope I made some stupid mistake in my configuration?

    Hi,
    ADF Security is JAAS permission based and not container managed. Note that unless you explicitly configured ADF Security you don't use ADF Security but container managed security, which is all that I can see in your configurations.
    Not sure which version fo JDeveloper you use, but if you could change the following setting
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AZone</web-resource-name>
    <url-pattern>faces/folderA/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>A</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>BZone</web-resource-name>
    <url-pattern>faces/folderB/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>B</role-name>
    </auth-constraint>
    </security-constraint>
    to contain jspx file references instead of wildcards like in faces/folderB/* then what you see should no longer be possible. There was a known issue with the security settings in SRDemo that was caused by a defect in OC4J container managed security. I would expect this issue to be fixed in a more recent version of OC4J.
    However, the work around until then is to protect all JSPX files in a directory instead of using wild card matches
    Frank

  • Error in HTTP framework - 401 unauthorised while creating a service consume

    Hi,
    I am trying to create a service consumer in SE80 by specifying a WSDL URL of a webservice ( I created this webservice from an inbound service interface ).....but at the last step it asks for user id and pwd......after specifying the user / pwd it says Error in HTTP framework - 401 unauthorised
    what may be the problem....the user has all tha required authorisation as I can use the same user to test in wsnavigator.

    In my experience this problem was always found to be around authorizations necessary for execution of specific activity. I would strongly advise you to speak with your Security/Authorization consultant to help you.

  • Error when trying to see pages in webcenter app with adf security activated

    Greetings
    I have this problem
    I developed a WebCenter Application that uses ADF Security with form authentication. This App has
    two JSPX the first one is the login page and the second one is the page where i manage runtime created pages
    using the CREATE PAGE task flow and a page tree iterator to see my created pages.
    when i deploy de application on the weblogic server i am able to login successfully and create as many pages as
    i want and also see them using the link generated. the problem is that when a delete the application from the weblogic
    server, i mean the deployed application, then redeploy the same application on the server i can login again and
    see the pages i created before but when i try to reach them i get this error showed in my internet browser:
    Error 401--Unauthorized
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.2 401 Unauthorized
    The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46)
    containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization
    header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that
    authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response,
    and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was
    given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained
    in section 11.
    Does anybody now what kind of configuration i am missing or what is happening?
    thanks for your help

    this issue has a solution showed on the this thread Re: ERROR when trying to see pages created with create page task flow

