ADF Security Framework

Hi,
Has somebody successfully implemented ADF Security framework with LDAP provider?
I followed this nice article by Frank http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
and it works but very slow - I must say I have maybe 100 VO's attributes on page, but to wait 3minutes to get rendered the page is too long. Maybe some bottleneck somewhere so I am asking...
thanks,
Branislav

Hi
I have also used ADF security using LDAP with less VO's per page without any problems.
I must tell you however that during development I use file based security and change it to LDAP later on during deployment on the application server (I use 10.1.3.1).If you combine this with SSO then you end up with a neat solution -- that in my case more or less works satisfactorily. :-)
Thanassis

Similar Messages

How to handle multiple SSO in ADF Security Framework

Hello All,
I have a question about ADF security with multiple SSO provider.
What I am trying to achieve:
Assume there are SSO provider A, B and C. Each provider will grant a different role to the ADF application (A grant Admin, B grant Business Manager, C grant Configuration Manager). Sign out from the ADF application will log all the SSO out at the same time.
What I know:
Each SSO will need to have information about the role it provides. I will also need to write code like the following: (modified from an old answer from Frank Nimphius before)
    try {
        IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore(); //Need to get the specific IDM store based on the SSO the user is using.
        try {
            UserManager userManager = idstore.getUserManager();
            RoleManager roleManager = idstore.getRoleManager();
            Role role = idstore.searchRole(Role.SCOPE_APPLICATION,idmRole); //Again, idmRole based on which SSO the user is using.
                // create user
                //TODO check for empty username and password
                User user = userManager.getUser(SecurityContext.getUserName()); //the user may already login from another SSO.
                if (user == null)
                    user = userManager.createUser(this.username,this.password.toCharArray());
                roleManager.grantRole(role,user.getPrincipal());
            } catch (IMException e) {
                // TODO
        } catch (JpsException e) {
            // TODO
        return null;
}Also a logout code like this
      doLogout()
         if(A) logoutFromA(user);
         if(B) logoutFromB(user);
         if(C) logoutFromC(user);
      } My Question:
Would the code above handle what I described? Also, how do I set the SecurityContext for ADF security - Or the grantRole automatically does that for me?

Hello Sudipto,
Yeah, I had watched that tutorial, it is pretty helpful on getting 1 SSO working with the ADF security.
I am confused when there is multiple provider - do I setup the web gate so that "http://myapp:7777/LoginViaA" point to SSO Provider A, "http://myapp:7777/LoginViaB" point to SSO Provider B and so forth? **Note: the login/username can be different on different SSO provider.
In that case, I will still need to set the value in SecurityContext to say "This current user login as [email protected] via SSO A and [email protected] via SSO B", or is there some other way to handle this?
Thanks,
Louis

How to store Custom principal in Oracle ADF security Framework

Hi guys, hope somebody will help me out.
I am facing the following issue, i need to have a custom principal instance after oracle adf security frame work does authenticate and authorize user.
My custom principal instance should have per say addition attribute, say clientId. I am using Jdeveloper 11.1.2.4 and i setup weblogic to use ReadOnlySQLAuthenticator(it does most of desired functionality).
As far as i get it, i would have to implement a custom provider to have a chance to implement a custom LoginModule, so i can set it up to use my custom principal, am i right ? and i am not sure how ReadOnlySQLAuthenticatorImpl that i chose in weblogic is bound to
DBMSAtnLoginModuleImpl (i mean how does it knows what LoginModule should it use) and if i can , how can i make ReadOnlySQLAuthenticatorImpl use my custom LoginModule.
Sorry if i violated forum rules.

and i am not sure how ReadOnlySQLAuthenticatorImpl that i chose in weblogic is bound to
DBMSAtnLoginModuleImpl (i mean how does it knows what LoginModule should it use)
This info is returned by getLoginModuleConfiguration(): AuthenticationProvider (BEA WebLogic Server 10.0 API Reference)
Dario

