ADF Security + Policy definition repository
Hello,
As mentioned in the adf_security document, we are using the fusion middleware control to manage the security for deployed application.The policy store shows the principal,permission class details.
With this information it is very hard for user(administrators) to manage the security. With current information display, i think administrator also should be aware of the technical terms used in the application for particular resource or particular task flow name resource/region name.,
e.g in fusionmiddleware control
Permission Class oracle.adf.controller.security.TaskFlowPermission
Resource Name /WEB-INF/flows/sampleTF.xml#sampleTF
Permission Actions view
Is there way to provide some descriptive name for resource name , so that end user can understand what is task flow or resource is??
Any idea??
Hi,
no, not that I am aware of. Looking at the jazn-data.xml XSD
<permission>
Child elements: <class>, <name>, <actions>There is no metadata available for a descriptive name of the permission class of the target name. OPSS would need to change their XML to allow descriptive names.
Frank
Similar Messages
-
Unable to migrate ADF security policy updates to Weblogic production server
Hi all,
I am using JDeveloper 11.1.1.2.0. I can successfully deploy & run the application on my Integrated & Standalone WLS 10.3.2.
If I make changes to the security policy, I can see the change reflecting in the next run, after being deployed on the Integrated & Standalone server.
However, making changes to the security policy & deploying it on the production UNIX WLS server (10.3.2) does not reflect the changes. In fact I do not see the changes on System-jazn-data.xml on the server.
I will appreciate any help on this issue.
Thank you,Hi again
for a work around we tried deploying the .ear with a different name. Every thing is now working.
The problem is not completely resolved as this should not be an idle way to deploy.
The System-jazn-data.xml on the Unix server still shows the old deployed file name along with the new (with correct policies).
Thanks, -
How to deploy ADF 11.1.1.3 Security policy to WLS 11g?
Dear all,
I've deployed my ADF BC 11.1.1.3 application to WLS 11g. However, I could not deploy the ADF Security part successfully.
I followed following doc, but I could not find 'oracle.jps_11.1.1' folder under 'MIDDLEWARE_HOME/jdeveloper/modules'. I've tried both Windows and Linux version JDEV, but the result is the same.
http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html#prereqs
So if this doc could be used for ADF 11.1.1.3 version? If not, where can I get the correct method?
Thank you.
Regards,
TonyTony,
http://download.oracle.com/docs/cd/E14571_01/web.1111/b31974/deployment_topics.htm#CHDFJJDD
John -
OPSS java security policy provider error
hi am geting the security error when deploying application my logs is
*** Using HTTP port 7101 ***
*** Using SSL port 7102 ***
"C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\bin\startWebLogic.cmd"
[waiting for the server to complete its initialization...]
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m
WLS Start Mode=Development
CLASSPATH=C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.jdbc_11.1.1\ojdbc6dms.jar;C:\oracle\MIDDLE~1\patch_wls1035\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\oracle\MIDDLE~1\patch_jdev1112\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\oracle\MIDDLE~1\JDK160~1\lib\tools.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\oracle\MIDDLE~1\modules\features\weblogic.server.modules_10.3.5.0.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\webservices.jar;C:\oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\common\derby\lib\derbyclient.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\xqrl.jar
PATH=C:\oracle\MIDDLE~1\patch_wls1035\profiles\default\native;C:\oracle\MIDDLE~1\patch_jdev1112\profiles\default\native;C:\oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32;C:\oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\oracle\MIDDLE~1\JDK160~1\jre\bin;C:\oracle\MIDDLE~1\JDK160~1\bin;C:\forms;C:\product\11.2.0\dbhome_1\bin;C:\product\11.2.0\dbhome_1;C:\DevSuiteHome_1\BIN;C:\DevSuiteHome_1\jlib;C:\Program Files\PHP;C:\Program Files\PC Connectivity Solution\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\DivX Shared;c:\Program Files\Java\jdk1.6.0_21\bin;C:\product\11.2.0\dbhome_1\BIN;C:\DevSuiteHome_1;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\mywls;C:\mydomain\base_domain\bin;C:\Program Files\Java\jre6\bin\client;C:\Program Files\Java\jre6\bin;C:\Program Files\Java\jdk1.6.0_21\jre\bin;C:\Program Files\Java\jdk1.6.0_21\bin;C:\Program Files\Java\jdk1.6.0_21;C:\Program Files\Java\jre6;C:\DevSuiteHome_1\forms;C:\DevSuiteHome_1\cgenf61\admin;C:\DevSuiteHome_1\forms;C:\forms\sms_code.pll;C:\mywls\wlserver\bin;C:\Java\jdk1.6.0_21;C:\oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.6.0_24"
