ADF security logout problem in adfAuthentication?logout =true

Similar Messages

• Web Center app with ADF Security - login problem

  I have a custome Oracle Web Center app.
  I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
  P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
  Edited by: new_to_webcenter on 18-Jan-2011 05:25

  Thanks for your response Frank.
  The web.xml has
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.html</form-error-page>
  </form-login-config>
  </login-config>
  When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
  "/faces/postLogin.jspx"
  this then adds into web.xml
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/postLogin.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  So the sequence which works is:
  Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
  I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
  So should the form be posting to j_security_check directly or to the adfAuthentication ?

• Web Center app ADF Security - login problem

  I'm making an Oracle Web Center app.
  I have an app page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.

  Ah so when you try to access a JSPX page it works but when you try to access an HTML page it does not work?
  I can't see what the problem could be if it works for a JSPX but not for an HTML. Perhaps something with the filters in the web.xml
  Maybe you should ask this at the ADF forum: JDeveloper and ADF
  The guys there have way more understanding about this stuff than here.

• ADF security logout not working

  Hi,
  Using ADF Faces and JDeveloper 11.1.1.1.0 (5407).
  I have a secure ADF application, my login is working fine, however once I attempt to perform a logout using methods indicated in both the Fusion Developer's Guide and various blog posts my application begins to act strangely.
  Using the Forms based authentication I have login.html and error.html setup and working.
  I have a home.jspx (unsecured, no bindings whatsoever) as my landing page, and welcome.jspx as my successful authentication redirect page, both on my adfc-config diagram and with a control flow case 'login' between them.
  In my jazn-data.xml file I have granted the 'authenticated-role' access to the welcome page.
  The web.xml file includes the login.html and error.html files listed.
  The above works, I can login and am successfully redirected to the welcome page with a user account I have specified, and if I use wrong login information I am redirected to error.html.
  Now, I have tried 2 methods to get LOGOUT working properly and both are not working.
  Firstly and most simply I tried using the following on my welcome page:
  <af:commandNavigationItem text="Logout" id="cni1" destination="/adfAuthentication?logout=true&amp;end_url=faces/home.jspx"/>When I click the link, this does redirect me to the home page and there are no warnings/errors in the server log.
  However... when I then click on the Login link on the home page that should prompt me to login again, the home page just flickers and nothing happens. Again no warnings/errors in logs.
  I am then forever stuck on the home page.
  The second method I tried involves using a backing bean, which I have registered in my adfc-config.xml file with 'request' scope.
  On my welcome.jspx:
  <af:commandLink text="Logout" id="gl1" action="#{loginBean.doLogout}"/>My link calls the doLogout() method in my backing bean containing:
    import java.io.IOException;
    import javax.faces.context.ExternalContext;
    import javax.faces.context.FacesContext;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;
    public String doLogout() throws IOException {
      ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
      HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
      HttpSession session = (HttpSession)ectx.getSession(false);
      session.invalidate();
      response.sendRedirect("home.jspx");
      return null;
    }The application DOES redirect me to home.jspx however I get the following error in the logs:
  java.lang.IllegalStateException: Cannot forward a response that is already committed
       at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:122)
       at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:410)
       at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:44)
       at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:44)
       at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:44)
       Truncated. see log file for complete stacktrace
  AND...the same thing happens as with my other attempt, I am stuck on the home page and clicking the login link just flickers the page.
  I feel as if I have followed the Fusion Developer's Guide on how to do this down to a T, however I am not getting a working solution.
  Any help would be greatly appreciated.
  Thankyou,
  Matthew.

