Issue in ADF security
Hi All,
Jdev version: 11.1.1.3.0
I have configured form based ADF security for my ADF application. Also I have created Application roles and associated roles also.
In ADF application i have Home.jspx. Once i run the Home.jspx it should open a login.html . But in my case once i run Home.jspx it opens directly Home.jspx
and displays the content.
If i run login.html it opens a Login.html, and once i provide user credential and click on Login Button I am getting below error.
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
Please anybody help me out to achieve this??
Thanks,
Santosh M E
Hi,
which option did you choose for the authorization? Grant to all objects? If so then all your pages are granted to the test role, which means they are granted to anonymous
Frank
Similar Messages
-
ADF BC 11g, Weblogic 10.3 - Deployment Issue with ADF Security
Hi all,
I know there are many many blogs about deployment of an 11g app using ADF Security to a WLS 10.3 server, however, none appear to be working for me.. or I'm not working with them! :P
I've deployed an .ear file to the WLS 10.3 and this works fine - after following these steps
http://www.freewebalbum.com/blogs/faces/bjanko/blogs.jsp?blog=bjanko20090127130431
I then followed Steve's migration technique
http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html
That all built correctly.
I then tried to access the app via browser, entered in the user cred (created under Security Realms in WLS 10.3 admin console - user and groups).
I attempted to login, and received an "Error 401--Unauthorized" error.
I'll that I see in the server log is:
[JpsWlsFilter.doFilter] setContextID to testApp
I'm totally stuck, so any ideas would be awesome.
Cheers,
chrisJust gave that a shot.. No dice unfortunately.
Steve Muench wrote:
You can omit -DdstApp=DEPLOYAPPNAME if the deployed application name is the same as the source application name you supplied in the -DsrcApp=APPNAME argument.I hate massive code dumping... but this is my jazn-data.xml
<?xml version = '1.0' encoding = 'UTF-8'?>
<jazn-data>
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
<users>
<user>
<name>system</name>
<guid>0300AED0A9A411DD8F304FB2D3E85932</guid>
<credentials>{903}G5cbldq4HwMVt/gQpv1lXuNdLYbSu20y</credentials>
</user>
</users>
<roles>
<role>
<name>PlusAdmin</name>
<guid>0300AED1A9A411DD8F304FB2D3E85932</guid>
<members>
<member>
<type>user</type>
<name>system</name>
</member>
</members>
</role>
<role>
<name>PlusUser</name>
<guid>0300AED2A9A411DD8F304FB2D3E85932</guid>
<members>
<member>
<type>user</type>
<name>system</name>
</member>
</members>
</role>
</roles>
</realm>
</jazn-realm>
<policy-store>
<applications>
<application>
<name>TestApp</name>
<app-roles>
<app-role>
<name>PlusAdmin</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<members>
<member>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
<name>system</name>
</member>
</members>
</app-role>
<app-role>
<name>PlusUser</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<members>
<member>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
<name>system</name>
</member>
</members>
</app-role>
</app-roles>
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
<name>anonymous-role</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.LogonPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.LogonErrorPageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<name>PlusAdmin</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
<actions>customize,edit,grant,personalize,view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<name>PlusUser</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
<actions>customize,edit,grant,personalize,view</actions>
</permission>
</permissions>
</grant>
</jazn-policy>
</application>
</applications>
</policy-store>
<jazn-policy/>
</jazn-data> -
Issue with ADF security enabled App deployed to java cloud services
Hi,
Here are the instance details:
Jdev cloud build:JDEVADF_11.1.1.6.0CLOUD_GENERIC_121118.1600.6229
Java cloud service version:13.1
I have created a simple ADF Application & enabled security by editing web.xml:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<description>manager</description>
<role-name>manager</role-name>
</security-role>
Then I have tried to deploy this Application to Java cloud services.Deployment works fine.
I have 2 users created in Identity console- x & y.In my case x user has manager role enabled & y doesn't have manager role enabled.
Now when I try to access the above deployed ADF Application with 'y' user,the page is accessible.
My question here is that since 'y' user does not have the privilege he should not be able to access this page,could you please let me know if am missing something?
Thanks.Hi,
You may refer to the documentation available in the link: Developing Applications for Oracle Java Cloud Service - Release 13.1
Please refer to the section: Securing Java EE Applications- Roles and Constraints
Hope this helps
Regards,
Santhosh -
ADF Security using sqlauthenticator issue unable to login
Hi,
AM using jdev 11.1.2.3
I followed these blogs to configure adf security using sql authenticator
http://biemond.blogspot.in/2008/12/using-database-tables-as-authentication.html
http://hazem-adf-tips.blogspot.in/2012/06/adf-security-database-authentication.html
am unable to login.. I can able to see the users and roles in WL admin console. When i am giving the user credentials it is redirecting to error page saying unauthorized .
plz can anybody help me out from this issue.