Java(TM) SE Runtime Environment (build 1.6.0_24-b50)
Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode)
Starting WLS with line:
C:\oracle\MIDDLE~1\JDK160~1\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=DefaultServer -Djava.security.policy=C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy -Djavax.net.ssl.trustStore=C:\DOCUME~1\Desmond\LOCALS~1\Temp\trustStore8732822766352054612.jks -Djbo.debugoutput=silent -Doracle.jdeveloper.adrs=true -Dweblogic.nodemanager.ServiceEnabled=true -Xverify:none -da -Dplatform.home=C:\oracle\MIDDLE~1\WLSERV~1.3 -Dwls.home=C:\oracle\MIDDLE~1\WLSERV~1.3\server -Dweblogic.home=C:\oracle\MIDDLE~1\WLSERV~1.3\server -Djps.app.credential.overwrite.allowed=true -Dcommon.components.home=C:\oracle\MIDDLE~1\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1 -Djrockit.optfile=C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\servers\DefaultServer -Doracle.domain.config.dir=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1 -Digf.arisidbeans.carmlloc=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\arisidprovider -Doracle.security.jps.config=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\servers\DefaultServer\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.alternateTypesDirectory=C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dwsm.repository.path=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\oracle\store\gmds -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\oracle\MIDDLE~1\patch_wls1035\profiles\default\sysext_manifest_classpath;C:\oracle\MIDDLE~1\patch_jdev1112\profiles\default\sysext_manifest_classpath weblogic.Server
<22 Dec 2011 10:11:07 AM> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<22 Dec 2011 10:11:07 AM> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<22 Dec 2011 10:11:07 AM> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 19.1-b02 from Sun Microsystems Inc.>
<22 Dec 2011 10:11:07 AM> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<22 Dec 2011 10:11:08 AM> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<22 Dec 2011 10:11:08 AM> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<22 Dec 2011 10:11:08 AM> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<22 Dec 2011 10:11:08 AM> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log00004. Log messages will continue to be logged in C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log.>
<22 Dec 2011 10:11:08 AM> <Notice> <Log Management> <BEA-170019> <The server log file C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log is opened. All server side log events will be written to this file.>
oracle.security.jps.JpsRuntimeException: Cannot read from policy store.
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:440)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.<init>(XmlPolicyStore.java:227)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:100)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:74)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:850)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:844)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: oracle.security.jps.JpsRuntimeException: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:166)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:187)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.loadXmlDataStore(XmlDataStore.java:418)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.<init>(XmlDataStore.java:283)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.getInstance(XmlDataStore.java:216)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:436)
... 28 more
Caused by: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:80)
at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
... 34 more
Caused by: javax.xml.stream.XMLStreamException: Premature end of file encountered
at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:69)
... 37 more
<22 Dec 2011 10:11:10 AM> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider>
<22 Dec 2011 10:11:10 AM> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:293)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:899)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Truncated. see log file for complete stacktrace
Caused By: java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:860)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:844)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: Cannot read from policy store.
