Adf security based on log in fields to be enabled disabled in afquery panel

Similar Messages

• Issue in me22n Indicator field should be enabled/disabled

  Hi,
  I have a requirement that when i enter into PO through tcode ME22N, then at that time in the item details tab Delivery one Indicator called ' Delivery Completed'. this indicator field should be disabled or enabled based upon the given condition. How can i achieve this?
  Any specific exits or Enhancement for this?
  Thanks In advance,
  Regards,
  Prabu

  Hi,
  Where is it_ekko populated ...
  data:it_ekko type ty_ekko occurs 0 with header line,
       wa_ekko type ty_ekko.
  data:it_ekpo type ty_ekpo OCCURS 0 WITH HEADER LINE,
       wa_ekpo type ty_ekpo.
  data:it_zstd type ty_zstd OCCURS 0 with HEADER LINE,
       wa_zstd type ty_zstd.
  if sy-tcode = 'ME21N' or sy-tcode = 'ME22N'.
      If it_ekko-ekorg = '6000'.      <-- check this statement ..
  Regards,
  Srini.

• ADF Security: javax.servlet.jsp.JspException: Cannot find FacesContext

  Hi,
  In my ADF Application, new users are to be allowed to Register by clicking a button in login page. The Application is based on ADF Security Wizard and I have created default pages for Login and Error, so the application's login page is login.html.
  Now when I’m trying to navigate to 'NewUserRegistrationPage.jspx' Im getting javax.servlet.jsp.JspException: Cannot find FacesContext error.
  I thought the issue might be from calling a .jspx from .html so I created a 'NewLogin.jspx' Page with below code and specified this page in ADF Security Wizard for Login Page.
  Please advice me some way of calling the 'newRegistrationpage.jspx' from my login page.
  Im using JDeveloper 10.1.3.4.
  Page Code:
  <?xml version='1.0' encoding='windows-1252'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:af="http://xmlns.oracle.com/adf/faces"
  xmlns:afh="http://xmlns.oracle.com/adf/faces/html">
  <jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
  doctype-system="http://www.w3.org/TR/html4/loose.dtd"
  doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN"/>
  <jsp:directive.page contentType="text/html;charset=windows-1252"/>
  <f:view>
  <html>
  <head>
  <title>Login</title>
  </head>
  <body><form method="POST" action="j_security_check">
  <font face="Verdana" color="Navy">
  <table cellspacing="2" cellpadding="3" border="0" align="center">
  <tr>
  <th>Username:</th>
  <td>
  <input type="text" name="j_username"/>
  </td>
  </tr>
  <tr>
  <th>Password:</th>
  <td>
  <input type="password" name="j_password"/>
  </td>
  </tr>
  </table>
  </font>
  <p align="center">
  <input type="submit" name="submit" value="Submit"/>
  <input type="button" name="" value="Request Password"/>
  <input type="button" name="" value="New User Registration"/>
  </p>
  </form></body>
  </html>
  </f:view>
  </jsp:root>
  Error::
  javax.servlet.jsp.JspException: Cannot find FacesContext     at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:427)     at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java:125)     at webpages.REACHLoginPage_jspx._jspService(_REACHLoginPage_jspx.java:47)     [WebPages/REACHLoginPage.jspx]     at com.orionserver[Oracle Containers for J2EE 10g (10.1.3.4.0) ].http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)     at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)     at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594)     at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.unprivileged_forward(ServletRequestDispatcher.java:259)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.access$100(ServletRequestDispatcher.java:51)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher$2.oc4jRun(ServletRequestDispatcher.java:193)     at oracle.oc4j.security.OC4JSecurity.doPrivileged(OC4JSecurity.java:284)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:198)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.FormHttpAuthenticator.reject(FormHttpAuthenticator.java:83)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6435)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3030)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:738)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)     at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)     at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234)     at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29)     at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)     at java.lang.Thread.run(Thread.java:595)
  Edited by: Manasa Tadi on Jul 1, 2009 11:52 PM