Thanks,
NiteshHI Timo,
I have created application roles admin and user. Unable to create enterprise role with same name. When i am trying to map application role with enterprise role it is not displaying in mapping window..
The following log message
Removing existing role admin
creating new role admin.
with this it is recreating the new role and role id gets change when ever i m restarting my server and deploying the application..
Thanks,
Nitesh -
Hi,
We have implemented ADF security and using form based authentication. The problem we are facing is during logout, in IE we see a NullPointerException, before the login page is displayed. Please note that this functionality works fine in Firefox and Chrome. Also this happens only in standalone weblogic server. It works perfectly fine in a cluster. The logout link is command link which goes to logout.jspx. The implementation in logout.jspx is as follows
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1">
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<jsp:forward page="/adfAuthentication">
<jsp:param name="logout" value="true"/>
<jsp:param name="end_url" value="#{initParam.loginURL}"/>
</jsp:forward>
</jsp:root>
the loginURL is configured in web.xml as */faces/login.jspx.*
The exception stack trace is .
<Dec 10, 2012 7:44:44 AM UTC> <Notice> <WebLogicServer> <BEA-000360> <Server
started in RUNNING mode>
<Dec 10, 2012 7:45:51 AM UTC> <Warning> <oracle.adf.share.ADFContext>
<BEA-000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic
initialization is performed improperly.
This message may be avoided by performing initADFContext before using
getCurrent().
For more information please enable logging for oracle.adf.share.ADFContext at
FINEST level.>
<Dec 10, 2012 7:45:51 AM UTC> <Error>
<oracle.adf.controller.internal.binding.TaskFlowRegionModel> <BEA-000000>
<1i9kmqwku_121>
<Dec 10, 2012 7:45:51 AM UTC> <Warning>
<oracle.adf.view.rich.component.fragment.UIXRegion> <ADF_FACES-00009> <Error
processing viewId: /InventoryUIShell URI:
/oracle/communications/inventory/ui/framework/templates/InventoryUIShell.jspx
actual-URI: /oracle/communications/platform/cui/fragments/mainArea.jsff.
oracle.adf.controller.internal.InvalidViewPortIdException: ADFC-14000: View
port ID '1i9kmqwku_33' is invalid.
at
oracle.adfinternal.controller.state.ControllerState.setCurrentViewPort(Control
lerState.java:1319)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:135)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:52)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.doProcessEndRegion(
TaskFlowRegionModel.java:320)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.processEndRegion(Ta
skFlowRegionModel.java:237)
at
oracle.adf.view.rich.component.fragment.UIXRegion$RegionContextChange.undoChan
geImpl(UIXRegion.java:1209)
at
oracle.adf.view.rich.context.DoableContextChange.suspend(DoableContextChange.j
ava:49)
at
oracle.adf.view.rich.context.DoableContextChange.undoChange(DoableContextChang
e.java:103)
at
oracle.adf.view.rich.component.fragment.UIXRegion._endInterruptibleRegion(UIXR
egion.java:726)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:576)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:565)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
Any pointers to resolve this would be helpful.
Thanks,Hi,
Check these
http://tompeez.wordpress.com/2010/07/26/logout-with-confirmation-dialog/
http://www.oracle.com/technetwork/developer-tools/adf/learnmore/jan2011-otn-harvest-300940.pdf -
Login.jspx page refreshing in infinite loop in adf security
HI,
I have applied adf security to my application. If i create page def for login.jspx page it is refreshing in infinite loop.
Thanks,
Niteshtroubleshoot this issue as described in the post
Thanks
KT -
ADF Security not working 401 error
I am having problems with securing my ADF using LDAP after the server I was using was rebuilt and all software re-installed.....
This did work before the rebuild so I am guessing that there are some settings that were no configured after the rebuild.
We are using weblogic and Jdeveloper 11.1.1.6 and When I use the Wizard to secure my app and if I pick "ADF Authentication" I get the login in page and I can log into the application and things work.
I then try to go in and use the "ADF Authentication and Authorization" option and deploy and I get a 401 - Unauthorized error..
It used to work so I am pretty sure I am setting the Enterprise roles / Application Roles etc... correctly but wondered if anyone might be able to point me to what settings might be the issue etc.
