Adf security misbehaving in production environment

Similar Messages

• ADF Logger in Production environment

  Hi all,
  By using the jdeveloper i have developed a web application which is using the adf loggers.i deployed this SIT environment and made entry to the logging.xml in the weblogic server.
  But when ever they restart the server logging.xml is getting over written and the entry i made is getting deleted.
  How can i configure this with in my application.
  Thanks in advance
  Edited by: 926968 on Jul 5, 2012 4:31 AM

  Hi Rakesh,
  Make sure you have migrated the policy store to the production server. When Weblogic Server is running in production mode, automatic credential overwrite is not allowed. From the developer's guide:
  When the target server is configured for production mode, you typically handle the migration task outside of JDeveloper using tools like Oracle Enterprise Manager. For details about using tools outside of JDeveloper to migrate the policy store to the domain-level in a production environment, see the Oracle Containers for J2EE Security Guide. Note that Oracle WebLogic Server running in production mode does not support the overwriting of system credentials under any circumstances.http://docs.oracle.com/cd/E26098_01/web.1112/e16182/adding_security.htm#CDDGFDFH
  HTH,
  Joonas

• Security Issue httpOnlyCookies="true" is not working with production environment

  Dear All, 
  I have tired to make set cookie value as httpOnly
  The development environment is working fine and give me an output like that 
  Set-Cookie
  WSS_KeepSessionAuthenticated={3644d93c-d1d3-46cd-845f-42c01640ab21};
  path=/;
  HttpOnly
  But when implement the same changes in web.config production environment its not working 
  Set-Cookie                NLSessionCdomainweb=a98q9jnsy0vXk5+RHeHnlKmM+HnneA9KmhIAR6g1bJiwTs8sD6d7dfV1gBffc8HiJXBowxdO8LhZAiIEKiFY6PzNWySyRs5rvgCfPu8XIFnqKcN4XQ4UL9PN3JI3f4E6;path=/;domain=.domain.com
  I am using sharepoint 2010, under web.config i made the following changes  
  Add following tags under system.web
  <httpRuntime maxRequestLength="2097151" enableVersionHeader="false"
  />
  <httpCookies httpOnlyCookies="true"/>
  Add following tags under <system.webServer>
    <httpProtocol>
        <customHeaders>
                 <remove name="X-Powered-By" />
               <remove name="MicrosoftSharePointTeamServices" />
        </customHeaders>
      </httpProtocol>
  Can any one tell me why it's happening i have checked all possible reasons from my side but no success  
  Regards 
  Rashid Bilgrami 
  RB

  Hi,
  From your description, I know you want to set cookie value as httpOnly but it is not work.
  Please try to add codes below to your global.asax file:
  <SCRIPT language="C#" runat="server">
  protected void Session_Start(Object sender, EventArgs e)
   try
    if (Request.IsSecureConnection == true)
                  Response.Cookies ["ASP.NET_SessionId"].Secure = true;
   catch (Exception)
  </SCRIPT>
  Please refer to this article:
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/0fe55c13-3911-422e-af17-cb5c1ab2abd7/missing-secure-httponly-flags-on-sharepoint-2010-cookie?forum=sharepointadminprevious.
  Best Regards
  Vincent Han
  TechNet Community Support

• Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

  Hi,
  We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
  Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
  Regards,
  Joonas

  Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

• ADF Security to J2EE Container Managed Security Problems

  Hi al!
  I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
  For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
  Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
  What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
  Part of my web.xml file:
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/app/index.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>adfAuthentication</servlet-name>
  <url-pattern>/adfAuthentication/*</url-pattern>
  </servlet-mapping>
  <security-role>
  <description>Admins</description>
  <role-name>admin_role</role-name>
  </security-role>
  <security-role>
  <description>Users</description>
  <role-name>user_role</role-name>
  </security-role>
  <security-role>
  <role-name>oc4j-administrators</role-name>
  </security-role>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>AllAdmins</web-resource-name>
  <url-pattern>faces/admin/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin_role</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>AllUsers</web-resource-name>
  <url-pattern>faces/app/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>user_role</role-name>
  <role-name>admin_role</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>oc4j-administrators</role-name>
  <role-name>user_role</role-name>
  <role-name>admin_role</role-name>
  </auth-constraint>
  </security-constraint>
  Do I have to remove this adfAuthentication tags?
  I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
  Thank you in advance!
  Bye
  PS
  Maybe stack trace after login:
  FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
  FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
  FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
  FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
  24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
  FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