ADF Security Authorization

As it's written in Oracle® Application Development Framework Developer’s Guide For Forms/4GL Developers B25947-01 I created file adf-config.xml file like this
<?xml version="1.0" encoding="windows-1252" ?>
<adf-config xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=" http://xmlns.oracle.com/adf/config
../../../../../bc4jrt/src/oracle/adf/share/config/schema/config.xsd"
xmlns=" http://xmlns.oracle.com/adf/config "
xmlns:sec=" http://xmlns.oracle.com/adf/security/config ">
<sec:adf-config-child xmlns=" http://xmlns.oracle.com/adf/security/config ">
<JaasSecurityContext
     initialContextFactoryClass="oracle.adf.share.security.JAASInitialContextFactory"
     authorizationEnforce="true"
     jaasProviderClass="oracle.adf.share.security.providers.jazn.JAZNSecurity Context" >
</JaasSecurityContext>
</sec:adf-config-child>
</adf-config>
Assigned permissions to my roles in Authorization editior on iterators etc.. But it did get any effect.
All roles have full access to iterators!
ADFContext.getCurrent().getSecurityContext().isAuthorizationEnabled() returns false

Hi,
here's the adf-config file from my woking app
<?xml version="1.0" encoding="windows-1252" ?>
<adf-config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/adf/config ../../../../../bc4jrt/src/oracle/adf/share/config/schema/config.xsd"
xmlns="http://xmlns.oracle.com/adf/config"
xmlns:sec="http://xmlns.oracle.com/adf/security/config">
<sec:adf-config-child xmlns="http://xmlns.oracle.com/adf/security/config">
<JaasSecurityContext initialContextFactoryClass="oracle.adf.share.security.JAASInitialContextFactory"
jaasProviderClass="oracle.adf.share.security.providers.jazn.JAZNSecurityContext"
authorizationEnforce="true"/>
</sec:adf-config-child>
</adf-config>
Note that I don't use debug but run it from JDeveloper and the security settings are enforced. Did you set up the web.xml file - in other words, are you able to authenticate?
Frank

ADF Security Log Out issue

Hi,
We have implemented ADF security and using form based authentication. The problem we are facing is during logout, in IE we see a NullPointerException, before the login page is displayed. Please note that this functionality works fine in Firefox and Chrome. Also this happens only in standalone weblogic server. It works perfectly fine in a cluster. The logout link is command link which goes to logout.jspx. The implementation in logout.jspx is as follows
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1">
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<jsp:forward page="/adfAuthentication">
<jsp:param name="logout" value="true"/>
<jsp:param name="end_url" value="#{initParam.loginURL}"/>
</jsp:forward>
</jsp:root>
the loginURL is configured in web.xml as */faces/login.jspx.*
The exception stack trace is .
<Dec 10, 2012 7:44:44 AM UTC> <Notice> <WebLogicServer> <BEA-000360> <Server
started in RUNNING mode>
<Dec 10, 2012 7:45:51 AM UTC> <Warning> <oracle.adf.share.ADFContext>
<BEA-000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic
initialization is performed improperly.
This message may be avoided by performing initADFContext before using
getCurrent().
For more information please enable logging for oracle.adf.share.ADFContext at
FINEST level.>
<Dec 10, 2012 7:45:51 AM UTC> <Error>
<oracle.adf.controller.internal.binding.TaskFlowRegionModel> <BEA-000000>
<1i9kmqwku_121>
<Dec 10, 2012 7:45:51 AM UTC> <Warning>
<oracle.adf.view.rich.component.fragment.UIXRegion> <ADF_FACES-00009> <Error
processing viewId: /InventoryUIShell URI:
/oracle/communications/inventory/ui/framework/templates/InventoryUIShell.jspx
actual-URI: /oracle/communications/platform/cui/fragments/mainArea.jsff.
oracle.adf.controller.internal.InvalidViewPortIdException: ADFC-14000: View
port ID '1i9kmqwku_33' is invalid.
at
oracle.adfinternal.controller.state.ControllerState.setCurrentViewPort(Control
lerState.java:1319)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:135)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:52)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.doProcessEndRegion(
TaskFlowRegionModel.java:320)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.processEndRegion(Ta
skFlowRegionModel.java:237)
at
oracle.adf.view.rich.component.fragment.UIXRegion$RegionContextChange.undoChan
geImpl(UIXRegion.java:1209)
at
oracle.adf.view.rich.context.DoableContextChange.suspend(DoableContextChange.j
ava:49)
at
oracle.adf.view.rich.context.DoableContextChange.undoChange(DoableContextChang
e.java:103)
at
oracle.adf.view.rich.component.fragment.UIXRegion._endInterruptibleRegion(UIXR
egion.java:726)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:576)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:565)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
Any pointers to resolve this would be helpful.
Thanks,

