ADF security problem

hi ,
I created a page called " main.jspx " and I used the ADF security in jdeveloper 11.1.1.2.0 . I deployed my application to a standalone weblogic . When I typed "http://localhost:7001/test/faces/main.jspx" , it redirected to "http://localhost:7001/test/login.html" . After typing correct "username" and "password" ,it redirected to my "main.jspx" . That is correct . But now I open this application in jdeveloper 11.1.1.3.0 , and redeploy it to a standalone weblogic . When I typed "http://localhost:7001/test/faces/main.jspx" , it directly show the main.jspx page . Why no Authentication ? I "remove ADF Security Configuration" and " reconfigure ADF Security" . It doesn't work . But if I create a new application and use ADF security in jdeveloper 11.1.1.3.0 . The new application works well . I need to work with my old application . Can you give me any advice ? thanks!!

duplicate
Frank

Similar Messages

Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

Hi,
We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
Regards,
Joonas

Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

Problem with ADF security and task flow calls

Hi.
I am using JDeveloper 11.1.2.0.0.
I encountered a problem when tried to apply ADF security to my application.
The way to reproduce the problem:
1. Create new Fusion Web Application;
2. Import Business Components from Tables from any existing schema and add at least one table to the ApplicationModule.
3. Create "welcome page" (for instance, welcome.jsf). Add a button with fixed action outcome "test".
4. Create test page, for instance, test.jsf. Drag and drop any view object from Data Controls onto the page and create a form with navigation controls. Add a button with fixed action outcome "return".
5. Create bounded task flow, name it "test", drag and drop our test page on it - the page will be the default activity. Add a task flow return activity. Add a control flow case from the default view activity to the return activity, set From Outcome property to "return". So our return button should cause the task flow to exit.
6. Open adfc-config.xml in diagram mode and place our welcome page on it. Then drag and drop the test task flow to create a task flow call activity. Add a control flow case from welcome page to task flow call activity, set the From Outcome property to "test". So our test button should call the test task flow.
7. Configure application to run the unbounded task flow starting with Welcome view activity.
At this point all works as expected: when application runs, the welcome page is displayed with test button. Pressing the test button results in displaying the test page, return button leads back to the welcome page.
Now let's configure ADF Security.
Run the ADF Security configuration wizard, choose ADF Authentication and Authorization.
On the second page select Form-Based Authentication, check the Generate Default Pages flag.
On the third page choose No Automatic Grants.
On the next page keep the Redirect Upon Successful Authentication unchecked. Press Finish.
Open jazn-data.xml to configure roles, users and resource grants:
1. Create application role test-role.
2. Grant the test-role privileges to view the test task flow.
3. Create user and grant him the test-role.
Now we have the public available welcome page and the test page with restricted access.
When application runs, the welcome page is displayed as expected. Pressing the test button redirect us to auto-generated login page. After successful authorization the test page is displayed. But nothing happens if we click now the return button for the first time. When we click the return button once more, the application crushes with Error-500 and message "Target Unreachable, identifier 'bindings' resolved to null". The exact error trace depends on UI control bindings, but looks like this:
javax.el.PropertyNotFoundException: //C:/Users/DUDKIN/AppData/Roaming/JDeveloper/system11.1.2.0.38.60.17/o.j2ee/drs/Test1/ViewControllerWebApp.war/test.jsf @10,120 value="#{bindings.Id.inputValue}": Target Unreachable, identifier 'bindings' resolved to null
     at com.sun.faces.facelets.el.TagValueExpression.isReadOnly(TagValueExpression.java:122)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer._getUncachedReadOnly(EditableValueRenderer.java:476)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.getReadOnly(EditableValueRenderer.java:390)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.wasSubmitted(EditableValueRenderer.java:345)
     at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.decodeInternal(EditableValueRenderer.java:116)
     at oracle.adfinternal.view.faces.renderkit.rich.LabeledInputRenderer.decodeInternal(LabeledInputRenderer.java:56)
     at oracle.adf.view.rich.render.RichRenderer.decode(RichRenderer.java:342)
     at org.apache.myfaces.trinidad.render.CoreRenderer.decode(CoreRenderer.java:274)
     at org.apache.myfaces.trinidad.component.UIXComponentBase.__rendererDecode(UIXComponentBase.java:1324)
(the rest of lines skipped).
Any suggestions?
Edited by: user13307311 on Apr 16, 2013 11:39 PM

