ADF security for authorizaion

HI All,
I want to implement ADF security without authentication i.e. Authentication is already done at a another parent website.
We get the user credentials and role details ,We just want to use the authorization part of adf security for role base check and url checks ,
How can I implement the same using ADF security only.
As per my current database structure ,I am storing role and privileges in the database ,but not the user credentials .
Currently I m using Jdeveloper 11.1.1.4 and weblogic 10.3.4.

Hi,
for ADF Security, authentication must be be through Java EE authentication (WLS web based authentication). If you need SSO, configure SSO, but you cannot have authorization only
Frank

Similar Messages

ADF security for dynamic users.

Hi,
Am using jdeveloper 11.1.1.6.0.
In my project i need to use Dynamic users in ADF security.
UseCase:
My project is similar to shopping Website. In that i will be having Sign up link which is used to register the users and the users will get the system generated password.
Is this possible to implement ADF Security here.
Please give me your valuable suggestions.
Regards,
Prasad K T,

Take a look at the fusion order demo out fod in short.It's available from the jdev home page. Make sure you load the sample for your version
Timo

Error While Login ADF Security Sample Application

Hi All,
Jdevloper Version : 11.1.1.5.0
we are Creating ADF Login Application contains login.jspx and main.jspx pages.
we define ADF Security on this Sample Application.
when we provide valid credentials to login(username and password) it shows Error:
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
that an old resource is permanently unavailable and has no forwarding address.
ManagedBean(BackingbeanScope) doLogin():
         public String doLogin() {
        String un = _userName;
        byte[] pw = _password.getBytes();
        FacesContext ctx = FacesContext.getCurrentInstance();
        HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
        try {
            Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
            weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
            String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
            HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
            RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
     ctx.responseComplete();
    catch (FailedLoginException fle)
                FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
                ctx.addMessage(null, msg);
        return null;
In ADF Security We Define :
User : admin1
Enterprise Role : ManagerGroup(added user admin1 to this EnterpriseRole)
Application Role : Manager
Resource Grants : Resource Type : Web Page
                           login page
                          main page - Granted Role(Manager)
jazn-data.xml file
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
<jazn-realm default="jazn.com">
    <realm>
      <name>jazn.com</name>
      <users>
        <user>
          <name>admmin1</name>
          <display-name>admmin1</display-name>
          <credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
        </user>
      </users>
      <roles>
        <role>
          <name>ManagerGroup</name>
          <display-name>ManagerGroup</display-name>
          <members>
            <member>
              <type>user</type>
              <name>admmin1</name>
            </member>
          </members>
        </role>
      </roles>
    </realm>
</jazn-realm>
<policy-store>
    <applications>
      <application>
        <name>ADFLogin</name>
        <app-roles>
          <app-role>
            <name>Manager</name>
            <class>oracle.security.jps.service.policystore.ApplicationRole</class>
            <display-name>Manager</display-name>
            <members>
              <member>
                <name>ManagerGroup</name>
                <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
              </member>
            </members>
          </app-role>
        </app-roles>
        <jazn-policy>
          <grant>
            <grantee>
              <principals>
                <principal>
                  <name>Manager</name>
                  <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                </principal>
              </principals>
            </grantee>
            <permissions>
              <permission>
                <class>oracle.adf.share.security.authorization.RegionPermission</class>
                <name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
                <actions>view</actions>
              </permission>
            </permissions>
          </grant>
        </jazn-policy>
      </application>
    </applications>
</policy-store>
</jazn-data>
Please help us how to resolve it.
Thanks,
kumar

A best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
I guess your resource grants are not set correctly.
Timo

Process of login with ADF security

Hi,
I was looking at how to implement the process of Login with the ADF security using JDev 11g and I feel very good...
My question is if it is possible to use this tool in case of use a container as Tomcat 6.x or JBoss. If it is possible to use ADF security for these containers, what should be configured to work?

Hi,
ok, I'd like to use authorization with ADF security, but as you say it is not possible in Tomcat. well, but could implement it, if there must be 3 users with different roles of the little system that I want to develop. Any idea?. There maybe a small example with user roles to use without authorization of ADF security?.

