ADF UI Shell + ADF Security - blog post

Similar Messages

• Can we do customization using db based MDS where ADF security not enabled?

  JDeveloper 11.1.1.6 : ADF BC + ADF Faces
  Requirement : I want to customize the application across the user session. In this app I have NOT used ADF security. There is siteminder security setup on the server which authenticates the application. The logged in userid/username is available in the request header.
  Now my question is can i customize this app using db based MDS?
  Any help will be appreciated.
  ~Abhijit

  Abhijit,
  My first instinct was to say "of course you must enable ADF Security" and post a link to the docs. However, the docs are silent on this.
  The best quote that I can give you is from [url http://docs.oracle.com/cd/E18941_01/tutorials/jdtut_11r2_18/jdtut_11r2_18.html]here, which says (in step 12):
  Before you can persist user customizations across sessions using MDS as the repository, you must configure ADF Security and create users for the application.John

• Could someone explain me about ADF Security in UI Shell?

  Hello.
  I have my application main page implemented with a dynamic region and it's working fine.
  The application is secured using ADF Security and it is fine too.
  All the bounded taskflows are imported as ADF Libs. They have their permissions in jazn-data.xml. All the permissions work fine when the page is implemented with a dynamic region.
  Now I'm trying to rebuild it using UI Shell.
  All the permissions are the same, but now all my taskflows are not available.
  I've checked that it's a security issui by disabling security. Everything began to work fine.
  What changes should I do to permissions to make them work in UI Shell page?
  I've read this article http://one-size-doesnt-fit-all.blogspot.com/2009/12/adf-ui-shell-adf-security.html but didn't get the clue. It seems to me that everything's configured correctly.
  Thanks.
  JDev 11.1.2.2

  Hello Frank,
  I've added some test code to the lauching method and it shows no error:
  // name = User Info ;fullFlowId = /WEB-INF/info-tfd.xml#info-tfd
  System.out.println("userInRole = "+
              JSFUtils.resolveExpression("#{securityContext.userInRole['personal_office-app']}")
              ); // -> true
  System.out.println("taskflowViewable = "+JSFUtils.resolveExpression("#{securityContext.taskflowViewable['"+fullFlowId+"']}")); // -> trueBut still addOrSelectTab opens a new tab with "User Info" as a title but nothing is viewable in it.
  And here's jazn-data.xml part:<jazn-policy>
            <grant>
              <grantee>
                <principals>
                  <principal>
                    <name>personal_office-app</name>
                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                  </principal>
                </principals>
              </grantee>
              <permissions>
                <permission>
                  <class>oracle.adf.controller.security.TaskFlowPermission</class>
                  <name>/WEB-INF/info-tfd.xml#info-tfd</name>
                  <actions>view</actions>
                </permission>
                ...Also, my previous main page wuth a dynamic region in the same application is still working fine.

• GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0

  If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
  First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
  http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
  http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
  http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
  http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
  Are you getting either of the following errors?
  <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
  oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
  Error 500--Internal Server Error
  java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
  1) Create a new application.
  2) Create three .jspx pages called login, error, and welcome.
  3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
  4) Right-Click on your Application and select Secure->Configure ADF Security
  5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
  Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
  <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
  oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
  6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
  7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
  8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
    <policy-store>
      <applications>
        <application>
          <name>SecurityError</name>
          <app-roles>
            // Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
            <app-role>
              <name>anonymous-role</name>
              <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
              <display-name>anonymous-role</display-name>
            </app-role>
           // Whew, the end of that app role
          </app-roles>
          <jazn-policy>
            <grant>9) You're going to want to delete that app role XML
  10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
  11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
  12) Run your welcome page. Yay, the error is gone. How sweet it is.
  Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
  // You fool!
  Error 404--Not Found
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.5 404 Not FoundThat's not so good. Let's fix that.
  1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
  2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
  3) Re-run your welcome page.
  // Suckered AGAIN!
  Error 500--Internal Server Error
  java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
  Ahh!! Now THAT's how we do it in Kingsport!
  Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
  Will

  Ha :-)
  Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
  I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
  But your call, no pressure of course ;-)
  CM.