  Hi there!
  I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
  log("method equals start",0);
  log("another type = " + another.getClass(), 0);
  if (another instanceof Principal)
  Principal mine = (Principal)another;
  log("Principal mine.getName() = " + mine.getName(), 0);
  The result is this output (after navigating to page that gives 401 forbidden):
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
  07/10/12 08:38:36 [DBRolePrincipal] method equals start
  07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
  07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
  Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
  07/10/12 08:46:09 [DBUserPrincipal] method equals start
  07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
  07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
  Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
  Thank you!
  BB

• Oracle ADF security integration with Oracle E-Business Suite SDK JAAS

  I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
  When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
  I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
  When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
  Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  Any thoughts on why that would be?
  Thanks
  Dan

  Thanks Juan.
  With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
  [JpsAuth] Check Permission
  PolicyContext: [TestApp]
  Resource/Target: [untitled1PageDef]
  Action: [view]
  Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
  Result: [FAILED]
  Evaluator: [ACC]
  Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
  CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
  Principals=total 2 of principals(
  1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
  2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
  When I access the same page from my integrated weblogic server I see:
  [JpsAuth] Check Permission
  PolicyContext: [TestApp]
  Resource/Target: [untitled1PageDef]
  Action: [view]
  Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
  Result: [FAILED]
  Evaluator: [ACC]
  Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
  CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
  Principals=total 2 of principals(
  1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
  2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
  When I review my EAR - I do see jazn-data.xml at:
  /META-INF/jazn-data.xml
  I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
  Thanks.
  -Dan