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:440)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.<init>(XmlPolicyStore.java:227)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:100)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:74)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:166)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:187)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.loadXmlDataStore(XmlDataStore.java:418)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.<init>(XmlDataStore.java:283)
Truncated. see log file for complete stacktrace
Caused By: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:80)
at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
Truncated. see log file for complete stacktrace
Caused By: javax.xml.stream.XMLStreamException: Premature end of file encountered
at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:69)
at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
Truncated. see log file for complete stacktrace
>
<22 Dec 2011 10:11:10 AM> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<22 Dec 2011 10:11:10 AM> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<22 Dec 2011 10:11:10 AM> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
Process exited.
this is what i have try to do
delete the jazn-data.xml file under the DefaultDomain
and i try to in the folder of C:\Oracle\Middleware\user_projects\domains\UCM_dom ain\config\fmwconfig open cwallet.sso, go to properties of it and then security.Enable full control,modify,Read and execute,read and write permissions for the current user and apply it. but there is no security option when i right click cwallet.sso
and my acess log is
27.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx?_afrLoop=49432564240140&_afrWindowMode=0&Adf-Window-Id=w0 HTTP/1.1" 302 315
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/adfAuthentication HTTP/1.1" 302 313
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx HTTP/1.1" 200 5821
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx?_afrLoop=49432609646747&_afrWindowMode=0&Adf-Window-Id=w0 HTTP/1.1" 302 315
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/adfAuthentication HTTP/1.1" 302 313
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx HTTP/1.1" 200 5821
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx?_afrLoop=49432662731333&_afrWindowMode=0&Adf-Window-Id=w0 HTTP/1.1" 302 315
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/adfAuthentication HTTP/1.1" 302 313
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx HTTP/1.1" 200 5821
Edited by: user603350 on 2011/12/22 12:04 PM
Edited by: user603350 on 2011/12/22 12:17 PM
Edited by: user603350 on 2011/12/22 1:12 PMThe problem is that your WLS domain is created in a directory whose path contains blank spaces (e.g. "...\Document and Settings\...").
Please, have a look at this message for a solution: {message:id=9588131}
Dimitar -
How to use ADF Security policies in OID Ldap
Hello
My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
Introduction to ADF Security in JDeveloper 10.1.3.2
An Oracle JDeveloper Article
Written by Frank Nimphius, Oracle Corporation
February, 2007
I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: EF37EAA603C611DDBFAE635A1BB60EE0
orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
orcljaznjavaclass: java.security.UnresolvedPermission
orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissionactions:
uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
The system-jazn-data.xml includes all entries correctly.
rgdsEurika
finally solved,
runing the JAZNMigrationTool requires setting the correct classpath,
Setting the classpath to the following
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
if however, you add the adfshare.jar to the classpath
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
now the tool will migrate the permission policies , the following shows an extract from the LDIF file
dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: A5E662E204D411DDBF8807BC4864C5C2
orclGuid: A5E662E204D411DDBF8807BC4864C5C2
orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
orcljaznpermissionactions: read,update
uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Ammar Sajdi
www.e-ammar.com/Oracle.html -
GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0
If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
Are you getting either of the following errors?
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
1) Create a new application.
2) Create three .jspx pages called login, error, and welcome.
3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
4) Right-Click on your Application and select Secure->Configure ADF Security
5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
<policy-store>
<applications>
<application>
<name>SecurityError</name>
<app-roles>
// Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
<app-role>
<name>anonymous-role</name>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
<display-name>anonymous-role</display-name>
</app-role>
// Whew, the end of that app role
</app-roles>
<jazn-policy>
<grant>9) You're going to want to delete that app role XML
10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
12) Run your welcome page. Yay, the error is gone. How sweet it is.
Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
// You fool!
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not FoundThat's not so good. Let's fix that.
1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
3) Re-run your welcome page.
// Suckered AGAIN!
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
Ahh!! Now THAT's how we do it in Kingsport!
Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
WillHa :-)
Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
But your call, no pressure of course ;-)
CM. -
ADF Security unable to run/deploy
Hi all,
I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
But I failed with the following error messages, can anybody help me?
Thanks in advanced.
2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : wsm-pm
2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
<2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<2009年11月16日 下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
2009年11月16日 下午02:13:38 oracle.wsm.audit.Auditor <init>
資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
2009年11月16日 下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
2009年11月16日 下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
DefaultServer startup time: 53578 ms.
DefaultServer started.
[Running application TestLogin on Server Instance DefaultServer...]
<2009年11月16日 下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : TestLogin
2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application policy migration for [TestLogin] is completed successfully.
