ADF-Security - OID - Weblogic
Hello,
I want to authenticate users of my adf application against OID.
But it doesn't work.
The users wich are created in the default authenticator of the weblogic server can be authenticated an everything works fine.
The users wich came from the OID cannot be authenticated!?!?
I can see all users and theirs roles from OID in the weblogic server.
I set the control flag of both, the default authenticator and my authenticator (OID) to sufficient.
Has anyone an idea?
Hi,
works for me, so its definitively not a bug. Check this: http://oracle.com/technology/products/jdev/tips/fnimphius/oidconfig/index.html
Frank
Similar Messages
-
[JDev11g]: ADF Security and Weblogic 10.3
Hi
i using my owen custom loginmodule configured jps-config.xml using ADF security..
how to deploy to Weblogic 10.3 , is it supported directlly ?
where can i put the jps-config.xml ,
or how to configure?
can any body share some steps?
thanksHi!
With JDeveloper 11g Release the old custom login modules (from TP4 and 10g) are not supported anymore. You have to write your own Custom Authentication provider for WebLogic Server (yes, it uses JAAS Custom Login modules and MBeans).
In WLS 10.3 you have a built-in Database Authentication Provider. You just have to configure it. Try looking in WLS docuementation for details (it is done through the WLS Console and is fairly easy).
Regards,
PaKo -
OAM and ADF Security with WebLogic 11
WebLogic Server 11, ADF 11, OAM 10.1.4.3
I understand (and have successfully implemented) an ADF application with application roles tied to enterprise roles which are mapped to OAM groups (and users). This appears to use the OAMAuthenticator and OAMIdentityAsserter authentication providers from OAM installed into the WLS.
However, there appears to be a gap in the authorization component beyond simple group membership. Does WLS support roles and policies defined in OAM as they might pertain to an ADF application? In the Oracle Access Manager Integration Guide, the entire section on integration with WLS has been removed between versions 10.1.4.0.1 and 10.1.4.3 (along with several other chapters). What is the future direction here? What would be the best means to create roles and policies (including dynamic roles) which extend beyond simple group membership?
Regards,
Tom GreshamFor a start JDeveloper 10.1.3 uses an older version of JSF that WebLogic 11g. You would be best upgrading your app with JDeveloper 11g and then re-deploying.
-
Migrating ADF Security to WLS using OID
I have seen a number of posts on this forum regarding deploying an application which has ADF Security enabled to a stand-alone WebLogic server, but none of them seem to address the following.
I have an application in JDeveloper which uses an XML-based identity store and policy store. I have a stand-alone WLS which is connected to OID. I am trying to migrate the credential store and policy store to the OID configured for my stand-alone WLS. The various blogs and OTN articles mentioned frequently in this forum regarding ADF Security address configuring OID in WLS, as well as how to migrate security to XML-based providers on WLS. However, I have not seen any information on how to migrate security to OID in WLS. I have a few questions in particular:
1) JDeveloper online help has limited information for modifying the jps-config.xml to have a destination context, service instance, and service provider for LDAP (OID). It has configuration parameters for “JpsFarmName” and “JpsRootNodeName”. What are these used for, and what should the values be?
2) Does the jps-config.xml file need to be modified in WLS (i.e. <Domain>/config/oracle/jps-config.xml)? Is this file even used at runtime by WLS?
3) How does WLS know to use OID for obtaining credential, identity, and policy information instead of system-jazn-data?
Any information on this topic would be very appreciated!
Thanks,
ErickHi,
I am using migrateSecurityStore for policy migration from xml to OID.
migrateSecurityStore(type="policyStore",configFile="t2p-policies.xml",src="XMLsourceContext",dst="LDAPdestinationContext")
when I run above command I am getting following error.
Jul 9, 2009 11:00:08 AM oracle.security.jps.internal.config.util.BootstrapConfig
urationUtil getCredentialFromBootstrapWallet
SEVERE: Cannot get credential. Reason java.security.PrivilegedActionException: o
racle.security.jps.service.credstore.CredStoreException.
COMMAND FAILED due to an unknown reason, Check the stack trace for details
Traceback (innermost last):
File "<console>", line 1, in ?