Oracle ADF security integration with Oracle E-Business Suite SDK JAAS

I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
Any thoughts on why that would be?
Thanks
Dan

Thanks Juan.
With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I access the same page from my integrated weblogic server I see:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I review my EAR - I do see jazn-data.xml at:
/META-INF/jazn-data.xml
I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
Thanks.
-Dan

Issue in ADF security

Hi All,
Jdev version: 11.1.1.3.0
I have configured form based ADF security for my ADF application. Also I have created Application roles and associated roles also.
In ADF application i have Home.jspx. Once i run the Home.jspx it should open a login.html . But in my case once i run Home.jspx it opens directly Home.jspx
and displays the content.
If i run login.html it opens a Login.html, and once i provide user credential and click on Login Button I am getting below error.
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
Please anybody help me out to achieve this??
Thanks,
Santosh M E

Hi,
which option did you choose for the authorization? Grant to all objects? If so then all your pages are granted to the test role, which means they are granted to anonymous
Frank

401 - unauthorised in ADF Security.

Hi.
Am trying to develop a login page using ADF security in jdeveloper 11.1.1.6.0.
I have followed this link
ADF security on my jspx page as login page
This is my code which i have used in my login bean.
public String doLogin() {
String un = _username;
byte[] pw = _password.getBytes();
FacesContext ctx = FacesContext.getCurrentInstance();
HttpServletRequest request =
(HttpServletRequest)ctx.getExternalContext().getRequest();
CallbackHandler handler = new SimpleCallbackHandler(un, pw);
try {
Subject mySubject = Authentication.login(handler);
ServletAuthentication.runAs(mySubject, request);
ServletAuthentication.generateNewSessionID(request);
/* String loginUrl = "/adfAuthentication?success_url=/faces" +
ctx.getViewRoot().getViewId();*/
String loginUrl = "/adfAuthentication?success_url=/faces/Runtime.jspx";
System.out.println ("Loginto to be printed"+loginUrl);
HttpServletResponse response =
(HttpServletResponse)ctx.getExternalContext().getResponse();
sendForward(request, response, loginUrl);
} catch (FailedLoginException fle) {
FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR,
"Incorrect Username or Password",
"An incorrect Username or Password" +
" was specified");
ctx.addMessage(null, msg);
} catch (LoginException le) {
reportUnexpectedLoginError("LoginException", le);
return null;
private void sendForward(HttpServletRequest request,
HttpServletResponse response,
String forwardUrl){
FacesContext ctx = FacesContext.getCurrentInstance();
RequestDispatcher dispatcher = request.getRequestDispatcher(forwardUrl);
System.out.println ("dispatcher inside send forward :"+dispatcher);
try {
dispatcher.forward(request, response);
} catch (ServletException se) {
reportUnexpectedLoginError("ServletException", se);
} catch (IOException ie) {
reportUnexpectedLoginError("IOException", ie);
ctx.responseComplete();
private void reportUnexpectedLoginError(String errType, Exception e){
FacesMessage msg =
new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected error
during login",
"Unexpected error during login (" + errType +
"), please consult logs for detail");
FacesContext.getCurrentInstance().addMessage(null, msg);
e.printStackTrace();
When i entered my username and password it shows an error as 401 - Unauthorized.
Dont know where i went wrong? pls help me.!
Regards,
Prasad K T.

Prasad, the link is a bit older. You may want to check this article from Frank: Oracle ADF: Security for Everyone
which comes with a working sample.
Timo

Does ADF security support sub-roles? If not are there plans to support it?

hi,
I have following scenario: there are dozens of regions and each region has dozen of facilities and each facility dozens of offices.
I would like to setup Office roles to have Query permission only and create a new role OfficeUpdate role that has update permissions for this office data, and at the same time to inherit permissions from Office role (e.g. Query permissions), so if I assign a user to Office role he will be able to query only and if I assign him to OfficeUpdate role he will be able to query and update the office data because privilege will be inherited from Office role.
User can be a member of different offices/facilities/regions. So I would like to, in order to simplify user management, to be able to assign a whole role as a member of another role. By doing this I wouldn't have to assign users to different roles all over again (all users assigned to a sub-role would automatically become members of main role as well) as this is time-consuming.
But it seems that ADF security does not support this. It seems that ADF security can only deal with roles and not sub-roles? Roles and sub-roles are supported by oc4j container but it seems that ADF security does not support it.
I would like first to be sure that my observation is correct, and if yes to find out if there are any plans to support sub-roles in future Jdev releases?
And also if somebody knows, if Acegi or JsfAcegi security supports role-sub-role privilege inheritance?