2009年11月16日 下午02:13:50 JpsApplicationLifecycleListener Policy Migration
資訊: Codebase policy migration for [TestLogin] is completed successfully.
<2009年11月16日 下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
>
<2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
<2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
>
[02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
[02:13:50 PM] See server logs or server console for more details.
[02:13:50 PM] #### Deployment incomplete. ####
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
... 11 more
Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
... 12 more
#### Cannot run application TestLogin due to error deploying to DefaultServer.
[Application TestLogin stopped and undeployed from Server Instance DefaultServer]
Samson FuI found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
Regards,
Samson Fu -
All,
the ADF Security Wizzard adds the following line to my jsp-config.xml which results in an exception as soon as a BC4J-connection is opened:
jsp-config.xml:
<property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>
exception:
oracle.adf.share.security.ADFSecurityRuntimeException: Unable to fetch JpsUser principal from the current subject Betreff:
Principal: DBUserPrincipal: test
Principal: [JpsAuthenticatedRoleImpl: authenticated-role]
at oracle.adf.share.security.providers.jps.CSFCredentialStore.extractJpsUser(CSFCredentialStore.java:824)
at oracle.adf.share.security.providers.jps.CSFCredentialStore.getUserPrincipal(CSFCredentialStore.java:804)
at oracle.adf.share.security.providers.jps.CSFCredentialStore.fetchCredential(CSFCredentialStore.java:320)
at oracle.adf.share.security.credentialstore.CredentialStore.fetchCredential(CredentialStore.java:108)
at oracle.adf.share.jndi.CredentialStoreHelper.fetchCredential(CredentialStoreHelper.java:93)
at oracle.adf.share.jndi.ReferenceStoreHelper.loadCredentials(ReferenceStoreHelper.java:812)
at oracle.adf.share.jndi.ReferenceStoreHelper.createReference(ReferenceStoreHelper.java:579)
at oracle.adf.share.jndi.ReferenceStoreHelper.getReferencesMapEx(ReferenceStoreHelper.java:329)
at oracle.adf.share.jndi.ContextImpl.load(ContextImpl.java:661)
at oracle.adf.share.jndi.ContextImpl.init(ContextImpl.java:335)
at oracle.adf.share.jndi.ContextImpl.<init>(ContextImpl.java:81)
at oracle.adf.share.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:15)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
[2008-06-04T18:52:34.941+02:00] [adf] [WARNING] [] [share.jndi.ReferenceStoreHelper] [tid: 12] [ecid: 0000HdKVbj000000000000000002g6lsq000000003,0] [APP: current-workspace-app] Incomplete connection information
[2008-06-04T18:52:53.984+02:00] [adf] [WARNING] [] [controller.faces.lifecycle.FacesPageLifecycle] [tid: 12] [ecid: 0000HdKVbj000000000000000002g6lsq000000003,0] [APP: current-workspace-app] ADFc: Error while opening JDBC connection.[[
oracle.jbo.DMLException: JBO-26061: Error while opening JDBC connection.
at oracle.jbo.server.ConnectionPool.createConnection(ConnectionPool.java:253)
at oracle.jbo.server.ConnectionPool.instantiateResource(ConnectionPool.java:168)
at oracle.jbo.pool.ResourcePool.createResource(ResourcePool.java:545)
at oracle.jbo.pool.ResourcePool.useResource(ResourcePool.java:327)
at oracle.jbo.server.ConnectionPool.getConnectionInternal(ConnectionPool.java:104)
at oracle.jbo.server.ConnectionPool.getConnection(ConnectionPool.java:70)
at oracle.jbo.server.ConnectionPoolManagerImpl.getConnection(ConnectionPoolManagerImpl.java:56)
at oracle.jbo.server.DBTransactionImpl.establishNewConnection(DBTransactionImpl.java:997)
at oracle.jbo.server.DBTransactionImpl.initTransaction(DBTransactionImpl.java:1253)
at oracle.jbo.server.DBTransactionImpl.initTxn(DBTransactionImpl.java:6397)
Wizzard Settings:
enforce authorization
redirect upon successful authentification
no identity store
enable credential store
no policy store
no anonymous provider
custom login module with some settings
form-based Authentification
Cheers
Andyhi,
if you delete this line
<property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>
in the jsp-config.xml you can at least use your application with authentication but authorization doesn't work b/c the subject does not contain the principals:
ADFContext.getCurrent().getSecurityContext().getUserRoles();
returns an empty String[].