• Oracle ADF Secured App Gives HTTP 401 Error

  I am new to Oracle ADF Framework. I develop on JDeveloper 11g R2 with Weblogic 10.3.5.0. I developed an project like described in a Firebox training video on Youtube link: [http://bit.ly/HT1HZ9] . You can download my project from http://db.tt/Y8J3fj3y
  The video was about creating a custome login page. You have to create login,error anad the target pages. When you try to open target page login page comes then you enter your credentials. After success yoou should be directed to the target page. I used a backing bean to process credentials but instead of redirected to target page the response page gives:
  Error 401--Unauthorized From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1: 10.4.2 401 Unauthorized
  And the weblogic console this error:
  Target URL -- http://127.0.0.1:7101/Deneme-ViewController-context-root/faces/protectedPage.jspx
  <ViewHandlerImpl> <_checkTimestamp> Apache Trinidad is running with time-stamp checking enabled. This should not be used in a production environment. See the org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION property in WEB-INF/web.xml
  <UIXEditableValue> <_isBeanValidationAvailable> A Bean Validation provider is not present, therefore bean validation is disabled
  <LifecycleImpl> <_handleException> ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
  java.lang.IllegalStateException: Cannot forward a response that is already committed
  at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:122)
  at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:546)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at oracle.adfinternal.view.faces.config.rich.RecordRequestAttributesDuringDispatch.dispatch(RecordRequestAttributesDuringDispatch.java:44)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at org.apache.myfaces.trinidadinternal.context.FacesContextFactoryImpl$OverrideDispatch.dispatch(FacesContextFactoryImpl.java:167)
  at com.sun.faces.application.view.JspViewHandlingStrategy.executePageToBuildView(JspViewHandlingStrategy.java:363)
  at com.sun.faces.application.view.JspViewHandlingStrategy.buildView(JspViewHandlingStrategy.java:154)
  at org.apache.myfaces.trinidadinternal.application.ViewDeclarationLanguageFactoryImpl$ChangeApplyingVDLWrapper.buildView(ViewDeclarationLanguageFactoryImpl.java:341)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:982)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:334)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:232)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:313)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:173)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:122)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:293)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:199)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  <Apr 18, 2012 3:21:24 PM EEST> <Error> <HTTP> <BEA-101020> <[ServletContext@28001210[app:Deneme module:Deneme-ViewController-context-root path:/Deneme-ViewController-context-root spec-version:2.5]] Servlet failed with Exception
  java.lang.IllegalStateException: Cannot forward a response that is already committed
  at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:122)
  at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:546)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at oracle.adfinternal.view.faces.config.rich.RecordRequestAttributesDuringDispatch.dispatch(RecordRequestAttributesDuringDispatch.java:44)
  Truncated. see log file for complete stacktrace
  >
  <Apr 18, 2012 3:21:24 PM EEST> <Notice> <Diagnostics> <BEA-320068> <Watch 'UncheckedException' with severity 'Notice' on server 'DefaultServer' has triggered at Apr 18, 2012 3:21:24 PM EEST. Notification details:
  WatchRuleType: Log
  WatchRule: (SEVERITY = 'Error') AND ((MSGID = 'WL-101020') OR (MSGID = 'WL-101017') OR (MSGID = 'WL-000802') OR (MSGID = 'BEA-101020') OR (MSGID = 'BEA-101017') OR (MSGID = 'BEA-000802'))
  WatchData: DATE = Apr 18, 2012 3:21:24 PM EEST SERVER = DefaultServer MESSAGE = [ServletContext@28001210[app:Deneme module:Deneme-ViewController-context-root path:/Deneme-ViewController-context-root spec-version:2.5]] Servlet failed with Exception
  java.lang.IllegalStateException: Cannot forward a response that is already committed
  at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:122)
  at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:546)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at oracle.adfinternal.view.faces.config.rich.RecordRequestAttributesDuringDispatch.dispatch(RecordRequestAttributesDuringDispatch.java:44)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWrapper.java:93)
  at org.apache.myfaces.trinidadinternal.context.FacesContextFactoryImpl$OverrideDispatch.dispatch(FacesContextFactoryImpl.java:167)
  at com.sun.faces.application.view.JspViewHandlingStrategy.executePageToBuildView(JspViewHandlingStrategy.java:363)
  at com.sun.faces.application.view.JspViewHandlingStrategy.buildView(JspViewHandlingStrategy.java:154)
  at org.apache.myfaces.trinidadinternal.application.ViewDeclarationLanguageFactoryImpl$ChangeApplyingVDLWrapper.buildView(ViewDeclarationLanguageFactoryImpl.java:341)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:982)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:334)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:232)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:313)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:173)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:122)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:293)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:199)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  SUBSYSTEM = HTTP USERID = <WLS Kernel> SEVERITY = Error THREAD = [ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)' MSGID = BEA-101020 MACHINE = Metasis-PC TXID = CONTEXTID = 922cea34c05f1394:4758d71c:136c5648195:-8000-0000000000000074 TIMESTAMP = 1334751684128
  WatchAlarmType: AutomaticReset
  WatchAlarmResetPeriod: 30000
  >
  <Apr 18, 2012 3:21:26 PM EEST> <Alert> <Diagnostics> <BEA-320016> <Creating diagnostic image in c:\users\metasis\appdata\roaming\jdeveloper\system11.1.2.1.38.60.81\defaultdomain\servers\defaultserver\adr\diag\ofm\defaultdomain\defaultserver\incident\incdir_39 with a lockout minute period of 1.>
  My backing bean java code:
  public String doLogin() {
  String un = _username;
  byte[] pw = _password.getBytes();
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
  Subject mySubject;
  try {
  mySubject = Authentication.login(new URLCallbackHandler(un, pw));
  ServletAuthentication.runAs(mySubject, request);
  ServletAuthentication.generateNewSessionID(request);
  String loginUrl = "/adfAuthentication?success_url=/faces/protectedPage.jspx";
  HttpServletResponse response = (HttpServletResponse)ctx.getExternalContext().getResponse();
  RequestDispatcher dispatcher = request.getRequestDispatcher(loginUrl);
  dispatcher.forward(request, response);
  //response.sendRedirect(loginUrl);
  } catch (FailedLoginException e) {
  FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR, "Invalid Username or Password", "Invalid Username or Password");
  ctx.addMessage(null, msg);
  } catch (Exception e) {
  e.printStackTrace();
  return null;
  And before the application start there is an interesting error code:
  [03:20:38 PM] Redeploying Application...
  <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: oracle.security.jps.JpsException: java.lang.reflect.InvocationTargetException.
  <AppPolicyHandler> <migrateAppPolicies> Migration of application policy failed. Reason: oracle.security.jps.JpsException: java.lang.reflect.InvocationTargetException.
  [03:20:55 PM] Application Redeployed Successfully.
  Thanx for the help!