• How to integrate a SSO based in cookie with ADF Security

  At work they asked me to integrate a existing SSO based in cookie with the new ADF + Jdeveloper 11g + WLS. After google for days and read a lot of blogs and official documentation I've made a custom LoginModule. I made it very simple, it's just an "if" inside the login() function with the username, if the username is "john" I put to the Subject some Principals. My steps are:
  1- Create a new app based on "Fusion application" template.
  2- Make a new ADF Taskflow with only one view inside (the entry point of the taskflow). The jspx only contains a welcome message.
  3- Run the ADF Security wizard, all the steps with the default option, I don't change anything.
  4- Put some users and some roles in jazn-data.xml, and maping them to an application role. Then I grant permissions to the application role to view the previous task flow.
  At this point everything is ok. I run the taskflow and a basic login popup prompts me to write my username and password. Now I try to remove everything useless for me, like idstore, credentials, anonymous, etc. I only want a LoginModule that get the HttpRequest and passes it to an already done class that returns a true/false depending if the cookie is correct or not but, as I said before, my LoginModule is so simple now and even didn't try to do something more complicated than an if. The steps I try are:
  in jps-config.xml
  5- Remove idstore.xml and credentials.
  6- (loginmodule tab) Make a new login module, and put here my class. The class is in the ViewController project and JDeveloper find it navigating through the heriarchy, so I have visibility. I put REQUIRE flag, add all roles and debug mode.
  7- In the security context unmark the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
  All that I got until now is a 500 error (Internal server error - Authorization Exception). Sometimes (the close i've ever been to do something correct) the browser ask me for user/password but then only recognizes the users that already are in WLS (idstore from previous tests), but NOT the "john" user that is inside my custom LoginModule. Even more, if I run the WLS from JDeveloper 11g in debug mode, the runtime never stops at breakpoints inside my custom login module. It seems that my LoginModule isn't deployed or I made some error maping the roles.
  So, my questions are:
  - I'm in the good way? If I want an authentication based in cookie/httprequest I have to do a custom LoginModule? My goal is to do a re-usable code, and re-use the code that my co-workers have done. They have a class that with only the HttpRequest determines if a user is logged or not.
  - If I'm in the good way... how can I put my custom LoginModule in the WLS? I tried to search something in the Administration Panel (localhost:7101/console) but I did'nt find nothing.
  - In case I'd got the custom LoginModule working fine in WLS... how can I get a HttpRequest from a LoginModule and avoid the username/password dialog? I've to make a filter and pass it to the my LoginModule? If it's correct... how?
  I don't post my code because is so simple, it's based on DBTableLoginModule but without all the database access code.
  Thanks to all!
  P.D.: If this message isn't in the correct forum, I'm sorry. Feel free to move it.
  P.D.2: Sorry about my english, I'm spanish. I know i've to practise a lot :)

  Hi Frank,
  Thanks a lot for your answer. Just one more easy question: what I need to do is a custom Authentication Module (which will read the cookie)? If only you can point me to the correct chapter of the WLS documentation I'll be very pleased.
  In future releases of JDeveloper will be easier to do this kind of things related to security?
  Riveck