Hi,
Check these
http://tompeez.wordpress.com/2010/07/26/logout-with-confirmation-dialog/
http://www.oracle.com/technetwork/developer-tools/adf/learnmore/jan2011-otn-harvest-300940.pdf

Implementing authorization using Oralce ADF security

Hi,
We have successfully deployed a Jdev (10.1.3) ADFBC application to IAS with the authentication and part of the authorization.
Now we want to use another level of granularity to allow object instance access control based on Java Permissins using JAAS. Like "binding container", "iterator binding", "attribute binding" and "methodAction binding".
We tried to follow the "Oracle Application Development Framework Developer's Guide", chapter 30. Everything went well until we got to 30.7.2--Setting authorization on ADF binding Containers, list 3. "The Authorization Editor shows the pre-defined permissions for the binding container, along with the principles (roles and users) as defined by your resource provider". The roles and users we defined in our web.xml or jaza-data.xml do not show up in the authorization editor.
The SRDemoADFBC does not use this technique. Anybody has any idea how to do this?
Remember Frank said he was working on an end-to-end ADF security application and it could be ready by the end of this year. Is it ready yet?
Thank you,
Annie

Hi Vinod,
In my post, I present it as a best practice to have a one to one mapping of application roles and enterprise roles though it is not required. If you have 10 application roles you should create 10 enterprise roles, but again this is not required. For testing, you could create only one enterprise role, then make that role as member to all your application roles.
To simplify the case you can do the following STEPS:
In jazn.xml:
1) Let say in jazn.xml you have the following 5 application roles:
<li>ApplicationRole1
<li>ApplicationRole2
<li>ApplicationRole3
<li>ApplicationRole4
<li>ApplicationRole5
2) Still in jazn.xml, create one Enterprise Role "EnterpriseAdmin".
3) Make the"EnterpriseAdmin" as member of the 5 application roles above.
In weblogic console:
4) Go to the User and Groups page of myrealm (Home >Summary of Security Realms >myrealm >Users and Groups).
5) Create a new group named "EnterpriseAdmin" and instead of the Default Authenticator, set the authenticator to the name of SQLAuthenticator that you have created.
6) Create a user in the SQLAuthenticator and make it a member of the "EnterpriseAdmin".
7) Run your secured application in JDeveloper and login with the user credentials that you created in step#6.
Regards,
Pino

Record Level Authentication in ADF Security 11g

Is it possible to code my application to support record level authentication by using ADF 11g Security?
For example the CEO Role can read all orders from a view, but other roles can only read the orders by them self.
Do I have to control this mannually or the ADF Security can handle this for me? Is there any example about this?
Thanks in advanced,
Samson Fu

I can think of three solutions:
1) Go with the Oracle database Virtual Private Database (VPD) feature. This is the ideal solution as it codes that security logic in the database, and doesn't rely on your program/middletier getting the security correct.
2) In ADF BC create the custom framework as recommended in the JDev Fusion Guide and then modify the custom ViewObjectImpl executeQuery() method such that it always adds your required predicate (where clause) to each VO query.
3) Custom code the Where clause into every ADF BC VO query.
CM.

GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0

If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
Are you getting either of the following errors?
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
1) Create a new application.
2) Create three .jspx pages called login, error, and welcome.
3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
4) Right-Click on your Application and select Secure->Configure ADF Security
5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
<policy-store>
    <applications>
      <application>
        <name>SecurityError</name>
        <app-roles>
          // Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
          <app-role>
            <name>anonymous-role</name>
            <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
            <display-name>anonymous-role</display-name>
          </app-role>
         // Whew, the end of that app role
        </app-roles>
        <jazn-policy>
          <grant>9) You're going to want to delete that app role XML
10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
12) Run your welcome page. Yay, the error is gone. How sweet it is.
Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
// You fool!
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not FoundThat's not so good. Let's fix that.
1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
3) Re-run your welcome page.
// Suckered AGAIN!
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
Ahh!! Now THAT's how we do it in Kingsport!
Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
Will

Ha :-)
Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
But your call, no pressure of course ;-)
CM.