  I have had a few developments...
  I found out that after I have been redirected to home.jspx where my Login link just refreshes the page on click... if I instead manually change the end of the URL in the address bar of my browser to /welcome.jspx, then it works...I get prompted to login again. This proves that I am actually being logged out, if I change the URL manually before I click my logout link (calling the logout method) it does not request for me to log in again.
  So it seems that the problem lies with my action reference on my login link.
  <af:commandLink text="Enter" id="cl1" action="login" inlineStyle="font-size:small;"/>the action 'login' works UNTIL i logout, then it does not work anymore...
  Second to this, I tried a different LOGIN method using:
  <af:commandNavigationItem text="Login" id="cni1" inlineStyle="font-size:small; text-decoration:none;"
                                          destination="/adfAuthentication?success_url=faces/welcome.jspx"/>When using this way to login, I can login, logout AND LOG BACK IN successfully...
  However as soon as I click on ANY component that uses a control flow case it just refreshes the page.
  re-proving from the first example that the problem is that control flow cases stop working after a logout.
  so basically, once I log out and then try to navigate a control flow case, the page I am on just refreshes and the navigation does not occur.
  Surely someone now can elaborate on this.
  Regards,
  Matthew.

• Error during ADF Security logout in 12c

  Hello,
  I'm in the process of migrating my application from 11.1.2.4 to 12.1.2.0, and one thing I've noticed is the following error message in the weblogic logs when logging out of ADF Security:
  <Error> <oracle.adf.share.http.HttpSessionScopeAdapter> <BEA-000000> <HttpSessionScopeAdapter:  Request is in an invalid state.  Could not access the request session.>
  The logout still seems to work fine however. Currently I'm logging out with the following code (from here):
  ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
  ectx.redirect(ectx.getRequestContextPath() + "/adfAuthentication?logout=true&end_url=/faces/home");
  FacesContext.getCurrentInstance().responseComplete();
  Every time I press logout, the above error happens 5 times in the logs.
  I've also tried using the logout code from the 12c documentation and that produces the same error, but interestingly only produces that error 4 times.
  Is there something extra or different that is supposed to be done to log out of ADF security in 12c? I can't imagine that getting an error repeatedly is what should be expected.
  Thanks!

  Hello,
  I gave that idea a try, and it was the same result as the very similar manual logout code given in the documentation I tried earlier: http://docs.oracle.com/middleware/1212/adf/ADFFD/adding_security.htm#ADFFD21669
  The logout happens successfully, but that error message shows up in the logs at least once. Whenever I do a logout without going through the authentication servlet, the error is always logged exactly 1 time fewer. In my application I migrated from 11gR2 to 12c, the error would happen 4 times (5 through the servlet), and in the fresh sample 12c app I made earlier this week, it happens 1 time (2 through the servlet).
  I should also add that all of this testing has just been done in the integrated weblogic 12c server that comes with JDeveloper 12c.

• ADF Security to J2EE Container Managed Security Problems

  Hi al!
  I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
  For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
  Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
  What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
  Part of my web.xml file:
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/app/index.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>adfAuthentication</servlet-name>
  <url-pattern>/adfAuthentication/*</url-pattern>
  </servlet-mapping>
  <security-role>
  <description>Admins</description>
  <role-name>admin_role</role-name>
  </security-role>
  <security-role>
  <description>Users</description>
  <role-name>user_role</role-name>
  </security-role>
  <security-role>
  <role-name>oc4j-administrators</role-name>
  </security-role>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>AllAdmins</web-resource-name>
  <url-pattern>faces/admin/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin_role</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>AllUsers</web-resource-name>
  <url-pattern>faces/app/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>user_role</role-name>
  <role-name>admin_role</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>oc4j-administrators</role-name>
  <role-name>user_role</role-name>
  <role-name>admin_role</role-name>
  </auth-constraint>
  </security-constraint>
  Do I have to remove this adfAuthentication tags?
  I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
  Thank you in advance!
  Bye
  PS
  Maybe stack trace after login:
  FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

  Hi there!
  I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
  log("method equals start",0);
  log("another type = " + another.getClass(), 0);
  if (another instanceof Principal)
  Principal mine = (Principal)another;
  log("Principal mine.getName() = " + mine.getName(), 0);
  The result is this output (after navigating to page that gives 401 forbidden):
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
  07/10/12 08:46:09 [DBUserPrincipal] method equals start
  07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
  Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
  Thank you!
  BB

