ADF Security in JDeveloper 10.1.3.4

Hello all,
Although I have followed all the steps outlined in Ch. 30 Adding Security to an Application (ADF Dev Guide for Forms/4GL Developers) I cannot get ADF security running in JDev 10.1.3.4. Specifically,update, create and delete buttons are enabled even though I have put constraints on the respective iterator bindings. At the same time, i am not getting any errors.
Container managed security works fine and when I access a protected URL, the basic pop-up window shows (I am using basic authentication). The 4GL guide states the adfAuthenticationServlet should be mapped to its own URL pattern, like /adfAuthentication/*.
However, when I try to access an ADF protected resource, nothing happens.
What is the interaction between container managed security and the adfAuthentication servlet? is it mandatory to use a login page for the adfAuthentication servlet to work?
I understand a backing bean is needed if we want to make user information accessible in the expression language. However, according to table 30-1 (on pg. 30-24) no further action is needed in order for the, e.g. Create button to be disabled. In other words, a backing bean is not needed and I don't have to change the "disabled" property for the Create button from false and check it using EL.
COuld someoneplease shed some light how is ADF security actually used? Curiously enough, SRDemo is not using ADF security and I wonder why?
Many thanks,
Boris
Edited by: user616226 on Sep 12, 2008 2:53 PM

I made some progress. The missing link was running the ADF security wizard (under "Tools").
The buttons are behaving OK (rendered but disabled) but now no table data is displayed!?
I have granted a view permission on the binding container as well as a read permission on the iterator and attributes.
BTW, the ADF security wizard will create the adf-config file for you (had to be done manually, check pg. 30-25 in the 4GL guide).

Similar Messages

ADF Security in JDeveloper 11

Hi
Is there any focument for ADF Security in JDeveloper 11, i found document for ADF Security in JDeveloper 10.1.3.2 but its different than 11g.
Regards

There is a section in the Fusion Developer Guide documentation, and Franks has a set of online demos here:
http://www.oracle.com/technology/products/jdev/tips/fnimphius/index.html

ADF Security in JDeveloper 10.1.3.2

Hi,
i used this link http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
to apply security to my AD application using the JAN but i faced a problem which is ,if i logged in using the user i create on the OTC i always get this error HTTP Error 403 - Forbidden "You are not authorized to view this page", Although i didn't apply the authorization on my pages yet.
can anyone help?
Thanx

Hi,
using ADF Security, security is enabled as soon as you switch on ADF Security. Its a pessimistic thinking that is that you don't have access unless explicitly granted access
Frank

ADF security problem

hi ,
I created a page called " main.jspx " and I used the ADF security in jdeveloper 11.1.1.2.0 . I deployed my application to a standalone weblogic . When I typed "http://localhost:7001/test/faces/main.jspx" , it redirected to "http://localhost:7001/test/login.html" . After typing correct "username" and "password" ,it redirected to my "main.jspx" . That is correct . But now I open this application in jdeveloper 11.1.1.3.0 , and redeploy it to a standalone weblogic . When I typed "http://localhost:7001/test/faces/main.jspx" , it directly show the main.jspx page . Why no Authentication ? I "remove ADF Security Configuration" and " reconfigure ADF Security" . It doesn't work . But if I create a new application and use ADF security in jdeveloper 11.1.1.3.0 . The new application works well . I need to work with my old application . Can you give me any advice ? thanks!!

duplicate
Frank

ADF Security to J2EE Container Managed Security Problems

Hi al!
I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
Part of my web.xml file:
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/app/index.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<security-role>
<description>Admins</description>
<role-name>admin_role</role-name>
</security-role>
<security-role>
<description>Users</description>
<role-name>user_role</role-name>
</security-role>
<security-role>
<role-name>oc4j-administrators</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllAdmins</web-resource-name>
<url-pattern>faces/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllUsers</web-resource-name>
<url-pattern>faces/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>oc4j-administrators</role-name>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
Do I have to remove this adfAuthentication tags?
I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
Thank you in advance!
Bye
PS
Maybe stack trace after login:
FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