  • [SOLVED] ADF Security: No success with DBTableOraDataSourceLoginModule

    Hi,
    because do not have success to implement simple ADF Security to my application for weeks I try it again with this post.
    Hopefully someone who was already successful with this issue can give me the hint, missing step or something else.
    I have read many forum posts, blogs and documentation (10.x) but because ADF security has been changed from 10g to 11g I'm never sure if a documented step from 10g is necessary for 11g also.
    I also posted my problem to posts with similar problems but no response :-(
    I use 11g, TP4.
    My Requirement:
    =============
    - user accounts and roles are stored within database tables
    - roles are not used (every user has the same rights) but stored in the database table
    - Custom Login-Page (jspx)
    - At login ADF Security only needs to check if the entered user/password is stored in the database table (no password encryption is used at the moment)
    Steps I have done:
    ADF Security wizard:
    ================
    Step 1: Enforce Authorization NOT checked (Also tried to CHECK this checkbox)
    Redirect upon sucessfull Authentication CHECKED
    generate Default CHECKED
    Step 2: No identity store CHECKED
    Step 3: Enable Credital Store CHECKED
    Step 4: No Policy Store CHECKED
    Step 5: Enable Anonymous Provider
    Step 6: Manage Login Modules --> Add "oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
    Name = oracledb.loginmodule
    Login Control Flag = Required
    Log Level = fine
    --> Add "oracledb.loginmodule" as the only "Selected login module"
    Step 7: Form-Based Authentication
    Generate default is CHECKED
    Step 8: WebResources: allPages
    Selected Roles: valid-users
    Step 9: FINISH Wizard
    Then I edit jps-config.xml manually. Here the actual content:
    =============================================================
    <serviceInstance provider="jaas.login.provider"
    name="oracledb.loginmodule">
    <property value="true" name="debug"/>
    <property value="REQUIRED" name="jaas.login.controlFlag"/>
    <property value="true" name="addAllRoles"/>
    <property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
    name="loginModuleClassName"/>
    <property value="FINE" name="log.level"/>
    <property value="jdbc/TLS-BOBDS" name="data_source_name"/>
    <property value="passwort" name="passwordField"/>
    <property value="rol_rolle" name="groupMembershipGroupFieldName"/>
    <property value="bediener_rollen" name="groupMembershipTableName"/>
    <property value="user_kennung" name="usernameField"/>
    <property value="bediener" name="table"/>
    <property value="persnr" name="user_pk_column"/>
    <property value="bed_persnr" name="roles_fk_column"/>
    <property value="toupper" name="casing"/>
    </serviceInstance>
    ====================================
    Then I start the application. Re-direction to the login-page works fine.
    I enter username/password and press submit --> Following error occures in OC4J log:
    ===================
    WARNUNG: TLS-BOB-ViewController-webapp: error encountered during authentication
    java.util.MissingResourceException: Can't find resource for bundle oracle.security.jps.internal.common.resources.common.CommonResources, key JPS-02575
         at java.util.ResourceBundle.getObject(ResourceBundle.java:325)
         at java.util.ResourceBundle.getObject(ResourceBundle.java:322)
         at java.util.ResourceBundle.getString(ResourceBundle.java:285)
         at oracle.security.jps.util.JpsBundle.getString(JpsBundle.java:133)
         at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:424)
         at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:401)
         at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:99)
         at oracle.security.jps.fmw.JpsUserManager.getUserFromIdmStore(JpsUserManager.java:1109)
         at oracle.security.jps.fmw.JpsUserManager.getUser(JpsUserManager.java:1022)
         at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
         at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
         at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletRequest.java:3927)
         at com.evermind.server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6965)
         at com.evermind.server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3350)
         at com.evermind.server.http.HttpRequestHandler.doResolveRequestDispatcher(HttpRequestHandler.java:1005)
         at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:822)
         at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:658)
         at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:626)
         at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:417)
         at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:189)
         at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:163)
         at oracle.oc4j.network.ServerSocketReadHandler$ClientRunnable.run(ServerSocketReadHandler.java:275)
         at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:237)
         at oracle.oc4j.network.ServerSocketAcceptHandler.access$800(ServerSocketAcceptHandler.java:29)
         at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:877)
         at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
         at java.lang.Thread.run(Thread.java:595)
    ==================================================
    My questions:
    =============
    1) Are there additional steps necessary to implement ADF Security for my requirements ?
    2) If yes, which? Which files I have to edit manually after ADF security wizard has been finished?
    Any help is warmly welcome !
    regards
    Peter

    Hello
    Many thanks to CP and Andre who gave the missing hints in this tread:
    OC4J 11g and JAZN
    The property custom.provider mentioned by cp was the "missing link" --> now it works.
    BUT "Nobody knows the trouble I've seen ..." !
    I made dozens of trials with the same application and always similar (strange) results.
    When I CHECK "enforce Authorization" in the ADF security wizard then
    the redirection to the Login Page does NOT work (reason is unclear for me)
    If I UNCHECK "enforce Authorization" in the ADF security wizard then
    the redirection to the login page works fine BUT the redirect upon succesful Authentication doesn't work.
    --> In this case following code is missing in web.xml
    =====================
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <init-param>
    <param-name>success_url</param-name>
    <param-value>welcome.jsp</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    =================================
    I think (but not 100%) that SOMETIMES the propertie "<property value="true" name="custom.provider"/>" has been created by the ADF security wizard.
    SOMETIMES I was not able to create the default welcome.jsp with the ADF Security Wizard, ....
    Maybe someone can reproduce this behaviour and fills a bug.
    regards
    Peter