• Logout problem and back button

  Hi all,
  i have a backing bean called NaviBean which contains navigation in my application:...
  public String showBuchung() {
            result = NavigationResults.UEBERSICHT;
            return result;
       public String showJahresUebersicht() {
            result = NavigationResults.JAHRESUEBERSICHT;
            return result;
       public String logout() {
            servicefacade.logout();
            return NavigationResults.LOGOUT;
       }Bean for Jahresuebersicht and Buchung are with session scope. When the user navigates to Buchung hits the back button and then uses the logout button all works fine. Whe he tries the same with Jahresuebersicht the page Jahresuebersicht is shown again...
  Here the Logout method:
  public boolean logout(){
            FacesUtils.resetManagedBean(BeanNames.USER_BEAN, null);
            FacesUtils.resetManagedBean(BeanNames.JAHR_BEAN,null);
            FacesUtils.resetManagedBean(BeanNames.UEBERSICHT_BEAN, null);
            HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
            FacesContext context = FacesContext.getCurrentInstance();
            context.getApplication().getNavigationHandler().handleNavigation(context, "","User logged out successfully!");
            HttpSession session = request.getSession();
            session.invalidate();
            return true;
       }What is wrong with my navigation? Why this behaviour only for one page/bean? Can anybody help? Regards,
  ak
  Message was edited by:
  barnti

  I have seen this as well. Only the problem does not seem to be resolved by logging out and back in. The machine must be restarted.
  Nor will lowering the color settings make a difference once the behavior is exhibited.
  Mostly see this when first starting up Workgroup Manager on Xserve running 10.3.8 -- screen fails to refresh after some point during WM's attempt to list network users (7k+ users on network).

• Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

  Hi,
  We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
  Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
  Regards,
  Joonas

  Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

• Problem with ADF security and task flow calls

  Hi.
  I am using JDeveloper 11.1.2.0.0.
  I encountered a problem when tried to apply ADF security to my application.
  The way to reproduce the problem:
  1. Create new Fusion Web Application;
  2. Import Business Components from Tables from any existing schema and add at least one table to the ApplicationModule.
  3. Create "welcome page" (for instance, welcome.jsf). Add a button with fixed action outcome "test".
  4. Create test page, for instance, test.jsf. Drag and drop any view object from Data Controls onto the page and create a form with navigation controls. Add a button with fixed action outcome "return".
  5. Create bounded task flow, name it "test", drag and drop our test page on it - the page will be the default activity. Add a task flow return activity. Add a control flow case from the default view activity to the return activity, set From Outcome property to "return". So our return button should cause the task flow to exit.
  6. Open adfc-config.xml in diagram mode and place our welcome page on it. Then drag and drop the test task flow to create a task flow call activity. Add a control flow case from welcome page to task flow call activity, set the From Outcome property to "test". So our test button should call the test task flow.
  7. Configure application to run the unbounded task flow starting with Welcome view activity.
  At this point all works as expected: when application runs, the welcome page is displayed with test button. Pressing the test button results in displaying the test page, return button leads back to the welcome page.
  Now let's configure ADF Security.
  Run the ADF Security configuration wizard, choose ADF Authentication and Authorization.
  On the second page select Form-Based Authentication, check the Generate Default Pages flag.
  On the third page choose No Automatic Grants.
  On the next page keep the Redirect Upon Successful Authentication unchecked. Press Finish.
  Open jazn-data.xml to configure roles, users and resource grants:
  1. Create application role test-role.
  2. Grant the test-role privileges to view the test task flow.
  3. Create user and grant him the test-role.
  Now we have the public available welcome page and the test page with restricted access.
  When application runs, the welcome page is displayed as expected. Pressing the test button redirect us to auto-generated login page. After successful authorization the test page is displayed. But nothing happens if we click now the return button for the first time. When we click the return button once more, the application crushes with Error-500 and message "Target Unreachable, identifier 'bindings' resolved to null". The exact error trace depends on UI control bindings, but looks like this:
  javax.el.PropertyNotFoundException: //C:/Users/DUDKIN/AppData/Roaming/JDeveloper/system11.1.2.0.38.60.17/o.j2ee/drs/Test1/ViewControllerWebApp.war/test.jsf @10,120 value="#{bindings.Id.inputValue}": Target Unreachable, identifier 'bindings' resolved to null
       at com.sun.faces.facelets.el.TagValueExpression.isReadOnly(TagValueExpression.java:122)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer._getUncachedReadOnly(EditableValueRenderer.java:476)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.getReadOnly(EditableValueRenderer.java:390)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.wasSubmitted(EditableValueRenderer.java:345)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.decodeInternal(EditableValueRenderer.java:116)
       at oracle.adfinternal.view.faces.renderkit.rich.LabeledInputRenderer.decodeInternal(LabeledInputRenderer.java:56)
       at oracle.adf.view.rich.render.RichRenderer.decode(RichRenderer.java:342)
       at org.apache.myfaces.trinidad.render.CoreRenderer.decode(CoreRenderer.java:274)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.__rendererDecode(UIXComponentBase.java:1324)
  (the rest of lines skipped).
  Any suggestions?
  Edited by: user13307311 on Apr 16, 2013 11:39 PM

