ADF Security against external source

Similar Messages

• ADF Security against database?

  I am working with JDeveloper 10.1.3.4 on a project which uses adf/bc and adf faces/jsf 1.1; the application is deploying to iAS 10.1.3.4 and is hooked as a mid-tier instance via SSO to an infra iAS instance on another machine.
  How do you change ADF Security to reference a database table to find out settings for page/iterator/attribute security settings?
  Most of the existing code in this environment is Web Pl/sql toolkit and portal work. I am adding ADF apps. They would like to control what the different roles have access to via the database...hence this question.
  Normally with ADF Security you use an editor in JDeveloper which you can access from within the page def file in the structure pane within JDeveloper; I think this changes system-jazn.xml. If you, instead, want these settings to be located within a database table, what do you have to do?
  In my initial research I am thinking somehow I must create an override for ADFPermission.getContext() somehow...but I have not figured out if that is right or not yet.
  It may just be easier to re-invent the wheel: just do things programmatically using Java; but there is a lot of structure inherant in ADF Security that I would be reproducing if I go that route, I think.
  Anybody have any ideas?
  I am continuing to research this issue, but I think this is an unusual use-case; so I am not expecting to find this answer anywhere in particular. Maybe somebody knows this off the top of their head.

  Right, Frank; I mostly meant that it would help me learn more about the subject of J2EE permissions. Vik has pointed me in the direction of the Sun Java Forums for more information on this topic, which I will hopefully get a chance to pursue.
  Thank you for getting back to me. Thank you again, also, for all your work on custom login modules; I have used that work of yours several times professionally. It is just that this client I am working with now is satisfied with their SSO/LDAP setup...they just want to store permissions in the database also.

• GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0

  If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
  First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
  http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
  http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
  http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
  http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
  Are you getting either of the following errors?
  <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
  oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
  Error 500--Internal Server Error
  java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
  1) Create a new application.
  2) Create three .jspx pages called login, error, and welcome.
  3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
  4) Right-Click on your Application and select Secure->Configure ADF Security
  5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
  Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
  <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
  oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
  6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
  7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
  8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
    <policy-store>
      <applications>
        <application>
          <name>SecurityError</name>
          <app-roles>
            // Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
            <app-role>
              <name>anonymous-role</name>
              <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
              <display-name>anonymous-role</display-name>
            </app-role>
           // Whew, the end of that app role
          </app-roles>
          <jazn-policy>
            <grant>9) You're going to want to delete that app role XML
  10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
  11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
  12) Run your welcome page. Yay, the error is gone. How sweet it is.
  Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
  // You fool!
  Error 404--Not Found
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.5 404 Not FoundThat's not so good. Let's fix that.
  1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
  2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
  3) Re-run your welcome page.
  // Suckered AGAIN!
  Error 500--Internal Server Error
  java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
  Ahh!! Now THAT's how we do it in Kingsport!
  Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
  Will

  Ha :-)
  Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
  I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
  But your call, no pressure of course ;-)
  CM.

• Creating a WebCenter Application with PageCutomizable and ADF Security

  I created a Webcenter App in Jdev 11.1.1.2.0 with webcenter extension.
  I have 2 JSPX files.
  One called mainTemplate.jspx
  - contains header, footer in ADF and a center facet.
  One called Welcome.jspx created from mainTemplate
  - contains page customizable > panel customizable > layout customizable > various custom panel configs.
  ADF security is configured with BASIC, authentication only. Because form authentication seems harder to get working.
  We have one weblogic user, and currently deploy to the integrated WLS, although we'll deploy out to a full server once security/composer is working.
  The problem is, when we run the Welcome.jspx, and because we added a reference to a logged in var, it requests http login fine.
  We then refresh the page and see that we are indeed logged in as 'weblogic'.
  Is weblogic a special user? should I create a new one? Is there any setup required on the Integrated WLS to get this working?
  However when we click on 'add Content' using the composer we get a permission error.
  +<RegistrationConfigurator><handleError> Server Exception during PPR, #1+
  javax.el.ELException: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
  +     at com.sun.el.parser.AstValue.invoke(AstValue.java:161)+
  +...+
  Caused by: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
  +     at oracle.adfinternal.view.page.editor.bean.DialogBean.setDialogHelp(DialogBean.java:129)+
  +     at oracle.adfinternal.view.page.editor.bean.DialogBean.showResourceCatalog(DialogBean.java:356)+
  +     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
  +...+
  I tried using the Customization allowed var in the property inspector, but could not map 'allowed by' to a user or role that my setup would recognise. The doco specifies 'admin' which does not work for me.
  In my catalog I have a WCM portlet taskflow, which will require its own permissions.
  I tried enabling permissions for the test-all role to all of my pages/taskflows, leaving just the 'view' permission to the anonymous role.
  I also tried authentication/authorization profiles, and building my own jspx login/error pages, but no luck there either, the login button doesn't seem to tirgger my java doLogin class, even though I set the binding on the button using the method expression builder to the bean method.
  *note: I didn't try the welcome/login/error page auto create as they generate html files, I created JSFs with full UI in there. Am I required to use those html types instead of jspx? I found that the redirection worked by appending the jspx reference with '/faces/Login.jspx'. The problem seemed to have been somewhere else.
  If we have any Webcenter Composer / Security gurus out there, help would be greatly appreciated.
  Our main goal is to create a Webcenter App which has security/composer/navigation and a catalog with WCM/Siebel portlets similar to the Avitek demo without using WC Spaces.
  Thanks.
  Thanks.
  Edited by: Guillaume_Davies_SC on Apr 20, 2010 7:28 PM