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 780, in migrateSec
urityStore
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 752, in migrateSec
urityStoreImpl
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(
LdapPolicyStore.java:230)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:108)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:55)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServ
iceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.DelegatingContextFactoryImp
l.findServiceInstance(DelegatingContextFactoryImpl.java:61)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:206)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getCo
ntextFromConfig(JpsContextFactoryImpl.java:171)
at oracle.security.jps.internal.tools.utility.util.JpsHelper.getContextF
romConfigObj(JpsHelper.java:115)
at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.g
etPolicyStoreForDestination(JpsPolicyAPIManager.java:157)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDs
tPolicy.<init>(JpsDstPolicy.java:186)
at oracle.security.jps.internal.tools.utility.destination.JpsInitializer
Dst.getDestinations(JpsInitializerDst.java:82)
at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtili
ty.java:63)
at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl
.migrateAllPolicyData(JpsUtilMigrationPolicyImpl.java:234)
at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand
(JpsUtilMigrationTool.java:167)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsRuntimeException
: Cannot read the default policy store.
thanks and regards
KishoreM -
ADF security : How to get fnd_users list in weblogic server
Hi All,
I have a question related to ADF security.
I am able to apply ADF security to the application, where users information and roles are defined in jazn.xml file.
On deployment, users/ roles information is being successfully ported to weblogic server.
But my requirement is to fetch users information from fnd_users table. If you have any idea as how to get the fnd_users data to weblogic, please reply.
Thanks,
RandhirThanks John.
I went through the link and got steps for authentication with fnd_users.
I have one more question on this.
Do I need to enable jazn.xml for implementing security or only the steps given in this link is sufficient?
Since roles are also stored into fnd table, how to secure the taskflow? (roles are not defined in jazn.xml) -
How to use ADF Security policies in OID Ldap
Hello
My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
Introduction to ADF Security in JDeveloper 10.1.3.2
An Oracle JDeveloper Article
Written by Frank Nimphius, Oracle Corporation
February, 2007
I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: EF37EAA603C611DDBFAE635A1BB60EE0
orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
orcljaznjavaclass: java.security.UnresolvedPermission
orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissionactions:
uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
The system-jazn-data.xml includes all entries correctly.
rgdsEurika
finally solved,
runing the JAZNMigrationTool requires setting the correct classpath,
Setting the classpath to the following
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
if however, you add the adfshare.jar to the classpath
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
now the tool will migrate the permission policies , the following shows an extract from the LDIF file
dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: A5E662E204D411DDBF8807BC4864C5C2
orclGuid: A5E662E204D411DDBF8807BC4864C5C2
orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
orcljaznpermissionactions: read,update
uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Ammar Sajdi
www.e-ammar.com/Oracle.html -
ADF BC 11g, Weblogic 10.3 - Deployment Issue with ADF Security
Hi all,
I know there are many many blogs about deployment of an 11g app using ADF Security to a WLS 10.3 server, however, none appear to be working for me.. or I'm not working with them! :P
I've deployed an .ear file to the WLS 10.3 and this works fine - after following these steps
http://www.freewebalbum.com/blogs/faces/bjanko/blogs.jsp?blog=bjanko20090127130431
I then followed Steve's migration technique
http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html
That all built correctly.
I then tried to access the app via browser, entered in the user cred (created under Security Realms in WLS 10.3 admin console - user and groups).
I attempted to login, and received an "Error 401--Unauthorized" error.
I'll that I see in the server log is:
[JpsWlsFilter.doFilter] setContextID to testApp
I'm totally stuck, so any ideas would be awesome.
Cheers,
chrisJust gave that a shot.. No dice unfortunately.
Steve Muench wrote:
You can omit -DdstApp=DEPLOYAPPNAME if the deployed application name is the same as the source application name you supplied in the -DsrcApp=APPNAME argument.I hate massive code dumping... but this is my jazn-data.xml
<?xml version = '1.0' encoding = 'UTF-8'?>
<jazn-data>
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
<users>
<user>
<name>system</name>
<guid>0300AED0A9A411DD8F304FB2D3E85932</guid>
<credentials>{903}G5cbldq4HwMVt/gQpv1lXuNdLYbSu20y</credentials>
</user>
</users>
<roles>
<role>
<name>PlusAdmin</name>
<guid>0300AED1A9A411DD8F304FB2D3E85932</guid>
<members>
<member>
<type>user</type>
<name>system</name>
</member>
</members>
</role>
<role>
<name>PlusUser</name>
<guid>0300AED2A9A411DD8F304FB2D3E85932</guid>
<members>
<member>
<type>user</type>
<name>system</name>
</member>
</members>
</role>
</roles>
</realm>
</jazn-realm>
<policy-store>
<applications>
<application>
<name>TestApp</name>
<app-roles>
<app-role>
<name>PlusAdmin</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<members>
<member>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
<name>system</name>
</member>
</members>
</app-role>
<app-role>
<name>PlusUser</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<members>
<member>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
<name>system</name>
</member>
</members>
</app-role>
</app-roles>
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
<name>anonymous-role</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.LogonPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.LogonErrorPageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<name>PlusAdmin</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
<actions>customize,edit,grant,personalize,view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<name>PlusUser</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
<actions>customize,edit,grant,personalize,view</actions>
</permission>
</permissions>
</grant>
</jazn-policy>
</application>
</applications>
</policy-store>
<jazn-policy/>
</jazn-data> -
Dear all
How to make adf security?