@Lovin_JV_941794
The welcome page is public available since it does not have appropriate PageDef file.
Login page comes not from the welcome page, it comes after attempt to access the test page. So after the login succeeded the test page appears, because redirect to welcome page after successful login is not configured. I do not need to return the welcome page at this moment, I need to go to the test page.
It seems the task flow call stack to be destroyed after redirect to login page.
Edited by: user13307311 on Apr 17, 2013 12:45 AM

Web Center app with ADF Security - login problem

I have a custome Oracle Web Center app.
I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
and i get
Error 403--Forbidden
I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
This works fine if i use a Login link with
destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
Edited by: new_to_webcenter on 18-Jan-2011 05:25

Thanks for your response Frank.
The web.xml has
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
"/faces/postLogin.jspx"
this then adds into web.xml
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/postLogin.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
So the sequence which works is:
Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
So should the form be posting to j_security_check directly or to the adfAuthentication ?

Web Center app ADF Security - login problem

I'm making an Oracle Web Center app.
I have an app page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the http://127.0.0.1:7101/MyApp-ViewController-context-root/
and i get
Error 403--Forbidden
I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the entries are there.
This works fine if i use a Login link with
destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.

Ah so when you try to access a JSPX page it works but when you try to access an HTML page it does not work?
I can't see what the problem could be if it works for a JSPX but not for an HTML. Perhaps something with the filters in the web.xml
Maybe you should ask this at the ADF forum: JDeveloper and ADF
The guys there have way more understanding about this stuff than here.

ADF Security to J2EE Container Managed Security Problems

Hi al!
I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
Part of my web.xml file:
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/app/index.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<security-role>
<description>Admins</description>
<role-name>admin_role</role-name>
</security-role>
<security-role>
<description>Users</description>
<role-name>user_role</role-name>
</security-role>
<security-role>
<role-name>oc4j-administrators</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllAdmins</web-resource-name>
<url-pattern>faces/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllUsers</web-resource-name>
<url-pattern>faces/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>oc4j-administrators</role-name>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
Do I have to remove this adfAuthentication tags?
I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
Thank you in advance!
Bye
PS
Maybe stack trace after login:
FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

Hi there!
I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
log("method equals start",0);
log("another type = " + another.getClass(), 0);
if (another instanceof Principal)
Principal mine = (Principal)another;
log("Principal mine.getName() = " + mine.getName(), 0);
The result is this output (after navigating to page that gives 401 forbidden):
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
07/10/12 08:46:09 [DBUserPrincipal] method equals start
07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
Thank you!
BB

ADF security logout problem in adfAuthentication?logout =true

Hi,
I've configured ADF security and implementing logout as in http://blogs.oracle.com/jdevotnharvest/entry/how-to_logout_from_adf_security
Also I have configured OID in the standalone WL server and when deployed this to the standalone wl, the login works fine. But when I click the logout the page redirects saying 10.4.4 403 Forbidden. and the redirected url is
/adfAuthentication?logout=true & end_url=/faces/AppLogin.jspx Please help, why the logout is forbidden?
ver. 11.1.1.4
my web.xml entries
<security-constraint>
    <web-resource-collection>
      <web-resource-name>adfAuthentication</web-resource-name>
      <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>valid-users</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/faces/AppLogin.jspx</form-login-page>
      <form-error-page>/faces/error.jspx</form-error-page>
    </form-login-config>
</login-config>
<security-role>
    <role-name>valid-users</role-name>
</security-role>and weblogic.xml
<security-role-assignment>
    <role-name>valid-users</role-name>
    <principal-name>users</principal-name>
</security-role-assignment>

What I get is a Error 403--Forbidden and not 404 - not found. The two links provided above talks about 404 error and similar.
What I have is I can login successfully, but when I use the logout procedure it gives me a 403 --Forbidden error. Any other suggestion?