  @Lovin_JV_941794
  The welcome page is public available since it does not have appropriate PageDef file.
  Login page comes not from the welcome page, it comes after attempt to access the test page. So after the login succeeded the test page appears, because redirect to welcome page after successful login is not configured. I do not need to return the welcome page at this moment, I need to go to the test page.
  It seems the task flow call stack to be destroyed after redirect to login page.
  Edited by: user13307311 on Apr 17, 2013 12:45 AM

• Major Logout Problems

  I am working with a school lab with 30 2 Ghz Intel Core Duo iMacs. They are all running 10.5.5. We have multiple logout and shut down problems -- they vary from one machine to another, sometimes you can shut or logout fine and sometimes weird things happen.
  Examples:
  This one is most common -- it has happened frequently on virtually every machine -- logout begins, then the top menu in the finder vanishes and nothing else happens. You can move the cursor around the desktop, but nothing is clickable. This will continue forever, for days if you let it, until you force the machine to shut down with the power button or pulling the plug.
  Sometimes logout or shut down is held up because programs like Safari won't let go. This is aggravating with thirty kids in the room.
  Also, many of the machines have power button problems. One simply would not work at all for weeks, the "magically" came back to life. Reminds me of the old days with the slot-loader G3 iMacs, where power button springs failed repeatedly.
  There are other issues as well, and I can't see any way out of this. Any help would be appreciated.
  -=-Ron-=-

  I am running into the same logout problems. While we wait for an Apple fix, instances of this are widely reported elsewhere (in suspicion of [smb connections|http://discussions.apple.com/thread.jspa?messageID=7801045] hanging, [launchd shortcomings|http://discussions.apple.com/thread.jspa?messageID=7503037&#793236 0], or [unknown reasons|http://discussions.apple.com/thread.jspa?messageID=8197295], etc.), so with all that info I'm trying to establish robust workarounds at this point. This is particularly problematic for me as interrupting the logout means they're still connected to our servers, and when they try later on a different machine, it denies them as logged in elsewhere. In any case, I'll post back with more info, especially if a reliable fix is found.
  As for problems powering up the machines, based on recent precedent, I'd venture that it isn't the actual power button mechanism. We had a recent rash of those symptoms after a before-hours 'brown-out' when the Macs had been left running. The Macs appeared off upon our arrival, but were utterly unresponsive. Suspecting they weren't really turned off, but rather 'almost off and crashed', we tried holding the power buttons, which is supposed to tell the power manager to forcibly cut power and reset itself. This, too, failed(!). In any case, unplugging them all from power for thirty seconds, plugging them back in, waiting another thirty seconds, and finally tapping the power buttons normally got them all back. I hope you're in the same boat. Good luck.
  Ciao for now, Joel

• ADF security   problem

  hi ,
  I created a page called " main.jspx " and I used the ADF security in jdeveloper 11.1.1.2.0 . I deployed my application to a standalone weblogic . When I typed "http://localhost:7001/test/faces/main.jspx" , it redirected to "http://localhost:7001/test/login.html" . After typing correct "username" and "password" ,it redirected to my "main.jspx" . That is correct . But now I open this application in jdeveloper 11.1.1.3.0 , and redeploy it to a standalone weblogic . When I typed "http://localhost:7001/test/faces/main.jspx" , it directly show the main.jspx page . Why no Authentication ? I "remove ADF Security Configuration" and " reconfigure ADF Security" . It doesn't work . But if I create a new application and use ADF security in jdeveloper 11.1.1.3.0 . The new application works well . I need to work with my old application . Can you give me any advice ? thanks!!