I am new adf security.
I'm facing security issue. Now i need to secure me application (User, Group, Role etc...)
Oracle recommend me use WebLogic internal LDAP or OID. How to manage User, Group, Role deploy after?
Thanks LhagvaHi,
once you deployed an application, users and roles are no longer in the domain of ADF Security. So the administration is
WLS console - if users and groups are in the WLS LDAP
Identity Management - if users and roles are in OID, RDBMA, Active Directory etc.
Enterprise Managers - to manage application roles and granting permissions or application roles to enterprise groups
Frank -
ADF security logout problem in adfAuthentication?logout =true
Hi,
I've configured ADF security and implementing logout as in http://blogs.oracle.com/jdevotnharvest/entry/how-to_logout_from_adf_security
Also I have configured OID in the standalone WL server and when deployed this to the standalone wl, the login works fine. But when I click the logout the page redirects saying 10.4.4 403 Forbidden. and the redirected url is
/adfAuthentication?logout=true & end_url=/faces/AppLogin.jspx Please help, why the logout is forbidden?
ver. 11.1.1.4
my web.xml entries
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/faces/AppLogin.jspx</form-login-page>
<form-error-page>/faces/error.jspx</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>and weblogic.xml
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>users</principal-name>
</security-role-assignment>What I get is a Error 403--Forbidden and not 404 - not found. The two links provided above talks about 404 error and similar.
What I have is I can login successfully, but when I use the logout procedure it gives me a 403 --Forbidden error. Any other suggestion? -
ADF Security set up - step by step tutorial - quick question
Hi
We have standalone WLS running and we have configured our ADF app security enabled in JDeveloper.
It appears that there are manual steps needed to setup on WLS or EM for users and groups in order for JDev
1- we're still unclear on what steps needed to setup on standalone WLS to get embedded LDAP or OID to match up with the users and application roles defined in JDeveloper.
We, using the ADF Security wizard have added users and application roles.
2- How do we get jazn-data.xml merged or converted to system-jazn-data.xml in standalone WLS ? Is that a manual copy merge ?
3- Is there one tutorial that would show and explain all the pieces needed to get ADF security working beginning from JDev configurations all the way to standalone WLS configuration ?
4- Which do we use to configure users and groups ? WebLogic console or Enterprise Manager ? It appears that there are 2 ways of doing it
We apologise for wrong ideas if you think we are wrong in security configurations.Hi,
+1- we're still unclear on what steps needed to setup on standalone WLS to get embedded LDAP or OID to match up with the users and application roles defined in JDeveloper.+
We, using the ADF Security wizard have added users and application roles.