Hi there!
I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
log("method equals start",0);
log("another type = " + another.getClass(), 0);
if (another instanceof Principal)
Principal mine = (Principal)another;
log("Principal mine.getName() = " + mine.getName(), 0);
The result is this output (after navigating to page that gives 401 forbidden):
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
07/10/12 08:46:09 [DBUserPrincipal] method equals start
07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
Thank you!
BB

How to use ADF Security policies in OID Ldap

Hello
My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
Introduction to ADF Security in JDeveloper 10.1.3.2
An Oracle JDeveloper Article
Written by Frank Nimphius, Oracle Corporation
February, 2007
I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: EF37EAA603C611DDBFAE635A1BB60EE0
orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
orcljaznjavaclass: java.security.UnresolvedPermission
orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissionactions:
uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
The system-jazn-data.xml includes all entries correctly.
rgds

Eurika
finally solved,
runing the JAZNMigrationTool requires setting the correct classpath,
Setting the classpath to the following
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
if however, you add the adfshare.jar to the classpath
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
now the tool will migrate the permission policies , the following shows an extract from the LDIF file
dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: A5E662E204D411DDBF8807BC4864C5C2
orclGuid: A5E662E204D411DDBF8807BC4864C5C2
orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
orcljaznpermissionactions: read,update
uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Ammar Sajdi
www.e-ammar.com/Oracle.html

Configuring ADF Security to use LDAP

HI All
We are building an application which is secured using SSO authentication. We have an LDAP setup for this.
During development, we wanted to configure LDAP in ADF Security Wizard in Jdeveloper for authentication. I tried the following in ADF Security Wizard in the 10 steps of the wizard:
1) Configure ADF for Web Application, enforce Authorization
2) Enable Credential Store
3) No Policy Store
4) LDAP Identity Store
5) Enter LDAP credentials, LdAp URL, user base
6) No Anonymous Provider
7) Did not select any login module
8) Form Based Authentication, generate default
9) Added pages that need to be secured
10) Finish
The login page is rendered whenever i try to access a protected page. But when I enter the LDAP user credentials for login, it does not work. It says "You are not authorized to view this page".
Is there anything missing in the setup that is causing the issue. Any pointers on this would be helpful.
Thanks
Srinidhi.

Hi,
note that there don't exist documentation for configuring ADF Security in JDeveloper 11 with LDAP. In general, ADF Security in JDeveloper 11 is not yet ready for SSO and LDAP testings and still is under development. Note that LDAP authentication - as container managed authentication - is configured in the jps-config.xml file of the deployed application. However, as said, its not documented and would be just too much at this point to put into a forum answer
Frank

401 - unauthorised in ADF Security.

Hi.
Am trying to develop a login page using ADF security in jdeveloper 11.1.1.6.0.
I have followed this link
ADF security on my jspx page as login page
This is my code which i have used in my login bean.
public String doLogin() {
String un = _username;
byte[] pw = _password.getBytes();
FacesContext ctx = FacesContext.getCurrentInstance();
HttpServletRequest request =
(HttpServletRequest)ctx.getExternalContext().getRequest();
CallbackHandler handler = new SimpleCallbackHandler(un, pw);
try {
Subject mySubject = Authentication.login(handler);
ServletAuthentication.runAs(mySubject, request);
ServletAuthentication.generateNewSessionID(request);
/* String loginUrl = "/adfAuthentication?success_url=/faces" +
ctx.getViewRoot().getViewId();*/
String loginUrl = "/adfAuthentication?success_url=/faces/Runtime.jspx";
System.out.println ("Loginto to be printed"+loginUrl);
HttpServletResponse response =
(HttpServletResponse)ctx.getExternalContext().getResponse();
sendForward(request, response, loginUrl);
} catch (FailedLoginException fle) {
FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR,
"Incorrect Username or Password",
"An incorrect Username or Password" +
" was specified");
ctx.addMessage(null, msg);
} catch (LoginException le) {
reportUnexpectedLoginError("LoginException", le);
return null;
private void sendForward(HttpServletRequest request,
HttpServletResponse response,
String forwardUrl){
FacesContext ctx = FacesContext.getCurrentInstance();
RequestDispatcher dispatcher = request.getRequestDispatcher(forwardUrl);
System.out.println ("dispatcher inside send forward :"+dispatcher);
try {
dispatcher.forward(request, response);
} catch (ServletException se) {
reportUnexpectedLoginError("ServletException", se);
} catch (IOException ie) {
reportUnexpectedLoginError("IOException", ie);
ctx.responseComplete();
private void reportUnexpectedLoginError(String errType, Exception e){
FacesMessage msg =
new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected error
during login",
"Unexpected error during login (" + errType +
"), please consult logs for detail");
FacesContext.getCurrentInstance().addMessage(null, msg);
e.printStackTrace();
When i entered my username and password it shows an error as 401 - Unauthorized.
Dont know where i went wrong? pls help me.!
Regards,
Prasad K T.