  • ADF BC 11g, Weblogic 10.3 - Deployment Issue with ADF Security

    Hi all,
    I know there are many many blogs about deployment of an 11g app using ADF Security to a WLS 10.3 server, however, none appear to be working for me.. or I'm not working with them! :P
    I've deployed an .ear file to the WLS 10.3 and this works fine - after following these steps
    http://www.freewebalbum.com/blogs/faces/bjanko/blogs.jsp?blog=bjanko20090127130431
    I then followed Steve's migration technique
    http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html
    That all built correctly.
    I then tried to access the app via browser, entered in the user cred (created under Security Realms in WLS 10.3 admin console - user and groups).
    I attempted to login, and received an "Error 401--Unauthorized" error.
    I'll that I see in the server log is:
    [JpsWlsFilter.doFilter] setContextID to testApp
    I'm totally stuck, so any ideas would be awesome.
    Cheers,
    chris

    Just gave that a shot.. No dice unfortunately.
    Steve Muench wrote:
    You can omit -DdstApp=DEPLOYAPPNAME if the deployed application name is the same as the source application name you supplied in the -DsrcApp=APPNAME argument.I hate massive code dumping... but this is my jazn-data.xml
    <?xml version = '1.0' encoding = 'UTF-8'?>
    <jazn-data>
       <jazn-realm default="jazn.com">
          <realm>
             <name>jazn.com</name>
             <users>
                <user>
                   <name>system</name>
                   <guid>0300AED0A9A411DD8F304FB2D3E85932</guid>
                   <credentials>{903}G5cbldq4HwMVt/gQpv1lXuNdLYbSu20y</credentials>
                </user>
             </users>
             <roles>
                <role>
                   <name>PlusAdmin</name>
                   <guid>0300AED1A9A411DD8F304FB2D3E85932</guid>
                   <members>
                      <member>
                         <type>user</type>
                         <name>system</name>
                      </member>
                   </members>
                </role>
                <role>
                   <name>PlusUser</name>
                   <guid>0300AED2A9A411DD8F304FB2D3E85932</guid>
                   <members>
                      <member>
                         <type>user</type>
                         <name>system</name>
                      </member>
                   </members>
                </role>
             </roles>
          </realm>
       </jazn-realm>
       <policy-store>
          <applications>
             <application>
                <name>TestApp</name>
                <app-roles>
                   <app-role>
                      <name>PlusAdmin</name>
                      <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                      <members>
                         <member>
                            <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
                            <name>system</name>
                         </member>
                      </members>
                   </app-role>
                   <app-role>
                      <name>PlusUser</name>
                      <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                      <members>
                         <member>
                            <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
                            <name>system</name>
                         </member>
                      </members>
                   </app-role>
                </app-roles>
                <jazn-policy>
                   <grant>
                      <grantee>
                         <principals>
                            <principal>
                               <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
                               <name>anonymous-role</name>
                            </principal>
                         </principals>
                      </grantee>
                      <permissions>
                         <permission>
                            <class>oracle.adf.share.security.authorization.RegionPermission</class>
                            <name>com.delexian.plus.ui.pageDefs.LogonPageDef</name>
                            <actions>view</actions>
                         </permission>
                         <permission>
                            <class>oracle.adf.share.security.authorization.RegionPermission</class>
                            <name>com.delexian.plus.ui.pageDefs.LogonErrorPageDef</name>
                            <actions>view</actions>
                         </permission>
                      </permissions>
                   </grant>
                   <grant>
                      <grantee>
                         <principals>
                            <principal>
                               <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                               <name>PlusAdmin</name>
                            </principal>
                         </principals>
                      </grantee>
                      <permissions>
                         <permission>
                            <class>oracle.adf.share.security.authorization.RegionPermission</class>
                            <name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
                            <actions>customize,edit,grant,personalize,view</actions>
                         </permission>
                      </permissions>
                   </grant>
                   <grant>
                      <grantee>
                         <principals>
                            <principal>
                               <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                               <name>PlusUser</name>
                            </principal>
                         </principals>
                      </grantee>
                      <permissions>
                         <permission>
                            <class>oracle.adf.share.security.authorization.RegionPermission</class>
                            <name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
                            <actions>customize,edit,grant,personalize,view</actions>
                         </permission>
                      </permissions>
                   </grant>
                </jazn-policy>
             </application>
          </applications>
       </policy-store>
       <jazn-policy/>
    </jazn-data>

  • GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0

    If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
    First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
    http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
    http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
    http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
    http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
    Are you getting either of the following errors?
    <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
    oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
    Error 500--Internal Server Error
    java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
    1) Create a new application.
    2) Create three .jspx pages called login, error, and welcome.
    3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
    4) Right-Click on your Application and select Secure->Configure ADF Security
    5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
    Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
    <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
    oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
    6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
    7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
    8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
      <policy-store>
        <applications>
          <application>
            <name>SecurityError</name>
            <app-roles>
              // Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
              <app-role>
                <name>anonymous-role</name>
                <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
                <display-name>anonymous-role</display-name>
              </app-role>
             // Whew, the end of that app role
            </app-roles>
            <jazn-policy>
              <grant>9) You're going to want to delete that app role XML
    10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
    11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
    12) Run your welcome page. Yay, the error is gone. How sweet it is.
    Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
    // You fool!
    Error 404--Not Found
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.5 404 Not FoundThat's not so good. Let's fix that.
    1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
    2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
    3) Re-run your welcome page.
    // Suckered AGAIN!
    Error 500--Internal Server Error
    java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
    Ahh!! Now THAT's how we do it in Kingsport!
    Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
    Will

    Ha :-)
    Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
    I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
    But your call, no pressure of course ;-)
    CM.

  • Creating a WebCenter Application with PageCutomizable and ADF Security

    I created a Webcenter App in Jdev 11.1.1.2.0 with webcenter extension.
    I have 2 JSPX files.
    One called mainTemplate.jspx
    - contains header, footer in ADF and a center facet.
    One called Welcome.jspx created from mainTemplate
    - contains page customizable > panel customizable > layout customizable > various custom panel configs.
    ADF security is configured with BASIC, authentication only. Because form authentication seems harder to get working.
    We have one weblogic user, and currently deploy to the integrated WLS, although we'll deploy out to a full server once security/composer is working.
    The problem is, when we run the Welcome.jspx, and because we added a reference to a logged in var, it requests http login fine.
    We then refresh the page and see that we are indeed logged in as 'weblogic'.
    Is weblogic a special user? should I create a new one? Is there any setup required on the Integrated WLS to get this working?
    However when we click on 'add Content' using the composer we get a permission error.
    +<RegistrationConfigurator><handleError> Server Exception during PPR, #1+
    javax.el.ELException: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
    +     at com.sun.el.parser.AstValue.invoke(AstValue.java:161)+
    +...+
    Caused by: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
    +     at oracle.adfinternal.view.page.editor.bean.DialogBean.setDialogHelp(DialogBean.java:129)+
    +     at oracle.adfinternal.view.page.editor.bean.DialogBean.showResourceCatalog(DialogBean.java:356)+
    +     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
    +...+
    I tried using the Customization allowed var in the property inspector, but could not map 'allowed by' to a user or role that my setup would recognise. The doco specifies 'admin' which does not work for me.
    In my catalog I have a WCM portlet taskflow, which will require its own permissions.
    I tried enabling permissions for the test-all role to all of my pages/taskflows, leaving just the 'view' permission to the anonymous role.
    I also tried authentication/authorization profiles, and building my own jspx login/error pages, but no luck there either, the login button doesn't seem to tirgger my java doLogin class, even though I set the binding on the button using the method expression builder to the bean method.
    *note: I didn't try the welcome/login/error page auto create as they generate html files, I created JSFs with full UI in there. Am I required to use those html types instead of jspx? I found that the redirection worked by appending the jspx reference with '/faces/Login.jspx'. The problem seemed to have been somewhere else.
    If we have any Webcenter Composer / Security gurus out there, help would be greatly appreciated.
    Our main goal is to create a Webcenter App which has security/composer/navigation and a catalog with WCM/Siebel portlets similar to the Avitek demo without using WC Spaces.
    Thanks.
    Thanks.
    Edited by: Guillaume_Davies_SC on Apr 20, 2010 7:28 PM

    When you want to achieve this you need to configure ADF security with basic authentication & authorization. THe authorization is the part that takes care of what a user may and may not do in an application. Authentication is just the log in part.
    When you have configured your application for authorization as well, you have to create roles and groups.
    You will also have to set the authorization of your pages. Open a jsxp and in the design or source view, right click and "edit authorization". You then have to add roles to your pages and define their rights. Then you can set the authorization for edit,cuustomize,personlise,view,...
    Hope this helps.

  • Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

    Hi,
    We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
    Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
    Regards,
    Joonas

    Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

  • ADF Security unable to run/deploy

    Hi all,
    I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
    What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
    But I failed with the following error messages, can anybody help me?
    Thanks in advanced.
    2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
    資訊: Application ID : wsm-pm
    2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
    資訊: "Metadata Services: Metadata archive (MAR) not found."
    <2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
    <2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
    <2009年11月16日 下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
    2009年11月16日 下午02:13:38 oracle.wsm.audit.Auditor <init>
    資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
    2009年11月16日 下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
    資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
    2009年11月16日 下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
    資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
    <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
    <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
    <2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
    <2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
    <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
    <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
    <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
    DefaultServer startup time: 53578 ms.
    DefaultServer started.
    [Running application TestLogin on Server Instance DefaultServer...]
    <2009年11月16日 下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
    2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
    資訊: Application ID : TestLogin
    2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
    資訊: "Metadata Services: Metadata archive (MAR) not found."
    2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
    資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
    2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
    資訊: Application policy migration for [TestLogin] is completed successfully.
    2009年11月16日 下午02:13:50 JpsApplicationLifecycleListener Policy Migration
    資訊: Codebase policy migration for [TestLogin] is completed successfully.
    <2009年11月16日 下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
    java.lang.NullPointerException
         at oracle.security.pki.l.c(Unknown Source)
         at oracle.security.pki.l.b(Unknown Source)
         at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
         at oracle.security.pki.OracleSecretStore.load(Unknown Source)
         at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
         Truncated. see log file for complete stacktrace
    java.lang.NullPointerException
         at oracle.security.pki.l.c(Unknown Source)
         at oracle.security.pki.l.b(Unknown Source)
         at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
         at oracle.security.pki.OracleSecretStore.load(Unknown Source)
         at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
         Truncated. see log file for complete stacktrace
    >
    <2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
    <2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
    java.lang.NullPointerException
         at oracle.security.pki.l.c(Unknown Source)
         at oracle.security.pki.l.b(Unknown Source)
         at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
         at oracle.security.pki.OracleSecretStore.load(Unknown Source)
         at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
         Truncated. see log file for complete stacktrace
    java.lang.NullPointerException
         at oracle.security.pki.l.c(Unknown Source)
         at oracle.security.pki.l.b(Unknown Source)
         at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
         at oracle.security.pki.OracleSecretStore.load(Unknown Source)
         at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
         Truncated. see log file for complete stacktrace
    >
    [02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
    [02:13:50 PM] See server logs or server console for more details.
    [02:13:50 PM] #### Deployment incomplete. ####
    oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
    oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
         at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
         at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
         at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
         at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
         at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
         at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
         at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
         at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
         at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
         at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
         at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
         at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
    Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
         at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
         at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
         ... 11 more
    Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
         at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
         ... 12 more
    #### Cannot run application TestLogin due to error deploying to DefaultServer.
    [Application TestLogin stopped and undeployed from Server Instance DefaultServer]
    Samson Fu

    I found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
    Regards,
    Samson Fu

  • ADF security : How to get fnd_users list in weblogic server

    Hi All,
    I have a question related to ADF security.
    I am able to apply ADF security to the application, where users information and roles are defined in jazn.xml file.
    On deployment, users/ roles information is being successfully ported to weblogic server.
    But my requirement is to fetch users information from fnd_users table. If you have any idea as how to get the fnd_users data to weblogic, please reply.
    Thanks,
    Randhir

    Thanks John.
    I went through the link and got steps for authentication with fnd_users.
    I have one more question on this.
    Do I need to enable jazn.xml for implementing security or only the steps given in this link is sufficient?
    Since roles are also stored into fnd table, how to secure the taskflow? (roles are not defined in jazn.xml)

