About login authentication in ADF Security

Similar Messages

• Record Level Authentication in ADF Security 11g

  Is it possible to code my application to support record level authentication by using ADF 11g Security?
  For example the CEO Role can read all orders from a view, but other roles can only read the orders by them self.
  Do I have to control this mannually or the ADF Security can handle this for me? Is there any example about this?
  Thanks in advanced,
  Samson Fu

  I can think of three solutions:
  1) Go with the Oracle database Virtual Private Database (VPD) feature. This is the ideal solution as it codes that security logic in the database, and doesn't rely on your program/middletier getting the security correct.
  2) In ADF BC create the custom framework as recommended in the JDev Fusion Guide and then modify the custom ViewObjectImpl executeQuery() method such that it always adds your required predicate (where clause) to each VO query.
  3) Custom code the Where clause into every ADF BC VO query.
  CM.

• Best way Of providing user authentication using ADF security...

  Hi,
  I have a web application . I want to implement to ADF security to the application.. What is the best approach of doing this? I have the user information in the database tables along with the roles and other information. I want to these tables for authorization ?
  What is the best approach to do this? It would be great if u could help ..
  I ma using 11g release 2
  Thanks in advance.
  Rakesh

  Hi,
  Thanks for the quick response.
  I have been looking at the post but i found one of the forum post in which the person was saying the SQLAuthentication doesnt work ..
  "Be wary when using ADF Security (OPSS) with a SQLAuthenticator.
  This is feedback I got in SR 3-4124753004 :
  "If the you want to use DB as the identity store, then the supported way is to buy OVD server license and configure DB adapter in OVD and then configure an OVD authenticator in Weblogic. SQLAuthenticator will not be used as identity store. And, we do not recommend to use LibOVD for DB identity store. OVD server is the recommended and supported way."
  related bugs are :
  - bug 13876651, "FMW CONTROL SHOULD NOT ALLOW MANAGING USERS GROUPS FROM SQL AUTHENTICATOR"
  - enhancement request 12864498, "OPSS : ADDMEMBERSTOAPPLICATIONROLE : THE SEARCH FOR ROLE FAILED"
  related forum threads are :
  - "ADF Security : identity store : tables in a SQL database"
  - "OPSS : addMembersToApplicationRole : The search for role failed"
  regards
  Jan Vervecken"
  Is this true?
  Rakesh

• Process of login with ADF security

  Hi,
  I was looking at how to implement the process of Login with the ADF security using JDev 11g and I feel very good...
  My question is if it is possible to use this tool in case of use a container as Tomcat 6.x or JBoss. If it is possible to use ADF security for these containers, what should be configured to work?

  Hi,
  ok, I'd like to use authorization with ADF security, but as you say it is not possible in Tomcat. well, but could implement it, if there must be 3 users with different roles of the little system that I want to develop. Any idea?. There maybe a small example with user roles to use without authorization of ADF security?.

• 401 - unauthorised in ADF Security.

  Hi.
  Am trying to develop a login page using ADF security in jdeveloper 11.1.1.6.0.
  I have followed this link
  ADF security on my jspx  page as login page
  This is my code which i have used in my login bean.
  public String doLogin() {
  String un = _username;
  byte[] pw = _password.getBytes();
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  CallbackHandler handler = new SimpleCallbackHandler(un, pw);
  try {
  Subject mySubject = Authentication.login(handler);
  ServletAuthentication.runAs(mySubject, request);
  ServletAuthentication.generateNewSessionID(request);
  /*   String loginUrl = "/adfAuthentication?success_url=/faces" +
  ctx.getViewRoot().getViewId();*/
  String loginUrl = "/adfAuthentication?success_url=/faces/Runtime.jspx";
  System.out.println ("Loginto to be printed"+loginUrl);
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  sendForward(request, response, loginUrl);
  } catch (FailedLoginException fle) {
  FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR,
  "Incorrect Username or Password",
  "An incorrect Username or Password" +
  " was specified");
  ctx.addMessage(null, msg);
  } catch (LoginException le) {
  reportUnexpectedLoginError("LoginException", le);
  return null;
  private void sendForward(HttpServletRequest request,
  HttpServletResponse response,
  String forwardUrl){
  FacesContext ctx = FacesContext.getCurrentInstance();
  RequestDispatcher dispatcher = request.getRequestDispatcher(forwardUrl);
  System.out.println ("dispatcher inside send forward :"+dispatcher);
  try {
  dispatcher.forward(request, response);
  } catch (ServletException se) {
  reportUnexpectedLoginError("ServletException", se);
  } catch (IOException ie) {
  reportUnexpectedLoginError("IOException", ie);
  ctx.responseComplete();
  private void reportUnexpectedLoginError(String errType, Exception e){
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected error                                                          
  during login",
  "Unexpected error during login (" + errType +
  "), please consult logs for detail");
  FacesContext.getCurrentInstance().addMessage(null, msg);
  e.printStackTrace();
  When i entered my username and password it shows an error as 401 - Unauthorized.
  Dont know where i went wrong? pls help me.!
  Regards,
  Prasad K T.