Prasad, the link is a bit older. You may want to check this article from Frank: Oracle ADF: Security for Everyone
which comes with a working sample.
Timo

Jdeveloper tools/ADF security wizard , what is this item? no documentation.

Hi
Thank you for reading my post
i find that there is a menu item in Jdeveloper that secure an adf application.
Jdeveloper documentatio has nothing about it.
can some on clearify ,
-if i select a realm name , will jdeveloper create that realm for me in application server (OC4J standalone) ?

I use Jdeveloper 10.1.3.1.0 (the new developer preview)
and the ADF Security Wizard is under tools menue.
I just do not know what does doAs and doAsPrivileged means in JASS module.
Thanks

Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

Hi,
We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
Regards,
Joonas

Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

ADF Security unable to run/deploy

Hi all,
I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
But I failed with the following error messages, can anybody help me?
Thanks in advanced.
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : wsm-pm
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
2009年11月16日下午02:13:38 oracle.wsm.audit.Auditor <init>
資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
2009年11月16日下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
2009年11月16日下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
DefaultServer startup time: 53578 ms.
DefaultServer started.
[Running application TestLogin on Server Instance DefaultServer...]
<2009年11月16日下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : TestLogin
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application policy migration for [TestLogin] is completed successfully.
2009年11月16日下午02:13:50 JpsApplicationLifecycleListener Policy Migration
資訊: Codebase policy migration for [TestLogin] is completed successfully.
<2009年11月16日下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
[02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
[02:13:50 PM] See server logs or server console for more details.
[02:13:50 PM] #### Deployment incomplete. ####
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
     at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
     at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
     ... 11 more
Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
     ... 12 more
#### Cannot run application TestLogin due to error deploying to DefaultServer.
[Application TestLogin stopped and undeployed from Server Instance DefaultServer]
Samson Fu

