ADF security : JAZN-LDAP

Hi,
We are working on the development of an application with Oracle ADF (JDev 10.1.3).
We implemented security with lightweight XML provider and it's working perfectly.
Next month we will deploy our application and so we will use a LDAP server.
Is it easy to jump from XML to LDAP?
Do we just have to select LDAP prodiver in the security wizard and then to map application groups to LDAP groups in the orion-application.xml file?
With this solution, is it still possible to edit authorizations at design time for pages, iterators, etc ?
Thanks in advance for your help!

Hi,
you didn't read the documentation, do you ? Anyway, the LDAP upload is a bit difference from how you imagine it
- ADF Security permissions are written to the workspaces' \.adf\META-INF\app-jazn-data.xml file. So in fact you don't change the security settings for your project in JDeveloper. This means it remains for future addition
- You use a migration utility provided by OC4J Security to create an XLIFF file out of \.adf\META-INF\app-jazn-data.xml
http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/configxml.htm#CIHIFGBJ
- Then you upload this to OID
Frank

Similar Messages

Declarative ADF Security with LDAP provider other than OID possible ?

All samples I found regarding declarative security in ADF are done with an .xml repository or mention the possible use of OID as such repository.
Thing is that client will not have OID but other LDAP v3 compilant provider.
In this scenario is it possible to use the ADF Declarative Security or should we have to implement a custom module for the interaction ?
Thanks,
Claudio.

You are right, in this article:
http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
says:
In Oracle Containers for J2EE 10.1.3, users can also be defined in 3rd party LDAP servers.
However it doesn't give any concrete sample.
Question is: can I say the client that we can develop based on .xml or OID and then change to other 3rd party LDAP server without changing code ?
Thanks,
Claudio.

Migrating ADF Security from file-based provider to LDAP provider

We have deployed a small application using ADF Security with file-based provider in OAS and it works fine.
Now we want to migrate to ADF Security using LDAP provider.
In order to make this possible we followed the next steps:
- Migrate all the roles and policies from the file to OID with JAZNMigrationtool.
- In OAS we've changed the Application Security Provider to 'Oracle Identity Management'.
- Reset the OC4J instance.
But there was no success, the application continues working with the file-based provider.
What more is necessary to configurate?

Hi,
if you use EM make sure you change the setting for the application, not the general OC4J setting.
You can also deploy the provider settings with the orion-application.xml file added to your project
Frank

ADF Security Framework

Hi,
Has somebody successfully implemented ADF Security framework with LDAP provider?
I followed this nice article by Frank http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
and it works but very slow - I must say I have maybe 100 VO's attributes on page, but to wait 3minutes to get rendered the page is too long. Maybe some bottleneck somewhere so I am asking...
thanks,
Branislav

Hi
I have also used ADF security using LDAP with less VO's per page without any problems.
I must tell you however that during development I use file based security and change it to LDAP later on during deployment on the application server (I use 10.1.3.1).If you combine this with SSO then you end up with a neat solution -- that in my case more or less works satisfactorily. :-)
Thanassis

How to use ADF Security policies in OID Ldap

Hello
My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
Introduction to ADF Security in JDeveloper 10.1.3.2
An Oracle JDeveloper Article
Written by Frank Nimphius, Oracle Corporation
February, 2007
I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: EF37EAA603C611DDBFAE635A1BB60EE0
orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
orcljaznjavaclass: java.security.UnresolvedPermission
orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissionactions:
uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
The system-jazn-data.xml includes all entries correctly.
rgds

Eurika
finally solved,
runing the JAZNMigrationTool requires setting the correct classpath,
Setting the classpath to the following
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
if however, you add the adfshare.jar to the classpath
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
now the tool will migrate the permission policies , the following shows an extract from the LDIF file
dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: A5E662E204D411DDBF8807BC4864C5C2
orclGuid: A5E662E204D411DDBF8807BC4864C5C2
orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
orcljaznpermissionactions: read,update
uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Ammar Sajdi
www.e-ammar.com/Oracle.html