  When you want to achieve this you need to configure ADF security with basic authentication & authorization. THe authorization is the part that takes care of what a user may and may not do in an application. Authentication is just the log in part.
  When you have configured your application for authorization as well, you have to create roles and groups.
  You will also have to set the authorization of your pages. Open a jsxp and in the design or source view, right click and "edit authorization". You then have to add roles to your pages and define their rights. Then you can set the authorization for edit,cuustomize,personlise,view,...
  Hope this helps.

• ADF Security unable to run/deploy

  Hi all,
  I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
  What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
  But I failed with the following error messages, can anybody help me?
  Thanks in advanced.
  2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
  資訊: Application ID : wsm-pm
  2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
  資訊: "Metadata Services: Metadata archive (MAR) not found."
  <2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
  <2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
  <2009年11月16日 下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
  2009年11月16日 下午02:13:38 oracle.wsm.audit.Auditor <init>
  資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
  2009年11月16日 下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
  資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
  2009年11月16日 下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
  資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  DefaultServer startup time: 53578 ms.
  DefaultServer started.
  [Running application TestLogin on Server Instance DefaultServer...]
  <2009年11月16日 下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
  2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
  資訊: Application ID : TestLogin
  2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
  資訊: "Metadata Services: Metadata archive (MAR) not found."
  2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
  資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
  2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
  資訊: Application policy migration for [TestLogin] is completed successfully.
  2009年11月16日 下午02:13:50 JpsApplicationLifecycleListener Policy Migration
  資訊: Codebase policy migration for [TestLogin] is completed successfully.
  <2009年11月16日 下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
  java.lang.NullPointerException
       at oracle.security.pki.l.c(Unknown Source)
       at oracle.security.pki.l.b(Unknown Source)
       at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
       at oracle.security.pki.OracleSecretStore.load(Unknown Source)
       at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
       Truncated. see log file for complete stacktrace
  java.lang.NullPointerException
       at oracle.security.pki.l.c(Unknown Source)
       at oracle.security.pki.l.b(Unknown Source)
       at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
       at oracle.security.pki.OracleSecretStore.load(Unknown Source)
       at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
       Truncated. see log file for complete stacktrace
  >
  <2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
  <2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
  java.lang.NullPointerException
       at oracle.security.pki.l.c(Unknown Source)
       at oracle.security.pki.l.b(Unknown Source)
       at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
       at oracle.security.pki.OracleSecretStore.load(Unknown Source)
       at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
       Truncated. see log file for complete stacktrace
  java.lang.NullPointerException
       at oracle.security.pki.l.c(Unknown Source)
       at oracle.security.pki.l.b(Unknown Source)
       at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
       at oracle.security.pki.OracleSecretStore.load(Unknown Source)
       at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
       Truncated. see log file for complete stacktrace
  >
  [02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
  [02:13:50 PM] See server logs or server console for more details.
  [02:13:50 PM] #### Deployment incomplete. ####
  oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
  oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
       at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
       at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
       at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
       at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
  Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
       at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
       at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
       ... 11 more
  Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
       at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
       ... 12 more
  #### Cannot run application TestLogin due to error deploying to DefaultServer.
  [Application TestLogin stopped and undeployed from Server Instance DefaultServer]
  Samson Fu

  I found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
  Regards,
  Samson Fu

