How to define permission in ADF Security programmatically

Similar Messages

• How to define a flexfiled in security manager

  hi guys ,
  i would like to use getInfo subtitution of ODI.But I could not find out where to define the variable .
  eg: ı wanna get the driver and url addresses from flexfield variable
  '<%=odiRef.getInfo("DEST_JAVA_URL")%>', <%=odiRef.getInfo("SRC_JAVA_DRIVER")%>
  but i don't know how to define the variables DEST_JAVA_URL and SRC_JAVA_DRIVER in security manager.
  pls help

  Hi,
  'mgcp call-agent [ccm1] service-type mgcp version 0.1' command you have the primary server;
  'ccm-manager redundant-host [ccm2] [ccm3]' for primary and secondary backup.
  But you will need to run 'no mgcp','mgcp' for the changes to take effect.
  Regards,
  =====================
  Please rate useful posts

• How to Define Workbook / Business Ares Security Correctly for new Users

  Hi All,
  Please could you help me understand the Security Model for Workbooks and business Areas as I believe I am very close to understanding it, but missing something important.
  Background Information:
  We are using the predefined Oracle Business Areas (Payables, Receivables, Purchasing & General Ledger) to build our reports on. These are the steps I am taking to try and assign a new user & responsibility access to the existing report.
  1. I create the Report in Discoverer Desktop under the ‘General Ledger Responsibility’ logged in as myself – assume report name = ‘Report_1’.
  2. I create a new Responsibility in Oracle Apps called ‘Discoverer Resource Coordinators’.
  3. I create a new User in Oracle Apps called ‘Joe Bloggs’ and assign the responsibility ‘Discoverer Resource Coordinators’ to the Joe.
  4. Logged in as myself in Discoverer Desktop, Responsibility ‘General Ledger’ I Share the Report (Report_1) to the new Responsibility I just created ‘Discoverer Resource Coordinators’.
  5. In Discoverer Administration, Security, I assign the new Responsibility ‘Discoverer Resource Coordinators’ to the predefined Oracle Business Areas (Payables, Receivables, Purchasing & General Ledger).
  6. In Discoverer Administration I set privileges so that the Responsibility ‘Discoverer Resource Coordinators’ can do all tasks, query data, administer. .etc. etc..
  7. I therefore believe everything has been done and attempt to Login and run the report under Joe Bloggs, but am unable to retrieve any data.
  Help… what am I missing!
  Thanks,
  Lance
  Message was edited by:
  Lance

  Dear All,
  This has now been adjusted according to your recommendations but to no avail.
  Myself and Lance have ensured that this new responsibility has unlimited access to all the existing Business areas to eliminate joins within folders not being recognised, we have also ensured that the workbooks that have been created are shared with the correct responsibility.
  I have thoroughly tested this set up by logging in as this new responsibility within Disco. Client to try and retrieve data in a new Workbook, but even for the simplest of queries this fails.
  It seems that there may be a problem with the Responsibility linking to the EUL, could this be due to the new responsibility being created after the Current EUL was set up?
  Does anyone have any information or knowledge where this could happen?
  Regards
  Si

• ADF security : How to get fnd_users list in weblogic server

  Hi All,
  I have a question related to ADF security.
  I am able to apply ADF security to the application, where users information and roles are defined in jazn.xml file.
  On deployment, users/ roles information is being successfully ported to weblogic server.
  But my requirement is to fetch users information from fnd_users table. If you have any idea as how to get the fnd_users data to weblogic, please reply.
  Thanks,
  Randhir

  Thanks John.
  I went through the link and got steps for authentication with fnd_users.
  I have one more question on this.
  Do I need to enable jazn.xml for implementing security or only the steps given in this link is sufficient?
  Since roles are also stored into fnd table, how to secure the taskflow? (roles are not defined in jazn.xml)

• [Solved] ADF Security permission error

  Hi,
  I have used ADF Security to authorize access on SRTutorial sample application but I get an error: 'JBO-35108: No permission for action: executeWithParams'. There is not an 'Edit Authorization' context menu item for this method, so how can I set permissions for it?
  Thanks,
  Saeed
  Message was edited by:
  Saeed Shafieian

  Hi Frank and Saeed,
  i get the same error (JBO-35108) like Saeed. The only difference is that the error occurs in my own application (not in SRDemo, i didn't tested this). Is there any workaround or bugfix available, or is waiting for a newer JDeveloper version the only solution?
  Solves JDeveloper11g the problem?
  Originial error message (in german):
  Fehler
  JBO-35108: Keine Berechtigung für Aktion: executeWithParams.
  My JDeveloper version:
  Studio Edition Version 10.1.3.2.0.4066
  What means 'RMT'?
  TNX in advance
  hobbes