• ADF security logout not working

  Hi,
  Using ADF Faces and JDeveloper 11.1.1.1.0 (5407).
  I have a secure ADF application, my login is working fine, however once I attempt to perform a logout using methods indicated in both the Fusion Developer's Guide and various blog posts my application begins to act strangely.
  Using the Forms based authentication I have login.html and error.html setup and working.
  I have a home.jspx (unsecured, no bindings whatsoever) as my landing page, and welcome.jspx as my successful authentication redirect page, both on my adfc-config diagram and with a control flow case 'login' between them.
  In my jazn-data.xml file I have granted the 'authenticated-role' access to the welcome page.
  The web.xml file includes the login.html and error.html files listed.
  The above works, I can login and am successfully redirected to the welcome page with a user account I have specified, and if I use wrong login information I am redirected to error.html.
  Now, I have tried 2 methods to get LOGOUT working properly and both are not working.
  Firstly and most simply I tried using the following on my welcome page:
  <af:commandNavigationItem text="Logout" id="cni1" destination="/adfAuthentication?logout=true&amp;end_url=faces/home.jspx"/>When I click the link, this does redirect me to the home page and there are no warnings/errors in the server log.
  However... when I then click on the Login link on the home page that should prompt me to login again, the home page just flickers and nothing happens. Again no warnings/errors in logs.
  I am then forever stuck on the home page.
  The second method I tried involves using a backing bean, which I have registered in my adfc-config.xml file with 'request' scope.
  On my welcome.jspx:
  <af:commandLink text="Logout" id="gl1" action="#{loginBean.doLogout}"/>My link calls the doLogout() method in my backing bean containing:
    import java.io.IOException;
    import javax.faces.context.ExternalContext;
    import javax.faces.context.FacesContext;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;
    public String doLogout() throws IOException {
      ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
      HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
      HttpSession session = (HttpSession)ectx.getSession(false);
      session.invalidate();
      response.sendRedirect("home.jspx");
      return null;
    }The application DOES redirect me to home.jspx however I get the following error in the logs:
  java.lang.IllegalStateException: Cannot forward a response that is already committed
       at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:122)
       at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:410)
       at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:44)
       at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:44)
       at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:44)
       Truncated. see log file for complete stacktrace
  AND...the same thing happens as with my other attempt, I am stuck on the home page and clicking the login link just flickers the page.
  I feel as if I have followed the Fusion Developer's Guide on how to do this down to a T, however I am not getting a working solution.
  Any help would be greatly appreciated.
  Thankyou,
  Matthew.

  I have had a few developments...
  I found out that after I have been redirected to home.jspx where my Login link just refreshes the page on click... if I instead manually change the end of the URL in the address bar of my browser to /welcome.jspx, then it works...I get prompted to login again. This proves that I am actually being logged out, if I change the URL manually before I click my logout link (calling the logout method) it does not request for me to log in again.
  So it seems that the problem lies with my action reference on my login link.
  <af:commandLink text="Enter" id="cl1" action="login" inlineStyle="font-size:small;"/>the action 'login' works UNTIL i logout, then it does not work anymore...
  Second to this, I tried a different LOGIN method using:
  <af:commandNavigationItem text="Login" id="cni1" inlineStyle="font-size:small; text-decoration:none;"
                                          destination="/adfAuthentication?success_url=faces/welcome.jspx"/>When using this way to login, I can login, logout AND LOG BACK IN successfully...
  However as soon as I click on ANY component that uses a control flow case it just refreshes the page.
  re-proving from the first example that the problem is that control flow cases stop working after a logout.
  so basically, once I log out and then try to navigate a control flow case, the page I am on just refreshes and the navigation does not occur.
  Surely someone now can elaborate on this.
  Regards,
  Matthew.

• Migrating ADF Security to WLS using OID

  I have seen a number of posts on this forum regarding deploying an application which has ADF Security enabled to a stand-alone WebLogic server, but none of them seem to address the following.
  I have an application in JDeveloper which uses an XML-based identity store and policy store. I have a stand-alone WLS which is connected to OID. I am trying to migrate the credential store and policy store to the OID configured for my stand-alone WLS. The various blogs and OTN articles mentioned frequently in this forum regarding ADF Security address configuring OID in WLS, as well as how to migrate security to XML-based providers on WLS. However, I have not seen any information on how to migrate security to OID in WLS. I have a few questions in particular:
  1) JDeveloper online help has limited information for modifying the jps-config.xml to have a destination context, service instance, and service provider for LDAP (OID). It has configuration parameters for &ldquo;JpsFarmName&rdquo; and &ldquo;JpsRootNodeName&rdquo;. What are these used for, and what should the values be?
  2) Does the jps-config.xml file need to be modified in WLS (i.e. &lt;Domain&gt;/config/oracle/jps-config.xml)? Is this file even used at runtime by WLS?
  3) How does WLS know to use OID for obtaining credential, identity, and policy information instead of system-jazn-data?
  Any information on this topic would be very appreciated!
  Thanks,
  Erick