Creating a WebCenter Application with PageCutomizable and ADF Security

I created a Webcenter App in Jdev 11.1.1.2.0 with webcenter extension.
I have 2 JSPX files.
One called mainTemplate.jspx
- contains header, footer in ADF and a center facet.
One called Welcome.jspx created from mainTemplate
- contains page customizable > panel customizable > layout customizable > various custom panel configs.
ADF security is configured with BASIC, authentication only. Because form authentication seems harder to get working.
We have one weblogic user, and currently deploy to the integrated WLS, although we'll deploy out to a full server once security/composer is working.
The problem is, when we run the Welcome.jspx, and because we added a reference to a logged in var, it requests http login fine.
We then refresh the page and see that we are indeed logged in as 'weblogic'.
Is weblogic a special user? should I create a new one? Is there any setup required on the Integrated WLS to get this working?
However when we click on 'add Content' using the composer we get a permission error.
+<RegistrationConfigurator><handleError> Server Exception during PPR, #1+
javax.el.ELException: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at com.sun.el.parser.AstValue.invoke(AstValue.java:161)+
+...+
Caused by: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.setDialogHelp(DialogBean.java:129)+
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.showResourceCatalog(DialogBean.java:356)+
+     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+...+
I tried using the Customization allowed var in the property inspector, but could not map 'allowed by' to a user or role that my setup would recognise. The doco specifies 'admin' which does not work for me.
In my catalog I have a WCM portlet taskflow, which will require its own permissions.
I tried enabling permissions for the test-all role to all of my pages/taskflows, leaving just the 'view' permission to the anonymous role.
I also tried authentication/authorization profiles, and building my own jspx login/error pages, but no luck there either, the login button doesn't seem to tirgger my java doLogin class, even though I set the binding on the button using the method expression builder to the bean method.
*note: I didn't try the welcome/login/error page auto create as they generate html files, I created JSFs with full UI in there. Am I required to use those html types instead of jspx? I found that the redirection worked by appending the jspx reference with '/faces/Login.jspx'. The problem seemed to have been somewhere else.
If we have any Webcenter Composer / Security gurus out there, help would be greatly appreciated.
Our main goal is to create a Webcenter App which has security/composer/navigation and a catalog with WCM/Siebel portlets similar to the Avitek demo without using WC Spaces.
Thanks.
Thanks.
Edited by: Guillaume_Davies_SC on Apr 20, 2010 7:28 PM

When you want to achieve this you need to configure ADF security with basic authentication & authorization. THe authorization is the part that takes care of what a user may and may not do in an application. Authentication is just the log in part.
When you have configured your application for authorization as well, you have to create roles and groups.
You will also have to set the authorization of your pages. Open a jsxp and in the design or source view, right click and "edit authorization". You then have to add roles to your pages and define their rights. Then you can set the authorization for edit,cuustomize,personlise,view,...
Hope this helps.

ADF Security in JDeveloper 10.1.3.2

Hi,
i used this link http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
to apply security to my AD application using the JAN but i faced a problem which is ,if i logged in using the user i create on the OTC i always get this error HTTP Error 403 - Forbidden "You are not authorized to view this page", Although i didn't apply the authorization on my pages yet.
can anyone help?
Thanx

Hi,
using ADF Security, security is enabled as soon as you switch on ADF Security. Its a pessimistic thinking that is that you don't have access unless explicitly granted access
Frank