• ADF View objects as source for OBIEE

  Hi,
  I have developed an ADF application that exposes a couple of tables from my oracle database using JDBC. We have followed all the steps of using obieebroker to use the ADF component as the source to our OBIEE RPD.
  I was able to deploy the application to the Weblogic server, here's the deployment log:
  [02:26:43 PM] ---- Deployment started. ----
  [02:26:43 PM] Target platform is (Weblogic 10.3).
  [02:26:43 PM] Retrieving existing application information
  [02:26:43 PM] Running dependency analysis...
  [02:26:43 PM] Building...
  [02:26:43 PM] Deploying 8 profiles...
  [02:26:43 PM] Wrote Archive Module to C:\JDeveloper\mywork\OracleOBIEEADF\Model\deploy\BIEEOrdersDP_MiddleTier.jar
  [02:26:43 PM] Wrote Web Application Module to C:\JDeveloper\mywork\OracleOBIEEADF\OBIEEBroker\deploy\webapp.war
  [02:26:44 PM] Wrote Web Application Module to C:\JDeveloper\mywork\OracleOBIEEADF\ViewController\deploy\OracleOBIEEADF_ViewController_webapp1.war
  [02:26:44 PM] Wrote Archive Module to C:\JDeveloper\mywork\OracleOBIEEADF\Model\deploy\OracleOBIEEADF_Model_adflibOracleOBIEEADF1.jar
  [02:26:44 PM] Wrote Archive Module to C:\JDeveloper\mywork\OracleOBIEEADF\Model\deploy\BIEEOrdersDP_Common.jar
  [02:26:44 PM] Wrote Archive Module to C:\JDeveloper\mywork\OracleOBIEEADF\Model\deploy\BIEEOrdersDP_MiddleTier.jar
  [02:26:44 PM] Wrote Archive Module to C:\JDeveloper\mywork\OracleOBIEEADF\Model\deploy\BIEEOrdersDP_Common.jar
  [02:26:44 PM] Wrote Enterprise Application Module to C:\JDeveloper\mywork\OracleOBIEEADF\deploy\application1.ear
  [02:26:45 PM] Redeploying Application...
  [02:26:49 PM] [Deployer:149192]Operation 'deploy' on application 'application1' is in progress on 'AdminServer'
  [02:26:51 PM] [Deployer:149194]Operation 'deploy' on application 'application1' has succeeded on 'AdminServer'
  [02:26:51 PM] Application Redeployed Successfully.
  [02:26:51 PM] The following URL context root(s) were defined and can be used as a starting point to test your application:
  [02:26:51 PM] http://192.168.2.111:7001/OracleOBIEEADF-ViewController-context-root
  [02:26:51 PM] http://192.168.2.111:7001/BIEEOrders
  [02:26:51 PM] BIEECUST
  [02:26:51 PM] Elapsed time for deployment: 9 seconds
  [02:26:51 PM] ---- Deployment finished. ----
  After the deployment finished I tried browsing to http://192.168.2.111:7001/BIEEOrders/obieebroker but got Error 500--Internal Server Error.
  I checked the weblogic server log, and this is what it said:-
  ####<Feb 6, 2013 2:30:39 PM PST> <Info> <JDBC> <Kaaman-MSAT> <AdminServer> <[ACTIVE] ExecuteThread: '13' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <aad31fe749a8c505:40bfde70:13cad2e8ab5:-8000-00000000000036e5> <1360189839823> <BEA-001128> <Connection for pool "bip_datasource" closed.>
  ####<Feb 6, 2013 2:30:44 PM PST> <Error> <HTTP> <Kaaman-MSAT> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <aad31fe749a8c505:40bfde70:13cad2e8ab5:-8000-00000000000036e6> <1360189844428> <BEA-101020> <[ServletContext@657680634[app:application1 module:BIEEOrders path:/BIEEOrders spec-version:2.5]] Servlet failed with Exception
  oracle.adf.share.ADFShareException: MDSException encountered in parseADFConfiguration
       at oracle.adf.share.config.ADFMDSConfig.getDefaultMDSInstance(ADFMDSConfig.java:459)
       at sun.reflect.GeneratedMethodAccessor2652.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at oracle.adf.share.config.FallbackConfigImpl.getMDSInstance(FallbackConfigImpl.java:65)
       at oracle.adf.share.config.FallbackConfigImpl.getDefaultMDSInstance(FallbackConfigImpl.java:96)
       at oracle.adf.share.config.ADFConfigImpl.getMDSInstance(ADFConfigImpl.java:626)
       at oracle.adf.share.config.ADFConfigImpl.getMDSInstance(ADFConfigImpl.java:606)
       at oracle.adf.share.config.ADFContextMDSConfigHelperImpl.getMDSInstance(ADFContextMDSConfigHelperImpl.java:277)
       at oracle.adf.share.ADFContext.getMDSInstanceAsObject(ADFContext.java:1674)
       at oracle.adf.share.http.ServletADFContext.initialize(ServletADFContext.java:493)
       at oracle.adf.share.http.ServletADFContext.initThreadContext(ServletADFContext.java:402)
       at oracle.adf.share.http.ServletADFFilter.doFilter(ServletADFFilter.java:60)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Caused By: oracle.mds.exception.MDSRuntimeException: MDS-01305: failure to locate schema file "oracle/mds/xsd/mdsConfig.xsd".
       at oracle.mds.internal.config.ConfigurationUtils.setSchemaOnUnmarshaller(ConfigurationUtils.java:797)
       at oracle.mds.internal.config.ConfigurationUtils.access$100(ConfigurationUtils.java:107)
       at oracle.mds.internal.config.ConfigurationUtils$2.run(ConfigurationUtils.java:298)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.mds.internal.config.ConfigurationUtils.getUnmarshaller(ConfigurationUtils.java:287)
       at oracle.mds.internal.config.ConfigurationUtils.getBeanFromElement(ConfigurationUtils.java:199)
       at oracle.mds.internal.config.ConfigurationUtils.getBeanFromElement(ConfigurationUtils.java:160)
       at oracle.mds.config.MDSConfig.loadFromElement(MDSConfig.java:843)
       at oracle.mds.config.MDSConfig.<init>(MDSConfig.java:491)
       at oracle.mds.config.MDSConfig.<init>(MDSConfig.java:438)
       at oracle.adf.share.config.ADFMDSConfig.getDefaultMDSInstance(ADFMDSConfig.java:435)
       at sun.reflect.GeneratedMethodAccessor2652.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at oracle.adf.share.config.FallbackConfigImpl.getMDSInstance(FallbackConfigImpl.java:65)
       at oracle.adf.share.config.FallbackConfigImpl.getDefaultMDSInstance(FallbackConfigImpl.java:96)
       at oracle.adf.share.config.ADFConfigImpl.getMDSInstance(ADFConfigImpl.java:626)
       at oracle.adf.share.config.ADFConfigImpl.getMDSInstance(ADFConfigImpl.java:606)
       at oracle.adf.share.config.ADFContextMDSConfigHelperImpl.getMDSInstance(ADFContextMDSConfigHelperImpl.java:277)
       at oracle.adf.share.ADFContext.getMDSInstanceAsObject(ADFContext.java:1674)
       at oracle.adf.share.http.ServletADFContext.initialize(ServletADFContext.java:493)
       at oracle.adf.share.http.ServletADFContext.initThreadContext(ServletADFContext.java:402)
       at oracle.adf.share.http.ServletADFFilter.doFilter(ServletADFFilter.java:60)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Can anyone help me identify what went wrong?