  Hi Branislav,
  Thanks a lot for your suggestion through which now Im able to navigate to NewRegistration page from login.html.
  In my application login.html is under public_html folder where as the NewRegistration page in public_html/WebPages.
  Code I used:
  New User Registration
  But the issue now is, the NewUserRegistrationPage was also under the ADFSecurity, so inorder to navigate to it again the user had to provide authentication. So, I have removed this particular page from Security and it has started to work.
  But the issue now I face is something else. In the NewUserRegistrationPage I have a selection to be made by user about the type of user he is and based on the selection he would be navigated to next page, This next page has a VO on it as a 'create form', through which he can directly fill the form and submit his details to database table.
  But as I have removed these pages from ADF Security and authentication, the form fields/attributes in the VO are not getting binded, Im getting this Exception:
  500 Internal Server Error
  javax.faces.el.PropertyNotFoundException: Error testing property 'inputValue' in bean of type null
  For testing purpose when I have provided link from application page to NewRegistrationPage the flow is working properly, able to navigate to second page and submit the filled form to database, I think this is working because we have entered the application after providing the login credentials.'
  Help in this greatly needed.
  Thanks,
  Manasa.

• Limit user session in ADF security

  I want single user work in web application only with a single session at any time. How can I limit user sessions?

  Hi,
  +1. How can I override ADF security (based on JAAS) credentials checking mechanism j_security_check ?+
  Why do you want to override this?
  +2. How can I store users log-in log-out information in database? Which classess and which methods must be overriden? Can you show code sample of your realisation, please?+
  Authentication is not handled by ADF but WebLogic Server. If you want to track database login information you will need to write a custom JAAS Login Module and configure it as an authentication provider in WLS
  How can I check if user closed browser?
  I would use a temporary cookie with no lifetime. This way, when the browser is closed, the cokie is unavailable, indicating that the user is good to login again. However, this then allows users to start 2 sessions using different browsers (again something you would need to check)
  Frank

• How to show pages based on user logged in adf security ?

  Hi All,
  JDev ver : 11.1.1.4.0
  I have three Roles MANAGERS, ADMIN, ANALYST with users in each role.
  And i used form based authentication. There are seperate screens for each user, i want to show according to the user entered with Roles.
  How to Configure these roles in Resource Grants and what should be done in login action..
  For me the page now going forward, it remains in the login page itself
  How to do that ?
  thanks,
  Gopinath

  Hi..
  try out following sample
  http://andrejusb.blogspot.com/2011/05/oracle-webcenter-11g-ps3-adf-security.htmlalso check this >http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html

• How to integrate a SSO based in cookie with ADF Security

  At work they asked me to integrate a existing SSO based in cookie with the new ADF + Jdeveloper 11g + WLS. After google for days and read a lot of blogs and official documentation I've made a custom LoginModule. I made it very simple, it's just an "if" inside the login() function with the username, if the username is "john" I put to the Subject some Principals. My steps are:
  1- Create a new app based on "Fusion application" template.
  2- Make a new ADF Taskflow with only one view inside (the entry point of the taskflow). The jspx only contains a welcome message.
  3- Run the ADF Security wizard, all the steps with the default option, I don't change anything.
  4- Put some users and some roles in jazn-data.xml, and maping them to an application role. Then I grant permissions to the application role to view the previous task flow.
  At this point everything is ok. I run the taskflow and a basic login popup prompts me to write my username and password. Now I try to remove everything useless for me, like idstore, credentials, anonymous, etc. I only want a LoginModule that get the HttpRequest and passes it to an already done class that returns a true/false depending if the cookie is correct or not but, as I said before, my LoginModule is so simple now and even didn't try to do something more complicated than an if. The steps I try are:
  in jps-config.xml
  5- Remove idstore.xml and credentials.
  6- (loginmodule tab) Make a new login module, and put here my class. The class is in the ViewController project and JDeveloper find it navigating through the heriarchy, so I have visibility. I put REQUIRE flag, add all roles and debug mode.
  7- In the security context unmark the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
  All that I got until now is a 500 error (Internal server error - Authorization Exception). Sometimes (the close i've ever been to do something correct) the browser ask me for user/password but then only recognizes the users that already are in WLS (idstore from previous tests), but NOT the "john" user that is inside my custom LoginModule. Even more, if I run the WLS from JDeveloper 11g in debug mode, the runtime never stops at breakpoints inside my custom login module. It seems that my LoginModule isn't deployed or I made some error maping the roles.
  So, my questions are:
  - I'm in the good way? If I want an authentication based in cookie/httprequest I have to do a custom LoginModule? My goal is to do a re-usable code, and re-use the code that my co-workers have done. They have a class that with only the HttpRequest determines if a user is logged or not.
  - If I'm in the good way... how can I put my custom LoginModule in the WLS? I tried to search something in the Administration Panel (localhost:7101/console) but I did'nt find nothing.
  - In case I'd got the custom LoginModule working fine in WLS... how can I get a HttpRequest from a LoginModule and avoid the username/password dialog? I've to make a filter and pass it to the my LoginModule? If it's correct... how?
  I don't post my code because is so simple, it's based on DBTableLoginModule but without all the database access code.
  Thanks to all!
  P.D.: If this message isn't in the correct forum, I'm sorry. Feel free to move it.
  P.D.2: Sorry about my english, I'm spanish. I know i've to practise a lot :)