  duplicate
  Frank

• ADF Security Log Out issue

  Hi,
  We have implemented ADF security and using form based authentication. The problem we are facing is during logout, in IE we see a NullPointerException, before the login page is displayed. Please note that this functionality works fine in Firefox and Chrome. Also this happens only in standalone weblogic server. It works perfectly fine in a cluster. The logout link is command link which goes to logout.jspx. The implementation in logout.jspx is as follows
  <?xml version='1.0' encoding='windows-1252'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1">
  <jsp:directive.page contentType="text/html;charset=windows-1252"/>
  <jsp:forward page="/adfAuthentication">
  <jsp:param name="logout" value="true"/>
  <jsp:param name="end_url" value="#{initParam.loginURL}"/>
  </jsp:forward>
  </jsp:root>
  the loginURL is configured in web.xml as */faces/login.jspx.*
  The exception stack trace is .
  <Dec 10, 2012 7:44:44 AM UTC> <Notice> <WebLogicServer> <BEA-000360> <Server
  started in RUNNING mode>
  <Dec 10, 2012 7:45:51 AM UTC> <Warning> <oracle.adf.share.ADFContext>
  <BEA-000000> <Automatically initializing a DefaultContext for getCurrent.
  Caller should ensure that a DefaultContext is proper for this use.
  Memory leaks and/or unexpected behaviour may occur if the automatic
  initialization is performed improperly.
  This message may be avoided by performing initADFContext before using
  getCurrent().
  For more information please enable logging for oracle.adf.share.ADFContext at
  FINEST level.>
  <Dec 10, 2012 7:45:51 AM UTC> <Error>
  <oracle.adf.controller.internal.binding.TaskFlowRegionModel> <BEA-000000>
  <1i9kmqwku_121>
  <Dec 10, 2012 7:45:51 AM UTC> <Warning>
  <oracle.adf.view.rich.component.fragment.UIXRegion> <ADF_FACES-00009> <Error
  processing viewId: /InventoryUIShell URI:
  /oracle/communications/inventory/ui/framework/templates/InventoryUIShell.jspx
  actual-URI: /oracle/communications/platform/cui/fragments/mainArea.jsff.
  oracle.adf.controller.internal.InvalidViewPortIdException: ADFC-14000: View
  port ID '1i9kmqwku_33' is invalid.
  at
  oracle.adfinternal.controller.state.ControllerState.setCurrentViewPort(Control
  lerState.java:1319)
  at
  oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
  lerContextImpl.java:135)
  at
  oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
  lerContextImpl.java:52)
  at
  oracle.adf.controller.internal.binding.TaskFlowRegionModel.doProcessEndRegion(
  TaskFlowRegionModel.java:320)
  at
  oracle.adf.controller.internal.binding.TaskFlowRegionModel.processEndRegion(Ta
  skFlowRegionModel.java:237)
  at
  oracle.adf.view.rich.component.fragment.UIXRegion$RegionContextChange.undoChan
  geImpl(UIXRegion.java:1209)
  at
  oracle.adf.view.rich.context.DoableContextChange.suspend(DoableContextChange.j
  ava:49)
  at
  oracle.adf.view.rich.context.DoableContextChange.undoChange(DoableContextChang
  e.java:103)
  at
  oracle.adf.view.rich.component.fragment.UIXRegion._endInterruptibleRegion(UIXR
  egion.java:726)
  at
  oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
  .java:576)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
  ava:88)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
  ava:88)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
  .java:565)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
  nentBase.java:797)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
  omponentBase.java:986)
  at
  org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
  nentBase.java:972)
  Any pointers to resolve this would be helpful.
  Thanks,