  Try to check these and look at those doc IDs might help you.
  Re: OBIEE 11.1.1.5 guage chart issue
  problem after upgrade 11.1.1.6 - "Invalid JSON String"
  Do update on this.

• ADF Security, Task Flow as a region in a page resource grant

  JDeveloper 12c (12.1.2); Application uses ADF form based security, external LDAP provider (Active Directory)
  After sign-in page (upon successful authentication/authorization) user is forwarded to a page that executes VO method prior to render. I am new to task flow concept and am told to achieve this like:
  - create bounded task flow, with method call activity (execute exposed AM method that calls VO method, runs custom SQL) and view activity as page fragment.
  - then drop the above task flow into a page as a region
  In ADF security setup, I gave resource grant task-flow to certain application role. Started the application, login and got 403 error. Then went back and gave resource grant 'view' to the actual page that contains task flow. It worked fine.
  So the question is, when protecting application (implemented with task flows) with ADF security, I thought it is enough to grant those task flows to whatever application roles (groups) and inherently any page that uses that task flow(s) (as a region) will be protected?
  From this test, it seems that I have to assign each page (that has task flow as a region) to application roles individually?

  Hi,
  any page that is contained in a bounded task flow is protected  by the task flow permission grant, this is correct. If this is not what you see, please file a bug with support or send me a simple reproducible test case please. My mail address (replace all < name > with the described symbol.
  frank <dot> nimphius <at> oracle <dot> com
  The test case will need to be in a ZIP file nemaed to "unzip" and should be able for me to run stand alone (please no database scripts to run prior to try the test case)
  Frank

• Providing ADF security  to fusion WebAppliaction (ADF 11g)

  I created ADF application contains single page .
  i am able to deploy this on standalone WLS10.3
  But i need to provide the security to my application.
  I am reading the chapter :
  Enabling ADF Security in a Fusion Web Application in develpers guide.
  is there any other sources like demos / blogs/step by step tutorials about security which is helpful for begginers.if you have , pls provide me.
  Sailaja