Creating a WebCenter Application with PageCutomizable and ADF Security

I created a Webcenter App in Jdev 11.1.1.2.0 with webcenter extension.
I have 2 JSPX files.
One called mainTemplate.jspx
- contains header, footer in ADF and a center facet.
One called Welcome.jspx created from mainTemplate
- contains page customizable > panel customizable > layout customizable > various custom panel configs.
ADF security is configured with BASIC, authentication only. Because form authentication seems harder to get working.
We have one weblogic user, and currently deploy to the integrated WLS, although we'll deploy out to a full server once security/composer is working.
The problem is, when we run the Welcome.jspx, and because we added a reference to a logged in var, it requests http login fine.
We then refresh the page and see that we are indeed logged in as 'weblogic'.
Is weblogic a special user? should I create a new one? Is there any setup required on the Integrated WLS to get this working?
However when we click on 'add Content' using the composer we get a permission error.
+<RegistrationConfigurator><handleError> Server Exception during PPR, #1+
javax.el.ELException: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at com.sun.el.parser.AstValue.invoke(AstValue.java:161)+
+...+
Caused by: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.setDialogHelp(DialogBean.java:129)+
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.showResourceCatalog(DialogBean.java:356)+
+     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+...+
I tried using the Customization allowed var in the property inspector, but could not map 'allowed by' to a user or role that my setup would recognise. The doco specifies 'admin' which does not work for me.
In my catalog I have a WCM portlet taskflow, which will require its own permissions.
I tried enabling permissions for the test-all role to all of my pages/taskflows, leaving just the 'view' permission to the anonymous role.
I also tried authentication/authorization profiles, and building my own jspx login/error pages, but no luck there either, the login button doesn't seem to tirgger my java doLogin class, even though I set the binding on the button using the method expression builder to the bean method.
*note: I didn't try the welcome/login/error page auto create as they generate html files, I created JSFs with full UI in there. Am I required to use those html types instead of jspx? I found that the redirection worked by appending the jspx reference with '/faces/Login.jspx'. The problem seemed to have been somewhere else.
If we have any Webcenter Composer / Security gurus out there, help would be greatly appreciated.
Our main goal is to create a Webcenter App which has security/composer/navigation and a catalog with WCM/Siebel portlets similar to the Avitek demo without using WC Spaces.
Thanks.
Thanks.
Edited by: Guillaume_Davies_SC on Apr 20, 2010 7:28 PM

When you want to achieve this you need to configure ADF security with basic authentication & authorization. THe authorization is the part that takes care of what a user may and may not do in an application. Authentication is just the log in part.
When you have configured your application for authorization as well, you have to create roles and groups.
You will also have to set the authorization of your pages. Open a jsxp and in the design or source view, right click and "edit authorization". You then have to add roles to your pages and define their rights. Then you can set the authorization for edit,cuustomize,personlise,view,...
Hope this helps.

Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

Hi,
We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
Regards,
Joonas

Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

ADF Security unable to run/deploy

Hi all,
I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
But I failed with the following error messages, can anybody help me?
Thanks in advanced.
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : wsm-pm
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
2009年11月16日下午02:13:38 oracle.wsm.audit.Auditor <init>
資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
2009年11月16日下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
2009年11月16日下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
DefaultServer startup time: 53578 ms.
DefaultServer started.
[Running application TestLogin on Server Instance DefaultServer...]
<2009年11月16日下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : TestLogin
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application policy migration for [TestLogin] is completed successfully.
2009年11月16日下午02:13:50 JpsApplicationLifecycleListener Policy Migration
資訊: Codebase policy migration for [TestLogin] is completed successfully.
<2009年11月16日下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
[02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
[02:13:50 PM] See server logs or server console for more details.
[02:13:50 PM] #### Deployment incomplete. ####
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
     at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
     at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
     ... 11 more
Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
     ... 12 more
#### Cannot run application TestLogin due to error deploying to DefaultServer.
[Application TestLogin stopped and undeployed from Server Instance DefaultServer]
Samson Fu