Configuring ADF Security to use LDAP

HI All
We are building an application which is secured using SSO authentication. We have an LDAP setup for this.
During development, we wanted to configure LDAP in ADF Security Wizard in Jdeveloper for authentication. I tried the following in ADF Security Wizard in the 10 steps of the wizard:
1) Configure ADF for Web Application, enforce Authorization
2) Enable Credential Store
3) No Policy Store
4) LDAP Identity Store
5) Enter LDAP credentials, LdAp URL, user base
6) No Anonymous Provider
7) Did not select any login module
8) Form Based Authentication, generate default
9) Added pages that need to be secured
10) Finish
The login page is rendered whenever i try to access a protected page. But when I enter the LDAP user credentials for login, it does not work. It says "You are not authorized to view this page".
Is there anything missing in the setup that is causing the issue. Any pointers on this would be helpful.
Thanks
Srinidhi.

Hi,
note that there don't exist documentation for configuring ADF Security in JDeveloper 11 with LDAP. In general, ADF Security in JDeveloper 11 is not yet ready for SSO and LDAP testings and still is under development. Note that LDAP authentication - as container managed authentication - is configured in the jps-config.xml file of the deployed application. However, as said, its not documented and would be just too much at this point to put into a forum answer
Frank

Migrating ADF Security to WLS using OID

I have seen a number of posts on this forum regarding deploying an application which has ADF Security enabled to a stand-alone WebLogic server, but none of them seem to address the following.
I have an application in JDeveloper which uses an XML-based identity store and policy store. I have a stand-alone WLS which is connected to OID. I am trying to migrate the credential store and policy store to the OID configured for my stand-alone WLS. The various blogs and OTN articles mentioned frequently in this forum regarding ADF Security address configuring OID in WLS, as well as how to migrate security to XML-based providers on WLS. However, I have not seen any information on how to migrate security to OID in WLS. I have a few questions in particular:
1) JDeveloper online help has limited information for modifying the jps-config.xml to have a destination context, service instance, and service provider for LDAP (OID). It has configuration parameters for “JpsFarmName” and “JpsRootNodeName”. What are these used for, and what should the values be?
2) Does the jps-config.xml file need to be modified in WLS (i.e. <Domain>/config/oracle/jps-config.xml)? Is this file even used at runtime by WLS?
3) How does WLS know to use OID for obtaining credential, identity, and policy information instead of system-jazn-data?
Any information on this topic would be very appreciated!
Thanks,
Erick

Hi,
I am using migrateSecurityStore for policy migration from xml to OID.
migrateSecurityStore(type="policyStore",configFile="t2p-policies.xml",src="XMLsourceContext",dst="LDAPdestinationContext")
when I run above command I am getting following error.
Jul 9, 2009 11:00:08 AM oracle.security.jps.internal.config.util.BootstrapConfig
urationUtil getCredentialFromBootstrapWallet
SEVERE: Cannot get credential. Reason java.security.PrivilegedActionException: o
racle.security.jps.service.credstore.CredStoreException.
COMMAND FAILED due to an unknown reason, Check the stack trace for details
Traceback (innermost last):
File "<console>", line 1, in ?
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 780, in migrateSec
urityStore
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 752, in migrateSec
urityStoreImpl
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(
LdapPolicyStore.java:230)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:108)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:55)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServ
iceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.DelegatingContextFactoryImp
l.findServiceInstance(DelegatingContextFactoryImpl.java:61)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:206)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getCo
ntextFromConfig(JpsContextFactoryImpl.java:171)
at oracle.security.jps.internal.tools.utility.util.JpsHelper.getContextF
romConfigObj(JpsHelper.java:115)
at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.g
etPolicyStoreForDestination(JpsPolicyAPIManager.java:157)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDs
tPolicy.<init>(JpsDstPolicy.java:186)
at oracle.security.jps.internal.tools.utility.destination.JpsInitializer
Dst.getDestinations(JpsInitializerDst.java:82)
at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtili
ty.java:63)
at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl
.migrateAllPolicyData(JpsUtilMigrationPolicyImpl.java:234)
at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand
(JpsUtilMigrationTool.java:167)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsRuntimeException
: Cannot read the default policy store.
thanks and regards
KishoreM