  Hi,
  Check these
  http://tompeez.wordpress.com/2010/07/26/logout-with-confirmation-dialog/
  http://www.oracle.com/technetwork/developer-tools/adf/learnmore/jan2011-otn-harvest-300940.pdf

• About login authentication in ADF Security

  I have applied ADF Security in application which I learned from the Cue Cards example and I did it successfully but I wanted to change the login page.
  So I created a PopUp which I learned from "Oracle JDeveloper 11g Handbook A Guide to Oracle Fusion Web Development" and instead of the Menu Button, I used a Go Link Button as I had done in the Cue Cards example.
  But the problem is how to manage the login/logout authentication. As in the book I created a managed bean to handle login and the code is :
  package inventory.controller;
  import java.io.IOException;
  import javax.faces.application.FacesMessage;
  import javax.faces.context.FacesContext;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.login.FailedLoginException;
  import javax.security.auth.login.LoginException;
  import javax.servlet.RequestDispatcher;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import weblogic.security.SimpleCallbackHandler;
  import weblogic.security.services.Authentication;
  import weblogic.servlet.security.ServletAuthentication;
  public class LoginHandler {
  private String _username;
  private String _password;
  public LoginHandler() {
  super();
  public String performLogin() {
  byte[] pw = _password.getBytes();
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  CallbackHandler handler = new SimpleCallbackHandler(_username, pw);
  try {
  Subject mySubject = Authentication.login(handler);
  ServletAuthentication.runAs(mySubject, request);
  String loginUrl =
  "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId();
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  sendForward(request, response, loginUrl);
  } catch (FailedLoginException fle) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
  "An incorrect Username or Password" +
  " was specified");
  ctx.addMessage(null, msg);
  } catch (LoginException le) {
  reportUnexpectedLoginError("LoginException", le);
  return null;
  private void sendForward(HttpServletRequest request,
  HttpServletResponse response, String loginUrl) {
  FacesContext ctx = FacesContext.getCurrentInstance();
  RequestDispatcher dispatcher = request.getRequestDispatcher(loginUrl);
  try {
  dispatcher.forward(request, response);
  } catch (ServletException se) {
  reportUnexpectedLoginError("ServletException", se);
  } catch (IOException ie) {
  reportUnexpectedLoginError("IOException", ie);
  ctx.responseComplete();
  private void reportUnexpectedLoginError(String errType, Exception e) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected Error During Login",
  "Unexpected Error during Login (" + errType +
  "), please consult logs for detail");
  FacesContext.getCurrentInstance().addMessage(null, msg);
  e.printStackTrace();
  public String performLogout() {
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  String logoutUrl =
  "/adfAuthentication?logout=true&end_url=/faces/home";
  sendForward(request, response, logoutUrl);
  return null;
  public void setUsername(String _username) {
  this._username = _username;
  public String getUsername() {
  return _username;
  public void setPassword(String _password) {
  this._password = _password;
  public String getPassword() {
  return _password;
  But as I run the page and click the login link, it displays the PopUp box but I think it can't get the username and password from the field inserted and displays the error message specified in the above code(ie in try/catch) when I enter the required username and password and click the login button. So is there something in the code, I ran the application TUHRA which I downloaded, which was an example in the book I specified. and it went well and the login popup worked well.
  And I want to know that how to work the button by just pressing Enter key without clicking the button ? And also is there procedural change in the ADF configuration in jDev 11.1.1.1.0 and jDev 11.1.1.5.0 as I have jDev 11.1.1.5.0 installed and there was something different in following the steps specified in the book but I managed it by looking at the cure cards example. So is this the steps problem or something else?
  Thanks in advance.