Is there a workaround?
Cheers Andy -
Deploying ADF application to a managed weblogic server - ADF security error
Hi,
Our group has written an ADF web application, which we are attempting to deploy to a managed weblogic server. Thus far, we have been unsuccessful. The application does successfully deploy to the AdminServer. Our setup:
Weblogic version is 10.3.0. Domain name is adf_domain. We have installed the ADF (ADF version is 11.1.1.0.0), JSTL(1.2.0.1), and JSF(1.2.7.1) runtime libraries, and they are targeted to both the admin server AND the managed server, which is called CollabServer. This server communicates with the node manager and can be started and stopped via the admin console successfully. The AdminServer is on port 7101, and the CollabServer is on port 7104. We are not using SSL.
application.xml:
<?xml version = '1.0' encoding = 'windows-1252'?>
<application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd"
version="5" xmlns="http://java.sun.com/xml/ns/javaee">
<display-name>OracleRetailCollaboration</display-name>
<module>
<web>
<web-uri>orc.war</web-uri>
<context-root>orc</context-root>
</web>
</module>
</application>
weblogic-application.xml (as taken from the ear file):
<?xml version = '1.0' encoding = 'windows-1252'?>
<weblogic-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-application.xsd" xmln
s="http://www.bea.com/ns/weblogic/weblogic-application">
<listener>
<listener-class>oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener</listener-class>
</listener>
<library-ref>
<library-name>adf.oracle.domain</library-name>
</library-ref>
</weblogic-application>
weblogic.xml (as taken from the war file):
<?xml version = '1.0' encoding = 'UTF-8'?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ww
w.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
<container-descriptor>
<prefer-web-inf-classes>true</prefer-web-inf-classes>
</container-descriptor>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>users</principal-name>
</security-role-assignment>
<library-ref>
<library-name>jstl</library-name>
<specification-version>1.2</specification-version>
</library-ref>
<library-ref>
<library-name>jsf</library-name>
<specification-version>1.2</specification-version>
</library-ref>
</weblogic-web-app>
As I said, there are no deployment errors when we deploy to the admin server. However, we always see the following errors when deploying to the managed server:
java.lang.ClassNotFoundException: oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener
etc.
This error occurs when deploying via the <wldeploy> ant task included with weblogic, and when deploying the application manually via the admin console.
So I removed this from weblogic-application.xml:
<listener>
<listener-class>oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener</listener-class>
</listener>
Which resolved the initial error (I assume there is some sort of bug that causes this workaround to be necessary). The next error is this:
java.lang.ClassNotFoundException: oracle.adf.share.security.authentication.AuthenticationServlet
Again, we don't get this error when deploying to the AdminServer - ONLY the managed server CollabServer.
web.xml:
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
I then added some adf jar files to the ear file, finally get this error message:
java.lang.ClassNotFoundException: oracle.adf.share.jsp.ADFLibUtils
Any ideas on how to resolve this? Thanks.
Edited by: user10451099 on Apr 15, 2009 12:10 PMDan,
thanks fro reminding me :-)
Here are the steps we had to take to get a managed WLS to run an adf application without copying any jar in the domain/lib directory:
1. you still have to install the adf runtime to any server you want the adf application to deploy to
2. open the admin console, select the managed server, and select the 'server start' tab in configutation settings.
