Jdev 10.1.2 WS security
hello there,
I am using a jdevelopper 10.1.2.3 version to create a jms-webservice.
In version 10.1.3 there is build in functionality to create security for a webservice, but in version 10.1.2.3 there is not.
Since I have to deploy my application into a 10.1.2 application server, I cannot develop this in a 10.1.3 jdev (this wouldn't work).
I have been searching for a good explanation on how I should do this, but I didn't find a good one yet...
Is there anybody who has done this on a 10.1.2 version, or somebody who knows where I can find a kind of step by step explanation on how I should implement security on a webservice in the 10.1.2 version?
Thanks.
Check the JDeveloper online help and search for "web services security".
Similar Messages
-
JDev EA1 Error with JAZN/Security Roles/Authentication
I have a current JSF application created under JDev 10.1.3 Preview which runs fine, but under JDev EA1 it crashes.
The application has a JAZN definition with a realm and user defined. The user is also tied to a security role.
In the web.xml I have a security role defined and security constraints. I also have the security-role-mappings in the orion-application.xml for deployment which uses OID to authenticate.
This all works fine in JDev 10.1.3 preview.
When I run the application in JDev EA1, the login dialog does not appear and the application crashes because it can't authenticate who is using the application. I have deleted and recreated the Jazn user and security roles under EA1.
I have noticed that JDev is now reporting the "<security-constraint>" tag in web.xml is an error now.
Any ideas on what's wrong?
ThanksWe're using SSO, so we haven't written our own login handler. The orion-application.xml has the "<jazn-web-app auth-method="SSO"/>" tag in it. We let SSO handle the login. You can write your own login handler if you wanted to. I think there's several threads about doing it. We wanted to try and use SSO and not have to write the piece to do the login.
orion-application.xml:
<jazn provider="LDAP"
location="ldap://my.company.com:<port number>"
default-realm="my_realm_here">
<jazn-web-app auth-method="SSO"/>
</jazn>
The way we approached it, we have a User and Visit object. The User object just holds some data:
public class User implements Serializable
private String userid;
private String name;
private String email;
private Date loginTime;
The faces-config.xml is like this:
<!--========User Bean=========-->
<managed-bean>
<managed-bean-name>user</managed-bean-name>
<managed-bean-class>com.mycompany.User</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
<managed-property>
<property-name>queryService</property-name>
<value>#{queryservicebean}</value>
</managed-property>
</managed-bean>
We're using Spring to inject the "queryservicebean". You may not need this section. We're having to grab data from a database table. So you can probably skip that "<managed-property>" section.
The section I think you are really asking about is the ViewHandler. You probably need to look at extending the ViewHandler to populate your user object.
public class AuthenticatingViewHandler extends ViewHandler{...}
You will probably need to look at adding code in the createView and restoreView methods.
Something like:
public class AuthenticatingViewHandler extends ViewHandler
private final ViewHandler _base;
public AuthenticatingAurepViewHandler(ViewHandler base)
_base = base;
public UIViewRoot createView(FacesContext facesContext, String viewId)
viewId = loadUser(facesContext,viewId);
return _base.createView(facesContext, viewId);
} //END createView(FacesContext facesContext, String viewId)
public UIViewRoot restoreView(FacesContext facesContext, String viewId)
viewId = loadUser(facesContext,viewId);
return _base.restoreView(facesContext,viewId);
} //END restoreView(FacesContext facesContext, String viewId)
--Then "loadUser" would populate your User object:
public String loadUser(FacesContext facesContext, String viewId)
String userId = facesContext.getExternalContext().getRemoteUser();
User user = (User) JSFUtils.getManagedBean(ViewConstants.USER);
-- Set the userid from OID in your User object
user.setUserid(userId);
-- Note: You may need to do some parsing on your user id string from OID.