I found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
Regards,
Samson Fu

ADF security : How to get fnd_users list in weblogic server

Hi All,
I have a question related to ADF security.
I am able to apply ADF security to the application, where users information and roles are defined in jazn.xml file.
On deployment, users/ roles information is being successfully ported to weblogic server.
But my requirement is to fetch users information from fnd_users table. If you have any idea as how to get the fnd_users data to weblogic, please reply.
Thanks,
Randhir

Thanks John.
I went through the link and got steps for authentication with fnd_users.
I have one more question on this.
Do I need to enable jazn.xml for implementing security or only the steps given in this link is sufficient?
Since roles are also stored into fnd table, how to secure the taskflow? (roles are not defined in jazn.xml)

How to integrate a SSO based in cookie with ADF Security

At work they asked me to integrate a existing SSO based in cookie with the new ADF + Jdeveloper 11g + WLS. After google for days and read a lot of blogs and official documentation I've made a custom LoginModule. I made it very simple, it's just an "if" inside the login() function with the username, if the username is "john" I put to the Subject some Principals. My steps are:
1- Create a new app based on "Fusion application" template.
2- Make a new ADF Taskflow with only one view inside (the entry point of the taskflow). The jspx only contains a welcome message.
3- Run the ADF Security wizard, all the steps with the default option, I don't change anything.
4- Put some users and some roles in jazn-data.xml, and maping them to an application role. Then I grant permissions to the application role to view the previous task flow.
At this point everything is ok. I run the taskflow and a basic login popup prompts me to write my username and password. Now I try to remove everything useless for me, like idstore, credentials, anonymous, etc. I only want a LoginModule that get the HttpRequest and passes it to an already done class that returns a true/false depending if the cookie is correct or not but, as I said before, my LoginModule is so simple now and even didn't try to do something more complicated than an if. The steps I try are:
in jps-config.xml
5- Remove idstore.xml and credentials.
6- (loginmodule tab) Make a new login module, and put here my class. The class is in the ViewController project and JDeveloper find it navigating through the heriarchy, so I have visibility. I put REQUIRE flag, add all roles and debug mode.
7- In the security context unmark the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
All that I got until now is a 500 error (Internal server error - Authorization Exception). Sometimes (the close i've ever been to do something correct) the browser ask me for user/password but then only recognizes the users that already are in WLS (idstore from previous tests), but NOT the "john" user that is inside my custom LoginModule. Even more, if I run the WLS from JDeveloper 11g in debug mode, the runtime never stops at breakpoints inside my custom login module. It seems that my LoginModule isn't deployed or I made some error maping the roles.
So, my questions are:
- I'm in the good way? If I want an authentication based in cookie/httprequest I have to do a custom LoginModule? My goal is to do a re-usable code, and re-use the code that my co-workers have done. They have a class that with only the HttpRequest determines if a user is logged or not.
- If I'm in the good way... how can I put my custom LoginModule in the WLS? I tried to search something in the Administration Panel (localhost:7101/console) but I did'nt find nothing.
- In case I'd got the custom LoginModule working fine in WLS... how can I get a HttpRequest from a LoginModule and avoid the username/password dialog? I've to make a filter and pass it to the my LoginModule? If it's correct... how?
I don't post my code because is so simple, it's based on DBTableLoginModule but without all the database access code.
Thanks to all!
P.D.: If this message isn't in the correct forum, I'm sorry. Feel free to move it.
P.D.2: Sorry about my english, I'm spanish. I know i've to practise a lot :)

Hi Frank,
Thanks a lot for your answer. Just one more easy question: what I need to do is a custom Authentication Module (which will read the cookie)? If only you can point me to the correct chapter of the WLS documentation I'll be very pleased.
In future releases of JDeveloper will be easier to do this kind of things related to security?
Riveck