  Here are some links:
  - [Adding Security(Oracle Doc)|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/adding_security.htm#BGBCEDDD]
  - [ADF Security Part 1: Container Managed Security (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt1/adfsec1.htm]
  - [ADF Security Part 2: Setup and Authentication (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt2/ADF%20Security%20Authentication%20and%20Setup.htm]
  - [ADF Security Part 3: Authorization (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt3/ADF%20Security%20-%20Authorization.htm]
  - [ADF Security Part 5: ADF BC Entity Security (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt5/ADF%20Entity%20Object%20Security%20through%20ADF%20Security.htm]
  Sireesha

• Adf security with upper case user results in 500-internal server error

  Hello
  JDev 11.1.1.0.2, Integrated WLS
  I'v set up ADF security as explained in the documentation.
  The only difference being that the role test-all has been removed.
  I have one user 'paul' with a password of 'password'
  I have one application role 'myrole'
  'paul' is a member of 'myrole'
  I have one unbounded task flow with one view (view1).
  Via the janz-data.xml 'View1' has been granted to 'myrole' (view action)
  When running View1 I get the login.html page which is correct.
  The fun starts when playing around with the user/password.
  If I login with 'paul' and 'password' view1 is display, this is correct
  If I login with an unknown user or an incorrect password Windows Explorer 7 shows a generic HTTP 403 error page and not the error.html
  If I login with 'PAUL' and 'password' (or Paul, or any mixed cased version of Paul with the correct password) I get the following stack trace :
  oracle.adf.controller.security.AuthorizationException: ADFC-0619: Echec de la vérification des autorisations : '/view1.jspx' 'VIEW'.
       at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:145)
       at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:124)
       at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:639)
       at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:449)
       at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:44)
       at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:529)
       at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:118)
       at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:166)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:122)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:68)
       at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:51)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:354)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:175)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:181)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:279)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._invokeDoFilter(TrinidadFilterImpl.java:239)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:196)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:139)
       at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:85)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:257)
       at oracle.security.jps.wls.JpsWlsSubjectResolver.runJaasMode(JpsWlsSubjectResolver.java:250)
       at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:100)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:65)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  The questions are :
  - Why do I get the generic HTTP 403 error instead of the error.html (its not the end of the world but I would like to understand) ?
  - Why do I get the error 500 if the case of the username is incorrect but the password is correct ?
  Best Regards
  Paul

  Nope nothing in there that looks out of place...
  Here's the contents of the web.xml file ..
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
  <description>Empty web.xml file for Web Application</description>
  <context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>client</param-value>
  </context-param>
  <context-param>
  <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
  <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
  <param-value>false</param-value>
  </context-param>
  <context-param>
  <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
  <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
  <param-value>false</param-value>
  </context-param>
  <filter>
  <filter-name>JpsFilter</filter-name>
  <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
  <init-param>
  <param-name>enable.anonymous</param-name>
  <param-value>true</param-value>
  </init-param>
  <init-param>
  <param-name>remove.anonymous.role</param-name>
  <param-value>false</param-value>
  </init-param>
  <init-param>
  <param-name>addAllRoles</param-name>
  <param-value>true</param-value>
  </init-param>
  <init-param>
  <param-name>jaas.mode</param-name>
  <param-value>doasprivileged</param-value>
  </init-param>
  </filter>
  <filter>
  <filter-name>trinidad</filter-name>
  <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
  </filter>
  <filter>
  <filter-name>adfBindings</filter-name>
  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>JpsFilter</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>INCLUDE</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>trinidad</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/adf/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/afr/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>adfAuthentication</servlet-name>
  <url-pattern>/adfAuthentication/*</url-pattern>
  </servlet-mapping>
  <session-config>
  <session-timeout>35</session-timeout>
  </session-config>
  <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html</mime-type>
  </mime-mapping>
  <mime-mapping>
  <extension>txt</extension>
  <mime-type>text/plain</mime-type>
  </mime-mapping>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.html</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>valid-users</role-name>
  </security-role>
  </web-app>
  Regards
  Paul

• Oracle ADF Security Login page

  hi.
  I am using oracle ADF 11.1.2.2.0 (oracle Jdevelopr 11g release 2) in my job environment. There are 3000 users working as client level in our company. They have separated user Id and roles. They can change their passwords. There are expiration period for passwords which is handle by in database level. when the employees are going to terminate or retirement , we can control their login status. that mean we change their Active status as a Inactive status. some times we recruit number of emplooyes for cover our business targets. Their User Id also in database table level.
  My main problem is how we can handle number of employees using Oracle ADF security configuration.
  second one is how user can change their passwords.
  Third is how number of employees going to terminate ,handle their Active/Inactive State.
  Fourth one is If we use this Oracle Security system ,project managers or project cordinator or Adminstrator level authenticator must need to deploy time to time war file, because of adding removing users in jazn-data.xml.
  hoping help from you.Thanking for all.