-- Do more stuff here, may switch to a differnt viewId if needed, like an error page.
return viewId;
} // END loadUser(FacesContext facesContext, String viewId)
} //END AuthenticatingViewHandler
The "JSFUtils.getManagedBean" uses the valuebinding to get the User bean from the FacesContext. We also carry a boolean isUserLoaded in the User object so we're not executing the loadUser code each time a view is rendered. The Visit object just has a navigation trace and other things of interest to us, so you may not care about it.
A lot of this is from Adam Wiener's post on Sun's JSF forum. I think there's a couple of ways to approach this, with our requirements this works out better. If anybody else has any suggestions, it would be great to hear about them.
As always, hope it helps out with what you are doing and thanks for the chocolate. -
Error in jDev 11.3 while creating secured properties
Hi,
I was trying to create a connection and in the additional properties page of the wizard i 'Add Secured Property' , when i click on finish i get a popup error saying
'Unable to obtain credential store using jps-config file 'C:/Mywork/MYproject/META-INF/jps-config.xml'.
java.net.URISyntaxException: Illegal character in path at Index 32: file:/C:/Documents and Settings/..../localSettings/Temp/credstore-jps-config435345353454.xml.
When i add a simple property there is no problem.
I tried deleting the temp files, I even went and reinstalled jDev 11.3 again.
Anyone faced this issue? Please help.
regards,It seems that there is a problem creating a temporary file in the temporary directory C:/Documents and Settings/..../localSettings/Temp/. According to the error message the problem is at position 32 of the path. Unfortunately the complete path is not shown in the error message to be able to be more specific.
Try changing the temporary path to something simple and small (such as c:\temp in Windows), re-start JDeveloper and re-try. -
JDev Application Server Connection using secured HTTP
Is there a way to create an Oracle 10.1.2 application server connection in JDev (10.1.3.1) when the App Server's enterprise manager is under secured http?
Hi,
if the hhtp server is secured then deployment shouldn't be impacted because its using ORMI
Frank -
All -
I'm new to consuming web services in JDeveloper. I'm using Oracle JDEV 10.1.3.3/OC4J. I'm using this version since it is compatible with Oracle EBS 12.1.3. My intent is to pull data from our third party recruitment app (Success Factors) and load that data into Oracle HRIS. I'm already doing this through a .NET application. I'm converting it to be a Java Concurrent Program in EBS. The code listed below is a stub call to verify I'm on the right track. I created a JDeveloper Web Services proxy project. I'm testing it locally on my windows desktop. When I'm able to consume the service successfully, then I'll think about moving it to the EBS server.
I'm getting the following error when I invoke the following service:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: String index out of range: -7
End point is: https://api4.successfactors.com/sfapi/v1/soap?wsdl
Any help/assistance would be much appreciated.
Below is my code and output of my test:
package emsc.oracle.apps.emscper.sfapi.proxy;
import HTTPClient.HTTPConnection;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.IsValidSession;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.IsValidSessionResponse;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.Login;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.LoginResponse;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.LoginResult;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.Logout;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.LogoutResponse;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.SFCredential;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.SFParameter;
import emsc.oracle.apps.emscper.sfapi.proxy.types.sfobject_sfapi_successfactors_com.Error;
import java.io.File;
import javax.xml.rpc.ServiceFactory;
import java.util.ArrayList;
import java.util.List;
import java.util.Date;
import javax.xml.ws.BindingProvider;
import javax.xml.soap.SOAPException;
import java.util.Map;
import oracle.security.ssl.OracleSSLCredential;
public class SFAPITest {
// Declare members:
private String companyId;
private String userName;
private String password;
private String developerKey;
private Date effDt;
private String greaterThanEffDt;
private String lessThanEffDt;
// Declare constants:
final static private String breakLine = "+---------------------------------------------------------------------------+";
final static private String format = "yyyy-mm-dd";
private enum ReqId {
PrimaryReq(25),
PrimaryReqCEO(26),
EmCarePrimary(27),
RTI(28),
EmCareClinical(29);
private int reqId;
private ReqId() {
private ReqId(int value) {
reqId = value;
public int getReqId() {
return reqId;
// Getters and Setters:
protected String getCompanyId() {
return this.companyId;
protected void setCompanyId(String value) {
this.companyId = value;
protected String getUserName() {
return this.userName;
protected void setUserName(String value) {
this.userName = value;
protected String getPassword() {
return this.password;
protected void setPassword(String value) {
this.password = value;
protected String getDeveloperKey() {
return this.developerKey;
protected void setDeveloperKey(String value) {
this.developerKey = value;
protected Date getEffDt() {
return this.effDt;
protected void setEffDt(Date value) {
this.effDt = value;
protected String getGreaterThanEffDt() {
return this.greaterThanEffDt;
protected void setGreaterThanEffDt(String value) {
this.greaterThanEffDt = value;
protected String getLessThanEffDt() {
return this.lessThanEffDt;
protected void setLessThanEffDt(String value) {
this.lessThanEffDt = value;
public void runProgram()
SFAPIService mySFAPIService;
String CompletionText = "";
String effDtStr2 = null;
/* Code your program logic here.