  Hi,
  I am using migrateSecurityStore for policy migration from xml to OID.
  migrateSecurityStore(type="policyStore",configFile="t2p-policies.xml",src="XMLsourceContext",dst="LDAPdestinationContext")
  when I run above command I am getting following error.
  Jul 9, 2009 11:00:08 AM oracle.security.jps.internal.config.util.BootstrapConfig
  urationUtil getCredentialFromBootstrapWallet
  SEVERE: Cannot get credential. Reason java.security.PrivilegedActionException: o
  racle.security.jps.service.credstore.CredStoreException.
  COMMAND FAILED due to an unknown reason, Check the stack trace for details
  Traceback (innermost last):
  File "<console>", line 1, in ?
  File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 780, in migrateSec
  urityStore
  File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 752, in migrateSec
  urityStoreImpl
  at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(
  LdapPolicyStore.java:230)
  at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
  .getInstance(LdapPolicyStoreProvider.java:108)
  at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
  .getInstance(LdapPolicyStoreProvider.java:55)
  at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServ
  iceInstance(ContextFactoryImpl.java:139)
  at oracle.security.jps.internal.core.runtime.DelegatingContextFactoryImp
  l.findServiceInstance(DelegatingContextFactoryImpl.java:61)
  at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
  xt(ContextFactoryImpl.java:170)
  at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
  xt(ContextFactoryImpl.java:206)
  at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getCo
  ntextFromConfig(JpsContextFactoryImpl.java:171)
  at oracle.security.jps.internal.tools.utility.util.JpsHelper.getContextF
  romConfigObj(JpsHelper.java:115)
  at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.g
  etPolicyStoreForDestination(JpsPolicyAPIManager.java:157)
  at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDs
  tPolicy.<init>(JpsDstPolicy.java:186)
  at oracle.security.jps.internal.tools.utility.destination.JpsInitializer
  Dst.getDestinations(JpsInitializerDst.java:82)
  at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtili
  ty.java:63)
  at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl
  .migrateAllPolicyData(JpsUtilMigrationPolicyImpl.java:234)
  at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand
  (JpsUtilMigrationTool.java:167)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsRuntimeException
  : Cannot read the default policy store.
  thanks and regards
  KishoreM