  Hi Frank,
  Thanks a lot for your answer. Just one more easy question: what I need to do is a custom Authentication Module (which will read the cookie)? If only you can point me to the correct chapter of the WLS documentation I'll be very pleased.
  In future releases of JDeveloper will be easier to do this kind of things related to security?
  Riveck

• ADF Security Log Out issue

  Hi,
  We have implemented ADF security and using form based authentication. The problem we are facing is during logout, in IE we see a NullPointerException, before the login page is displayed. Please note that this functionality works fine in Firefox and Chrome. Also this happens only in standalone weblogic server. It works perfectly fine in a cluster. The logout link is command link which goes to logout.jspx. The implementation in logout.jspx is as follows
  <?xml version='1.0' encoding='windows-1252'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1">
  <jsp:directive.page contentType="text/html;charset=windows-1252"/>
  <jsp:forward page="/adfAuthentication">
  <jsp:param name="logout" value="true"/>
  <jsp:param name="end_url" value="#{initParam.loginURL}"/>
  </jsp:forward>
  </jsp:root>
  the loginURL is configured in web.xml as */faces/login.jspx.*
  The exception stack trace is .
  <Dec 10, 2012 7:44:44 AM UTC> <Notice> <WebLogicServer> <BEA-000360> <Server
  started in RUNNING mode>
  <Dec 10, 2012 7:45:51 AM UTC> <Warning> <oracle.adf.share.ADFContext>
  <BEA-000000> <Automatically initializing a DefaultContext for getCurrent.
  Caller should ensure that a DefaultContext is proper for this use.
  Memory leaks and/or unexpected behaviour may occur if the automatic
  initialization is performed improperly.
  This message may be avoided by performing initADFContext before using
  getCurrent().
  For more information please enable logging for oracle.adf.share.ADFContext at
  FINEST level.>
  <Dec 10, 2012 7:45:51 AM UTC> <Error>
  <oracle.adf.controller.internal.binding.TaskFlowRegionModel> <BEA-000000>
  <1i9kmqwku_121>
  <Dec 10, 2012 7:45:51 AM UTC> <Warning>
  <oracle.adf.view.rich.component.fragment.UIXRegion> <ADF_FACES-00009> <Error
  processing viewId: /InventoryUIShell URI:
  /oracle/communications/inventory/ui/framework/templates/InventoryUIShell.jspx
  actual-URI: /oracle/communications/platform/cui/fragments/mainArea.jsff.
  oracle.adf.controller.internal.InvalidViewPortIdException: ADFC-14000: View
  port ID '1i9kmqwku_33' is invalid.
  at
  oracle.adfinternal.controller.state.ControllerState.setCurrentViewPort(Control
  lerState.java:1319)
  at
  oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
  lerContextImpl.java:135)
  at
  oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
  lerContextImpl.java:52)
  at
  oracle.adf.controller.internal.binding.TaskFlowRegionModel.doProcessEndRegion(
  TaskFlowRegionModel.java:320)
  at
  oracle.adf.controller.internal.binding.TaskFlowRegionModel.processEndRegion(Ta
  skFlowRegionModel.java:237)
  at
  oracle.adf.view.rich.component.fragment.UIXRegion$RegionContextChange.undoChan
  geImpl(UIXRegion.java:1209)
  at
  oracle.adf.view.rich.context.DoableContextChange.suspend(DoableContextChange.j
  ava:49)
  at
  oracle.adf.view.rich.context.DoableContextChange.undoChange(DoableContextChang
  e.java:103)
  at
  oracle.adf.view.rich.component.fragment.UIXRegion._endInterruptibleRegion(UIXR
  egion.java:726)
  at
  oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
  .java:576)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
  ava:88)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
  ava:88)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
  .java:565)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  Any pointers to resolve this would be helpful.
  Thanks,