ADF security and database

Hi all,
I am implementing ADF security on my application and I came across the following Documents:
1- http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
2-http://www.oracle.com/technology/products/jdev/howtos/1013/oc4jjaas/oc4j_jaas_login_module.htm
and I have a few of questions :
1- in ADF security, the edit authorization options in the PageDef reads the roles (gorups) stored on the system-jazn-data.xml file. If my roles are stored on the Database how can I read them?
2- In the first document it is said " If the role name in web.xml matches a group name in system-jazn-data.xml, no further mapping is required. If the names do not match, then the web.xml role name needs to be mapped to the name in the system-jazn-data.xml using the orion-application.xml file. ". Can I do the mapping between the system-jazn-data.xml and the Database?
3-When I assign ADF security permissions on PageDefs, It will be stored in the app-jazn-data.xml file. Can I store/read those permissions from the Database and no the app-jazn-data.xml file or at least can I do some kind of mapping between the Database and this file?
thanks in advance,
Ahmad Esbita

Hi albertpi,
Thanks for you response. This is our first ADF application.
We are planning to impliment the security as mentioned above.
We can configure the LDAP users in Weblogic server.
We have a page with multiple tables which need to be shown based on the User roles.
These roles we are planning to define in the table.
1. I need to show list of users from my LDAP Users on the ADF UI to assign the roles.
2. We will be defining our list of roles in a database table, which not sure whether they need to map to ADF application security roles.
Data in table will be something like this.
User Role
Admin Tab1
Admin Tab2
Admin Tab3
User1 Tab1
User2 Tab2
User2 Tab3
Once the User is logged in we will read this table to show/hide the respective tabs.
Can you tell us are we in right path, if yes How to achieve this.
Thanks,
Satya

ADF Security against database?

I am working with JDeveloper 10.1.3.4 on a project which uses adf/bc and adf faces/jsf 1.1; the application is deploying to iAS 10.1.3.4 and is hooked as a mid-tier instance via SSO to an infra iAS instance on another machine.
How do you change ADF Security to reference a database table to find out settings for page/iterator/attribute security settings?
Most of the existing code in this environment is Web Pl/sql toolkit and portal work. I am adding ADF apps. They would like to control what the different roles have access to via the database...hence this question.
Normally with ADF Security you use an editor in JDeveloper which you can access from within the page def file in the structure pane within JDeveloper; I think this changes system-jazn.xml. If you, instead, want these settings to be located within a database table, what do you have to do?
In my initial research I am thinking somehow I must create an override for ADFPermission.getContext() somehow...but I have not figured out if that is right or not yet.
It may just be easier to re-invent the wheel: just do things programmatically using Java; but there is a lot of structure inherant in ADF Security that I would be reproducing if I go that route, I think.
Anybody have any ideas?
I am continuing to research this issue, but I think this is an unusual use-case; so I am not expecting to find this answer anywhere in particular. Maybe somebody knows this off the top of their head.

Right, Frank; I mostly meant that it would help me learn more about the subject of J2EE permissions. Vik has pointed me in the direction of the Sun Java Forums for more information on this topic, which I will hopefully get a chance to pursue.
Thank you for getting back to me. Thank you again, also, for all your work on custom login modules; I have used that work of yours several times professionally. It is just that this client I am working with now is satisfied with their SSO/LDAP setup...they just want to store permissions in the database also.

JDev11 R.1. ADF Security Authorization

Hi,
I would like to know if it might be possible to use authenticatication via RDBMS authentication provider of Weblogic App. Server and ADF Security Authorization together in a JDev 11 application?. I am reading documentation and it says that; 'ADF Security relies on the jazn-data.xml file for the policy store whether you are using the XML-based identity store or the LDAP identity store. One could define roles and its access rights in jazn-data.xml and might expect authentication and isUserInRole services coming from the authentication service without defining users (role members) at design time. Is it or will it be possible in future?
Best Regards.