ADF Login problem

Hi,
I have implemented ADF Security along with a login bean and a home managed bean according to Frank Nimphius's article in the Oracle Magazine.
Problems:
1. In design view the login link is visible, but not in the browser (Firefox vers. 19).
2. Only the logout link is visible
3. When trying to logout the current page only refreshes
Login bean
package demo.view;
import java.io.IOException;
import java.util.Map;
import javax.faces.application.FacesMessage;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import oracle.adf.share.ADFContext;
import oracle.adf.view.rich.event.DialogEvent;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.URLCallbackHandler;
import weblogic.security.services.Authentication;
import weblogic.servlet.security.ServletAuthentication;
public class LoginBean {
    String _username = null;
    String _password = null;
    public static String USERNAMETOKEN = "_____demoOnlyUsernameAttrString___________";
    public static String PASSWORDTOKEN = "_____demoOnlyPasswordAttrString___________";
    public LoginBean() {
        super();
    public void setUsername(String _username) {
        this._username = _username;
    public String getUsername() {
        return _username;
    public void setPassword(String _password) {
        this._password = _password;
    public String getPassword() {
        return _password;
public void onLoginAction(DialogEvent dialogEvent) {
      if (dialogEvent.getOutcome()== DialogEvent.Outcome.ok ){
        doLogin();
      else{
        //cancel, do nothing
private String doLogin() {
      String un = _username;
      byte[] pw = _password.getBytes();
      FacesContext ctx = FacesContext.getCurrentInstance();
      HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
      try {
          CallbackHandler handler = new URLCallbackHandler(un,pw);
          Subject mySubject = weblogic.security.services.Authentication.login(handler);
          weblogic.servlet.security.ServletAuthentication.runAs(mySubject, request);
          ServletAuthentication.generateNewSessionID(request);
          //save username and password. Note that in a real application this is
          //*NOT* what you should do unencrypted. Note that this is a demo
          //Store username , password in session for later use
          //when connecting to Twitter
          ADFContext adfctx = ADFContext.getCurrent();
          Map sessionScope = adfctx.getSessionScope();
          sessionScope.put(this.USERNAMETOKEN, un);
          sessionScope.put(this.PASSWORDTOKEN, new String(pw));
            String loginUrl;
            loginUrl = "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId();
          HttpServletResponse response = (HttpServletResponse)ctx.getExternalContext().getResponse();
          sendForward(request, response, loginUrl);
      } catch (FailedLoginException fle) {
          FacesMessage msg =
              new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
                               "An incorrect Username or Password" +
                               " was specified");
          ctx.addMessage("d2:it35", msg);
      } catch (LoginException le) {
          reportUnexpectedLoginError("LoginException", le);
      return null;
private void sendForward(HttpServletRequest request,
                           HttpServletResponse response, String forwardUrl) {
      FacesContext ctx = FacesContext.getCurrentInstance();
      RequestDispatcher dispatcher = request.getRequestDispatcher(forwardUrl);
      try {
          dispatcher.forward(request, response);
      } catch (ServletException se) {
          reportUnexpectedLoginError("ServletException", se);
      } catch (IOException ie) {
          reportUnexpectedLoginError("IOException", ie);
      ctx.responseComplete();
private void reportUnexpectedLoginError(String errType, Exception e) {
      FacesMessage msg =
          new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected error during login",
                           "Unexpected error during login (" + errType +
                           "), please consult logs for detail");
      FacesContext.getCurrentInstance().addMessage("d2:it35", msg);
      e.printStackTrace();
    public String logout() {
        FacesContext ctx = FacesContext.getCurrentInstance();
        ExternalContext ectx = ctx.getExternalContext();
        String logoutUrl = "faces" + ctx.getViewRoot().getViewId();
        ((HttpServletRequest)ectx.getRequest()).getSession().invalidate();
        try {
            ectx.redirect(logoutUrl);
        } catch (IOException e) {
            e.printStackTrace();
        return null;
}Home managed bean
package demo.view;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.el.ELContext;
import javax.el.ExpressionFactory;
import javax.el.ValueExpression;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;
import oracle.adf.model.binding.DCIteratorBinding;
import oracle.adf.view.rich.component.rich.RichPopup;
import oracle.adf.view.rich.component.rich.data.RichTree;
import oracle.adf.view.rich.component.rich.layout.RichPanelGroupLayout;