  • How to integrate a SSO based in cookie with ADF Security

    At work they asked me to integrate a existing SSO based in cookie with the new ADF + Jdeveloper 11g + WLS. After google for days and read a lot of blogs and official documentation I've made a custom LoginModule. I made it very simple, it's just an "if" inside the login() function with the username, if the username is "john" I put to the Subject some Principals. My steps are:
    1- Create a new app based on "Fusion application" template.
    2- Make a new ADF Taskflow with only one view inside (the entry point of the taskflow). The jspx only contains a welcome message.
    3- Run the ADF Security wizard, all the steps with the default option, I don't change anything.
    4- Put some users and some roles in jazn-data.xml, and maping them to an application role. Then I grant permissions to the application role to view the previous task flow.
    At this point everything is ok. I run the taskflow and a basic login popup prompts me to write my username and password. Now I try to remove everything useless for me, like idstore, credentials, anonymous, etc. I only want a LoginModule that get the HttpRequest and passes it to an already done class that returns a true/false depending if the cookie is correct or not but, as I said before, my LoginModule is so simple now and even didn't try to do something more complicated than an if. The steps I try are:
    in jps-config.xml
    5- Remove idstore.xml and credentials.
    6- (loginmodule tab) Make a new login module, and put here my class. The class is in the ViewController project and JDeveloper find it navigating through the heriarchy, so I have visibility. I put REQUIRE flag, add all roles and debug mode.
    7- In the security context unmark the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
    All that I got until now is a 500 error (Internal server error - Authorization Exception). Sometimes (the close i've ever been to do something correct) the browser ask me for user/password but then only recognizes the users that already are in WLS (idstore from previous tests), but NOT the "john" user that is inside my custom LoginModule. Even more, if I run the WLS from JDeveloper 11g in debug mode, the runtime never stops at breakpoints inside my custom login module. It seems that my LoginModule isn't deployed or I made some error maping the roles.
    So, my questions are:
    - I'm in the good way? If I want an authentication based in cookie/httprequest I have to do a custom LoginModule? My goal is to do a re-usable code, and re-use the code that my co-workers have done. They have a class that with only the HttpRequest determines if a user is logged or not.
    - If I'm in the good way... how can I put my custom LoginModule in the WLS? I tried to search something in the Administration Panel (localhost:7101/console) but I did'nt find nothing.
    - In case I'd got the custom LoginModule working fine in WLS... how can I get a HttpRequest from a LoginModule and avoid the username/password dialog? I've to make a filter and pass it to the my LoginModule? If it's correct... how?
    I don't post my code because is so simple, it's based on DBTableLoginModule but without all the database access code.
    Thanks to all!
    P.D.: If this message isn't in the correct forum, I'm sorry. Feel free to move it.
    P.D.2: Sorry about my english, I'm spanish. I know i've to practise a lot :)

    Hi Frank,
    Thanks a lot for your answer. Just one more easy question: what I need to do is a custom Authentication Module (which will read the cookie)? If only you can point me to the correct chapter of the WLS documentation I'll be very pleased.
    In future releases of JDeveloper will be easier to do this kind of things related to security?
    Riveck

Maybe you are looking for

  • Oracle Proc in edmx via add function import is not working

    I have a mandate to call a external oracle package from my local oracle db proc using Entity Framework. I have created a synonym for that. When I am trying to polpulate the oracle procedure data in my mvc screen using odp.net. The screen is closing a

  • IPod stops when im half way through uploading my songs

    Please help i get through about 100 songs then it just stops i have a 4G 20 Giger. I have tryed everything my problem is like this Ben Vallack1, "iPod stalls when uploading songs, every time", 03:27pm Jul 19, 2005 CDT please help me .

  • Why can't I buy songs off my Itouch from itunes?

    when i log into itunes from my itouch i can't but any songs. it works and i can view songs, but the button with the price where you click to but doesn't show up. I even have part of a gift card left on my itunes. This started when i recently download

  • Commitment item - budget

    Hi, I have a purchase order for 100 euro. THis purchase order generates commitment item for 100. My original budget is 200. After purchase order, my budget became 100 IF I post GR and IR for 80 euro, is there any way for change the budget from 100 to

  • Equals() compares objects or references?

    My question concerns the equals( ) method from Object Class. I have read in book by Bruce Eckel "Thinking in Java" that this method by default compares references to objects. On the other hand in API Specification ver. 1.3.1 it is stated as quoted :