  Prasad, the link is a bit older. You may want to check this article from Frank: Oracle ADF: Security for Everyone
  which comes with a working sample.
  Timo

• Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

  Hi,
  We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
  Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
  Regards,
  Joonas

  Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

• Jdev 10.1.3.1 "ADF Security": Application without a custom login page?

  Hi,
  We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
  After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
  Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
  Thanks,
  Annie

  Brenden,
  Thank you so much for the reply. This is our code in the web.xml:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
  If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
  regards,
  Annie

• Error While Login ADF Security Sample Application

  Hi All,
  Jdevloper Version : 11.1.1.5.0
  we are Creating ADF Login Application contains login.jspx and main.jspx pages.
  we define ADF Security on this Sample Application.
  when we provide valid credentials to login(username and password) it shows Error:
  Error 404--Not Found
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.5 404 Not Found
  The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
  If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
  The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
  that an old resource is permanently unavailable and has no forwarding address. 
  ManagedBean(BackingbeanScope) doLogin():
           public String doLogin() {
          String un = _userName;
          byte[] pw = _password.getBytes();
          FacesContext ctx = FacesContext.getCurrentInstance();
          HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
          try {
              Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
              weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
              String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
              HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
              RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
       ctx.responseComplete();
      catch (FailedLoginException fle)
                  FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
                  ctx.addMessage(null, msg);
          return null;
  In ADF Security We Define :
  User : admin1
  Enterprise Role  : ManagerGroup(added user admin1 to this EnterpriseRole)
  Application Role : Manager
  Resource Grants  : Resource Type : Web Page
                             login page
                            main  page -  Granted Role(Manager)
  jazn-data.xml file
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
    <jazn-realm default="jazn.com">
      <realm>
        <name>jazn.com</name>
        <users>
          <user>
            <name>admmin1</name>
            <display-name>admmin1</display-name>
            <credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
          </user>
        </users>
        <roles>
          <role>
            <name>ManagerGroup</name>
            <display-name>ManagerGroup</display-name>
            <members>
              <member>
                <type>user</type>
                <name>admmin1</name>
              </member>
            </members>
          </role>
        </roles>
      </realm>
    </jazn-realm>
    <policy-store>
      <applications>
        <application>
          <name>ADFLogin</name>
          <app-roles>
            <app-role>
              <name>Manager</name>
              <class>oracle.security.jps.service.policystore.ApplicationRole</class>
              <display-name>Manager</display-name>
              <members>
                <member>
                  <name>ManagerGroup</name>
                  <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
                </member>
              </members>
            </app-role>
          </app-roles>
          <jazn-policy>
            <grant>
              <grantee>
                <principals>
                  <principal>
                    <name>Manager</name>
                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                  </principal>
                </principals>
              </grantee>
              <permissions>
                <permission>
                  <class>oracle.adf.share.security.authorization.RegionPermission</class>
                  <name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
                  <actions>view</actions>
                </permission>
              </permissions>
            </grant>
          </jazn-policy>
        </application>
      </applications>
    </policy-store>
  </jazn-data>
  Please help us how to resolve it.
  Thanks,
  kumar

  A best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
  I guess your resource grants are not set correctly.
  Timo

• Web Center app with ADF Security - login problem

  I have a custome Oracle Web Center app.
  I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
  P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
  Edited by: new_to_webcenter on 18-Jan-2011 05:25

  Thanks for your response Frank.
  The web.xml has
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.html</form-error-page>
  </form-login-config>
  </login-config>
  When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
  "/faces/postLogin.jspx"
  this then adds into web.xml
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/postLogin.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  So the sequence which works is:
  Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
  I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
  So should the form be posting to j_security_check directly or to the adfAuthentication ?

• Web Center app ADF Security - login problem

  I'm making an Oracle Web Center app.
  I have an app page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.

  Ah so when you try to access a JSPX page it works but when you try to access an HTML page it does not work?
  I can't see what the problem could be if it works for a JSPX but not for an HTML. Perhaps something with the filters in the web.xml
  Maybe you should ask this at the ADF forum: JDeveloper and ADF
  The guys there have way more understanding about this stuff than here.