import oracle.adf.view.rich.component.rich.nav.RichCommandImageLink;
import oracle.adf.view.rich.context.AdfFacesContext;
import oracle.jbo.Key;
import oracle.jbo.uicli.binding.JUCtrlHierBinding;
import oracle.jbo.uicli.binding.JUCtrlHierNodeBinding;
import oracle.jbo.uicli.binding.JUCtrlHierTypeBinding;
import oracle.jbo.uicli.binding.JUIteratorBinding;
import org.apache.myfaces.trinidad.component.UIXSwitcher;
import org.apache.myfaces.trinidad.event.SelectionEvent;
import org.apache.myfaces.trinidad.model.CollectionModel;
import org.apache.myfaces.trinidad.model.RowKeySet;
public class HomeManagedBean {
    private RichTree locationsTree;
    private UIXSwitcher formSwitcher;
    private RichPanelGroupLayout formPanelGroup;
    private RichPopup popupP1;
    public HomeManagedBean() {
    public void setLocationsTree(RichTree locationsTree) {
        this.locationsTree = locationsTree;
    public RichTree getLocationsTree() {
        return locationsTree;
   * Custom managed bean method that takes a SelectEvent input argument to generically
   * set the current row corresponding to the selected row in the tree. Note that this
   * method is a way to replace the "makeCurrent" EL expression (#{bindings.<tree binding>.
   * treeModel.makeCurrent}that Oracle JDeveloper adds to the tree component SelectionListener
   * property when dragging a collection from the Data Controls panel. Using this custom
   * selection listener allows developers to add pre- and post processing instructions. For
   * example, you may want to enforce PPR on a specific item after a new tree node has been
   * selected. This methods performs the following steps
   * i.   get access to the tree component
   * ii. get access to the ADF tree binding
   * iii. set the current row on the ADF binding
   * iv. get the information about target iterators to synchronize
   * v.   synchronize target iterator
   * @param selectionEvent object passed in by ADF Faces when configuring this method to
   * become the selection listener
   * @author Frank Nimphius
public void onTreeSelect(SelectionEvent selectionEvent) {
    /* REPLACES */
    //#{bindings.allLocations.treeModel.makeCurrent}
   /* custom pre processing goes here */
//get the tree information from the event object
RichTree tree1 = (RichTree) selectionEvent.getSource();
//in a single selection case ( a setting on the tree component ) the added set only
//has a single entry. If there are more then using this method may not be desirable.
//Implicitly we turn the multi select in a single select later, ignoring all set
//entries than the first
RowKeySet rks2 = selectionEvent.getAddedSet();
//iterate over the contained keys. Though for a single selection use case we only expect
//one entry in here
Iterator rksIterator = rks2.iterator();
//support single row selection case
if (rksIterator.hasNext()){
    //get the tree node key, which is a List of path entries describing the
    //location of the node in the tree including its parents nodes
    List key = (List)rksIterator.next();
   //get the ADF tree binding to work with
    JUCtrlHierBinding treeBinding = null;
    //The Trinidad CollectionModel is used to provide data to trees and tables. In the
    //ADF binding case, it contains the tree binding as wrapped data
    treeBinding = (JUCtrlHierBinding) ((CollectionModel)tree1.getValue()).getWrappedData();
    //find the node identified by the node path from the ADF binding layer. Note that
    //we don't need to know about the name of the tree binding in the PageDef file because
    //all information is provided
    JUCtrlHierNodeBinding nodeBinding = nodeBinding = treeBinding.findNodeByKeyPath(key);
    //the current row is set on the iterator binding. Because all bindings have an internal
    //reference to their iterator usage, the iterator can be queried from the ADF binding
    //object
    DCIteratorBinding _treeIteratorBinding = null;
    _treeIteratorBinding = treeBinding.getDCIteratorBinding();
    Key rowKey = nodeBinding.getRowKey();
    JUIteratorBinding iterator = nodeBinding.getIteratorBinding();
    iterator.setCurrentRowWithKey(rowKey.toStringFormat(true));
    //get selected node type information
    JUCtrlHierTypeBinding typeBinding = nodeBinding.getHierTypeBinding();
    // The tree node rule may have a target iterator defined. Target iterators are
    // configured using the Target Data Source entry in the tree node edit dialog
    // and allow developers to declaratively synchronize an independent iterator
    // binding with the node selection in the tree.
    String targetIteratorSpelString = typeBinding.getTargetIterator();
    //chances are that the target iterator option is not configured. We avoid
    //NPE by checking this condition
    if (targetIteratorSpelString != null && !targetIteratorSpelString.isEmpty()) {
      //resolve SPEL string for target iterator
      DCIteratorBinding targetIterator = resolveTargetIterWithSpel(targetIteratorSpelString);
      //synchronize the row in the target iterator
      targetIterator.setCurrentRowWithKey(rowKey.toStringFormat(true));