Hi
I think it is too early and I don't know if they will ever build this. ( because they also have to support other app servers). Is RDBMS authentication provider of Weblogic App. Server a JAAS implementation?
in TP4 you had a db login module , don't know if this is supported in 11g production.
jps-config.xml
<serviceInstance provider="jaas.login.provider" name="testlogin">
<description>Sample LoginModule</description>
<property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="ovs_user" name="table"/>
<property value="jdbc/OVSDS" name="data_source_name"/>
<property value="role_name" name="groupMembershipGroupFieldName"/>
<property value="password" name="passwordField"/>
<property value="ovs_user_role_view" name="groupMembershipTableName"/>
<property value="role_name" name="usernameField"/>
<property value="role_name" name="pw_encoding_class"/>
<property value="oracle.security.jazn.login.module.db.util.DBLoginModuleMD5Encoder" name="groupMembershipGroupFieldName"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="oracledb.loginmodule">
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
<property value="passwd" name="passwordField"/>
<property value="role_name" name="groupMembershipGroupFieldName"/>
<property value="jdbc/authschemaDS" name="data_source_name"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="application_roles" name="groupMembershipTableName"/>
<property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule" name="loginModuleClassName"/>
<property value="FINEST" name="log.level"/>
<property value="username" name="usernameField"/>
<property value="application_users" name="table"/>
<property value="username" name="user_pk_column"/>
<property value="username" name="roles_fk_column"/>
<property value="tolower" name="casing"/>
<property value="oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder" name="pw_encoding_class"/>
</serviceInstance>
thanks Edwin
Edited by: biemond on Oct 19, 2008 10:50 AM

JDEV 10.1.3.1 "ADF security" questions

Hi,
We have a couple of questions about ADF security. Hope someone knows something about it. Any help is deeply appreciated. Jdeveloper version we use is 10.1.3.1.
1. Using the ADF security to develop the application, can we deploy it to the IAS and switch to LDAP (OID) or we are obligated to use system-jazn-data.xml on IAS as well? If we have to use system-jazn-data.xml on IAS, do we need to copy the exact system-jazn-data.xml file to IAS embeddedoc4j/config directory? Any other configurations we need to do?
2. I read some documents that say it is prefered to use LDAP(OID) and
that's what we really want on the IAS. So if the answer for question 1 is we
have to use system-jazn-data.xml, does oracle have any plan for the future to
change it? I guess my question is will that be possible for us to develope the
app using system-jazn-data.xml on the developer's station (for testing
purpose) and later on we can convert it LDAP (OID) when we deploy it on IAS.
Thanks,
Annie
Message was edited by:
user447669

Hi,
1)
can we deploy it to the IAS and switch to LDAP (OID)
yes.
If we have to use system-jazn-data.xml on IAS, do we need to copy the exact system-jazn-data.xml file to IAS embeddedoc4j/config directory?
No. Only make suere the users and user goup exist and copy the JAAS Permissions added by ADF security
2) There exist a migration utility to upload ADF Security permissions from syste-jazn-data.xml to OID. It is explained in teh OC4J security guide (chapter 7) whih comes with the Oracle Application Serber 10.1.3.1
Frank

ADF Security set up - step by step tutorial - quick question

Hi
We have standalone WLS running and we have configured our ADF app security enabled in JDeveloper.
It appears that there are manual steps needed to setup on WLS or EM for users and groups in order for JDev
1- we're still unclear on what steps needed to setup on standalone WLS to get embedded LDAP or OID to match up with the users and application roles defined in JDeveloper.
We, using the ADF Security wizard have added users and application roles.
2- How do we get jazn-data.xml merged or converted to system-jazn-data.xml in standalone WLS ? Is that a manual copy merge ?
3- Is there one tutorial that would show and explain all the pieces needed to get ADF security working beginning from JDev configurations all the way to standalone WLS configuration ?
4- Which do we use to configure users and groups ? WebLogic console or Enterprise Manager ? It appears that there are 2 ways of doing it
We apologise for wrong ideas if you think we are wrong in security configurations.