* Use getJDBCConnection method to get the connection object for any
* JDBC operations.
* Use CpContext provided commit,rollback methods to commit/rollback
* data base transactions.
* Don't forget to release the connection before returning from this
* method.
/* Call setCompletion method to set the request completion status and
* completion text.
* Status values are ReqCompletion.NORMAL,ReqCompletion.WARNING,
* ReqCompletion.ERROR.
* Use Completion text message of length 240 characters. If it is more
* than 240 then full string will appear in log file and truncated 240
* characters will be used as request completion text.
try
ServiceFactory factory = ServiceFactory.newInstance();
mySFAPIService = (emsc.oracle.apps.emscper.sfapi.proxy.SFAPIService)factory.loadService(emsc.oracle.apps.emscper.sfapi.proxy.SFAPIService.class);
SFAPI api = mySFAPIService.getSFAPI();
/// SFAPI api = new SFAPI();
//Map<String, Object> requestContext = ((BindingProvider) api).getRequestContext();
//requestContext.put(BindingProvider.SESSION_MAINTAIN_PROPERTY, true);
System.out.println("ServiceName => " + mySFAPIService.getServiceName().toString());
System.out.println("End Point => " + mySFAPIService.getServiceName().toString());
System.out.println(breakLine);
// Authentication: Login to SFAPI:
SFCredential credential = new SFCredential();
// Fake credentials being passed in for this post:
credential.setCompanyId("XXX");
credential.setUsername("XXX");
credential.setPassword("XXX");
credential.setDeveloperKey("XXX");
HTTPConnection httpsConnection = null;
OracleSSLCredential _credential = new OracleSSLCredential();
_credential.setWallet("\\\\\\C:\\Program Files\\Java\\jdk1.6.0_33\\jre\\lib\\security", "ParkEstes3");
/*System.setProperty("javax.net.ssl.trustStore","C:\\\\\OraHome_1\\jdev\\jdevbin\\jdk\\jre\\lib\\security\\keystore");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
System.out.println(System.getProperty("javax.net.ssl.trustStore"));*/
// SFParameter: Define a generic SFParameter List. This is a necessary parameter
// to invoking calls in SFAPI:
/*System.setProperty("javax.net.ssl.keyStore",
"file:\\\C:\\jdk1.4.1\\jre\\lib\\security\\client.keystore");
System.setProperty("javax.net.ssl.keyStorePassword","welcome"); */
/* System.setProperty("oracle.net.wallet_location",
"(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=\\\C:\Users\dparrish\Oracle\WALLETS)))"); // (2) */
File kstore = new File("C:\\OraHome_1\\jdev\\jdevbin\\jdk\\jre\\lib\\security\\jssecacerts");
boolean exists = kstore.exists();
if (!exists) {
System.out.println("Keystore does not exist");
else {
System.out.println("Keystore does exist");
System.setProperty("javax.net.ssl.trustStore", kstore.getAbsolutePath());
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
//System.setProperty("proxySet", "false");
//System.setProperty("http.proxyHost", "127.0.0.1");
//System.setProperty("http.proxyPort", "8080");
System.out.println(kstore.getAbsolutePath());
List<SFParameter> lst = new ArrayList<SFParameter>();
SFParameter param = new SFParameter();
param.setName("");
param.setValue("");
lst.add(param);
SFParameter[] sfParam = lst.toArray(new SFParameter[lst.size()]);
Login login = new Login();
try {
login.setCredential(credential);
System.out.println("1");
login.setParam(sfParam);
System.out.println("2");
LoginResponse loginResponse = new LoginResponse();
LoginResult loginResult = new LoginResult();
try {
loginResponse = api.login(login);
catch (Exception e ) {
System.out.println(e.getMessage());
System.out.println("3");
try {
loginResult = loginResponse.getResult();
catch (Exception e ) {