    /********************* DISPLAY INPUT FORM FOR SELECTED NODE **********************/
    //get the name of the selectected tree node object. In this sample the value is
    //adf.sample.model.DepartmentsView,adf.sample.model.EmployeesView or
    //adf.sample.model.LocationsView
    String selectedNodeObjectRef = typeBinding.getStructureDefName();
    //write selected node object reference to session
    AdfFacesContext adfFacesCtx = AdfFacesContext.getCurrentInstance();
    Map viewScope = adfFacesCtx.getViewScope();
    viewScope.put("nodeRef",selectedNodeObjectRef);
    //refresh form display
    adfFacesCtx.addPartialTarget(this.getFormPanelGroup());
   * Helper method to resolve EL expression into DCIteratorBinding instance
   * @param spelExpr the SPEL expression starting with ${...}
   * @return DCIteratorBinding instance
private DCIteratorBinding resolveTargetIterWithSpel(String spelExpr){
   FacesContext fctx = FacesContext.getCurrentInstance();
   ELContext elctx = fctx.getELContext();
   ExpressionFactory elFactory = fctx.getApplication().getExpressionFactory();
   ValueExpression valueExpr = elFactory.createValueExpression(elctx, spelExpr,Object.class);
   DCIteratorBinding dciter = (DCIteratorBinding) valueExpr.getValue(elctx);
   return dciter;
    public void setFormPanelGroup(RichPanelGroupLayout formPanelGroup) {
        this.formPanelGroup = formPanelGroup;
    public RichPanelGroupLayout getFormPanelGroup() {
        return formPanelGroup;
    //based on the current state of the login link,
    //log user in or out
    public void onLoginLogout(ActionEvent actionEvent) {
        RichCommandImageLink rcil = (RichCommandImageLink) actionEvent.getComponent();
        String commandLinkIcon = rcil.getIcon();
        if (commandLinkIcon.indexOf("glbl_login_msg.gif") >0){
          //login
          RichPopup.PopupHints hints = new RichPopup.PopupHints();
          popupP1.show(hints);
        else{
          //logout
          FacesContext fctx = FacesContext.getCurrentInstance();
          ExternalContext ectx = fctx.getExternalContext();
            try {
                ectx.redirect("/adfAuthentication?logout=true&end_url=/faces/home.jspx");
            } catch (IOException e) {
                e.printStackTrace();
    public void setPopupP1(RichPopup popupP1) {
        this.popupP1 = popupP1;
    public RichPopup getPopupP1() {
        return popupP1;
}Source code in home page
<af:commandImageLink text="Logout" id="commandImageLink1"
                                                          icon="#{resource['images:glbl_logout.gif']}"
                                                     rendered="#{securityContext.authenticated}" partialSubmit="true"
                                                     immediate="false"
                                                          inlineStyle="font-family:Arial, Helvetica, sans-serif; font-size:11px; color:White;"
                                                             action="#{LoginBean.logout}"/>
                                     <af:commandImageLink text="Login" id="cil1"
                                                          icon="#{resource['images:glbl_login_msg.gif']}"
                                                     rendered="#{!securityContext.authenticated}"
                                                          inlineStyle="font-family:Arial, Helvetica, sans-serif; font-size:11px; color:White;"
                                                          action="#{LoginBean.toString}">
                                    <af:showPopupBehavior popupId="p1" triggerType="action" align="startAfter"
                                                          alignId="cil1"/>
                                </af:commandImageLink>
                                <af:popup id="p1" binding="#{HomeManagedBean.popupP1}">
                                    <af:dialog id="d2" title="Please Login" type="okCancel" closeIconVisible="false"
                                               modal="true" stretchChildren="none"
                                               dialogListener="#{LoginBean.onLoginAction}">
                                        <af:panelFormLayout id="pfl5">
                                            <af:inputText label="Username" id="it34" columns="20"
                                                          value="#{LoginBean.username}"/>
                                            <af:inputText label="Password" id="it35" secret="true" columns="20"
                                                          value="#{LoginBean.password}"/>
                                            <af:message id="m2" for="it35" messageType="error"/>
                                        </af:panelFormLayout>
                                    </af:dialog>
                                </af:popup>Other settings:
1. No welcome page set in web.xml
2. No redirect page set in jazn-data.xml
3. Users, Enterprise and application roles set in ADF Security
4. Managed Beans registered in adfc-config.xml
Help greatly appreciated!