  So, you can define SQLAuthenticator/SQLReadOnlyAuthenticator on Weblogic which will retrieve users from your db table(instead of jazn-data file) to application server.
  Then, in your application you can enable ADF Security and this will generate login page.
  And, this is it :)
  If you need some custom processing before users login to your app, then you can create custom login page and do whatever you want in Java code:
  http://docs.oracle.com/cd/E16162_01/web.1112/e16182/adding_security.htm#BABDEICH
  >
  But 11g has Database connection in Application Resource. Using that connection I need to log to the system using user's User iD and Password
  >
  This connection is valid only in design time. When you deploy your application to application server, then you can include this connection in .ear file, or you can define Data Source on Weblogic(which is better approach).
  To programmatically retreive db connection, you can create utility method in your Application Module.
  Dario

• Role based oracle adf security and filtering data

  while oracle adf security looks great its only role based... does anyone know of any resources describing an architecture where this is used in addition to filtering of data based on say, organization?
  it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...

  Hi,
  it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...
  ADF Security is a JAAS based security implementation to protect resources (like entities). It is nota security provider like OPSS or OID which you can use for user provisioning and self service (if you code against the IDM APIs). ADF Security only checks for whether a user is authenticated and if the user has the permission to perform a task.
  However, you can use groovy to access the security context from Groovy, which allows you to add the authenticated username to a query - for example to filter recrds out that match the username in one of its attributes.
  For example, you could create a ViewCriteria that for example filters the query by a specific attribute. Say that managers can see data starting from department 10 whereas employees can see data starting from department 100. The ViewCriteria would reference a bind variable with the following default setting
  adf.context.securityContext.isUserInRole('manager')? 10 : 100
  Frank

• How to use ADF Security policies in OID Ldap

  Hello
  My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
  I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
  Introduction to ADF Security in JDeveloper 10.1.3.2
  An Oracle JDeveloper Article
  Written by Frank Nimphius, Oracle Corporation
  February, 2007
  I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
  to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
  dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  changetype: add
  objectclass: orcljaznpermission
  objectclass: groupofuniquenames
  objectclass: top
  cn: EF37EAA603C611DDBFAE635A1BB60EE0
  orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
  orcljaznjavaclass: java.security.UnresolvedPermission
  orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
  orcljaznpermissionactions:
  uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
  The system-jazn-data.xml includes all entries correctly.
  rgds

  Eurika
  finally solved,
  runing the JAZNMigrationTool requires setting the correct classpath,
  Setting the classpath to the following
  C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
  allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
  if however, you add the adfshare.jar to the classpath
  C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
  now the tool will migrate the permission policies , the following shows an extract from the LDIF file
  dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  changetype: add
  objectclass: orcljaznpermission
  objectclass: groupofuniquenames
  objectclass: top
  cn: A5E662E204D411DDBF8807BC4864C5C2
  orclGuid: A5E662E204D411DDBF8807BC4864C5C2
  orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
  orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
  orcljaznpermissionactions: read,update
  uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  Ammar Sajdi
  www.e-ammar.com/Oracle.html

• ADF Security

  Dear All;
  I am new to ADF security, my target is to create a web application, with authentication through a login page, and session tracking through out the users session, i used to do this all in code, the JSP way, where i check the session in every page, to check that there is a logged in user, i read the forum based authentication, and i thought it could make things faster, and more secure for me, i did a login page and an error page where the username and password are validated against a table called user and added refrence to these pages to the web.xml properties, and then from adf security of the main menu page i selected to enforce authentication and gave it the URL for the login, and error page, only when i run this page, i am getting a can not find faces config file, i am sure something is missing, the tutorial i have discusses validation through the ADF administration page, i want to validate throught the database,
  Links for tutorials, or any information would be highly appreciated
  thank you all in advance
  regards
  Halim