I found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
Regards,
Samson Fu

How to integrate a SSO based in cookie with ADF Security

At work they asked me to integrate a existing SSO based in cookie with the new ADF + Jdeveloper 11g + WLS. After google for days and read a lot of blogs and official documentation I've made a custom LoginModule. I made it very simple, it's just an "if" inside the login() function with the username, if the username is "john" I put to the Subject some Principals. My steps are:
1- Create a new app based on "Fusion application" template.
2- Make a new ADF Taskflow with only one view inside (the entry point of the taskflow). The jspx only contains a welcome message.
3- Run the ADF Security wizard, all the steps with the default option, I don't change anything.
4- Put some users and some roles in jazn-data.xml, and maping them to an application role. Then I grant permissions to the application role to view the previous task flow.
At this point everything is ok. I run the taskflow and a basic login popup prompts me to write my username and password. Now I try to remove everything useless for me, like idstore, credentials, anonymous, etc. I only want a LoginModule that get the HttpRequest and passes it to an already done class that returns a true/false depending if the cookie is correct or not but, as I said before, my LoginModule is so simple now and even didn't try to do something more complicated than an if. The steps I try are:
in jps-config.xml
5- Remove idstore.xml and credentials.
6- (loginmodule tab) Make a new login module, and put here my class. The class is in the ViewController project and JDeveloper find it navigating through the heriarchy, so I have visibility. I put REQUIRE flag, add all roles and debug mode.
7- In the security context unmark the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
All that I got until now is a 500 error (Internal server error - Authorization Exception). Sometimes (the close i've ever been to do something correct) the browser ask me for user/password but then only recognizes the users that already are in WLS (idstore from previous tests), but NOT the "john" user that is inside my custom LoginModule. Even more, if I run the WLS from JDeveloper 11g in debug mode, the runtime never stops at breakpoints inside my custom login module. It seems that my LoginModule isn't deployed or I made some error maping the roles.
So, my questions are:
- I'm in the good way? If I want an authentication based in cookie/httprequest I have to do a custom LoginModule? My goal is to do a re-usable code, and re-use the code that my co-workers have done. They have a class that with only the HttpRequest determines if a user is logged or not.
- If I'm in the good way... how can I put my custom LoginModule in the WLS? I tried to search something in the Administration Panel (localhost:7101/console) but I did'nt find nothing.
- In case I'd got the custom LoginModule working fine in WLS... how can I get a HttpRequest from a LoginModule and avoid the username/password dialog? I've to make a filter and pass it to the my LoginModule? If it's correct... how?
I don't post my code because is so simple, it's based on DBTableLoginModule but without all the database access code.
Thanks to all!
P.D.: If this message isn't in the correct forum, I'm sorry. Feel free to move it.
P.D.2: Sorry about my english, I'm spanish. I know i've to practise a lot :)

Hi Frank,
Thanks a lot for your answer. Just one more easy question: what I need to do is a custom Authentication Module (which will read the cookie)? If only you can point me to the correct chapter of the WLS documentation I'll be very pleased.
In future releases of JDeveloper will be easier to do this kind of things related to security?
Riveck

Problem with ADF security and task flow calls

Hi.
I am using JDeveloper 11.1.2.0.0.
I encountered a problem when tried to apply ADF security to my application.
The way to reproduce the problem:
1. Create new Fusion Web Application;
2. Import Business Components from Tables from any existing schema and add at least one table to the ApplicationModule.
3. Create "welcome page" (for instance, welcome.jsf). Add a button with fixed action outcome "test".
4. Create test page, for instance, test.jsf. Drag and drop any view object from Data Controls onto the page and create a form with navigation controls. Add a button with fixed action outcome "return".
5. Create bounded task flow, name it "test", drag and drop our test page on it - the page will be the default activity. Add a task flow return activity. Add a control flow case from the default view activity to the return activity, set From Outcome property to "return". So our return button should cause the task flow to exit.
6. Open adfc-config.xml in diagram mode and place our welcome page on it. Then drag and drop the test task flow to create a task flow call activity. Add a control flow case from welcome page to task flow call activity, set the From Outcome property to "test". So our test button should call the test task flow.
7. Configure application to run the unbounded task flow starting with Welcome view activity.
At this point all works as expected: when application runs, the welcome page is displayed with test button. Pressing the test button results in displaying the test page, return button leads back to the welcome page.
Now let's configure ADF Security.
Run the ADF Security configuration wizard, choose ADF Authentication and Authorization.
On the second page select Form-Based Authentication, check the Generate Default Pages flag.
On the third page choose No Automatic Grants.
On the next page keep the Redirect Upon Successful Authentication unchecked. Press Finish.
Open jazn-data.xml to configure roles, users and resource grants:
1. Create application role test-role.
2. Grant the test-role privileges to view the test task flow.
3. Create user and grant him the test-role.
Now we have the public available welcome page and the test page with restricted access.
When application runs, the welcome page is displayed as expected. Pressing the test button redirect us to auto-generated login page. After successful authorization the test page is displayed. But nothing happens if we click now the return button for the first time. When we click the return button once more, the application crushes with Error-500 and message "Target Unreachable, identifier 'bindings' resolved to null". The exact error trace depends on UI control bindings, but looks like this:
javax.el.PropertyNotFoundException: //C:/Users/DUDKIN/AppData/Roaming/JDeveloper/system11.1.2.0.38.60.17/o.j2ee/drs/Test1/ViewControllerWebApp.war/test.jsf @10,120 value="#{bindings.Id.inputValue}": Target Unreachable, identifier 'bindings' resolved to null
     at com.sun.faces.facelets.el.TagValueExpression.isReadOnly(TagValueExpression.java:122)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer._getUncachedReadOnly(EditableValueRenderer.java:476)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.getReadOnly(EditableValueRenderer.java:390)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.wasSubmitted(EditableValueRenderer.java:345)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.decodeInternal(EditableValueRenderer.java:116)
     at oracle.adfinternal.view.faces.renderkit.rich.LabeledInputRenderer.decodeInternal(LabeledInputRenderer.java:56)
     at oracle.adf.view.rich.render.RichRenderer.decode(RichRenderer.java:342)
     at org.apache.myfaces.trinidad.render.CoreRenderer.decode(CoreRenderer.java:274)
     at org.apache.myfaces.trinidad.component.UIXComponentBase.__rendererDecode(UIXComponentBase.java:1324)
(the rest of lines skipped).
Any suggestions?
Edited by: user13307311 on Apr 16, 2013 11:39 PM