  Hi
  i have created a similar adf project from the same site.
  i am facing the same issue.
  i deleted the anonymous role but i still get the HTTP 404 error
  here is my jazn.data.xml file
  Please help out on this
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
  <jazn-realm default="jazn.com">
  <realm>
  <name>jazn.com</name>
  <users>
  <user>
  <name>bob</name>
  <credentials>{903}roINL8sMhkkl2tkXbhufyu80sTkEtEBXt79hzI/P3uI=</credentials>
  </user>
  <user>
  <name>julie</name>
  <credentials>{903}sS25AaE6ZE1B3sqmsWr0DmNcDbY+id0734qTxK6bam8=</credentials>
  </user>
  </users>
  <roles>
  <role>
  <name>managerGroup</name>
  <members>
  <member>
  <type>user</type>
  <name>bob</name>
  </member>
  </members>
  </role>
  </roles>
  </realm>
  </jazn-realm>
  <policy-store>
  <applications>
  <application>
  <name>adf_security</name>
  <app-roles>
  <app-role>
  <name>manager</name>
  <class>oracle.security.jps.service.policystore.ApplicationRole</class>
  <members>
  <member>
  <name>managerGroup</name>
  <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
  </member>
  </members>
  </app-role>
  </app-roles>
  <jazn-policy>
  <grant>
  <grantee>
  <principals>
  <principal>
  <name>manager</name>
  <class>oracle.security.jps.service.policystore.ApplicationRole</class>
  </principal>
  </principals>
  </grantee>
  </grant>
  </jazn-policy>
  </application>
  </applications>
  </policy-store>
  </jazn-data>
  Thenx

• Migrating ADF Security Policies to Active Directory

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

• ADF Security in JDeveloper 10.1.3.2

  Hi,
  i used this link http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
  to apply security to my AD application using the JAN but i faced a problem which is ,if i logged in using the user i create on the OTC i always get this error HTTP Error 403 - Forbidden "You are not authorized to view this page", Although i didn't apply the authorization on my pages yet.
  can anyone help?
  Thanx

  Hi,
  using ADF Security, security is enabled as soon as you switch on ADF Security. Its a pessimistic thinking that is that you don't have access unless explicitly granted access
  Frank