System.out.println(e.getMessage());
System.out.println("4");
IsValidSession vs = new IsValidSession();
IsValidSessionResponse isValidSessionResponse = api.isValidSession(vs);
System.out.println("5");
if (isValidSessionResponse.isResult()) {
System.out.println("Session is valid");
System.out.println("Result => " + loginResult.getSessionId());
System.out.println(breakLine);
Logout logout = new Logout();
LogoutResponse logoutResponse = api.logout(logout);
if (logoutResponse.isResult()) {
System.out.println("Logout of SFAPI Successful");
else {
System.out.println("Logout of SFAPI Unsuccessful");
else {
System.out.println("Session is invalid");
List<Error> errors = new ArrayList<Error>();
for (int i = 0; i < loginResult.getError().length; i++) {
errors.add(loginResult.getError()[i]);
for (int i = 0; i < errors.size(); i++) {
System.out.println("Error Indice => " + i);
System.out.println("Error Code: => " + errors.get(i).getErrorCode());
System.out.println("Error Message: => " + errors.get(i).getErrorMessage());
System.out.println(breakLine);
} // end for loop of SFObject errors
} // end InvalidSession
catch (Exception e)
System.out.println("Session Credential Exception");
System.out.println("Exception => " + e.getMessage());
System.out.println(breakLine);
catch (Exception e)
System.out.println("Parameter List Exception");
System.out.println("Exception => " + e.getMessage());
System.out.println(breakLine);
} // end runProgram
// Constructor:
public SFAPITest() {
} // end constructor
public static void main (String args[]) {
try
SFAPITest test = new SFAPITest();
test.runProgram();
catch (Exception e) {
System.out.println("main exception => " + e.getMessage());
} // SFAPITest
Here is the output with trace:
WARNING: Unable to connect to URL: https://api4.successfactors.com:443/sfapi/v1/soap due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: String index out of range: -7
Session Credential Exception
Exception => ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: String index out of range: -7
+---------------------------------------------------------------------------+
Process exited with exit code 0.The other end is throwing back a programming error.
That might be because you are sending incorrect data and the other end fails to validate it.
You might be able to guess based on your C# code. But, since you are using soap one generic solution is available to you.
- Get an http proxy interceptor like wireshark.
- Run it while your C# app runs, collect the http requests from that.
- Run it while running your java code, collect the http requests from that.
Compare the two. -
Jazz-n data not updating properly
Hi All,
Jdev 11.1.1.4.0
I am having problem in adf security in Jdev
I have configured adf security in my application, and i am adding users and some roles for them.
While running the i cant see the deployment log in Jdev that the users are updated to weblogic.(because of that its giving incorrect username and password)
But i can see those logs in some sample application, but its not in my application.
why its not showing deployment log while adding in JDev ? any suggestions please..
thanks,
Gopinath JayavelGopinath J wrote:
why its not showing deployment log while adding in JDev ? any suggestions please..Don't know, but you can verify the security deployment in WebLogic by logging in to the WebLogic Application Console (http://localhost:7001/console) by navigating to Security Realms >myrealm >Users and Groups -
Can someone please point me in the direction of some documentation on how to integrate SSO with a uiXML/BC4J project ?