Thank you in advance for any assistance.After turning off ADF security in application - it works.
When ADF security is turned on - it doesn't.
When opening the same application with ADF security on in previous version of JDev - it works again.
Our application uses custom login bean, but it is not even reaching login bean after login form submit (sample is made as http://www.youtube.com/watch?v=mAWBezngA1s) -
Dear all
How to make adf security?
I am new adf security.
I'm facing security issue. Now i need to secure me application (User, Group, Role etc...)
Oracle recommend me use WebLogic internal LDAP or OID. How to manage User, Group, Role deploy after?
Thanks LhagvaHi,
once you deployed an application, users and roles are no longer in the domain of ADF Security. So the administration is
WLS console - if users and groups are in the WLS LDAP
Identity Management - if users and roles are in OID, RDBMA, Active Directory etc.
Enterprise Managers - to manage application roles and granting permissions or application roles to enterprise groups
Frank -
ADF Security: javax.servlet.jsp.JspException: Cannot find FacesContext
Hi,
In my ADF Application, new users are to be allowed to Register by clicking a button in login page. The Application is based on ADF Security Wizard and I have created default pages for Login and Error, so the application's login page is login.html.
Now when I’m trying to navigate to 'NewUserRegistrationPage.jspx' Im getting javax.servlet.jsp.JspException: Cannot find FacesContext error.
I thought the issue might be from calling a .jspx from .html so I created a 'NewLogin.jspx' Page with below code and specified this page in ADF Security Wizard for Login Page.
Please advice me some way of calling the 'newRegistrationpage.jspx' from my login page.
Im using JDeveloper 10.1.3.4.
Page Code:
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:af="http://xmlns.oracle.com/adf/faces"
xmlns:afh="http://xmlns.oracle.com/adf/faces/html">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<f:view>
<html>
<head>
<title>Login</title>
</head>
<body><form method="POST" action="j_security_check">
<font face="Verdana" color="Navy">
<table cellspacing="2" cellpadding="3" border="0" align="center">
<tr>
<th>Username:</th>
<td>
<input type="text" name="j_username"/>
</td>
</tr>
<tr>
<th>Password:</th>
<td>
<input type="password" name="j_password"/>
</td>
</tr>
</table>
</font>
<p align="center">
<input type="submit" name="submit" value="Submit"/>
<input type="button" name="" value="Request Password"/>
<input type="button" name="" value="New User Registration"/>
</p>
</form></body>
</html>
</f:view>
</jsp:root>
Error::
javax.servlet.jsp.JspException: Cannot find FacesContext at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:427) at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java:125) at webpages.REACHLoginPage_jspx._jspService(_REACHLoginPage_jspx.java:47) [WebPages/REACHLoginPage.jspx] at com.orionserver[Oracle Containers for J2EE 10g (10.1.3.4.0) ].http.OrionHttpJspPage.service(OrionHttpJspPage.java:59) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462) at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.unprivileged_forward(ServletRequestDispatcher.java:259) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.access$100(ServletRequestDispatcher.java:51) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher$2.oc4jRun(ServletRequestDispatcher.java:193) at oracle.oc4j.security.OC4JSecurity.doPrivileged(OC4JSecurity.java:284) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:198) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.FormHttpAuthenticator.reject(FormHttpAuthenticator.java:83) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6435) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3030) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:738) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:122) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:111) at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260) at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234) at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29) at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298) at java.lang.Thread.run(Thread.java:595)
Edited by: Manasa Tadi on Jul 1, 2009 11:52 PMHi Branislav,
Thanks a lot for your suggestion through which now Im able to navigate to NewRegistration page from login.html.
In my application login.html is under public_html folder where as the NewRegistration page in public_html/WebPages.
Code I used:
New User Registration
But the issue now is, the NewUserRegistrationPage was also under the ADFSecurity, so inorder to navigate to it again the user had to provide authentication. So, I have removed this particular page from Security and it has started to work.
But the issue now I face is something else. In the NewUserRegistrationPage I have a selection to be made by user about the type of user he is and based on the selection he would be navigated to next page, This next page has a VO on it as a 'create form', through which he can directly fill the form and submit his details to database table.
But as I have removed these pages from ADF Security and authentication, the form fields/attributes in the VO are not getting binded, Im getting this Exception:
500 Internal Server Error
javax.faces.el.PropertyNotFoundException: Error testing property 'inputValue' in bean of type null
For testing purpose when I have provided link from application page to NewRegistrationPage the flow is working properly, able to navigate to second page and submit the filled form to database, I think this is working because we have entered the application after providing the login credentials.'