• Java.lang.NullPointerException in MQ adapter in Production Environment

  Hi,
  My Process like Send the request to ResultsAAA or ResultsBBB (MQ queue) and Dequeue the msg req from the queue(ResultsAAA OR ResultsBBB) basing on the request request goes to either ResultsAAA or ResultsBBB and executing the bpel and we are configured Error Queue for no data.When I test it I got the following exexption in production environment,please provide any sugestion/directions.
  Exception
  [2012-02-10T09:58:33.168-05:00] [Soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: orabpel.invoke.pool-4.thread-13]
  [userId: <anonymous>] [ecid: fda340adc9569001:4b5fb511:13546d7766d:-8000-0000000000cb7
  1aa,0:1:102971537] [APP: soa-infra] [composite_name: ResultsAAA] [component_instance_id: 102715847] [component_name:
  ResultsAAA] MQ Series Adapter ResultsBBB:PostBBB
  LToTrends [ Dequeue_ptt::Dequeue(body) ] Error retrieving NXSD encoding...
  [2012-02-10T09:58:33.173-05:00] [Soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: orabpel.invoke.pool-4.thread-36]
  [userId: <anonymous>] [ecid: fda340adc9569001:4b5fb511:13546d7766d:-8000-0000000000cb7
  1d4,0:1:102971543] [APP: soa-infra] [composite_name:  ResultsAAA] [component_instance_id: 102715855] [component_name: 
  ResultsAAA] MQ Series Adapter ResultsBBB:PostBBB
  LToTrends [ Dequeue_ptt::Dequeue(body) ] Error retrieving NXSD encoding...
  [2012-02-10T09:58:33.185-05:00] [Soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: orabpel.invoke.pool-4.thread-13]
  [userId: <anonymous>] [ecid: fda340adc9569001:4b5fb511:13546d7766d:-8000-0000000000cb7
  1aa,0:1:102971537] [APP: soa-infra] [composite_name: ResultsAAA] [component_instance_id: 102715847] [component_name:
  ResultsAAA] MQ Series Adapter ResultsBBB:PostBBB
  LToTrends [ Dequeue_ptt::Dequeue(body) ] [[
  java.lang.NullPointerException
  at oracle.tip.adapter.mq.outbound.MessageProducer.getEncodingFromNXSD(MessageProducer.java:402)
  at oracle.tip.adapter.mq.outbound.MessageProducer.updateMessageEncodingFromNXSD(MessageProducer.java:427)
  at oracle.tip.adapter.mq.outbound.MessageProducer.produce(MessageProducer.java:363)
  at oracle.tip.adapter.mq.outbound.InteractionImpl.execute(InteractionImpl.java:168)
  at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAInteractionInvoker.executeJcaInteraction
  (JCAInteractionInvoker.java:311)
  at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAInteractionInvoker.invokeJcaReference
  (JCAInteractionInvoker.java:525)
  at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAInteractionInvoker.invokeAsyncJcaReference
  (JCAInteractionInvoker.java:508)
  at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAEndpointInteraction.performAsynchronousInteraction
  (JCAEndpointInteraction.java:491)
  at oracle.integration.platform.blocks.adapter.AdapterReference.post(AdapterReference.java:231)
  at oracle.integration.platform.blocks.mesh.AsynchronousMessageHandler.doPost(AsynchronousMessageHandler.java:142)
  at oracle.integration.platform.blocks.mesh.MessageRouter.post(MessageRouter.java:194)
  at oracle.integration.platform.blocks.mesh.MeshImpl.post(MeshImpl.java:215)
  at sun.reflect.GeneratedMethodAccessor1672.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
  at java.lang.reflect.Method.invoke(Method.java:611)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint
  (ReflectiveMethodInvocation.java:182)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:148)
  at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy303.post(Unknown Source)
  at oracle.fabric.CubeServiceEngine.postToMesh(CubeServiceEngine.java:806)
  at com.collaxa.cube.ws.WSInvocationManager.invoke(WSInvocationManager.java:258)
  at com.collaxa.cube.engine.ext.common.InvokeHandler.__invoke(InvokeHandler.java:1056)
  at com.collaxa.cube.engine.ext.common.InvokeHandler.handleNormalInvoke(InvokeHandler.java:583)
  at com.collaxa.cube.engine.ext.common.InvokeHandler.handle(InvokeHandler.java:130)
  at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELInvokeWMP.__executeStatements(BPELInvokeWMP.java:74)
  at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:158)
  at com.collaxa.cube.engine.CubeEngine._performActivity(CubeEngine.java:2463)
  at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2334)
  at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1115)
  at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal
  (PerformMessageHandler.java:73)
  at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:220)
  at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:328)
  at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4350)
  at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4281)
  at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:679)
  at com.collaxa.cube.engine.delivery.DeliveryService.handleInvoke(DeliveryService.java:654)
  at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(CubeDeliveryBean.java:293)
  at sun.reflect.GeneratedMethodAccessor1609.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
  at java.lang.reflect.Method.invoke(Method.java:611)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint
  (ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed
  (ReflectiveMethodInvocation.java:148)
  at com.bea.core.repackaged.springframework.jee.intercept.MethodInvocationInvocationContext.proceed
  (MethodInvocationInvocationContext.java:104)
  at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:94)
  at java.security.AccessController.doPrivileged(AccessController.java:284)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
  at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:81)
  at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:89)
  at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:105)
  at sun.reflect.GeneratedMethodAccessor1588.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
  at java.lang.reflect.Method.invoke(Method.java:611)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.jee.intercept.JeeInterceptorInterceptor.invoke
  (JeeInterceptorInterceptor.java:69)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed
  (ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed
  (DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke
  (DelegatingIntroductionInterceptor.java:102)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed
  (ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit
  (MethodInvocationVisitorImpl.java:37)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback
  (EnvironmentInterceptorCallbackImpl.java:54)
  at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed
  (ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke
  (ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed
  (ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed
  (DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke
  (DelegatingIntroductionInterceptor.java:102)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed
  (ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy290.handleInvoke(Unknown Source)
  at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.__WL_invoke(Unknown
  Source)
  at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
  at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.handleInvoke(Unknown
  Source)
  at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle
  (InvokeInstanceMessageHandler.java:35)
  at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(DispatchHelper.java:140)
  at com.collaxa.cube.engine.dispatch.BaseDispatchTask.process(BaseDispatchTask.java:88)
  at com.collaxa.cube.engine.dispatch.BaseDispatchTask.run(BaseDispatchTask.java:64)
  at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:897)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:919)
  at java.lang.Thread.run(Thread.java:736)
  [2012-02-10T09:58:33.185-05:00] [Soa_server1] [ERROR] [] [oracle.soa.adapter] [tid: orabpel.invoke.pool-4.thread-36]
  [userId: <anonymous>] [ecid: fda340adc9569001:4b5fb511:13546d7766d:-8000-0000000000cb7
  1d4,0:1:102971543] [APP: soa-infra] [composite_name: ResultsAAA] [component_instance_id: 102715855] [component_name:
  ResultsAAA] MQ Series Adapter ResultsBBB:PostBBB
  LToTrends [ Dequeue_ptt::Dequeue(body) ] [[
  java.lang.NullPointerException
  Thanks
  Mani