Can you achieve the same logon page as portal where users can also change their password ?
Also, if using Jakarta Struts, does the SSO replace some of the struts functionality with regards to authentication ?
One last thing - is it possible to display a uiXML page as a porlet within Portal ? Is this acheived through usind PDK ? If someone could point me to some specific documentation on this also it would be appreciated !
Thanks,
BrentHi Brent -
Can someone please point me in the direction of some
documentation on how to integrate SSO with a
uiXML/BC4J project ? I recently responded to a similar question on the JDev forum:
How do I secure uiXML with Oracle SSO Server
I believe you've got two options here... You can use MOD_OSSO to secure the entire application at the Apache level. Or, you can take advantage of the SSO Java APIs to authenticate users directly within your own application - in which case your application is considered a "partner application" to the login server. We don't have any UIX-specific samples for this - but the following sample from the SSO Application Developer's Guide should help get you started:
http://otn.oracle.com/docs/products/ias/doc_library/1022doc_otn/portals.102/a90343/examples.htm#1004074
Can you achieve the same logon page as portal where
users can also change their password ?I'm not sure whether this functionality (ability to change passwords) is implemented by Portal or whether it is something that is provided by the SSO server - so unfortunately I'm not sure what to recommend here...
Also, if using Jakarta Struts, does the SSO replace
some of the struts functionality with regards to
authentication ?I haven't really had a look at the authentication capabilities provided by Struts. By I'm guessing that if you are using SSO for authentication, then yes, this would take the place of equivalent functionality provided by Struts.
One last thing - is it possible to display a uiXML
page as a porlet within Portal ? Is this acheived
through usind PDK ? If someone could point me to some
specific documentation on this also it would be
appreciated !I couldn't find any specific documentation on this. My recommendation would be to set up your UIX application as you would for normal deployment, and then create a simple Servlet-based portlet running in the same web application which simply forwards all requests to the UIX servlet. So then this becomes a matter of figuring out how to set up a portlet which forwards to another servlet - hopefully the PDK documentation explains how to do this...
Andy -
URGENT : nested AM and attribute permission (and action invocation error)
Hello,
we have an issue with our application. We have nested AMs and we want to add permission on iterators and attributes.
We have no problem with the RowSetPermission in the nested AM, we have this in our system-jazn-data.xml
<permission>
<class>oracle.adf.share.security.authorization.RowSetPermission</class>
<name>Application_RootDataControl.Root.NestedDomain1.*</name>
<actions>read</actions>
</permission>
But concerning the AttributePermission we have an issue with the nested AM, they're still not rendered as if the permission was not set. The following lines are the declaration of the AttributePermission
<permission>
<class>oracle.adf.share.security.authorization.AttributePermission</class>
<name>Application_RootDataControl.Root.NestedDomain1.TestViewUsage.*</name>
<actions>read</actions>
</permission>
But if we change the name to Application_RootDataControl.* it works (although it's not what we want at all)
Anyone has more information on this issue ?
We're close to delivery and it's becoming quite urgent, your help will be greatly appreciated.
thanks
PS : i use Jdev 10.1.3.3
Edit :
I've noticed that with nested application module the bug indicated here still exists in jdev 10.1.3.3 =>
SECURITY: permissions not allowed with ExecuteWithParams action
i.e. executeWithParams can't be invoked due to security problemHi,
your statement "ExecuteWithParams can't be invoked due to security problem " is not correct. This has been fixed in 10.1.3.3. You can't specify authorization for the ExecuteWithParams operation, but the fix has been such as that no explicit authorization is needed.
However, the usecase that is not covered in the usecase for authorizing ExecuteWithParams is if this operation is part of a nested AM. So you may want to test the operation in the root AM to see the fix working (as it does for me). If it works for you in teh root AM but not the nested AM then this might be subject of another bug yet to file
Frank -
SecurityContext userName with OAM SSO
Hi,
We need to get the logged in userName property from the securityContext(). We are using OAM for SSO.