Problem with ADF security and task flow calls

Hi.
I am using JDeveloper 11.1.2.0.0.
I encountered a problem when tried to apply ADF security to my application.
The way to reproduce the problem:
1. Create new Fusion Web Application;
2. Import Business Components from Tables from any existing schema and add at least one table to the ApplicationModule.
3. Create "welcome page" (for instance, welcome.jsf). Add a button with fixed action outcome "test".
4. Create test page, for instance, test.jsf. Drag and drop any view object from Data Controls onto the page and create a form with navigation controls. Add a button with fixed action outcome "return".
5. Create bounded task flow, name it "test", drag and drop our test page on it - the page will be the default activity. Add a task flow return activity. Add a control flow case from the default view activity to the return activity, set From Outcome property to "return". So our return button should cause the task flow to exit.
6. Open adfc-config.xml in diagram mode and place our welcome page on it. Then drag and drop the test task flow to create a task flow call activity. Add a control flow case from welcome page to task flow call activity, set the From Outcome property to "test". So our test button should call the test task flow.
7. Configure application to run the unbounded task flow starting with Welcome view activity.
At this point all works as expected: when application runs, the welcome page is displayed with test button. Pressing the test button results in displaying the test page, return button leads back to the welcome page.
Now let's configure ADF Security.
Run the ADF Security configuration wizard, choose ADF Authentication and Authorization.
On the second page select Form-Based Authentication, check the Generate Default Pages flag.
On the third page choose No Automatic Grants.
On the next page keep the Redirect Upon Successful Authentication unchecked. Press Finish.
Open jazn-data.xml to configure roles, users and resource grants:
1. Create application role test-role.
2. Grant the test-role privileges to view the test task flow.
3. Create user and grant him the test-role.
Now we have the public available welcome page and the test page with restricted access.
When application runs, the welcome page is displayed as expected. Pressing the test button redirect us to auto-generated login page. After successful authorization the test page is displayed. But nothing happens if we click now the return button for the first time. When we click the return button once more, the application crushes with Error-500 and message "Target Unreachable, identifier 'bindings' resolved to null". The exact error trace depends on UI control bindings, but looks like this:
javax.el.PropertyNotFoundException: //C:/Users/DUDKIN/AppData/Roaming/JDeveloper/system11.1.2.0.38.60.17/o.j2ee/drs/Test1/ViewControllerWebApp.war/test.jsf @10,120 value="#{bindings.Id.inputValue}": Target Unreachable, identifier 'bindings' resolved to null
     at com.sun.faces.facelets.el.TagValueExpression.isReadOnly(TagValueExpression.java:122)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer._getUncachedReadOnly(EditableValueRenderer.java:476)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.getReadOnly(EditableValueRenderer.java:390)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.wasSubmitted(EditableValueRenderer.java:345)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.decodeInternal(EditableValueRenderer.java:116)
     at oracle.adfinternal.view.faces.renderkit.rich.LabeledInputRenderer.decodeInternal(LabeledInputRenderer.java:56)
     at oracle.adf.view.rich.render.RichRenderer.decode(RichRenderer.java:342)
     at org.apache.myfaces.trinidad.render.CoreRenderer.decode(CoreRenderer.java:274)
     at org.apache.myfaces.trinidad.component.UIXComponentBase.__rendererDecode(UIXComponentBase.java:1324)
(the rest of lines skipped).
Any suggestions?
Edited by: user13307311 on Apr 16, 2013 11:39 PM

@Lovin_JV_941794
The welcome page is public available since it does not have appropriate PageDef file.
Login page comes not from the welcome page, it comes after attempt to access the test page. So after the login succeeded the test page appears, because redirect to welcome page after successful login is not configured. I do not need to return the welcome page at this moment, I need to go to the test page.
It seems the task flow call stack to be destroyed after redirect to login page.
Edited by: user13307311 on Apr 17, 2013 12:45 AM

ADF Security in JDeveloper 10.1.3.2

Hi,
i used this link http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
to apply security to my AD application using the JAN but i faced a problem which is ,if i logged in using the user i create on the OTC i always get this error HTTP Error 403 - Forbidden "You are not authorized to view this page", Although i didn't apply the authorization on my pages yet.
can anyone help?
Thanx

Hi,
using ADF Security, security is enabled as soon as you switch on ADF Security. Its a pessimistic thinking that is that you don't have access unless explicitly granted access
Frank

ADF Security Framework

Similar Messages

Maybe you are looking for