  I didn't design the login page but I just created a PopUp window and in the popup window I inserted two Input text fields for username and password.
  And i set the 'value' of the username field as "#{login.username}" and the 'value' of the password field as "#{login.password}"
  Also in the login button the "action" set to #{login.performLogin}.
  And the button which I use to display the popup is a Go Link button, the "Destination" is set to "#{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/home.jspx" : "/adfAuthentication?success_url=/faces/home.jspx"} ".
  I inserted the popup inside the Go Button in the structure window.
  And Added the managed bean in the adfc config.xml with the following properties:
  Name as “login”
  Class as “inventory.controller.LoginHandler”
  Scope as “request”
  If I don't use the popup and login with the default generated login form , the login is successful
  And also when i removed the ADF security configuration, the meta data didn't go away and when i reconfigured the security some error is diplayed in the log details as cannot create or something like rewrite the users.
  Please help I don't have much time to complete my project. its an emergency.
  Edited by: SudeepShakya on Nov 4, 2011 10:06 AM

• [SOLVED] ADF Security: No success with DBTableOraDataSourceLoginModule

  Hi,
  because do not have success to implement simple ADF Security to my application for weeks I try it again with this post.
  Hopefully someone who was already successful with this issue can give me the hint, missing step or something else.
  I have read many forum posts, blogs and documentation (10.x) but because ADF security has been changed from 10g to 11g I'm never sure if a documented step from 10g is necessary for 11g also.
  I also posted my problem to posts with similar problems but no response :-(
  I use 11g, TP4.
  My Requirement:
  =============
  - user accounts and roles are stored within database tables
  - roles are not used (every user has the same rights) but stored in the database table
  - Custom Login-Page (jspx)
  - At login ADF Security only needs to check if the entered user/password is stored in the database table (no password encryption is used at the moment)
  Steps I have done:
  ADF Security wizard:
  ================
  Step 1: Enforce Authorization NOT checked (Also tried to CHECK this checkbox)
  Redirect upon sucessfull Authentication CHECKED
  generate Default CHECKED
  Step 2: No identity store CHECKED
  Step 3: Enable Credital Store CHECKED
  Step 4: No Policy Store CHECKED
  Step 5: Enable Anonymous Provider
  Step 6: Manage Login Modules --> Add "oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
  Name = oracledb.loginmodule
  Login Control Flag = Required
  Log Level = fine
  --> Add "oracledb.loginmodule" as the only "Selected login module"
  Step 7: Form-Based Authentication
  Generate default is CHECKED
  Step 8: WebResources: allPages
  Selected Roles: valid-users
  Step 9: FINISH Wizard
  Then I edit jps-config.xml manually. Here the actual content:
  =============================================================
  <serviceInstance provider="jaas.login.provider"
  name="oracledb.loginmodule">
  <property value="true" name="debug"/>
  <property value="REQUIRED" name="jaas.login.controlFlag"/>
  <property value="true" name="addAllRoles"/>
  <property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
  name="loginModuleClassName"/>
  <property value="FINE" name="log.level"/>
  <property value="jdbc/TLS-BOBDS" name="data_source_name"/>
  <property value="passwort" name="passwordField"/>
  <property value="rol_rolle" name="groupMembershipGroupFieldName"/>
  <property value="bediener_rollen" name="groupMembershipTableName"/>
  <property value="user_kennung" name="usernameField"/>
  <property value="bediener" name="table"/>
  <property value="persnr" name="user_pk_column"/>
  <property value="bed_persnr" name="roles_fk_column"/>
  <property value="toupper" name="casing"/>
  </serviceInstance>
  ====================================
  Then I start the application. Re-direction to the login-page works fine.
  I enter username/password and press submit --> Following error occures in OC4J log:
  ===================
  WARNUNG: TLS-BOB-ViewController-webapp: error encountered during authentication
  java.util.MissingResourceException: Can't find resource for bundle oracle.security.jps.internal.common.resources.common.CommonResources, key JPS-02575
       at java.util.ResourceBundle.getObject(ResourceBundle.java:325)
       at java.util.ResourceBundle.getObject(ResourceBundle.java:322)
       at java.util.ResourceBundle.getString(ResourceBundle.java:285)
       at oracle.security.jps.util.JpsBundle.getString(JpsBundle.java:133)
       at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:424)
       at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:401)
       at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:99)
       at oracle.security.jps.fmw.JpsUserManager.getUserFromIdmStore(JpsUserManager.java:1109)
       at oracle.security.jps.fmw.JpsUserManager.getUser(JpsUserManager.java:1022)
       at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
       at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
       at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletRequest.java:3927)
       at com.evermind.server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6965)
       at com.evermind.server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3350)
       at com.evermind.server.http.HttpRequestHandler.doResolveRequestDispatcher(HttpRequestHandler.java:1005)
       at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:822)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:658)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:626)
       at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:417)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:189)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:163)
       at oracle.oc4j.network.ServerSocketReadHandler$ClientRunnable.run(ServerSocketReadHandler.java:275)
       at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:237)
       at oracle.oc4j.network.ServerSocketAcceptHandler.access$800(ServerSocketAcceptHandler.java:29)
       at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:877)
       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
       at java.lang.Thread.run(Thread.java:595)
  ==================================================
  My questions:
  =============
  1) Are there additional steps necessary to implement ADF Security for my requirements ?
  2) If yes, which? Which files I have to edit manually after ADF security wizard has been finished?
  Any help is warmly welcome !
  regards
  Peter