The code #{securityContext.userName} works fine when we used Basic login process with OAM and we get the logged user info, but we need to use Form based login and when we change to Form based we keep getting "anonymous" and can't get any property from the securityContext.
Didn't find any solution for this.
Has anyone dealt with similar issue?
ThanksThanks for all the replies.
I am working with another colleague who is configuring OAM and so have been testing different configurations.
We are using WebCenter 11.1.1.5 and OAM 10g (10.1.4.3) and OAM is used as the SSO for OBIEE and other oracle apps. My application is a custom Portal app and we are not yet using Spaces.
Access to all applications URLs, including WebCenter are protected by OAM configuation and Webgate. users for now will use an ID/pwd to login. But later they can also use a certificate.
No security configuration was done at the WebCenter app side and the Login Authentication in web.xml was not set.
In the WebCenter admin console we configured the OAM as a provider and added
- "OAM ID Asserter" configured OAM_REMOTE_USER as the SSO Header Name and as the Active type assertor (didn't add obSSOCookie) and "OIDAuthenticator".
We have no issues to login and if we used OAM Basic authentication. We always get the logged user fine in the securityContext.
When changed OAM to use Form based authentication the loggin worked but get anonymous in securityContext.
I am trying to get the securityContext from a custom JSPX page and from a Managed Bean (both work with Basic but not Form based)
I will test with the:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
The question I have is do I need to configure WebCenter in other ways than to what I mentioned above? (currently don't see the need since OAM does the work of the authenticating and Asserting and worked with Basic authn.)
1. I see in Jdev in the web.xml security has: Login Authentication (which will test with CLIENT-CERT), security roles and security Constraints. DON'T see for the need to configure the last two since will have the user roles in OID and securityContext have a method to get the user Roles.
2. Do I need to enable for the WebCenter application ADF security and add "ADF Authentication and Authorization" ?
Will provide more updates when we validate and tests the configurations.
Thanks -
GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0
If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
Are you getting either of the following errors?
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
1) Create a new application.
2) Create three .jspx pages called login, error, and welcome.
3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
4) Right-Click on your Application and select Secure->Configure ADF Security
5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
<policy-store>
<applications>
<application>
<name>SecurityError</name>
<app-roles>
// Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
<app-role>
<name>anonymous-role</name>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
<display-name>anonymous-role</display-name>
</app-role>
// Whew, the end of that app role
</app-roles>
<jazn-policy>
<grant>9) You're going to want to delete that app role XML
10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
12) Run your welcome page. Yay, the error is gone. How sweet it is.
Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
// You fool!
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not FoundThat's not so good. Let's fix that.
1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
3) Re-run your welcome page.
// Suckered AGAIN!
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
Ahh!! Now THAT's how we do it in Kingsport!
Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
WillHa :-)
Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
But your call, no pressure of course ;-)
CM. -
Securing a 1.5 web service using J2EE security and JDev 11g
Hello,
I'm looking for a tutorial or similar that will help me create a secure (1.5 EE with annotations) web service. I'm interested in just the development view at this point - xml file mods, etc.
I did find a good resource on how to do this in 10.1:
http://www.oracle.com/technology/products/jdev/101/howtos/securews/index.html
and am wondering if it has been updated (even beta!) or in another form.
ThanksSteve,
The WSDLBaseURL property just prepends a string to the WSDL URL property so that you can abstract out the protocol, server and port values separately depending on the target system you wish to hit for the service call.
Regards,
Sam -
Web service security using Jdev 10.1.2.0.2
Hi
I am currently developing our first web service. It is based on a pl/sql procedure. We are using App server 10.1.2.0.2 and Jdev 10.1.2.0.2.
I found this document
http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
However it is based on JDev 10.1.3. I managed to create the webservice and set security settings in Jdev 10.1.3 however I had problems when creating an app server connection. And the web service would not deploy to our 10.1.2.0.2 app server.