Hi,
+1- we're still unclear on what steps needed to setup on standalone WLS to get embedded LDAP or OID to match up with the users and application roles defined in JDeveloper.+
We, using the ADF Security wizard have added users and application roles.
Only application roles are deployed to a stand alone WLS server (as it probably runs in production mode). So the enterprise role names (WLS groups) need to exist on WLS. This can be through manual creation using the integrated LDAP or OID, database or whatever your identity management system is. If a group name doesn't match the enterprise role name you chose in JDeveloper, you can use weblogic.xml to map the names. This can also be done using Enterprise Manager (which I think usually is preferred for production systems)
+2- How do we get jazn-data.xml merged or converted to system-jazn-data.xml in standalone WLS ? Is that a manual copy merge ?+
For security reasons, production WLS configurations only allow application roles and permissions to be automatically copied into the system-jazn-data.xml file. Users and user groups are not allowed to be copied as it would have a risk that developer deploy a backdoor into a server which then can be used by unauthorized users. As mentioned in 1), you need to provide user groups and users through your identity management system. If this is LDAP in WLS then you use the WLS console to create these. Also note that if your application uses a Java EE datasource, this needs to be configured on the stand alone server. Same here, credentials cannot be deployed to a stand alone server
+3- Is there one tutorial that would show and explain all the pieces needed to get ADF security working beginning from JDev configurations all the way to standalone WLS configuration ?+
There are 4 recordings about ADF Security here: http://www.oracle.com/technetwork/developer-tools/adf/learnmore/adfinsider-093342.html (just search for ADF Application Security and watch the 4 sessions in a row)
+4- Which do we use to configure users and groups ? WebLogic console or Enterprise Manager ? It appears that there are 2 ways of doing it+
If WLS LDAP is your identity store, you use the WLS console. All of ADF Security configuration beyond user and group provisioning is in Enterprise Manager
Frank

GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0

If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
Are you getting either of the following errors?
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
1) Create a new application.
2) Create three .jspx pages called login, error, and welcome.
3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
4) Right-Click on your Application and select Secure->Configure ADF Security
5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
<policy-store>
    <applications>
      <application>
        <name>SecurityError</name>
        <app-roles>
          // Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
          <app-role>
            <name>anonymous-role</name>
            <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
            <display-name>anonymous-role</display-name>
          </app-role>
         // Whew, the end of that app role
        </app-roles>
        <jazn-policy>
          <grant>9) You're going to want to delete that app role XML
10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
12) Run your welcome page. Yay, the error is gone. How sweet it is.
Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
// You fool!
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not FoundThat's not so good. Let's fix that.
1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
3) Re-run your welcome page.
// Suckered AGAIN!
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
Ahh!! Now THAT's how we do it in Kingsport!
Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
Will

Ha :-)
Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
But your call, no pressure of course ;-)
CM.

ADF Security unable to run/deploy

Hi all,
I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
But I failed with the following error messages, can anybody help me?
Thanks in advanced.
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : wsm-pm
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
2009年11月16日下午02:13:38 oracle.wsm.audit.Auditor <init>
資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
2009年11月16日下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
2009年11月16日下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
DefaultServer startup time: 53578 ms.
DefaultServer started.
[Running application TestLogin on Server Instance DefaultServer...]
<2009年11月16日下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : TestLogin
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application policy migration for [TestLogin] is completed successfully.
2009年11月16日下午02:13:50 JpsApplicationLifecycleListener Policy Migration
資訊: Codebase policy migration for [TestLogin] is completed successfully.
<2009年11月16日下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
[02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
[02:13:50 PM] See server logs or server console for more details.
[02:13:50 PM] #### Deployment incomplete. ####
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
     at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
     at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
     ... 11 more
Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
     ... 12 more
#### Cannot run application TestLogin due to error deploying to DefaultServer.
[Application TestLogin stopped and undeployed from Server Instance DefaultServer]
Samson Fu

I found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
Regards,
Samson Fu

ADF security : How to get fnd_users list in weblogic server

Hi All,
I have a question related to ADF security.
I am able to apply ADF security to the application, where users information and roles are defined in jazn.xml file.
On deployment, users/ roles information is being successfully ported to weblogic server.
But my requirement is to fetch users information from fnd_users table. If you have any idea as how to get the fnd_users data to weblogic, please reply.
Thanks,
Randhir

Thanks John.
I went through the link and got steps for authentication with fnd_users.
I have one more question on this.
Do I need to enable jazn.xml for implementing security or only the steps given in this link is sufficient?
Since roles are also stored into fnd table, how to secure the taskflow? (roles are not defined in jazn.xml)

ADF security : JAZN-LDAP

Similar Messages

Maybe you are looking for