• I don't understand how ADF Security  works

  In short I used ADF Security wizard to make a secured fusion webapp (Form authentification, XML id store, no grants). It made me the error,login and welcome page and I added one more (a page with a table). I granted that page view access to one role defined in jazn.xml. I noticed that at deploy the content of 'jazn.com' is merged into 'myrealm'. Everything goes well when I try a user defined in jazn.xml, but when I add a new user directly from the WLS console (same group as the others defined in jazn.com) I can login but I cannot access the page with the table because I'm not authorized. I think it's a role mapping issue but I'm quite not sure... I tried to look after the valid-users=users mapping but I haven't managed to find the users role into wls.
  How is the application getting the users and roles (groups) from the wls realm? Why I can log in but not authorize ?
  Thanks
  Kquizak

  Hi,
  at devlopment / testing time the way the user provisioning works is that existing users and groups of the same name are initially removed and then re-created. So in your case you have a user created in WLS that is added to a group that is re-newed by the develop-test cycle. This means that when running the application, you no longer have the user to be a member of the group. In a next version of JDeveloper 11 we probably make the user/group provisioning an option, in which case your settings will be preserved. Note that this problem doesn't exist if you deploy the app to a stand alone server, like in production
  Frank

• How can i implement "my own" security in ADF 11g

  Hi everybody,
  I have a problem and hope anyone could help me...
  Currently i am developing a ADF application, and i want to implement the security... the problem i have (and i read a lot of posts in the forum and other blogs and i don't found anything that help me) is that the "validation" of the user of password is with a webservice..... and the "roles" of the application are given to me with another web service.
  I read a lot and in the Fusion's Developer Guide in chapter 30 (Enabling ADF Security in a Fusion Web Application) explains very good how to implement the security in the application, but, that example really doesn't work for my problem.
  I wan't to know any way to in the "doLogin" action of my "Login button in my login page" to implement my own logic.
  public String doLogin() {
  2 String un = _username;
  3 byte[] pw = _password.getBytes();
  4 FacesContext ctx = FacesContext.getCurrentInstance();
  5 HttpServletRequest request =
  6 (HttpServletRequest)ctx.getExternalContext().getRequest();
  7 CallbackHandler handler = new SimpleCallbackHandler(un, pw);
  8 try {
  9 Subject mySubject = Authentication.login(handler); <<----------------------------- Here i wan't to invoke the WS that validate the user and pwd.
  10 ServletAuthentication.runAs(mySubject, request);
  11 String loginUrl = "/adfAuthentication?success_url=/faces" +
  12 ctx.getViewRoot().getViewId();
  13 HttpServletResponse response =
  14 (HttpServletResponse)ctx.getExternalContext().getResponse();
  15 sendForward(request, response, loginUrl);
  16 } catch (FailedLoginException fle) {
  17 FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR,
  18 "Incorrect Username or Password",
  19 "An incorrect Username or Password" +
  20 " was specified");
  21 ctx.addMessage(null, msg);
  22 } catch (LoginException le) {
  23 reportUnexpectedLoginError("LoginException", le);
  24 }
  25 return null;
  26 }
  And i wan't to know if i can save some other user information in some kind of session (like company, mail and other stuff).....
  And when i can login validating usr and pwd from the WS... how could i manage my roles ?
  Welll i hope anyone can help me.
  Regards from Mexico.

  Hi,
  to do this, you create a JAAS Login Module to authenticate against the Web Service. This then you wrap in an authentication provider that you configure with WLS. ADF Security does not perform any authentication itself and instead leaves it for the container.
  http://download.oracle.com/docs/cd/E17904_01/web.1111/e13718/atn.htm#i1154044
  Frank