@Lovin_JV_941794
The welcome page is public available since it does not have appropriate PageDef file.
Login page comes not from the welcome page, it comes after attempt to access the test page. So after the login succeeded the test page appears, because redirect to welcome page after successful login is not configured. I do not need to return the welcome page at this moment, I need to go to the test page.
It seems the task flow call stack to be destroyed after redirect to login page.
Edited by: user13307311 on Apr 17, 2013 12:45 AM

ADF Security, Task Flow as a region in a page resource grant

JDeveloper 12c (12.1.2); Application uses ADF form based security, external LDAP provider (Active Directory)
After sign-in page (upon successful authentication/authorization) user is forwarded to a page that executes VO method prior to render. I am new to task flow concept and am told to achieve this like:
- create bounded task flow, with method call activity (execute exposed AM method that calls VO method, runs custom SQL) and view activity as page fragment.
- then drop the above task flow into a page as a region
In ADF security setup, I gave resource grant task-flow to certain application role. Started the application, login and got 403 error. Then went back and gave resource grant 'view' to the actual page that contains task flow. It worked fine.
So the question is, when protecting application (implemented with task flows) with ADF security, I thought it is enough to grant those task flows to whatever application roles (groups) and inherently any page that uses that task flow(s) (as a region) will be protected?
From this test, it seems that I have to assign each page (that has task flow as a region) to application roles individually?

Hi,
any page that is contained in a bounded task flow is protected by the task flow permission grant, this is correct. If this is not what you see, please file a bug with support or send me a simple reproducible test case please. My mail address (replace all < name > with the described symbol.
frank <dot> nimphius <at> oracle <dot> com
The test case will need to be in a ZIP file nemaed to "unzip" and should be able for me to run stand alone (please no database scripts to run prior to try the test case)
Frank

ADF Security Customization

Hi All,
I have unique requirement of creation of users, roles and policies.
In my project i need to create users and roles dynamically other than from EM console or Jdeveloper i.e from front end. The data will flow through a BPEL process and the users, roles and policies have to be created.
How to create these users in "system-jazn.xml" dynamically?
Weblogic - 11g (11.1.1)
Please let me know in case of any additional information required..
Reagrds
Surya

Hi,
its not an ADF Security question but OPSS (Oracle Platform Security Services), which is the owner of that file. However, this blog entry shows you how to use the OPSS API to access the Role Manager and User Manager in OPSS to do what you want
http://fusionsecurity.blogspot.com/2009/07/opss-sample-application.html
Frank

ADF Security in JDeveloper 10.1.3.4

Similar Messages

Maybe you are looking for