  hi paul,
  Thanks for reply,Actuly in my Input schema I include another data type and data type base schema.
  Can I add that encoding on the xml document declaration for each schema or it is sufficient only for
  main Input schema.
  Thanks
  Mani

• Best practice for a deplomyent (EAR containing WAR/EJB) in a productive environment

  Hi there,
  I'm looking for some hints regarding to the best practice deployment in a productive
  environment (currently we are not using a WLS-cluster);
  We are using ANT for buildung, packaging and (dynamic) deployment (via weblogic.Deployer)
  on the development environment and this works fine (in the meantime);
  For my point of view, I would like to prefere this kind of Deploment not only
  for the development, also for the productive system.
  But I found some hints in some books, and this guys prefere the static deployment
  for the p-system.
  My question now:
  Could anybody provide me with some links to some whitepapers regarding best practice
  for a deployment into a p-system ??
  What is your experiance with the new two-phase-deploment coming up with WLS 7.0
  Is it really a good idea to use the static deployment (what is the advantage of
  this kind of deployment ???
  THX in advanced
  -Martin

  Hi Siva,
  What best practise are you looking for ? If you can be specific on your question we could provide appropriate response.
  From my basis experience some of the best practices.
  1) Productive landscape should have high availability to business. For this you may setup DR or HA or both.
  2) It should have backup configured for which restore has been already tested
  3) It should have all the monitoring setup viz application, OS and DB
  4) Productive client should not be modifiable
  5) Users in Production landscape should have appropriate authorization based on SOD. There should not be any SOD conflicts
  6) Transport to Production should be highly controlled. Any transport to Production should be moved only with appropriate Change Board approvals.
  7) Relevant Database and OS security parameters should be tested before golive and enabled
  8) Pre-Golive , Post Golive should have been performed on Production system
  9) EWA should be configured atleast for Production system
  10) Production system availability using DR should have been tested
  Hope this helps.
  Regards,
  Deepak Kori

• Best Practice for Production environment

  Hello everyone,
  can someone share the best practice for a production environment? or is there a SAP standard best practice to follow in a Production landscape?
  i understand there are Best practices available for Implementation , Migration and upgrade. But, i was unable to find one for productive landscape
  thanks.

  Hi Siva,
  What best practise are you looking for ? If you can be specific on your question we could provide appropriate response.
  From my basis experience some of the best practices.
  1) Productive landscape should have high availability to business. For this you may setup DR or HA or both.
  2) It should have backup configured for which restore has been already tested
  3) It should have all the monitoring setup viz application, OS and DB
  4) Productive client should not be modifiable
  5) Users in Production landscape should have appropriate authorization based on SOD. There should not be any SOD conflicts
  6) Transport to Production should be highly controlled. Any transport to Production should be moved only with appropriate Change Board approvals.
  7) Relevant Database and OS security parameters should be tested before golive and enabled
  8) Pre-Golive , Post Golive should have been performed on Production system
  9) EWA should be configured atleast for Production system
  10) Production system availability using DR should have been tested
  Hope this helps.
  Regards,
  Deepak Kori

• Production Environment RFC's for EWA.... Please help!!