Without going through all the code:
the visibility of the links depends on
logout:
rendered="#{securityContext.authenticated}"
login:
rendered="#{!securityContext.authenticated}"This means, if you see the logout link, but not the loging link, the framework assumes that you are logged in already.
Investigate in this direction.
Timo

ADF Security not working 401 error

I am having problems with securing my ADF using LDAP after the server I was using was rebuilt and all software re-installed.....
This did work before the rebuild so I am guessing that there are some settings that were no configured after the rebuild.
We are using weblogic and Jdeveloper 11.1.1.6 and When I use the Wizard to secure my app and if I pick "ADF Authentication" I get the login in page and I can log into the application and things work.
I then try to go in and use the "ADF Authentication and Authorization" option and deploy and I get a 401 - Unauthorized error..
It used to work so I am pretty sure I am setting the Enterprise roles / Application Roles etc... correctly but wondered if anyone might be able to point me to what settings might be the issue etc.
Thank you in advance for any assistance.

After turning off ADF security in application - it works.
When ADF security is turned on - it doesn't.
When opening the same application with ADF security on in previous version of JDev - it works again.
Our application uses custom login bean, but it is not even reaching login bean after login form submit (sample is made as http://www.youtube.com/watch?v=mAWBezngA1s)

Bug concerning ADF security

Just wanted to make a thread about this strange behavior when working with ADF security. Discovered it was a bug (i think).
I have just enabled ADF security in my project after reading chapter 28 of the developers manual and watching Franks tutorials on the Code Core center. I was having trouble implementing it and thought I was just doing it wrong. It seemed so simple in the manual. The trouble I was having was that if I granted some access to a task flow or a web page to a application role or to the anonymous role it wouldn't become active. No changes made in the jazn-data.xml would make any different. Next day when I started up again it all worked. But making further changes would also not become active. I looked ad the logs and noticed the following error in the deploy process:
+[Running application Health_Project1 on Server Instance DefaultServer...]+
Uploading jazn-data identities.
Uploading jazn-data policies.
oracle.security.jps.JpsException: Destination context default missing in the specified jps-config.xml.
+     at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.getPolicyStoreForDestination(JpsPolicyAPIManager.java:165)+
+     at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.<init>(JpsDstPolicy.java:150)+
+     at oracle.security.jps.internal.tools.utility.destination.JpsInitializerDst.getDestinations(JpsInitializerDst.java:82)+
+     at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtility.java:63)+
+     at oracle.security.jps.internal.tools.utility.JpsUtilDeploymentImpl.migrateAppPolicyToFarmLevelPolicyStore(JpsUtilDeploymentImpl.java:81)+
+     at oracle.security.jps.internal.tools.utility.JpsUtilDeploymentImpl.migrateAppPolicyToFarmLevelPolicyStore(JpsUtilDeploymentImpl.java:103)+
+     at oracle.jdevimpl.adrs.weblogic.JaznDataUploader.uploadPolicies(JaznDataUploader.java:610)+
+     at oracle.jdevimpl.adrs.weblogic.JaznDataUploader.uploadJaznData(JaznDataUploader.java:212)+
+     at oracle.jdevimpl.runner.adrs.AdrsStarter.uploadJaznData(AdrsStarter.java:1703)+
+     at oracle.jdevimpl.runner.adrs.AdrsStarter.mav$uploadJaznData(AdrsStarter.java:116)+
+     at oracle.jdevimpl.runner.adrs.AdrsStarter$5.run(AdrsStarter.java:1344)+
+     at java.lang.Thread.run(Thread.java:619)+
Uploading credentials.
After some digging I found that this was a bug related to the application path. The application was located in "My Documents" with the path c:\Documents and Settings\.......
It is no good to have space in the application path. After I moved the application to a more simple like path c:\dev\sb\mywork the ADF security worked fine. Changes in policies would become affective immediately. Later I ran into the same problem but this time the application path was simple but the application name had an underscore in it "my_project". By removing the underscore and making the application name MyProject along with changing all the properties, xml and connection files the ADF security worked like it should.
So in short:
** Don't have a space in the path where the application is stored.*
** Don't have a underscore in the application name.*
Please comment if I'm wrong. This post is just for information if other users are running into similar problems.
Best regards,
Sturla Thor

hi,
if you delete this line
<property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>
in the jsp-config.xml you can at least use your application with authentication but authorization doesn't work b/c the subject does not contain the principals:
ADFContext.getCurrent().getSecurityContext().getUserRoles();
returns an empty String[].
Is there a workaround?
Cheers Andy

Oracle ADF Security Login page

hi.
I am using oracle ADF 11.1.2.2.0 (oracle Jdevelopr 11g release 2) in my job environment. There are 3000 users working as client level in our company. They have separated user Id and roles. They can change their passwords. There are expiration period for passwords which is handle by in database level. when the employees are going to terminate or retirement , we can control their login status. that mean we change their Active status as a Inactive status. some times we recruit number of emplooyes for cover our business targets. Their User Id also in database table level.
My main problem is how we can handle number of employees using Oracle ADF security configuration.
second one is how user can change their passwords.
Third is how number of employees going to terminate ,handle their Active/Inactive State.
Fourth one is If we use this Oracle Security system ,project managers or project cordinator or Adminstrator level authenticator must need to deploy time to time war file, because of adding removing users in jazn-data.xml.
hoping help from you.Thanking for all.