  Hi,
  Check these
  http://tompeez.wordpress.com/2010/07/26/logout-with-confirmation-dialog/
  http://www.oracle.com/technetwork/developer-tools/adf/learnmore/jan2011-otn-harvest-300940.pdf

• Can we do customization using db based MDS where ADF security not enabled?

  JDeveloper 11.1.1.6 : ADF BC + ADF Faces
  Requirement : I want to customize the application across the user session. In this app I have NOT used ADF security. There is siteminder security setup on the server which authenticates the application. The logged in userid/username is available in the request header.
  Now my question is can i customize this app using db based MDS?
  Any help will be appreciated.
  ~Abhijit

  Abhijit,
  My first instinct was to say "of course you must enable ADF Security" and post a link to the docs. However, the docs are silent on this.
  The best quote that I can give you is from [url http://docs.oracle.com/cd/E18941_01/tutorials/jdtut_11r2_18/jdtut_11r2_18.html]here, which says (in step 12):
  Before you can persist user customizations across sessions using MDS as the repository, you must configure ADF Security and create users for the application.John

• Migrating ADF Security from file-based provider to LDAP provider

  We have deployed a small application using ADF Security with file-based provider in OAS and it works fine.
  Now we want to migrate to ADF Security using LDAP provider.
  In order to make this possible we followed the next steps:
  - Migrate all the roles and policies from the file to OID with JAZNMigrationtool.
  - In OAS we've changed the Application Security Provider to 'Oracle Identity Management'.
  - Reset the OC4J instance.
  But there was no success, the application continues working with the file-based provider.
  What more is necessary to configurate?

  Hi,
  if you use EM make sure you change the setting for the application, not the general OC4J setting.
  You can also deploy the provider settings with the orion-application.xml file added to your project
  Frank

• Role based oracle adf security and filtering data

  while oracle adf security looks great its only role based... does anyone know of any resources describing an architecture where this is used in addition to filtering of data based on say, organization?
  it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...

  Hi,
  it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...
  ADF Security is a JAAS based security implementation to protect resources (like entities). It is nota security provider like OPSS or OID which you can use for user provisioning and self service (if you code against the IDM APIs). ADF Security only checks for whether a user is authenticated and if the user has the permission to perform a task.
  However, you can use groovy to access the security context from Groovy, which allows you to add the authenticated username to a query - for example to filter recrds out that match the username in one of its attributes.
  For example, you could create a ViewCriteria that for example filters the query by a specific attribute. Say that managers can see data starting from department 10 whereas employees can see data starting from department 100. The ViewCriteria would reference a bind variable with the following default setting
  adf.context.securityContext.isUserInRole('manager')? 10 : 100
  Frank

• How to make form based authenticaiton in adf security?

  Hi all
  How to make form based authenticaiton in adf security?
  help give example video or project.
  Thanks lhagva

  Have you read the docs (http://download.oracle.com/docs/cd/E17904_01/web.1111/b31974/adding_security.htm)?
  Timo

• Populating values of a field based on logged in user

  Hi,
  My requirement is as follows:
  I have a LOV input field. The LOVs for the field should be populated based on the logged in user. Every user will have a group of values associated with him.
  Example:
  USER_ID/NAME BUSINESS_UNIT_ID
  1 B101
  2 B108
  1 B106
  1 B103
  2 B105
  2 B119
  if the logged in user is 1, the LOV field should have values as B101,B106 and B103.
  Can someone help me in implementing this?
  Thanks,
  Ashok

  Hi,
  looks like you have to populate LOV based on logged in user. so make a view object which will return respective values by taking user id as input(bind variable).
  execute the vo after loging.
  ~Abhjit

• Jdev 10.1.3.1 "ADF Security": Application without a custom login page?