Only application roles are deployed to a stand alone WLS server (as it probably runs in production mode). So the enterprise role names (WLS groups) need to exist on WLS. This can be through manual creation using the integrated LDAP or OID, database or whatever your identity management system is. If a group name doesn't match the enterprise role name you chose in JDeveloper, you can use weblogic.xml to map the names. This can also be done using Enterprise Manager (which I think usually is preferred for production systems)
+2- How do we get jazn-data.xml merged or converted to system-jazn-data.xml in standalone WLS ? Is that a manual copy merge ?+
For security reasons, production WLS configurations only allow application roles and permissions to be automatically copied into the system-jazn-data.xml file. Users and user groups are not allowed to be copied as it would have a risk that developer deploy a backdoor into a server which then can be used by unauthorized users. As mentioned in 1), you need to provide user groups and users through your identity management system. If this is LDAP in WLS then you use the WLS console to create these. Also note that if your application uses a Java EE datasource, this needs to be configured on the stand alone server. Same here, credentials cannot be deployed to a stand alone server
+3- Is there one tutorial that would show and explain all the pieces needed to get ADF security working beginning from JDev configurations all the way to standalone WLS configuration ?+
There are 4 recordings about ADF Security here: http://www.oracle.com/technetwork/developer-tools/adf/learnmore/adfinsider-093342.html (just search for ADF Application Security and watch the 4 sessions in a row)
+4- Which do we use to configure users and groups ? WebLogic console or Enterprise Manager ? It appears that there are 2 ways of doing it+
If WLS LDAP is your identity store, you use the WLS console. All of ADF Security configuration beyond user and group provisioning is in Enterprise Manager
Frank -
ADF 11g:Error When running login page: ADF security
I am using Jdeveloper 11.1.1.2.0.Based on the following post
http://blogs.oracle.com/fusionmiddlewarereallife/adf11gsecurity.html when I am running the application I am getting following error in web browser:-
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
+10.4.4 403 Forbidden+
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
Steps to reproduce the error:-
1) Unzip the lession6.zip file (http://blogs.oracle.com/fusionmiddlewarereallife/Lesson6.zip)
2) Open application in your Jdeveloper and run the login.html page.
3) In the login page,give user id as "James" and password as "welcome1"
4) You will see above error.
I have tested the above in Firefox 3.6.3 and IE7.*Please note that when you run the PublicPage.jspx, application works fine*. Its not working in the case when you are running the application using login.html
I have checked the Adnrejus post on this error(http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html), but weblogic.xml is generated with required entries.
Can anyone help me in this please:-
Thanks,
VikramMe too have tested the application by running the public page. Its working fine.
But my hole point here is, why application is not moving to the PrivatePage.jspx from login page. Means why can't we directly run the login page and access the PrivatePage. Even when success_url is configured in web.xml
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/PrivatePage.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
Thanks again,
Vikram -
Creating a WebCenter Application with PageCutomizable and ADF Security
I created a Webcenter App in Jdev 11.1.1.2.0 with webcenter extension.
I have 2 JSPX files.
One called mainTemplate.jspx
- contains header, footer in ADF and a center facet.
One called Welcome.jspx created from mainTemplate
- contains page customizable > panel customizable > layout customizable > various custom panel configs.
ADF security is configured with BASIC, authentication only. Because form authentication seems harder to get working.
We have one weblogic user, and currently deploy to the integrated WLS, although we'll deploy out to a full server once security/composer is working.
The problem is, when we run the Welcome.jspx, and because we added a reference to a logged in var, it requests http login fine.
We then refresh the page and see that we are indeed logged in as 'weblogic'.
Is weblogic a special user? should I create a new one? Is there any setup required on the Integrated WLS to get this working?
However when we click on 'add Content' using the composer we get a permission error.
+<RegistrationConfigurator><handleError> Server Exception during PPR, #1+
javax.el.ELException: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+ at com.sun.el.parser.AstValue.invoke(AstValue.java:161)+
+...+
Caused by: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+ at oracle.adfinternal.view.page.editor.bean.DialogBean.setDialogHelp(DialogBean.java:129)+
+ at oracle.adfinternal.view.page.editor.bean.DialogBean.showResourceCatalog(DialogBean.java:356)+
+ at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+...+
I tried using the Customization allowed var in the property inspector, but could not map 'allowed by' to a user or role that my setup would recognise. The doco specifies 'admin' which does not work for me.
In my catalog I have a WCM portlet taskflow, which will require its own permissions.
I tried enabling permissions for the test-all role to all of my pages/taskflows, leaving just the 'view' permission to the anonymous role.
I also tried authentication/authorization profiles, and building my own jspx login/error pages, but no luck there either, the login button doesn't seem to tirgger my java doLogin class, even though I set the binding on the button using the method expression builder to the bean method.
*note: I didn't try the welcome/login/error page auto create as they generate html files, I created JSFs with full UI in there. Am I required to use those html types instead of jspx? I found that the redirection worked by appending the jspx reference with '/faces/Login.jspx'. The problem seemed to have been somewhere else.
If we have any Webcenter Composer / Security gurus out there, help would be greatly appreciated.
Our main goal is to create a Webcenter App which has security/composer/navigation and a catalog with WCM/Siebel portlets similar to the Avitek demo without using WC Spaces.
Thanks.
Thanks.