Are there any security options available when creating web services in Jdev 10.1.2.0.2? Is it expected that Jdev 10.1.3 won't be able to deploy to our 10.1.2.0.2 app server?
thanks
paul schweiger
Message was edited by:
[email protected]
Message was edited by:
[email protected]Hi
Thanks for your reply
I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
paul -
Oracle Security Implementation in JDev 10.1.2.0.0
Dear J Dev Fellows I am New to J dev. Having version mentioned in title.
I want to implement oracle security for multiple users. Please guide me to achieve this.
AamerHi,
in JDeveloper 10.1.2 you have container managed security with JAZN. Have a look at the OC4J Security Guide that you can access from the Oracle Application Server documentation on otn.oracle.com --> Documentation
or you have a look at
http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf
Frank -
Configure security-role and method permission for EJB 3.0 using Jdev 11g
The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
For example,
<assembly-descriptor>
<security-role>
<role-name>managers</role-name>
</security-role>
<method-permission>
<role-name>managers</role-name>
<method>
<ejb-name>Employees</ejb-name>
<method-name>setSalary</method-name>
<method-params>
<method-param>java.lang.Long</method-param>
</method-params>
</method>
</method-permission>
</assembly-descriptor>user516954,
By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
--Ric -
Security Error while trying to deploy my project to the application server from jDeve
Dear All,
I'm trying to deploy my project to the application server from jDeveloer but i got the following error :
Invoking Oracle9iAS admin tool...
D:\Oracle\OUIHome\jdk\jre\bin\javaw.exe -jar D:\Oracle\OUIHome\j2ee\home\admin.jar ormi://M-AMIN:3101/ admin **** -deploy -file D:\Oracle\OUIHome\jdev\mywork\Portal\UserManager\userRegister.ear -deploymentName userRegister
Security error: This operation was denied. The admin.jar utility can not be used to perform operations against OPMN managed OC4J instnaces. Please use Enterprise Manager or dcmctl instead. Refer to the Oracle9iAS Admin Guide or the OC4J User's Guide for more details.
Exit status of Oracle9iAS admin tool (-deploy): 1
#### Deployment incomplete. #### Sep 10, 2002 4:16:53 PM
Any help will be appreciated
Regards,
Mohammed AminIn JDev 9.0.2, to deploy to the full 9iAS server (instead of just Oracle9iAS Containers for J2EE [OC4J]), you have to use Enterprise Manager or DCM to deploy your application.
In JDev 9.0.3 Preview, there is a way to have JDev perform a deployment via DCM for you, if you install a DCM Servlet into 9iAS that comes with JDeveloper.
By JDev 9.0.3 Production, if you also use Oracle9iAS 9.0.3 Production, it should be possible to deploy to iAS 9.0.3 out-of-the-box.
Maybe you are looking for
-
Error message when connecting trough EM manager
Hi, When i want to make a connection trough EM manager i receive the following error message: oracle.net.config.ServiceAliasException: TNS-04404: no error caused by: oracle.net.config.ConfigException: TNS-04414: caused by: TNS-04602: Does anyone know
-
Quit LabVIEW function doesn't work when called from Actor Framework
This is related to a known bug. Details can be found in a discussion we had with LV R&D here: https://decibel.ni.com/content/docs/DOC-28012 I need a functional workaround to this bug because my application's top-level panel is an Actor Core.vi overri
-
BW Sizing with multiple app. instances on Oracle 10g
Hello folks, I have a few confusions to clarify as i am engaged in BW sizing exercise. Customer has a huge environment with multitera bytes of data and its expected to grow in size and also # of users too and they have multiple BW app instances (NW 7
-
Copy back of Prodution Error on Org Structure
Please can any of you guru's out there help. We have just done a copyback from production to SR2 (QA system) and there is an error with the org structure. We use extended Classic Scenrio and we replicate the org structure from ECQ to SRQ. (integrated
-
Hi All, I have developed webservices using AXIS .And now i need to register these services to UDDI .Can any body provide me the details of it. Thanks, Kalyan.