3. add /u01/bea/patch_wls1030/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/bea/patch_jdev1111/profiles/default/sys_manifest_classpath/weblogic_patch.jar:
/u01/bea/patch_cie660/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/bea/jrockit_160_05/lib/tools.jar:/u01/bea/wlserver_103/server/lib/weblogic_sp.jar:
/u01/bea/wlserver_103/server/lib/weblogic.jar:/u01/bea/modules/features/weblogic.server.modules_10.3.0.0.jar:/u01/bea/wlserver_103/server/lib/webservices.jar:
/u01/bea/modules/org.apache.ant_1.6.5/lib/ant-all.jar:/u01/bea/modules/net.sf.antcontrib_1.0.0.0_1-0b2/lib/ant-contrib.jar:/u01/bea/jdeveloper/modules/features/adf.share_11.1.1.jar:
/u01/bea/wlserver_103/common/eval/pointbase/lib/pbclient57.jar:/u01/bea/wlserver_103/server/lib/xqrl.jar:
/u01/bea/patch_wls1030/profiles/default/sysext_manifest_classpath/weblogic_ext_patch.jar to the classpath edit box you have to change '/u01/bea/' with your bea home. The classpath should be on one line without the CR/LF i put in to make it readable.
4. add -Xms256m -Xmx512m -da -Dplatform.home=/u01/bea/wlserver_103 -Dwls.home=/u01/bea/wlserver_103/server -Dweblogic.home=/u01/bea/wlserver_103/server
-Ddomain.home=/u01/bea/user_projects/domains/naa_qs -Doracle.home=/u01/bea/jdeveloper -Doracle.security.jps.config=/u01/bea/user_projects/domains/naa_qs/config/oracle/jps-config.xml
-Doracle.dms.context=OFF -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.management.discover=false -Dweblogic.management.server=http://localhost:7001
-Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=
-Dweblogic.ext.dirs=/u01/bea/patch_wls1030/profiles/default/sysext_manifest_classpath:/u01/bea/patch_jdev1111/profiles/default/sysext_manifest_classpath:/u01/bea/patch_cie660/profiles/default/sysext_manifest_classpath
-Dweblogic.management.username=weblogic -Dweblogic.management.password=******** -Dweblogic.Name=GESTIS_QS
-Djava.security.policy=/u01/bea/wlserver_103/server/lib/weblogic.policy to the 'Arguments' edit box. As with the calsspath change '/u01/bea' to your bea home and change the domain name (in our case 'naa_qs') to your domain name. change the managementuser and passwort to your needs. As whith the classpath I put some CR/LF into the code section to make it readable.
5. save the changes and restart the server
Essentially all we copied the arguments from the admin server start script in addition to adding the class path.
Timo -
Error While Login ADF Security Sample Application
Hi All,
Jdevloper Version : 11.1.1.5.0
we are Creating ADF Login Application contains login.jspx and main.jspx pages.
we define ADF Security on this Sample Application.
when we provide valid credentials to login(username and password) it shows Error:
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
that an old resource is permanently unavailable and has no forwarding address.
ManagedBean(BackingbeanScope) doLogin():
public String doLogin() {
String un = _userName;
byte[] pw = _password.getBytes();
FacesContext ctx = FacesContext.getCurrentInstance();
HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
try {
Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
ctx.responseComplete();
catch (FailedLoginException fle)
FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
ctx.addMessage(null, msg);
return null;
In ADF Security We Define :
User : admin1
Enterprise Role : ManagerGroup(added user admin1 to this EnterpriseRole)
Application Role : Manager
Resource Grants : Resource Type : Web Page
login page
main page - Granted Role(Manager)
jazn-data.xml file
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
<users>
<user>
<name>admmin1</name>
<display-name>admmin1</display-name>
<credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
</user>
</users>
<roles>
<role>
<name>ManagerGroup</name>
<display-name>ManagerGroup</display-name>
<members>
<member>
<type>user</type>
<name>admmin1</name>
</member>
</members>
</role>
</roles>
</realm>
</jazn-realm>
<policy-store>
<applications>
<application>
<name>ADFLogin</name>
<app-roles>
<app-role>
<name>Manager</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<display-name>Manager</display-name>
<members>
<member>
<name>ManagerGroup</name>
<class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
</member>
</members>
</app-role>
</app-roles>
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<name>Manager</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
</jazn-policy>
</application>
</applications>
</policy-store>
</jazn-data>
Please help us how to resolve it.
Thanks,
kumarA best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
I guess your resource grants are not set correctly.
Timo -
Migrating ADF Security to WLS using OID
I have seen a number of posts on this forum regarding deploying an application which has ADF Security enabled to a stand-alone WebLogic server, but none of them seem to address the following.