  Did you put something like
       <application>
            <name>current-workspace-app</name>
            <login-modules>
                 <login-module>
                      <class>YOUR_CLASS</class>
                      <control-flag>required</control-flag>
                      <options>
                           <option>
                                <name>data_source_name</name>
                                <value>YOUR_DS_NAME</value>
                           </option>
                           <option>
                                <name>roles_fk_column</name>
                                <value>VALUE</value>
                           </option>
                           <option>
                                <name>user_pk_column</name>
                                <value>VALUE</value>
                           </option>
                           <option>
                                <name>user_table</name>
                                <value>VALUE</value>
                           </option>
                           <option>
                                <name>roles_column</name>
                                <value>VALUE</value>
                           </option>
                           <option>
                                <name>roles_table</name>
                                <value>VALUE</value>
                           </option>
                           <option>
                                <name>username_column</name>
                                <value>VALUE</value>
                           </option>
                           <option>
                                <name>password_column</name>
                                <value>VALUE</value>
                           </option>
                      </options>
                 </login-module>
            </login-modules>
       </application>
  to the <jazn-loginconfig> part in system-jazn-data.xml file in your JDEVHOME/jdev\system\oracle.j2ee.10.1.3.41.57\embedded-oc4j\config\ folder. Plus, you should check if your encoding the passwords, ...
  As I said, we're using custom loginModule, I'm not sure for DBTableOraDataSourceLoginModule. Verify you've done everything from the tutorial.
  BB

• JDev11g : How to add java servlet under ADF security policies

  I'm trying to set a same login on http servlet ( i create it trough wizard in jDev ) as it is for other .jspx pages.
  I configured the jazn-data.xml and login ( user roles, realms ) is working fine.
  But i can't configure http servlet to be under this authorization.
  This problem occured when I was migrating from jDev 11g TP4 to production also from OC4J to WebLogic,
  but if I create a new http servlet I am also unable to put it under JAZN authorization.
  Thank you in advance for your help, Rok Kogovšek

  I reproduced problem on new test application, it was working fine until I set up ADF Security by wizard.
  I choose ADF Authentication and Authorization then Http Basic Authentication ( on real project is form based but probablly this doesn't matters )
  then for Identy store I chose Application XML, no automatic grants and without redirect.
  I also set inside web.xml this ( to put servlet under same login as other pages ).
  *&lt;security-constraint&gt;*
  *&lt;web-resource-collection&gt;*
  *&lt;web-resource-name&gt;testServlet&lt;/web-resource-name&gt;*
  *&lt;url-pattern&gt;/test&lt;/url-pattern&gt;*
  *&lt;/web-resource-collection&gt;*
  *&lt;auth-constraint&gt;*
  *&lt;role-name&gt;valid-users&lt;/role-name&gt;*
  *&lt;/auth-constraint&gt;*
  *&lt;/security-constraint&gt;*
  When I finish this i got same error as on first project.
  Here is whole error:
  oracle.jbo.common.ampool.ApplicationPoolException: JBO-30003: The application pool (oracle.fod.mobile.testModuleLocal) failed to checkout an application module due to the following exception:
  at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:2262)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:3086)
  at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:453)
  at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:424)
  at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:419)
  at oracle.jbo.client.Configuration.getApplicationModule(Configuration.java:1395)
  at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1363)
  at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1335)
  at oracle.fod.mobile.testServlet.doGet(testServlet.java:22)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(Unknown Source)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused by: oracle.adf.share.security.ADFSecurityAuthenticationException: JAAS login error.
  Invalid null input: name
  at oracle.adf.share.security.authentication.JAASAuthenticationService.doLogin(JAASAuthenticationService.java:120)
  at oracle.adf.share.security.authentication.JAASAuthenticationService.login(JAASAuthenticationService.java:89)
  at oracle.adf.share.security.authentication.JAASAuthenticationService.login(JAASAuthenticationService.java:71)
  at oracle.jbo.common.UserAznUtil.authenticate(UserAznUtil.java:62)
  at oracle.jbo.common.UserAznUtil.authenticateUser(UserAznUtil.java:29)
  at oracle.jbo.server.ApplicationModuleImpl.prepareSession(ApplicationModuleImpl.java:6387)
  at oracle.jbo.server.ApplicationModuleImpl.prepareSession(ApplicationModuleImpl.java:6356)
  at oracle.jbo.server.ApplicationPoolMessageHandler.doPoolMessage(ApplicationPoolMessageHandler.java:171)
  at oracle.jbo.server.ApplicationModuleImpl.doPoolMessage(ApplicationModuleImpl.java:8377)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.sendPoolMessage(ApplicationPoolImpl.java:4364)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.prepareApplicationModule(ApplicationPoolImpl.java:2421)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:2207)
  ... 25 more
  Caused by: javax.security.auth.login.LoginException: Invalid null input: name
  at javax.security.auth.login.LoginContext.init(LoginContext.java:229)
  at javax.security.auth.login.LoginContext.(LoginContext.java:367)
  at javax.security.auth.login.LoginContext.(LoginContext.java:444)
  at oracle.adf.share.security.authentication.JAASAuthenticationService.doLogin(JAASAuthenticationService.java:102)
  ... 36 more
  *And here is the sample application on which i reproduced this error [http://www.k-invent.si/doc/testServlet.zip|https://marvin/exchweb/bin/redir.asp?URL=http://www.k-invent.si/doc/testServlet.zip]*
  Thank you for your help, Rok Kogov&scaron;ek