Edited by: Guillaume_Davies_SC on Apr 20, 2010 7:28 PMWhen you want to achieve this you need to configure ADF security with basic authentication & authorization. THe authorization is the part that takes care of what a user may and may not do in an application. Authentication is just the log in part.
When you have configured your application for authorization as well, you have to create roles and groups.
You will also have to set the authorization of your pages. Open a jsxp and in the design or source view, right click and "edit authorization". You then have to add roles to your pages and define their rights. Then you can set the authorization for edit,cuustomize,personlise,view,...
Hope this helps. -
ADF Security unable to run/deploy
Hi all,
I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
But I failed with the following error messages, can anybody help me?
Thanks in advanced.
2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : wsm-pm
2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
<2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<2009年11月16日 下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
2009年11月16日 下午02:13:38 oracle.wsm.audit.Auditor <init>
資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
2009年11月16日 下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
2009年11月16日 下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
DefaultServer startup time: 53578 ms.
DefaultServer started.
[Running application TestLogin on Server Instance DefaultServer...]
<2009年11月16日 下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : TestLogin
2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application policy migration for [TestLogin] is completed successfully.
2009年11月16日 下午02:13:50 JpsApplicationLifecycleListener Policy Migration
資訊: Codebase policy migration for [TestLogin] is completed successfully.
<2009年11月16日 下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
>
<2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
<2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
>
[02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
[02:13:50 PM] See server logs or server console for more details.
[02:13:50 PM] #### Deployment incomplete. ####
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
... 11 more
Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
... 12 more
#### Cannot run application TestLogin due to error deploying to DefaultServer.
[Application TestLogin stopped and undeployed from Server Instance DefaultServer]
Samson FuI found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
Regards,
Samson Fu -
Facing error while deploying ADF application on weblogic
We are trying to deploy an ADF Application on weblogic server. We are facing below quoted error (java.lang.ClassNotFoundException: org.apache.myfaces.trinidad.webapp.ResourceServlet) during deployment:
INFO: Completed initializing Sun's JavaServer Faces implementation (1.2_03-b04-FCS) for context '/console'
<Nov 2, 2011 11:32:21 AM IST> <Warning> <J2EE> <BEA-160188> <Unresolved WebApp library references defined in weblogic.xml, of module 'CallTracker_CallTrackerUI_webapp1.war' [Extension-Name: adf.oracle.domain.webapp, exact-match: false], [Extension-Name: jstl, Specification-Version: 1.2, exact-match: false], [Extension-Name: jsf, Specification-Version: 1.2, exact-match: false].>
java.lang.ClassNotFoundException: org.apache.myfaces.trinidad.webapp.ResourceServlet
at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:297)
at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:270)
at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:179)
at weblogic.servlet.internal.WebAnnotationProcessorImpl.processServlets(WebAnnotationProcessorImpl.java:225)
at weblogic.servlet.internal.WebAnnotationProcessorImpl.processJ2eeAnnotations(WebAnnotationProcessorImpl.java:209)
at weblogic.servlet.internal.WebAnnotationProcessorImpl.processAnnotations(WebAnnotationProcessorImpl.java:105)
at weblogic.application.compiler.WARModule.processAnnotations(WARModule.java:433)
at weblogic.application.compiler.EARModule.processAnnotations(EARModule.java:227)
at weblogic.application.compiler.WARModule.merge(WARModule.java:483)
at weblogic.sip.tools.SipToolsModule.merge(SipToolsModule.java:57)
at weblogic.application.compiler.flow.MergeModuleFlow.compile(MergeModuleFlow.java:23)
at weblogic.application.compiler.FlowDriver$FlowStateChange.next(FlowDriver.java:69)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.compiler.FlowDriver.nextState(FlowDriver.java:36)
at weblogic.application.compiler.FlowDriver$CompilerFlowDriver.compile(FlowDriver.java:96)
at weblogic.application.compiler.ReadOnlyEarMerger.merge(ReadOnlyEarMerger.java:49)
at weblogic.application.compiler.flow.AppMergerFlow.mergeInput(AppMergerFlow.java:88)
at weblogic.application.compiler.flow.AppMergerFlow.compile(AppMergerFlow.java:41)
at weblogic.application.compiler.FlowDriver$FlowStateChange.next(FlowDriver.java:69)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.compiler.FlowDriver.nextState(FlowDriver.java:36)