• [SOLVED] ADF Security: No success with DBTableOraDataSourceLoginModule

  Hi,
  because do not have success to implement simple ADF Security to my application for weeks I try it again with this post.
  Hopefully someone who was already successful with this issue can give me the hint, missing step or something else.
  I have read many forum posts, blogs and documentation (10.x) but because ADF security has been changed from 10g to 11g I'm never sure if a documented step from 10g is necessary for 11g also.
  I also posted my problem to posts with similar problems but no response :-(
  I use 11g, TP4.
  My Requirement:
  =============
  - user accounts and roles are stored within database tables
  - roles are not used (every user has the same rights) but stored in the database table
  - Custom Login-Page (jspx)
  - At login ADF Security only needs to check if the entered user/password is stored in the database table (no password encryption is used at the moment)
  Steps I have done:
  ADF Security wizard:
  ================
  Step 1: Enforce Authorization NOT checked (Also tried to CHECK this checkbox)
  Redirect upon sucessfull Authentication CHECKED
  generate Default CHECKED
  Step 2: No identity store CHECKED
  Step 3: Enable Credital Store CHECKED
  Step 4: No Policy Store CHECKED
  Step 5: Enable Anonymous Provider
  Step 6: Manage Login Modules --> Add "oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
  Name = oracledb.loginmodule
  Login Control Flag = Required
  Log Level = fine
  --> Add "oracledb.loginmodule" as the only "Selected login module"
  Step 7: Form-Based Authentication
  Generate default is CHECKED
  Step 8: WebResources: allPages
  Selected Roles: valid-users
  Step 9: FINISH Wizard
  Then I edit jps-config.xml manually. Here the actual content:
  =============================================================
  <serviceInstance provider="jaas.login.provider"
  name="oracledb.loginmodule">
  <property value="true" name="debug"/>
  <property value="REQUIRED" name="jaas.login.controlFlag"/>
  <property value="true" name="addAllRoles"/>
  <property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule"
  name="loginModuleClassName"/>
  <property value="FINE" name="log.level"/>
  <property value="jdbc/TLS-BOBDS" name="data_source_name"/>
  <property value="passwort" name="passwordField"/>
  <property value="rol_rolle" name="groupMembershipGroupFieldName"/>
  <property value="bediener_rollen" name="groupMembershipTableName"/>
  <property value="user_kennung" name="usernameField"/>
  <property value="bediener" name="table"/>
  <property value="persnr" name="user_pk_column"/>
  <property value="bed_persnr" name="roles_fk_column"/>
  <property value="toupper" name="casing"/>
  </serviceInstance>
  ====================================
  Then I start the application. Re-direction to the login-page works fine.
  I enter username/password and press submit --> Following error occures in OC4J log:
  ===================
  WARNUNG: TLS-BOB-ViewController-webapp: error encountered during authentication
  java.util.MissingResourceException: Can't find resource for bundle oracle.security.jps.internal.common.resources.common.CommonResources, key JPS-02575
       at java.util.ResourceBundle.getObject(ResourceBundle.java:325)
       at java.util.ResourceBundle.getObject(ResourceBundle.java:322)
       at java.util.ResourceBundle.getString(ResourceBundle.java:285)
       at oracle.security.jps.util.JpsBundle.getString(JpsBundle.java:133)
       at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:424)
       at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:401)
       at oracle.security.jps.internal.idstore.xml.idm.IdmXmlIdentityStore.searchUser(IdmXmlIdentityStore.java:99)
       at oracle.security.jps.fmw.JpsUserManager.getUserFromIdmStore(JpsUserManager.java:1109)
       at oracle.security.jps.fmw.JpsUserManager.getUser(JpsUserManager.java:1022)
       at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
       at com.evermind.security.IndirectUserManager.getUser(IndirectUserManager.java:90)
       at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletRequest.java:3927)
       at com.evermind.server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6965)
       at com.evermind.server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3350)
       at com.evermind.server.http.HttpRequestHandler.doResolveRequestDispatcher(HttpRequestHandler.java:1005)
       at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:822)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:658)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:626)
       at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:417)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:189)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:163)
       at oracle.oc4j.network.ServerSocketReadHandler$ClientRunnable.run(ServerSocketReadHandler.java:275)
       at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:237)
       at oracle.oc4j.network.ServerSocketAcceptHandler.access$800(ServerSocketAcceptHandler.java:29)
       at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:877)
       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
       at java.lang.Thread.run(Thread.java:595)
  ==================================================
  My questions:
  =============
  1) Are there additional steps necessary to implement ADF Security for my requirements ?
  2) If yes, which? Which files I have to edit manually after ADF security wizard has been finished?
  Any help is warmly welcome !
  regards
  Peter

  Hello
  Many thanks to CP and Andre who gave the missing hints in this tread:
  OC4J 11g and JAZN
  The property custom.provider mentioned by cp was the "missing link" --> now it works.
  BUT "Nobody knows the trouble I've seen ..." !
  I made dozens of trials with the same application and always similar (strange) results.
  When I CHECK "enforce Authorization" in the ADF security wizard then
  the redirection to the Login Page does NOT work (reason is unclear for me)
  If I UNCHECK "enforce Authorization" in the ADF security wizard then
  the redirection to the login page works fine BUT the redirect upon succesful Authentication doesn't work.
  --> In this case following code is missing in web.xml
  =====================
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>welcome.jsp</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  =================================
  I think (but not 100%) that SOMETIMES the propertie "<property value="true" name="custom.provider"/>" has been created by the ADF security wizard.
  SOMETIMES I was not able to create the default welcome.jsp with the ADF Security Wizard, ....
  Maybe someone can reproduce this behaviour and fills a bug.
  regards
  Peter