  Hello
  Many thanks to CP and Andre who gave the missing hints in this tread:
  OC4J 11g and JAZN
  The property custom.provider mentioned by cp was the "missing link" --> now it works.
  BUT "Nobody knows the trouble I've seen ..." !
  I made dozens of trials with the same application and always similar (strange) results.
  When I CHECK "enforce Authorization" in the ADF security wizard then
  the redirection to the Login Page does NOT work (reason is unclear for me)
  If I UNCHECK "enforce Authorization" in the ADF security wizard then
  the redirection to the login page works fine BUT the redirect upon succesful Authentication doesn't work.
  --> In this case following code is missing in web.xml
  =====================
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>welcome.jsp</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  =================================
  I think (but not 100%) that SOMETIMES the propertie "<property value="true" name="custom.provider"/>" has been created by the ADF security wizard.
  SOMETIMES I was not able to create the default welcome.jsp with the ADF Security Wizard, ....
  Maybe someone can reproduce this behaviour and fills a bug.
  regards
  Peter

• How to handle multiple SSO in ADF Security Framework

  Hello All,
  I have a question about ADF security with multiple SSO provider.
  What I am trying to achieve:
  Assume there are SSO provider A, B and C. Each provider will grant a different role to the ADF application (A grant Admin, B grant Business Manager, C grant Configuration Manager). Sign out from the ADF application will log all the SSO out at the same time.
  What I know:
  Each SSO will need to have information about the role it provides. I will also need to write code like the following: (modified from an old answer from Frank Nimphius before)
      try {
          IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore(); //Need to get the specific IDM store based on the SSO the user is using.
          try {
              UserManager userManager = idstore.getUserManager();
              RoleManager roleManager = idstore.getRoleManager();
              Role role = idstore.searchRole(Role.SCOPE_APPLICATION,idmRole); //Again, idmRole based on which SSO the user is using.
                  // create user
                  //TODO check for empty username and password
                  User user = userManager.getUser(SecurityContext.getUserName()); //the user may already login from another SSO.
                  if (user == null)
                      user = userManager.createUser(this.username,this.password.toCharArray());
                  roleManager.grantRole(role,user.getPrincipal());
              } catch (IMException e) {
                  // TODO
          } catch (JpsException e) {
              // TODO
          return null;
  }Also a logout code like this
        doLogout()
           if(A) logoutFromA(user);
           if(B) logoutFromB(user);
           if(C) logoutFromC(user);
        } My Question:
  Would the code above handle what I described? Also, how do I set the SecurityContext for ADF security - Or the grantRole automatically does that for me?

  Hello Sudipto,
  Yeah, I had watched that tutorial, it is pretty helpful on getting 1 SSO working with the ADF security.
  I am confused when there is multiple provider - do I setup the web gate so that "http://myapp:7777/LoginViaA" point to SSO Provider A, "http://myapp:7777/LoginViaB" point to SSO Provider B and so forth? **Note: the login/username can be different on different SSO provider.
  In that case, I will still need to set the value in SecurityContext to say "This current user login as [email protected] via SSO A and [email protected] via SSO B", or is there some other way to handle this?
  Thanks,
  Louis