I created a testcase that excludes ADF Security and the same behavior can be reproduced, so the problem doesn't seem to be with ADF Security but JAZN.
Need to further track this issue, but so far it appears that a member role is not sufficient to authenticate and authorize a container managed constraint as used by ADF Security for authentication. This could be a problem with the embedded OC4J only but also a general problem with settings on the system-jazn-data.xml. This is what I need to further evaluate.
So for now I can't say that this isn't working in ADF Security because its not even getting there
Frank

Show images without login in ADF security

Hi,
I use JDeveloper 11.1.1.0.0.
I use ADF Authentication Security. I use some images to login.html page but I can't see these images without authentication.
can anybody help me?
Thanks very much

Hi,
this is because you protect the application root "/". I assume you only enabled ADF Security for authentication.
Frank

ADF security removes applied authorizations

hi,
I created a mockup page containing only panelPage inside a form. In page definition I edited authorization so that role roleA has all privileges on the page as well as roles roleB and roleC (both roleB and roleC are sub-roles of role roleA as defined in system-jazn-data.xml).
After I finished configuring ADF security I saved all and compiled the project. Then I re-opened the page definition, clicked on Edit Authorization to check if authorizations are still there, but they were gone!?
I tried several times but each time ADF security settings magically gets removed.
I think the reason is that some of the roles are sub-roles of another role. Is there a workaround?

it seems that if you try to configure ADF security for a role which has another role as a member ADF security goes into a state where the only way out is to completely delete original roles and then re-configure but this time with no roles as members of other roles. I wonder if this feature (roles as members of other roles) will be supported in ADF security and in which version of Jdev. I am using 10.1.3.2