  Hi,
  We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
  After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
  Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
  Thanks,
  Annie

  Brenden,
  Thank you so much for the reply. This is our code in the web.xml:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
  If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
  regards,
  Annie

• How to handle multiple SSO in ADF Security Framework

  Hello All,
  I have a question about ADF security with multiple SSO provider.
  What I am trying to achieve:
  Assume there are SSO provider A, B and C. Each provider will grant a different role to the ADF application (A grant Admin, B grant Business Manager, C grant Configuration Manager). Sign out from the ADF application will log all the SSO out at the same time.
  What I know:
  Each SSO will need to have information about the role it provides. I will also need to write code like the following: (modified from an old answer from Frank Nimphius before)
      try {
          IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore(); //Need to get the specific IDM store based on the SSO the user is using.
          try {
              UserManager userManager = idstore.getUserManager();
              RoleManager roleManager = idstore.getRoleManager();
              Role role = idstore.searchRole(Role.SCOPE_APPLICATION,idmRole); //Again, idmRole based on which SSO the user is using.
                  // create user
                  //TODO check for empty username and password
                  User user = userManager.getUser(SecurityContext.getUserName()); //the user may already login from another SSO.
                  if (user == null)
                      user = userManager.createUser(this.username,this.password.toCharArray());
                  roleManager.grantRole(role,user.getPrincipal());
              } catch (IMException e) {
                  // TODO
          } catch (JpsException e) {
              // TODO
          return null;
  }Also a logout code like this
        doLogout()
           if(A) logoutFromA(user);
           if(B) logoutFromB(user);
           if(C) logoutFromC(user);
        } My Question:
  Would the code above handle what I described? Also, how do I set the SecurityContext for ADF security - Or the grantRole automatically does that for me?

  Hello Sudipto,
  Yeah, I had watched that tutorial, it is pretty helpful on getting 1 SSO working with the ADF security.
  I am confused when there is multiple provider - do I setup the web gate so that "http://myapp:7777/LoginViaA" point to SSO Provider A, "http://myapp:7777/LoginViaB" point to SSO Provider B and so forth? **Note: the login/username can be different on different SSO provider.
  In that case, I will still need to set the value in SecurityContext to say "This current user login as [email protected] via SSO A and [email protected] via SSO B", or is there some other way to handle this?
  Thanks,
  Louis

• ADF security and database

  Hi all,
  I am implementing ADF security on my application and I came across the following Documents:
  1- http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
  2-http://www.oracle.com/technology/products/jdev/howtos/1013/oc4jjaas/oc4j_jaas_login_module.htm
  and I have a few of questions :
  1- in ADF security, the edit authorization options in the PageDef reads the roles (gorups) stored on the system-jazn-data.xml file. If my roles are stored on the Database how can I read them?
  2- In the first document it is said " If the role name in web.xml matches a group name in system-jazn-data.xml, no further mapping is required. If the names do not match, then the web.xml role name needs to be mapped to the name in the system-jazn-data.xml using the orion-application.xml file. ". Can I do the mapping between the system-jazn-data.xml and the Database?
  3-When I assign ADF security permissions on PageDefs, It will be stored in the app-jazn-data.xml file. Can I store/read those permissions from the Database and no the app-jazn-data.xml file or at least can I do some kind of mapping between the Database and this file?
  thanks in advance,
  Ahmad Esbita

  Hi albertpi,
  Thanks for you response. This is our first ADF application.
  We are planning to impliment the security as mentioned above.
  We can configure the LDAP users in Weblogic server.
  We have a page with multiple tables which need to be shown based on the User roles.
  These roles we are planning to define in the table.
  1. I need to show list of users from my LDAP Users on the ADF UI to assign the roles.
  2. We will be defining our list of roles in a database table, which not sure whether they need to map to ADF application security roles.
  Data in table will be something like this.
  User Role
  Admin Tab1
  Admin Tab2
  Admin Tab3
  User1 Tab1
  User2 Tab2
  User2 Tab3
  Once the User is logged in we will read this table to show/hide the respective tabs.
  Can you tell us are we in right path, if yes How to achieve this.
  Thanks,
  Satya