• ADF BC 11g, Weblogic 10.3 - Deployment Issue with ADF Security

  Hi all,
  I know there are many many blogs about deployment of an 11g app using ADF Security to a WLS 10.3 server, however, none appear to be working for me.. or I'm not working with them! :P
  I've deployed an .ear file to the WLS 10.3 and this works fine - after following these steps
  http://www.freewebalbum.com/blogs/faces/bjanko/blogs.jsp?blog=bjanko20090127130431
  I then followed Steve's migration technique
  http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html
  That all built correctly.
  I then tried to access the app via browser, entered in the user cred (created under Security Realms in WLS 10.3 admin console - user and groups).
  I attempted to login, and received an "Error 401--Unauthorized" error.
  I'll that I see in the server log is:
  [JpsWlsFilter.doFilter] setContextID to testApp
  I'm totally stuck, so any ideas would be awesome.
  Cheers,
  chris

  Just gave that a shot.. No dice unfortunately.
  Steve Muench wrote:
  You can omit -DdstApp=DEPLOYAPPNAME if the deployed application name is the same as the source application name you supplied in the -DsrcApp=APPNAME argument.I hate massive code dumping... but this is my jazn-data.xml
  <?xml version = '1.0' encoding = 'UTF-8'?>
  <jazn-data>
     <jazn-realm default="jazn.com">
        <realm>
           <name>jazn.com</name>
           <users>
              <user>
                 <name>system</name>
                 <guid>0300AED0A9A411DD8F304FB2D3E85932</guid>
                 <credentials>{903}G5cbldq4HwMVt/gQpv1lXuNdLYbSu20y</credentials>
              </user>
           </users>
           <roles>
              <role>
                 <name>PlusAdmin</name>
                 <guid>0300AED1A9A411DD8F304FB2D3E85932</guid>
                 <members>
                    <member>
                       <type>user</type>
                       <name>system</name>
                    </member>
                 </members>
              </role>
              <role>
                 <name>PlusUser</name>
                 <guid>0300AED2A9A411DD8F304FB2D3E85932</guid>
                 <members>
                    <member>
                       <type>user</type>
                       <name>system</name>
                    </member>
                 </members>
              </role>
           </roles>
        </realm>
     </jazn-realm>
     <policy-store>
        <applications>
           <application>
              <name>TestApp</name>
              <app-roles>
                 <app-role>
                    <name>PlusAdmin</name>
                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                    <members>
                       <member>
                          <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
                          <name>system</name>
                       </member>
                    </members>
                 </app-role>
                 <app-role>
                    <name>PlusUser</name>
                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                    <members>
                       <member>
                          <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
                          <name>system</name>
                       </member>
                    </members>
                 </app-role>
              </app-roles>
              <jazn-policy>
                 <grant>
                    <grantee>
                       <principals>
                          <principal>
                             <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
                             <name>anonymous-role</name>
                          </principal>
                       </principals>
                    </grantee>
                    <permissions>
                       <permission>
                          <class>oracle.adf.share.security.authorization.RegionPermission</class>
                          <name>com.delexian.plus.ui.pageDefs.LogonPageDef</name>
                          <actions>view</actions>
                       </permission>
                       <permission>
                          <class>oracle.adf.share.security.authorization.RegionPermission</class>
                          <name>com.delexian.plus.ui.pageDefs.LogonErrorPageDef</name>
                          <actions>view</actions>
                       </permission>
                    </permissions>
                 </grant>
                 <grant>
                    <grantee>
                       <principals>
                          <principal>
                             <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                             <name>PlusAdmin</name>
                          </principal>
                       </principals>
                    </grantee>
                    <permissions>
                       <permission>
                          <class>oracle.adf.share.security.authorization.RegionPermission</class>
                          <name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
                          <actions>customize,edit,grant,personalize,view</actions>
                       </permission>
                    </permissions>
                 </grant>
                 <grant>
                    <grantee>
                       <principals>
                          <principal>
                             <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                             <name>PlusUser</name>
                          </principal>
                       </principals>
                    </grantee>
                    <permissions>
                       <permission>
                          <class>oracle.adf.share.security.authorization.RegionPermission</class>
                          <name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
                          <actions>customize,edit,grant,personalize,view</actions>
                       </permission>
                    </permissions>
                 </grant>
              </jazn-policy>
           </application>
        </applications>
     </policy-store>
     <jazn-policy/>
  </jazn-data>