• How to define permission in ADF Security programmatically

  Hi
  I try to develop an application in ADF and I need to declare Application-Role, Permission, Principal programmatically and store them in policy store.
  I found an example in chapter 19 of E10043-12 but it just creates Application-Role!! . I need know how can I detect my TaskFlow, PageDefination and other resources of my application at RunTime to protect them after deployment through a custom security console. In other word i try to find a way in which i store my pageDef or TaskFlow name in database or detect them programmatically in runtime and Grant Permission to my users or enterprise role for access/denied to my application pages, TaskFlow and also if possible entities and their attributes.
  [link to chapet 19 of E10043-12|http://docs.oracle.com/cd/E23943_01/core.1111/e10043/intregrating.htm#BABECICC]
  Thank you so much

  Hi,
  you can configure WLS to use the database as the policy store, which then means that you write permissions to the database infrastructure. However, you should be able to update the default file based policy store or OID based store as well
  For database OPSS store See: http://docs.oracle.com/cd/E15586_01/core.1111/e10043/cfgauthr.htm#CHDHAIBJ
  I am not sure if OPSS supports direct updates to the policy tables. Here's a blog post of how to update policies with WLST scropts: http://enterprisesecurityinjava.blogspot.de/2010/03/ok-more-details-here.html
  Bottom line is that this is less a ADF Security question than a general WLS/OPSS question of how to administer policies using a custom interface. For this you can use WLS MBeans and WLST script, which is my understanding.
  Frank

• Login.jspx page refreshing in infinite loop in adf security

  HI,
  I have applied adf security to my application. If i create page def for login.jspx page it is refreshing in infinite loop.
  Thanks,
  Nitesh

  troubleshoot this issue as described in the post
  Thanks
  KT

• ADF Security Customization

  Hi All,
  I have unique requirement of creation of users, roles and policies.
  In my project i need to create users and roles dynamically other than from EM console or Jdeveloper i.e from front end. The data will flow through a BPEL process and the users, roles and policies have to be created.
  How to create these users in "system-jazn.xml" dynamically?
  Weblogic - 11g (11.1.1)
  Please let me know in case of any additional information required..
  Reagrds
  Surya

  Hi,
  its not an ADF Security question but OPSS (Oracle Platform Security Services), which is the owner of that file. However, this blog entry shows you how to use the OPSS API to access the Role Manager and User Manager in OPSS to do what you want
  http://fusionsecurity.blogspot.com/2009/07/opss-sample-application.html
  Frank

• Providing ADF security  to fusion WebAppliaction (ADF 11g)

  I created ADF application contains single page .
  i am able to deploy this on standalone WLS10.3
  But i need to provide the security to my application.
  I am reading the chapter :
  Enabling ADF Security in a Fusion Web Application in develpers guide.
  is there any other sources like demos / blogs/step by step tutorials about security which is helpful for begginers.if you have , pls provide me.
  Sailaja

  Here are some links:
  - [Adding Security(Oracle Doc)|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/adding_security.htm#BGBCEDDD]
  - [ADF Security Part 1: Container Managed Security (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt1/adfsec1.htm]
  - [ADF Security Part 2: Setup and Authentication (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt2/ADF%20Security%20Authentication%20and%20Setup.htm]
  - [ADF Security Part 3: Authorization (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt3/ADF%20Security%20-%20Authorization.htm]
  - [ADF Security Part 5: ADF BC Entity Security (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt5/ADF%20Entity%20Object%20Security%20through%20ADF%20Security.htm]
  Sireesha