So, you can define SQLAuthenticator/SQLReadOnlyAuthenticator on Weblogic which will retrieve users from your db table(instead of jazn-data file) to application server.
Then, in your application you can enable ADF Security and this will generate login page.
And, this is it :)
If you need some custom processing before users login to your app, then you can create custom login page and do whatever you want in Java code:
http://docs.oracle.com/cd/E16162_01/web.1112/e16182/adding_security.htm#BABDEICH
>
But 11g has Database connection in Application Resource. Using that connection I need to log to the system using user's User iD and Password
>
This connection is valid only in design time. When you deploy your application to application server, then you can include this connection in .ear file, or you can define Data Source on Weblogic(which is better approach).
To programmatically retreive db connection, you can create utility method in your Application Module.
Dario

ADF security from Datababse

Hello ,
I am using JDeveloper 11.2.3.0.
I am using ADF security and I am using DB tables for authentication.
I created the DB authentication in th weblogic and I inserted the SQL queries in the provider configuration.
In the ADF app , I enabled adf security. I added the enterprise roles as mentioned in my DB tables. I created the application roles and I gave grants to users.
My problem is , when I run the application, the users are not loaded from weblogic but recreated with new IDs and like that the DB doesn't assign roles to every user ( because fdifferent ID).
Any want knows how to solve this problem ??
thanks in advance
FARAJ

Hello frank,
My problem is , when I run the application , the application roles are not loaded from DB ( as in weblogic ) but they are recreated with new IDs.
I have 3 tables : users , roles and grant_roles.
when I run the application , the roles are deleted and recreated with new IDs :
before running :
table user :
ID | User ......
1 | x
table roles:
ID | role ......
2 | y
table grant_roles:
ID | role | user
3 | 2 | 1
after running the tables become :
table user :
ID | User ......
1 | x
table roles:
ID | role ......
*4 |* y
table grant_roles:
ID | role | user
3 | 2 | 1
Edited by: Faraj on Feb 13, 2013 5:56 AM

ADF Security Log Out issue

Hi,
We have implemented ADF security and using form based authentication. The problem we are facing is during logout, in IE we see a NullPointerException, before the login page is displayed. Please note that this functionality works fine in Firefox and Chrome. Also this happens only in standalone weblogic server. It works perfectly fine in a cluster. The logout link is command link which goes to logout.jspx. The implementation in logout.jspx is as follows
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1">
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<jsp:forward page="/adfAuthentication">
<jsp:param name="logout" value="true"/>
<jsp:param name="end_url" value="#{initParam.loginURL}"/>
</jsp:forward>
</jsp:root>
the loginURL is configured in web.xml as */faces/login.jspx.*
The exception stack trace is .
<Dec 10, 2012 7:44:44 AM UTC> <Notice> <WebLogicServer> <BEA-000360> <Server
started in RUNNING mode>
<Dec 10, 2012 7:45:51 AM UTC> <Warning> <oracle.adf.share.ADFContext>
<BEA-000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic
initialization is performed improperly.
This message may be avoided by performing initADFContext before using
getCurrent().
For more information please enable logging for oracle.adf.share.ADFContext at
FINEST level.>
<Dec 10, 2012 7:45:51 AM UTC> <Error>
<oracle.adf.controller.internal.binding.TaskFlowRegionModel> <BEA-000000>
<1i9kmqwku_121>
<Dec 10, 2012 7:45:51 AM UTC> <Warning>
<oracle.adf.view.rich.component.fragment.UIXRegion> <ADF_FACES-00009> <Error
processing viewId: /InventoryUIShell URI:
/oracle/communications/inventory/ui/framework/templates/InventoryUIShell.jspx
actual-URI: /oracle/communications/platform/cui/fragments/mainArea.jsff.
oracle.adf.controller.internal.InvalidViewPortIdException: ADFC-14000: View
port ID '1i9kmqwku_33' is invalid.
at
oracle.adfinternal.controller.state.ControllerState.setCurrentViewPort(Control
lerState.java:1319)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:135)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:52)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.doProcessEndRegion(
TaskFlowRegionModel.java:320)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.processEndRegion(Ta
skFlowRegionModel.java:237)
at
oracle.adf.view.rich.component.fragment.UIXRegion$RegionContextChange.undoChan
geImpl(UIXRegion.java:1209)
at
oracle.adf.view.rich.context.DoableContextChange.suspend(DoableContextChange.j
ava:49)
at
oracle.adf.view.rich.context.DoableContextChange.undoChange(DoableContextChang
e.java:103)
at
oracle.adf.view.rich.component.fragment.UIXRegion._endInterruptibleRegion(UIXR
egion.java:726)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:576)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:565)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
Any pointers to resolve this would be helpful.
Thanks,

Hi,
Check these
http://tompeez.wordpress.com/2010/07/26/logout-with-confirmation-dialog/
http://www.oracle.com/technetwork/developer-tools/adf/learnmore/jan2011-otn-harvest-300940.pdf

ADF security problem

Similar Messages

Maybe you are looking for