  We have some of the production environment setup EWA. I will need to add else which are left. I have setup EWA in sandbox for testing. worked fine. but i have question about RFC's.
  My all DEV systems has the following RFC's in solman;
  SM_XXXCLNT100_LOGIN
  SM_XXXCLNT100_READ
  SM_XXXCLNT100_TMW
  SM_XXXCLNT100_TRUSTED
  But my all QAS and PRODUCTION system has the following RFC'c in solman.
  SM_XXXCLNT100_LOGIN
  SM_XXXCLNT100_READ
  SM_XXXCLNT100_TMW
  I thought when I generate auto RFC's from SMSY, it creates the following;
  SM_XXXCLNT100_READ
  SM_XXXCLNT100_TMW
  SM_XXXCLNT100_TRUSTED
  What should I do? if it creates _TRUSTED ONE in PRD, should I delete it? Please help!!
  Question: If I am generating auto RFC's for PRD, it created _LOGIN one too? I am totaly confused??
  Thanks,
  I will definitely post points

  The only reason I want to do that because I have to talk to security folks for that, they will go and look at the other production environments which dont have _TRUSTED rfc...
  Like as I have mentioned, all production has the following rfc's
  SM_XXXCLNT100_LOGIN
  SM_XXXCLNT100_READ
  SM_XXXCLNT100_TMW.
  I dont understand only one thing. how can I get _LOGIN rfc?
  The only reason I am asking, when I did EWA in sandbox, It did not generate _LOGIN rfc...
  Do you have any idea?
  Thanks,

• Providing ADF security  to fusion WebAppliaction (ADF 11g)

  I created ADF application contains single page .
  i am able to deploy this on standalone WLS10.3
  But i need to provide the security to my application.
  I am reading the chapter :
  Enabling ADF Security in a Fusion Web Application in develpers guide.
  is there any other sources like demos / blogs/step by step tutorials about security which is helpful for begginers.if you have , pls provide me.
  Sailaja

  Here are some links:
  - [Adding Security(Oracle Doc)|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/adding_security.htm#BGBCEDDD]
  - [ADF Security Part 1: Container Managed Security (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt1/adfsec1.htm]
  - [ADF Security Part 2: Setup and Authentication (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt2/ADF%20Security%20Authentication%20and%20Setup.htm]
  - [ADF Security Part 3: Authorization (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt3/ADF%20Security%20-%20Authorization.htm]
  - [ADF Security Part 5: ADF BC Entity Security (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt5/ADF%20Entity%20Object%20Security%20through%20ADF%20Security.htm]
  Sireesha

• Oracle ADF Security Login page

  hi.
  I am using oracle ADF 11.1.2.2.0 (oracle Jdevelopr 11g release 2) in my job environment. There are 3000 users working as client level in our company. They have separated user Id and roles. They can change their passwords. There are expiration period for passwords which is handle by in database level. when the employees are going to terminate or retirement , we can control their login status. that mean we change their Active status as a Inactive status. some times we recruit number of emplooyes for cover our business targets. Their User Id also in database table level.
  My main problem is how we can handle number of employees using Oracle ADF security configuration.
  second one is how user can change their passwords.
  Third is how number of employees going to terminate ,handle their Active/Inactive State.
  Fourth one is If we use this Oracle Security system ,project managers or project cordinator or Adminstrator level authenticator must need to deploy time to time war file, because of adding removing users in jazn-data.xml.
  hoping help from you.Thanking for all.

  So, you can define SQLAuthenticator/SQLReadOnlyAuthenticator on Weblogic which will retrieve users from your db table(instead of jazn-data file) to application server.
  Then, in your application you can enable ADF Security and this will generate login page.
  And, this is it :)
  If you need some custom processing before users login to your app, then you can create custom login page and do whatever you want in Java code:
  http://docs.oracle.com/cd/E16162_01/web.1112/e16182/adding_security.htm#BABDEICH
  >
  But 11g has Database connection in Application Resource. Using that connection I need to log to the system using user's User iD and Password
  >
  This connection is valid only in design time. When you deploy your application to application server, then you can include this connection in .ear file, or you can define Data Source on Weblogic(which is better approach).
  To programmatically retreive db connection, you can create utility method in your Application Module.
  Dario