[SOLVED] ADF Security: No success with DBTableOraDataSourceLoginModule

Hi,
because do not have success to implement simple ADF Security to my application for weeks I try it again with this post.
Hopefully someone who was already successful with this issue can give me the hint, missing step or something else.
I have read many forum posts, blogs and documentation (10.x) but because ADF security has been changed from 10g to 11g I'm never sure if a documented step from 10g is necessary for 11g also.
I also posted my problem to posts with similar problems but no response :-(
I use 11g, TP4.
My Requirement:
=============
- user accounts and roles are stored within database tables
- roles are not used (every user has the same rights) but stored in the database table
- Custom Login-Page (jspx)
- At login ADF Security only needs to check if the entered user/password is stored in the database table (no password encryption is used at the moment)
Steps I have done:
ADF Security wizard:
================
Step 1: Enforce Authorization NOT checked (Also tried to CHECK this checkbox)
Redirect upon sucessfull Authentication CHECKED
generate Default CHECKED
Step 2: No identity store CHECKED
Step 3: Enable Credital Store CHECKED
Step 4: No Policy Store CHECKED
Step 5: Enable Anonymous Provider
Step 6: Manage Login Modules --> Add "oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
Name = oracledb.loginmodule
Login Control Flag = Required
Log Level = fine
--> Add "oracledb.loginmodule" as the only "Selected login module"
Step 7: Form-Based Authentication
Generate default is CHECKED
Step 8: WebResources: allPages
Selected Roles: valid-users
Step 9: FINISH Wizard
Then I edit jps-config.xml manually. Here the actual content:
=============================================================
<serviceInstance provider="jaas.login.provider"
name="oracledb.loginmodule">
<property value="true" name="debug"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="addAllRoles"/>
<property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
name="loginModuleClassName"/>
<property value="FINE" name="log.level"/>
<property value="jdbc/TLS-BOBDS" name="data_source_name"/>
<property value="passwort" name="passwordField"/>
<property value="rol_rolle" name="groupMembershipGroupFieldName"/>
<property value="bediener_rollen" name="groupMembershipTableName"/>
<property value="user_kennung" name="usernameField"/>
<property value="bediener" name="table"/>
<property value="persnr" name="user_pk_column"/>
<property value="bed_persnr" name="roles_fk_column"/>
<property value="toupper" name="casing"/>
</serviceInstance>
====================================
Then I start the application. Re-direction to the login-page works fine.
I enter username/password and press submit --> Following error occures in OC4J log:
===================
WARNUNG: TLS-BOB-ViewController-webapp: error encountered during authentication
java.util.MissingResourceException: Can't find resource for bundle oracle.security.jps.internal.common.resources.common.CommonResources, key JPS-02575
     at java.util.ResourceBundle.getObject(ResourceBundle.java:325)
     at java.util.ResourceBundle.getObject(ResourceBundle.java:322)
     at java.util.ResourceBundle.getString(ResourceBundle.java:285)
     at oracle.security.jps.util.JpsBundle.getString(JpsBundle.java:133)
     at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:424)
     at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:401)
     at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:99)
     at oracle.security.jps.fmw.JpsUserManager.getUserFromIdmStore(JpsUserManager.java:1109)
     at oracle.security.jps.fmw.JpsUserManager.getUser(JpsUserManager.java:1022)
     at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
     at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
     at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletRequest.java:3927)
     at com.evermind.server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6965)
     at com.evermind.server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3350)
     at com.evermind.server.http.HttpRequestHandler.doResolveRequestDispatcher(HttpRequestHandler.java:1005)
     at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:822)
     at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:658)
     at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:626)
     at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:417)
     at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:189)
     at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:163)
     at oracle.oc4j.network.ServerSocketReadHandler$ClientRunnable.run(ServerSocketReadHandler.java:275)
     at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:237)
     at oracle.oc4j.network.ServerSocketAcceptHandler.access$800(ServerSocketAcceptHandler.java:29)
     at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:877)
     at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
     at java.lang.Thread.run(Thread.java:595)
==================================================
My questions:
=============
1) Are there additional steps necessary to implement ADF Security for my requirements ?
2) If yes, which? Which files I have to edit manually after ADF security wizard has been finished?
Any help is warmly welcome !
regards
Peter

Hello
Many thanks to CP and Andre who gave the missing hints in this tread:
OC4J 11g and JAZN
The property custom.provider mentioned by cp was the "missing link" --> now it works.
BUT "Nobody knows the trouble I've seen ..." !
I made dozens of trials with the same application and always similar (strange) results.
When I CHECK "enforce Authorization" in the ADF security wizard then
the redirection to the Login Page does NOT work (reason is unclear for me)
If I UNCHECK "enforce Authorization" in the ADF security wizard then
the redirection to the login page works fine BUT the redirect upon succesful Authentication doesn't work.
--> In this case following code is missing in web.xml
=====================
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>welcome.jsp</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
=================================
I think (but not 100%) that SOMETIMES the propertie "<property value="true" name="custom.provider"/>" has been created by the ADF security wizard.
SOMETIMES I was not able to create the default welcome.jsp with the ADF Security Wizard, ....
Maybe someone can reproduce this behaviour and fills a bug.
regards
Peter

GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0

If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
Are you getting either of the following errors?
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
1) Create a new application.
2) Create three .jspx pages called login, error, and welcome.
3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
4) Right-Click on your Application and select Secure->Configure ADF Security
5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
<policy-store>
    <applications>
      <application>
        <name>SecurityError</name>
        <app-roles>
          // Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
          <app-role>
            <name>anonymous-role</name>
            <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
            <display-name>anonymous-role</display-name>
          </app-role>
         // Whew, the end of that app role
        </app-roles>
        <jazn-policy>
          <grant>9) You're going to want to delete that app role XML
10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
12) Run your welcome page. Yay, the error is gone. How sweet it is.
Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
// You fool!
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not FoundThat's not so good. Let's fix that.
1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
3) Re-run your welcome page.
// Suckered AGAIN!
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
Ahh!! Now THAT's how we do it in Kingsport!
Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
Will

Ha :-)
Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
But your call, no pressure of course ;-)
CM.