• Oracle ADF Security Login page

  hi.
  I am using oracle ADF 11.1.2.2.0 (oracle Jdevelopr 11g release 2) in my job environment. There are 3000 users working as client level in our company. They have separated user Id and roles. They can change their passwords. There are expiration period for passwords which is handle by in database level. when the employees are going to terminate or retirement , we can control their login status. that mean we change their Active status as a Inactive status. some times we recruit number of emplooyes for cover our business targets. Their User Id also in database table level.
  My main problem is how we can handle number of employees using Oracle ADF security configuration.
  second one is how user can change their passwords.
  Third is how number of employees going to terminate ,handle their Active/Inactive State.
  Fourth one is If we use this Oracle Security system ,project managers or project cordinator or Adminstrator level authenticator must need to deploy time to time war file, because of adding removing users in jazn-data.xml.
  hoping help from you.Thanking for all.

  So, you can define SQLAuthenticator/SQLReadOnlyAuthenticator on Weblogic which will retrieve users from your db table(instead of jazn-data file) to application server.
  Then, in your application you can enable ADF Security and this will generate login page.
  And, this is it :)
  If you need some custom processing before users login to your app, then you can create custom login page and do whatever you want in Java code:
  http://docs.oracle.com/cd/E16162_01/web.1112/e16182/adding_security.htm#BABDEICH
  >
  But 11g has Database connection in Application Resource. Using that connection I need to log to the system using user's User iD and Password
  >
  This connection is valid only in design time. When you deploy your application to application server, then you can include this connection in .ear file, or you can define Data Source on Weblogic(which is better approach).
  To programmatically retreive db connection, you can create utility method in your Application Module.
  Dario

• ADF Security integration with Web Logic Security using SQL authenticator

  Hi,
  I was trying to find a suitable way of handling the following requirements:
  1. Administrators should be able to create the roles, groups, users and assign users to roles.
  2. User, Roles, Groups should be stored in DB and Users need to be authenticated accordingly.
  3. I need to be able to map roles with security permissions on Taskflows, JSF Pages, on UI level using groovy expressions and even at Entities level.
  I performed the following tasks:
  1. I created back end Security tables, created SQL authenticator as provider and defined the queries in it then I created ADF Application and used JMX APIs to call the SQL authenticator to perform its operations.
  2. I defined the roles and respective resource permissions in ADF i.e. Jazn xml file because my requirement no 3 would not be achievable without using ADF security.
  Now in this scenario how I can login a user in ADF context and assign roles programmatically that I authenticated from JMX APIs? Or is there any other suitable way to handle these requirements?
  Thanks.
  -Moeen

  Hi Charu,
  Thanks for your reply.
  Can we programmatically add a user in adfsecuritycontext as a currently logged in user, a user which is not present in jazn.xml file? If yes then can we programmatically assign the roles which are defined in jazn.xml to that specific user?
  Moeen

• Show images without login in ADF security

  Hi,
  I use JDeveloper 11.1.1.0.0.
  I use ADF Authentication Security. I use some images to login.html page but I can't see these images without authentication.
  can anybody help me?
  Thanks very much

  Hi,
  this is because you protect the application root "/". I assume you only enabled ADF Security for authentication.
  Frank

• ADF Security using sqlauthenticator issue unable to login

  Hi,
  AM using jdev 11.1.2.3
  I followed these blogs to configure adf security using sql authenticator
  http://biemond.blogspot.in/2008/12/using-database-tables-as-authentication.html
  http://hazem-adf-tips.blogspot.in/2012/06/adf-security-database-authentication.html
  am unable to login.. I can able to see the users and roles in WL admin console. When i am giving the user credentials it is redirecting to error page saying unauthorized .
  plz can anybody help me out from this issue.
  Thanks,
  Nitesh

  HI Timo,
  I have created application roles admin and user. Unable to create enterprise role with same name. When i am trying to map application role with enterprise role it is not displaying in mapping window..
  The following log message
  Removing existing role admin
  creating new role admin.
  with this it is recreating the new role and role id gets change when ever i m restarting my server and deploying the application..
  Thanks,
  Nitesh

• Login.jspx page refreshing in infinite loop in adf security

  HI,
  I have applied adf security to my application. If i create page def for login.jspx page it is refreshing in infinite loop.
  Thanks,
  Nitesh

  troubleshoot this issue as described in the post
  Thanks
  KT