at weblogic.application.compiler.FlowDriver$CompilerFlowDriver.compile(FlowDriver.java:96)
at weblogic.application.compiler.AppMerge.runBody(AppMerge.java:157)
at weblogic.utils.compiler.Tool.run(Tool.java:158)
at weblogic.utils.compiler.Tool.run(Tool.java:115)
at weblogic.application.compiler.AppMerge.merge(AppMerge.java:169)
at weblogic.deploy.api.internal.utils.AppMerger.merge(AppMerger.java:88)
at weblogic.deploy.api.internal.utils.AppMerger.getMergedApp(AppMerger.java:63)
at weblogic.deploy.api.model.internal.WebLogicDeployableObjectFactoryImpl.createDeployableObject(WebLogicDeployableObjectFactoryImpl.java:181)
at weblogic.deploy.api.model.internal.WebLogicDeployableObjectFactoryImpl.createDeployableObject(WebLogicDeployableObjectFactoryImpl.java:163)
at weblogic.deploy.api.tools.SessionHelper.initialize(SessionHelper.java:727)
Please advise. We are using weblogic 10.3.5 .Thanks, we have reinstalled the weblogic again , ensuring that Application Development Runtime is installed and we extend our domain with the JRF. So the previous error is resolved. But we are now facing a new error
weblogic.common.ResourceException: java.security.PrivilegedActionException: weblogic.common.ResourceException: java.security.PrivilegedActionException: weblogic.common.ResourceException: No credential mapper entry found for password indirection user=apps for data source XXCT
- Warning Errors were encountered while performing this operation.
Please help.
Regards, Atul -
Error While Login ADF Security Sample Application
Hi All,
Jdevloper Version : 11.1.1.5.0
we are Creating ADF Login Application contains login.jspx and main.jspx pages.
we define ADF Security on this Sample Application.
when we provide valid credentials to login(username and password) it shows Error:
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
that an old resource is permanently unavailable and has no forwarding address.
ManagedBean(BackingbeanScope) doLogin():
public String doLogin() {
String un = _userName;
byte[] pw = _password.getBytes();
FacesContext ctx = FacesContext.getCurrentInstance();
HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
try {
Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
ctx.responseComplete();
catch (FailedLoginException fle)
FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
ctx.addMessage(null, msg);
return null;
In ADF Security We Define :
User : admin1
Enterprise Role : ManagerGroup(added user admin1 to this EnterpriseRole)
Application Role : Manager
Resource Grants : Resource Type : Web Page
login page
main page - Granted Role(Manager)
jazn-data.xml file
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
<users>
<user>
<name>admmin1</name>
<display-name>admmin1</display-name>
<credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
</user>
</users>
<roles>
<role>
<name>ManagerGroup</name>
<display-name>ManagerGroup</display-name>
<members>
<member>
<type>user</type>
<name>admmin1</name>
</member>
</members>
</role>
</roles>
</realm>
</jazn-realm>
<policy-store>
<applications>
<application>
<name>ADFLogin</name>
<app-roles>
<app-role>
<name>Manager</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<display-name>Manager</display-name>
<members>
<member>
<name>ManagerGroup</name>
<class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
</member>
</members>
</app-role>
</app-roles>
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<name>Manager</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
</jazn-policy>
</application>
</applications>
</policy-store>
</jazn-data>
Please help us how to resolve it.
Thanks,
kumarA best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
I guess your resource grants are not set correctly.
Timo
Maybe you are looking for
-
My iTunes is all in computer gibberish language.... HELP..... :-)
My iTunes is working fine except all of the tabs at the top and side are not in english, it's as though the language has been changed to an unreadable language. I have tried un-installing and installing again about 5 times... i can send a screen shot
-
Hello, Appreciate if you could help me to understand how ATP based on planning output works in following scenario. ATP-enabled plan is an ECC plan with supplier capacity constraints. The ATP plan has both forecast and sales order demand. When ATP pla
-
how to xfr PC files to macbook pro?
-
Can I create constraints "Primary key - Foreign key" on materialized views?
Hello! Can I create constraints "Primary key - Foreign key" on materialized views like on tables? My purpose - is to make DB schema "COPY" with set of materialized views or tables, which take data from time to time from other tables situated.into ano
-
What about older versions of flash like flash mx or flash8
Do you think that flash mx and flash 8 are outdated to learn for beginners? What do you suggest to a beginner entirely new to flash, the new ones like flash CS4 or begin with older ones like flash 8 and slowly build up?