Help in this greatly needed.
Thanks,
Manasa. -
ADF Security to J2EE Container Managed Security Problems
Hi al!
I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
Part of my web.xml file:
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/app/index.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<security-role>
<description>Admins</description>
<role-name>admin_role</role-name>
</security-role>
<security-role>
<description>Users</description>
<role-name>user_role</role-name>
</security-role>
<security-role>
<role-name>oc4j-administrators</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllAdmins</web-resource-name>
<url-pattern>faces/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllUsers</web-resource-name>
<url-pattern>faces/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>oc4j-administrators</role-name>
<role-name>user_role</role-name>
<role-name>admin_role</role-name>
</auth-constraint>
</security-constraint>
Do I have to remove this adfAuthentication tags?
I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
Thank you in advance!
Bye
PS
Maybe stack trace after login:
FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!Hi there!
I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
log("method equals start",0);
log("another type = " + another.getClass(), 0);
if (another instanceof Principal)
Principal mine = (Principal)another;
log("Principal mine.getName() = " + mine.getName(), 0);
The result is this output (after navigating to page that gives 401 forbidden):
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
07/10/12 08:38:36 [DBRolePrincipal] method equals start
07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
07/10/12 08:46:09 [DBUserPrincipal] method equals start
07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
Thank you!
BB -
Oracle ADF security integration with Oracle E-Business Suite SDK JAAS
I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
Any thoughts on why that would be?
Thanks
DanThanks Juan.
With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I access the same page from my integrated weblogic server I see:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I review my EAR - I do see jazn-data.xml at:
/META-INF/jazn-data.xml
I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
Thanks.
-Dan -
How to store Custom principal in Oracle ADF security Framework
Hi guys, hope somebody will help me out.
I am facing the following issue, i need to have a custom principal instance after oracle adf security frame work does authenticate and authorize user.
My custom principal instance should have per say addition attribute, say clientId. I am using Jdeveloper 11.1.2.4 and i setup weblogic to use ReadOnlySQLAuthenticator(it does most of desired functionality).
As far as i get it, i would have to implement a custom provider to have a chance to implement a custom LoginModule, so i can set it up to use my custom principal, am i right ? and i am not sure how ReadOnlySQLAuthenticatorImpl that i chose in weblogic is bound to
DBMSAtnLoginModuleImpl (i mean how does it knows what LoginModule should it use) and if i can , how can i make ReadOnlySQLAuthenticatorImpl use my custom LoginModule.
Sorry if i violated forum rules.and i am not sure how ReadOnlySQLAuthenticatorImpl that i chose in weblogic is bound to
DBMSAtnLoginModuleImpl (i mean how does it knows what LoginModule should it use)
This info is returned by getLoginModuleConfiguration(): AuthenticationProvider (BEA WebLogic Server 10.0 API Reference)
Dario -
ADF Security against database?
I am working with JDeveloper 10.1.3.4 on a project which uses adf/bc and adf faces/jsf 1.1; the application is deploying to iAS 10.1.3.4 and is hooked as a mid-tier instance via SSO to an infra iAS instance on another machine.
How do you change ADF Security to reference a database table to find out settings for page/iterator/attribute security settings?
Most of the existing code in this environment is Web Pl/sql toolkit and portal work. I am adding ADF apps. They would like to control what the different roles have access to via the database...hence this question.
Normally with ADF Security you use an editor in JDeveloper which you can access from within the page def file in the structure pane within JDeveloper; I think this changes system-jazn.xml. If you, instead, want these settings to be located within a database table, what do you have to do?
In my initial research I am thinking somehow I must create an override for ADFPermission.getContext() somehow...but I have not figured out if that is right or not yet.
It may just be easier to re-invent the wheel: just do things programmatically using Java; but there is a lot of structure inherant in ADF Security that I would be reproducing if I go that route, I think.
Anybody have any ideas?
I am continuing to research this issue, but I think this is an unusual use-case; so I am not expecting to find this answer anywhere in particular. Maybe somebody knows this off the top of their head.Right, Frank; I mostly meant that it would help me learn more about the subject of J2EE permissions. Vik has pointed me in the direction of the Sun Java Forums for more information on this topic, which I will hopefully get a chance to pursue.