• ADF Security: javax.servlet.jsp.JspException: Cannot find FacesContext

  Hi,
  In my ADF Application, new users are to be allowed to Register by clicking a button in login page. The Application is based on ADF Security Wizard and I have created default pages for Login and Error, so the application's login page is login.html.
  Now when I’m trying to navigate to 'NewUserRegistrationPage.jspx' Im getting javax.servlet.jsp.JspException: Cannot find FacesContext error.
  I thought the issue might be from calling a .jspx from .html so I created a 'NewLogin.jspx' Page with below code and specified this page in ADF Security Wizard for Login Page.
  Please advice me some way of calling the 'newRegistrationpage.jspx' from my login page.
  Im using JDeveloper 10.1.3.4.
  Page Code:
  <?xml version='1.0' encoding='windows-1252'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:af="http://xmlns.oracle.com/adf/faces"
  xmlns:afh="http://xmlns.oracle.com/adf/faces/html">
  <jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
  doctype-system="http://www.w3.org/TR/html4/loose.dtd"
  doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN"/>
  <jsp:directive.page contentType="text/html;charset=windows-1252"/>
  <f:view>
  <html>
  <head>
  <title>Login</title>
  </head>
  <body><form method="POST" action="j_security_check">
  <font face="Verdana" color="Navy">
  <table cellspacing="2" cellpadding="3" border="0" align="center">
  <tr>
  <th>Username:</th>
  <td>
  <input type="text" name="j_username"/>
  </td>
  </tr>
  <tr>
  <th>Password:</th>
  <td>
  <input type="password" name="j_password"/>
  </td>
  </tr>
  </table>
  </font>
  <p align="center">
  <input type="submit" name="submit" value="Submit"/>
  <input type="button" name="" value="Request Password"/>
  <input type="button" name="" value="New User Registration"/>
  </p>
  </form></body>
  </html>
  </f:view>
  </jsp:root>
  Error::
  javax.servlet.jsp.JspException: Cannot find FacesContext     at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:427)     at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java:125)     at webpages.REACHLoginPage_jspx._jspService(_REACHLoginPage_jspx.java:47)     [WebPages/REACHLoginPage.jspx]     at com.orionserver[Oracle Containers for J2EE 10g (10.1.3.4.0) ].http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)     at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)     at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594)     at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.unprivileged_forward(ServletRequestDispatcher.java:259)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.access$100(ServletRequestDispatcher.java:51)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher$2.oc4jRun(ServletRequestDispatcher.java:193)     at oracle.oc4j.security.OC4JSecurity.doPrivileged(OC4JSecurity.java:284)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:198)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.FormHttpAuthenticator.reject(FormHttpAuthenticator.java:83)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6435)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3030)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:738)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)     at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)     at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234)     at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29)     at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)     at java.lang.Thread.run(Thread.java:595)
  Edited by: Manasa Tadi on Jul 1, 2009 11:52 PM

  Hi Branislav,
  Thanks a lot for your suggestion through which now Im able to navigate to NewRegistration page from login.html.
  In my application login.html is under public_html folder where as the NewRegistration page in public_html/WebPages.
  Code I used:
  New User Registration
  But the issue now is, the NewUserRegistrationPage was also under the ADFSecurity, so inorder to navigate to it again the user had to provide authentication. So, I have removed this particular page from Security and it has started to work.
  But the issue now I face is something else. In the NewUserRegistrationPage I have a selection to be made by user about the type of user he is and based on the selection he would be navigated to next page, This next page has a VO on it as a 'create form', through which he can directly fill the form and submit his details to database table.
  But as I have removed these pages from ADF Security and authentication, the form fields/attributes in the VO are not getting binded, Im getting this Exception:
  500 Internal Server Error
  javax.faces.el.PropertyNotFoundException: Error testing property 'inputValue' in bean of type null
  For testing purpose when I have provided link from application page to NewRegistrationPage the flow is working properly, able to navigate to second page and submit the filled form to database, I think this is working because we have entered the application after providing the login credentials.'
  Help in this greatly needed.
  Thanks,
  Manasa.

• Web Center app with ADF Security - login problem

  I have a custome Oracle Web Center app.
  I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
  P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
  Edited by: new_to_webcenter on 18-Jan-2011 05:25

  Thanks for your response Frank.
  The web.xml has
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.html</form-error-page>
  </form-login-config>
  </login-config>
  When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
  "/faces/postLogin.jspx"
  this then adds into web.xml
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/postLogin.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  So the sequence which works is:
  Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
  I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
  So should the form be posting to j_security_check directly or to the adfAuthentication ?

• Web Center app ADF Security - login problem

  I'm making an Oracle Web Center app.
  I have an app page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.

  Ah so when you try to access a JSPX page it works but when you try to access an HTML page it does not work?
  I can't see what the problem could be if it works for a JSPX but not for an HTML. Perhaps something with the filters in the web.xml
  Maybe you should ask this at the ADF forum: JDeveloper and ADF
  The guys there have way more understanding about this stuff than here.