• How to integrate a SSO based in cookie with ADF Security

  At work they asked me to integrate a existing SSO based in cookie with the new ADF + Jdeveloper 11g + WLS. After google for days and read a lot of blogs and official documentation I've made a custom LoginModule. I made it very simple, it's just an "if" inside the login() function with the username, if the username is "john" I put to the Subject some Principals. My steps are:
  1- Create a new app based on "Fusion application" template.
  2- Make a new ADF Taskflow with only one view inside (the entry point of the taskflow). The jspx only contains a welcome message.
  3- Run the ADF Security wizard, all the steps with the default option, I don't change anything.
  4- Put some users and some roles in jazn-data.xml, and maping them to an application role. Then I grant permissions to the application role to view the previous task flow.
  At this point everything is ok. I run the taskflow and a basic login popup prompts me to write my username and password. Now I try to remove everything useless for me, like idstore, credentials, anonymous, etc. I only want a LoginModule that get the HttpRequest and passes it to an already done class that returns a true/false depending if the cookie is correct or not but, as I said before, my LoginModule is so simple now and even didn't try to do something more complicated than an if. The steps I try are:
  in jps-config.xml
  5- Remove idstore.xml and credentials.
  6- (loginmodule tab) Make a new login module, and put here my class. The class is in the ViewController project and JDeveloper find it navigating through the heriarchy, so I have visibility. I put REQUIRE flag, add all roles and debug mode.
  7- In the security context unmark the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
  All that I got until now is a 500 error (Internal server error - Authorization Exception). Sometimes (the close i've ever been to do something correct) the browser ask me for user/password but then only recognizes the users that already are in WLS (idstore from previous tests), but NOT the "john" user that is inside my custom LoginModule. Even more, if I run the WLS from JDeveloper 11g in debug mode, the runtime never stops at breakpoints inside my custom login module. It seems that my LoginModule isn't deployed or I made some error maping the roles.
  So, my questions are:
  - I'm in the good way? If I want an authentication based in cookie/httprequest I have to do a custom LoginModule? My goal is to do a re-usable code, and re-use the code that my co-workers have done. They have a class that with only the HttpRequest determines if a user is logged or not.
  - If I'm in the good way... how can I put my custom LoginModule in the WLS? I tried to search something in the Administration Panel (localhost:7101/console) but I did'nt find nothing.
  - In case I'd got the custom LoginModule working fine in WLS... how can I get a HttpRequest from a LoginModule and avoid the username/password dialog? I've to make a filter and pass it to the my LoginModule? If it's correct... how?
  I don't post my code because is so simple, it's based on DBTableLoginModule but without all the database access code.
  Thanks to all!
  P.D.: If this message isn't in the correct forum, I'm sorry. Feel free to move it.
  P.D.2: Sorry about my english, I'm spanish. I know i've to practise a lot :)

  Hi Frank,
  Thanks a lot for your answer. Just one more easy question: what I need to do is a custom Authentication Module (which will read the cookie)? If only you can point me to the correct chapter of the WLS documentation I'll be very pleased.
  In future releases of JDeveloper will be easier to do this kind of things related to security?
  Riveck

• How to handle multiple SSO in ADF Security Framework

  Hello All,
  I have a question about ADF security with multiple SSO provider.
  What I am trying to achieve:
  Assume there are SSO provider A, B and C. Each provider will grant a different role to the ADF application (A grant Admin, B grant Business Manager, C grant Configuration Manager). Sign out from the ADF application will log all the SSO out at the same time.
  What I know:
  Each SSO will need to have information about the role it provides. I will also need to write code like the following: (modified from an old answer from Frank Nimphius before)
      try {
          IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore(); //Need to get the specific IDM store based on the SSO the user is using.
          try {
              UserManager userManager = idstore.getUserManager();
              RoleManager roleManager = idstore.getRoleManager();
              Role role = idstore.searchRole(Role.SCOPE_APPLICATION,idmRole); //Again, idmRole based on which SSO the user is using.
                  // create user
                  //TODO check for empty username and password
                  User user = userManager.getUser(SecurityContext.getUserName()); //the user may already login from another SSO.
                  if (user == null)
                      user = userManager.createUser(this.username,this.password.toCharArray());
                  roleManager.grantRole(role,user.getPrincipal());
              } catch (IMException e) {
                  // TODO
          } catch (JpsException e) {
              // TODO
          return null;
  }Also a logout code like this
        doLogout()
           if(A) logoutFromA(user);
           if(B) logoutFromB(user);
           if(C) logoutFromC(user);
        } My Question:
  Would the code above handle what I described? Also, how do I set the SecurityContext for ADF security - Or the grantRole automatically does that for me?

  Hello Sudipto,
  Yeah, I had watched that tutorial, it is pretty helpful on getting 1 SSO working with the ADF security.
  I am confused when there is multiple provider - do I setup the web gate so that "http://myapp:7777/LoginViaA" point to SSO Provider A, "http://myapp:7777/LoginViaB" point to SSO Provider B and so forth? **Note: the login/username can be different on different SSO provider.
  In that case, I will still need to set the value in SecurityContext to say "This current user login as [email protected] via SSO A and [email protected] via SSO B", or is there some other way to handle this?
  Thanks,
  Louis

• How to crate new user in adf security using jspx page

  how to crate new user in adf security using code in java file.plz help me this work will submited to day plz help me...

  sigh
  Search really would help and point you in the right direction. You'd find [url http://forums.oracle.com/forums/thread.jspa?messageID=4584464]this, for example.