Thank you for getting back to me. Thank you again, also, for all your work on custom login modules; I have used that work of yours several times professionally. It is just that this client I am working with now is satisfied with their SSO/LDAP setup...they just want to store permissions in the database also. -
How to use ADF Security policies in OID Ldap
Hello
My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
Introduction to ADF Security in JDeveloper 10.1.3.2
An Oracle JDeveloper Article
Written by Frank Nimphius, Oracle Corporation
February, 2007
I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: EF37EAA603C611DDBFAE635A1BB60EE0
orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
orcljaznjavaclass: java.security.UnresolvedPermission
orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissionactions:
uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
The system-jazn-data.xml includes all entries correctly.
rgdsEurika
finally solved,
runing the JAZNMigrationTool requires setting the correct classpath,
Setting the classpath to the following
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
if however, you add the adfshare.jar to the classpath
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
now the tool will migrate the permission policies , the following shows an extract from the LDIF file
dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: A5E662E204D411DDBF8807BC4864C5C2
orclGuid: A5E662E204D411DDBF8807BC4864C5C2
orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
orcljaznpermissionactions: read,update
uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Ammar Sajdi
www.e-ammar.com/Oracle.html -
Adf security misbehaving in production environment
Hi all,
I am using jdev 11.1.2.2 and weblogic 10.3.6
I have implemented adf security from based authentication in my web application and i have used sql authenticator for authentication.
In my integrated WLS everything works fine . but in the production WLS what is happening is when the user access a Protected Page without login it navigates to the protected page instead of navigating him to the login page. In the integrated WLS this happens normally .
Has anyone faced this issue before ? What can be wrong ?
I have added my web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
<param-value>false</param-value>
</context-param>
<session-config>
<session-timeout>5</session-timeout>
</session-config>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>oracle.adf.view.rich.SUPPRESS_IDS</param-name>
<param-value>auto</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
<param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
<param-value>differentOrigin</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_VIEW_MAPPINGS</param-name>
<param-value>*.jsf;*.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_XML_INSTRUCTIONS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_DECORATORS</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfTagDecorator</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_RESOURCE_RESOLVER</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfFaceletsResourceResolver</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>ADFLibraryFilter</filter-name>
<filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>ADFLibraryFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>adfAuthentication</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGAUGESERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>MapProxyServlet</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adflibResources</servlet-name>
<servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGAUGESERVLET</servlet-name>
<url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MapProxyServlet</servlet-name>
<url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/bi/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adflibResources</servlet-name>
<url-pattern>/adflib/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>swf</extension>
<mime-type>application/x-shockwave-flash</mime-type>
</mime-mapping>
<mime-mapping>
<extension>amf</extension>
<mime-type>application/x-amf</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Allowed ADF Resources</web-resource-name>
<url-pattern>/adf/*</url-pattern>
<url-pattern>/afr/*</url-pattern>
<url-pattern>/bi/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/faces/login</form-login-page>
<form-error-page>/faces/login</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>Thanks,
RakeshHi Rakesh,
Make sure you have migrated the policy store to the production server. When Weblogic Server is running in production mode, automatic credential overwrite is not allowed. From the developer's guide:
When the target server is configured for production mode, you typically handle the migration task outside of JDeveloper using tools like Oracle Enterprise Manager. For details about using tools outside of JDeveloper to migrate the policy store to the domain-level in a production environment, see the Oracle Containers for J2EE Security Guide. Note that Oracle WebLogic Server running in production mode does not support the overwriting of system credentials under any circumstances.http://docs.oracle.com/cd/E26098_01/web.1112/e16182/adding_security.htm#CDDGFDFH
HTH,
Joonas
Maybe you are looking for
-
I am trying to edit text (insert text) in a pdf document using Adobe 9 Pro. When I click on Advanced Editing, touch up text tool. I select a box around the text and begin to type, nothing appears the cursor moves but nothing is typed. I need immed
-
Hi All, In T.code FAGLB03 display GL Balances if we want to see the cumulative balance which are posted in special periods as open items. The line items can be in seen in cumulative balance or not, if no? Why. From which table system picks the values
-
I want to see the numbers that my daughter is text by imessage
i want to the numbers that my daughter is texting on imessage
-
Hi everyone, I have a 10.4.10 mail server. We recently had some people leave and I would like to remove their mail accounts. Is this as simple as removing their user accounts in WGM or is there a utility I have to run? TIA! Andrew
-
Itunes closes whenever i press a key
Itunes 8.2 works fine, except... whenever i press a key on my keyboard anywhere, not just while in a text box, the entire program just closes. and yes. i tried uninstalling and reinstalling and repairing the file. i don't know what to do. it's so fru