I have an application in JDeveloper which uses an XML-based identity store and policy store. I have a stand-alone WLS which is connected to OID. I am trying to migrate the credential store and policy store to the OID configured for my stand-alone WLS. The various blogs and OTN articles mentioned frequently in this forum regarding ADF Security address configuring OID in WLS, as well as how to migrate security to XML-based providers on WLS. However, I have not seen any information on how to migrate security to OID in WLS. I have a few questions in particular:
1) JDeveloper online help has limited information for modifying the jps-config.xml to have a destination context, service instance, and service provider for LDAP (OID). It has configuration parameters for “JpsFarmName” and “JpsRootNodeName”. What are these used for, and what should the values be?
2) Does the jps-config.xml file need to be modified in WLS (i.e. <Domain>/config/oracle/jps-config.xml)? Is this file even used at runtime by WLS?
3) How does WLS know to use OID for obtaining credential, identity, and policy information instead of system-jazn-data?
Any information on this topic would be very appreciated!
Thanks,
ErickHi,
I am using migrateSecurityStore for policy migration from xml to OID.
migrateSecurityStore(type="policyStore",configFile="t2p-policies.xml",src="XMLsourceContext",dst="LDAPdestinationContext")
when I run above command I am getting following error.
Jul 9, 2009 11:00:08 AM oracle.security.jps.internal.config.util.BootstrapConfig
urationUtil getCredentialFromBootstrapWallet
SEVERE: Cannot get credential. Reason java.security.PrivilegedActionException: o
racle.security.jps.service.credstore.CredStoreException.
COMMAND FAILED due to an unknown reason, Check the stack trace for details
Traceback (innermost last):
File "<console>", line 1, in ?
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 780, in migrateSec
urityStore
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 752, in migrateSec
urityStoreImpl
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(
LdapPolicyStore.java:230)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:108)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:55)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServ
iceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.DelegatingContextFactoryImp
l.findServiceInstance(DelegatingContextFactoryImpl.java:61)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:206)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getCo
ntextFromConfig(JpsContextFactoryImpl.java:171)
at oracle.security.jps.internal.tools.utility.util.JpsHelper.getContextF
romConfigObj(JpsHelper.java:115)
at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.g
etPolicyStoreForDestination(JpsPolicyAPIManager.java:157)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDs
tPolicy.<init>(JpsDstPolicy.java:186)
at oracle.security.jps.internal.tools.utility.destination.JpsInitializer
Dst.getDestinations(JpsInitializerDst.java:82)
at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtili
ty.java:63)
at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl
.migrateAllPolicyData(JpsUtilMigrationPolicyImpl.java:234)
at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand
(JpsUtilMigrationTool.java:167)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsRuntimeException
: Cannot read the default policy store.
thanks and regards
KishoreM -
Dear All,
we have created some good number of Custom ResourcePermissions in our Oracle ADF 11g Application. we are trying to refer the permissions with wildcard character in jazn-data.xml. The same worked well for taskflows.
Is there anyway that we can implement wildcard character in custom resource Permissions ?
we are calling hasPermission() API to check whether permission exists or not. Currently this method returns false when we configured the resource name in wildcard character.
For example, actual key - a.b.c.menu
wild card character we are referring for this key is a.*.*.menu . The hasPermission() returns false for this case.
Regards
DeiveeHi,
more an OPSS question than ADF Security. Anyway, the answer is
"No wildcard use is supported in a resource permission."
See: The OPSS Policy Model - 11g Release 1 (11.1.1)
Frank -
Oracle ADF security integration with Oracle E-Business Suite SDK JAAS
I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
Any thoughts on why that would be?
Thanks
DanThanks Juan.
With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I access the same page from my integrated weblogic server I see:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I review my EAR - I do see jazn-data.xml at:
/META-INF/jazn-data.xml
I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
Thanks.
-Dan -
Could someone explain me about ADF Security in UI Shell?
Hello.
I have my application main page implemented with a dynamic region and it's working fine.
The application is secured using ADF Security and it is fine too.