• How to make adf security?

  Dear all
  How to make adf security?
  I am new adf security.
  I'm facing security issue. Now i need to secure me application (User, Group, Role etc...)
  Oracle recommend me use WebLogic internal LDAP or OID. How to manage User, Group, Role deploy after?
  Thanks Lhagva

  Hi,
  once you deployed an application, users and roles are no longer in the domain of ADF Security. So the administration is
  WLS console - if users and groups are in the WLS LDAP
  Identity Management - if users and roles are in OID, RDBMA, Active Directory etc.
  Enterprise Managers - to manage application roles and granting permissions or application roles to enterprise groups
  Frank

• How to store Custom principal in Oracle ADF security Framework

  Hi guys, hope somebody will help me out.
  I am facing the following issue, i need to have a custom principal instance after oracle adf security frame work does authenticate and authorize user.
  My custom principal instance should have per say addition attribute, say clientId. I am using Jdeveloper 11.1.2.4 and i setup weblogic to use ReadOnlySQLAuthenticator(it does most of desired functionality).
  As far as i get it, i would have to implement a custom provider to have a chance to implement a custom LoginModule, so i can set it up to use my custom principal, am i right ? and i am not sure how ReadOnlySQLAuthenticatorImpl that i chose in weblogic is bound to
  DBMSAtnLoginModuleImpl (i mean how does it knows what LoginModule should it use) and if i can , how can i make  ReadOnlySQLAuthenticatorImpl  use my custom LoginModule.
  Sorry if i violated forum rules.

  and i am not sure how ReadOnlySQLAuthenticatorImpl that i chose in weblogic is bound to
  DBMSAtnLoginModuleImpl (i mean how does it knows what LoginModule should it use)
  This info is returned by getLoginModuleConfiguration(): AuthenticationProvider (BEA WebLogic Server 10.0 API Reference)
  Dario

• How to use ADF Security policies in OID Ldap

  Hello
  My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
  I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
  Introduction to ADF Security in JDeveloper 10.1.3.2
  An Oracle JDeveloper Article
  Written by Frank Nimphius, Oracle Corporation
  February, 2007
  I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
  to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
  dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  changetype: add
  objectclass: orcljaznpermission
  objectclass: groupofuniquenames
  objectclass: top
  cn: EF37EAA603C611DDBFAE635A1BB60EE0
  orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
  orcljaznjavaclass: java.security.UnresolvedPermission
  orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
  orcljaznpermissionactions:
  uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
  The system-jazn-data.xml includes all entries correctly.
  rgds

  Eurika
  finally solved,
  runing the JAZNMigrationTool requires setting the correct classpath,
  Setting the classpath to the following
  C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
  allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
  if however, you add the adfshare.jar to the classpath
  C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
  now the tool will migrate the permission policies , the following shows an extract from the LDIF file
  dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  changetype: add
  objectclass: orcljaznpermission
  objectclass: groupofuniquenames
  objectclass: top
  cn: A5E662E204D411DDBF8807BC4864C5C2
  orclGuid: A5E662E204D411DDBF8807BC4864C5C2
  orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
  orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
  orcljaznpermissionactions: read,update
  uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
  Ammar Sajdi
  www.e-ammar.com/Oracle.html

• ADF Security : Custom Permission

  Hi ,
  I have a requirement to authorize the user based on role and instance ( category he selected).
  I think we can create custom permission for this and put the logic to check instance (category) for the current role in implies(Permission perm) method. And then , declaratively assign this permission to ADF BC layer, binding layer and view layer.
  But I am not sure if this is the right approach.
  Can somebody please point me to some examples or documentation on how to approach this ?
  This thread How to approach authorization taking data into account (?) also talks about this scenario.
  Regards
  Aradhana

  Hi ,
  I have a requirement to authorize the user based on role and instance ( category he selected).
  I think we can create custom permission for this and put the logic to check instance (category) for the current role in implies(Permission perm) method. And then , declaratively assign this permission to ADF BC layer, binding layer and view layer.
  But I am not sure if this is the right approach.
  Can somebody please point me to some examples or documentation on how to approach this ?
  This thread How to approach authorization taking data into account (?) also talks about this scenario.
  Regards
  Aradhana

• How to make form based authenticaiton in adf security?

  Hi all
  How to make form based authenticaiton in adf security?
  help give example video or project.
  Thanks lhagva

  Have you read the docs (http://download.oracle.com/docs/cd/E17904_01/web.1111/b31974/adding_security.htm)?
  Timo