Creating a WebCenter Application with PageCutomizable and ADF Security

I created a Webcenter App in Jdev 11.1.1.2.0 with webcenter extension.
I have 2 JSPX files.
One called mainTemplate.jspx
- contains header, footer in ADF and a center facet.
One called Welcome.jspx created from mainTemplate
- contains page customizable > panel customizable > layout customizable > various custom panel configs.
ADF security is configured with BASIC, authentication only. Because form authentication seems harder to get working.
We have one weblogic user, and currently deploy to the integrated WLS, although we'll deploy out to a full server once security/composer is working.
The problem is, when we run the Welcome.jspx, and because we added a reference to a logged in var, it requests http login fine.
We then refresh the page and see that we are indeed logged in as 'weblogic'.
Is weblogic a special user? should I create a new one? Is there any setup required on the Integrated WLS to get this working?
However when we click on 'add Content' using the composer we get a permission error.
+<RegistrationConfigurator><handleError> Server Exception during PPR, #1+
javax.el.ELException: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at com.sun.el.parser.AstValue.invoke(AstValue.java:161)+
+...+
Caused by: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.setDialogHelp(DialogBean.java:129)+
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.showResourceCatalog(DialogBean.java:356)+
+     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+...+
I tried using the Customization allowed var in the property inspector, but could not map 'allowed by' to a user or role that my setup would recognise. The doco specifies 'admin' which does not work for me.
In my catalog I have a WCM portlet taskflow, which will require its own permissions.
I tried enabling permissions for the test-all role to all of my pages/taskflows, leaving just the 'view' permission to the anonymous role.
I also tried authentication/authorization profiles, and building my own jspx login/error pages, but no luck there either, the login button doesn't seem to tirgger my java doLogin class, even though I set the binding on the button using the method expression builder to the bean method.
*note: I didn't try the welcome/login/error page auto create as they generate html files, I created JSFs with full UI in there. Am I required to use those html types instead of jspx? I found that the redirection worked by appending the jspx reference with '/faces/Login.jspx'. The problem seemed to have been somewhere else.
If we have any Webcenter Composer / Security gurus out there, help would be greatly appreciated.
Our main goal is to create a Webcenter App which has security/composer/navigation and a catalog with WCM/Siebel portlets similar to the Avitek demo without using WC Spaces.
Thanks.
Thanks.
Edited by: Guillaume_Davies_SC on Apr 20, 2010 7:28 PM

When you want to achieve this you need to configure ADF security with basic authentication & authorization. THe authorization is the part that takes care of what a user may and may not do in an application. Authentication is just the log in part.
When you have configured your application for authorization as well, you have to create roles and groups.
You will also have to set the authorization of your pages. Open a jsxp and in the design or source view, right click and "edit authorization". You then have to add roles to your pages and define their rights. Then you can set the authorization for edit,cuustomize,personlise,view,...
Hope this helps.

Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

Hi,
We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
Regards,
Joonas

Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

ADF Security unable to run/deploy

Hi all,
I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
But I failed with the following error messages, can anybody help me?
Thanks in advanced.
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : wsm-pm
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
2009年11月16日下午02:13:38 oracle.wsm.audit.Auditor <init>
資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
2009年11月16日下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
2009年11月16日下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
DefaultServer startup time: 53578 ms.
DefaultServer started.
[Running application TestLogin on Server Instance DefaultServer...]
<2009年11月16日下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : TestLogin
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application policy migration for [TestLogin] is completed successfully.
2009年11月16日下午02:13:50 JpsApplicationLifecycleListener Policy Migration
資訊: Codebase policy migration for [TestLogin] is completed successfully.
<2009年11月16日下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
[02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
[02:13:50 PM] See server logs or server console for more details.
[02:13:50 PM] #### Deployment incomplete. ####
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
     at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
     at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
     ... 11 more
Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
     ... 12 more
#### Cannot run application TestLogin due to error deploying to DefaultServer.
[Application TestLogin stopped and undeployed from Server Instance DefaultServer]
Samson Fu

I found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
Regards,
Samson Fu

ADF security for authorizaion

Similar Messages

Maybe you are looking for