All the bounded taskflows are imported as ADF Libs. They have their permissions in jazn-data.xml. All the permissions work fine when the page is implemented with a dynamic region.
Now I'm trying to rebuild it using UI Shell.
All the permissions are the same, but now all my taskflows are not available.
I've checked that it's a security issui by disabling security. Everything began to work fine.
What changes should I do to permissions to make them work in UI Shell page?
I've read this article http://one-size-doesnt-fit-all.blogspot.com/2009/12/adf-ui-shell-adf-security.html but didn't get the clue. It seems to me that everything's configured correctly.
Thanks.
JDev 11.1.2.2Hello Frank,
I've added some test code to the lauching method and it shows no error:
// name = User Info ;fullFlowId = /WEB-INF/info-tfd.xml#info-tfd
System.out.println("userInRole = "+
JSFUtils.resolveExpression("#{securityContext.userInRole['personal_office-app']}")
); // -> true
System.out.println("taskflowViewable = "+JSFUtils.resolveExpression("#{securityContext.taskflowViewable['"+fullFlowId+"']}")); // -> trueBut still addOrSelectTab opens a new tab with "User Info" as a title but nothing is viewable in it.
And here's jazn-data.xml part:<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<name>personal_office-app</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.controller.security.TaskFlowPermission</class>
<name>/WEB-INF/info-tfd.xml#info-tfd</name>
<actions>view</actions>
</permission>
...Also, my previous main page wuth a dynamic region in the same application is still working fine. -
ADF Security : identity store : tables in a SQL database
hi
The documentation says "ADF Security is built on top of the Oracle Platform Security Services (OPSS) architecture, which itself is well-integrated with Oracle WebLogic Server. ".
As such, ADF Security provides abstractions, also abstraction from an identity store (the repository of user identities and login credentials).
If my identity store is a set of custom tables in a SQL database, what are the Oracle supported options to use that identity store for an ADF application using ADF Security?
(Please refer to related documentation if possible.)
many thanks
Jan VerveckenThanks for your reply John.
John Stegeman wrote:
... To your questions to Frank - I'd answer "yes." ...Thanks for the confirmation.
... The specific points of the documentation that I found helpful were [url http://download.oracle.com/docs/cd/E21764_01/core.1111/e10043/underjps.htm#BABHCGGG]this picture and the discussion on identity management [url http://download.oracle.com/docs/cd/E21764_01/core.1111/e10043/addlsecfea.htm#CFHGBDEG]here. ...
The "Identity Management" section you refer to says ...
"... The domain administrator must configure the domain authenticator (with the Administration Console), update identities (enterprise users and groups) in the environment, as appropriate, and map application roles to enterprise users and groups (with Fusion Middleware Control). ..."
... which brings us to the context for the "general" question I asked in this thread:
I am trying to understand the "... This is not a supported usecase (use enterprise role from the DB, and add the enterprise role to approle). ..." feedback that I got in the context of my question in forum thread
"OPSS : addMembersToApplicationRole : The search for role failed"
at OPSS : addMembersToApplicationRole : The search for role failed
(Please post in that thread if you want to give feedback on that "use-case".)
regards
Jan
Maybe you are looking for
-
PC Suite problems after upgrading to the newest ve...
My Nokia PC Suite just notified me there is a new version. I had no problems running the previous version under my Vista but thought - what the hell, let's see what's new. It turns out the upgrade disabled my internet connectivity (one touch access s
-
Payment Term for advance payment
Hi Can we configure a payment term for advance payment thro OBB8. it says that customer needs to pay us in advance. If yes, how do we configure this.
-
What type of Fire Wire cable to use to connect MacBook Pro 2009 to tape-based Sony TRV720 camcorder
-
Hi everybody, I would like to save control values into a database and be able to restore them from it. But I can't set a variant control from an XML string. This works with flattened string. Do I make something wrong or is it impossible ? Attachments
-
I have data like this dept name position status 10 Jacob manager employee 10 Jeff manager employee 10 Sam developer employee 10 Henry developer contractor 20 Mike manager employee 30 Dennis developer employee Also, all managers irrespective of which