[JDev11g]: ADF Security and Weblogic 10.3
Hi
i using my owen custom loginmodule configured jps-config.xml using ADF security..
how to deploy to Weblogic 10.3 , is it supported directlly ?
where can i put the jps-config.xml ,
or how to configure?
can any body share some steps?
thanks
Hi!
With JDeveloper 11g Release the old custom login modules (from TP4 and 10g) are not supported anymore. You have to write your own Custom Authentication provider for WebLogic Server (yes, it uses JAAS Custom Login modules and MBeans).
In WLS 10.3 you have a built-in Database Authentication Provider. You just have to configure it. Try looking in WLS docuementation for details (it is done through the WLS Console and is fairly easy).
Regards,
PaKo
Similar Messages
-
Hi all,
I am implementing ADF security on my application and I came across the following Documents:
1- http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
2-http://www.oracle.com/technology/products/jdev/howtos/1013/oc4jjaas/oc4j_jaas_login_module.htm
and I have a few of questions :
1- in ADF security, the edit authorization options in the PageDef reads the roles (gorups) stored on the system-jazn-data.xml file. If my roles are stored on the Database how can I read them?
2- In the first document it is said " If the role name in web.xml matches a group name in system-jazn-data.xml, no further mapping is required. If the names do not match, then the web.xml role name needs to be mapped to the name in the system-jazn-data.xml using the orion-application.xml file. ". Can I do the mapping between the system-jazn-data.xml and the Database?
3-When I assign ADF security permissions on PageDefs, It will be stored in the app-jazn-data.xml file. Can I store/read those permissions from the Database and no the app-jazn-data.xml file or at least can I do some kind of mapping between the Database and this file?
thanks in advance,
Ahmad EsbitaHi albertpi,
Thanks for you response. This is our first ADF application.
We are planning to impliment the security as mentioned above.
We can configure the LDAP users in Weblogic server.
We have a page with multiple tables which need to be shown based on the User roles.
These roles we are planning to define in the table.
1. I need to show list of users from my LDAP Users on the ADF UI to assign the roles.
2. We will be defining our list of roles in a database table, which not sure whether they need to map to ADF application security roles.
Data in table will be something like this.
User Role
Admin Tab1
Admin Tab2
Admin Tab3
User1 Tab1
User2 Tab2
User2 Tab3
Once the User is logged in we will read this table to show/hide the respective tabs.
Can you tell us are we in right path, if yes How to achieve this.
Thanks,
Satya -
Problem with ADF security and task flow calls
Hi.
I am using JDeveloper 11.1.2.0.0.
I encountered a problem when tried to apply ADF security to my application.
The way to reproduce the problem:
1. Create new Fusion Web Application;
2. Import Business Components from Tables from any existing schema and add at least one table to the ApplicationModule.
3. Create "welcome page" (for instance, welcome.jsf). Add a button with fixed action outcome "test".
4. Create test page, for instance, test.jsf. Drag and drop any view object from Data Controls onto the page and create a form with navigation controls. Add a button with fixed action outcome "return".
5. Create bounded task flow, name it "test", drag and drop our test page on it - the page will be the default activity. Add a task flow return activity. Add a control flow case from the default view activity to the return activity, set From Outcome property to "return". So our return button should cause the task flow to exit.
6. Open adfc-config.xml in diagram mode and place our welcome page on it. Then drag and drop the test task flow to create a task flow call activity. Add a control flow case from welcome page to task flow call activity, set the From Outcome property to "test". So our test button should call the test task flow.
7. Configure application to run the unbounded task flow starting with Welcome view activity.
At this point all works as expected: when application runs, the welcome page is displayed with test button. Pressing the test button results in displaying the test page, return button leads back to the welcome page.
Now let's configure ADF Security.
Run the ADF Security configuration wizard, choose ADF Authentication and Authorization.
On the second page select Form-Based Authentication, check the Generate Default Pages flag.
On the third page choose No Automatic Grants.
On the next page keep the Redirect Upon Successful Authentication unchecked. Press Finish.
Open jazn-data.xml to configure roles, users and resource grants:
1. Create application role test-role.
2. Grant the test-role privileges to view the test task flow.
3. Create user and grant him the test-role.
Now we have the public available welcome page and the test page with restricted access.
When application runs, the welcome page is displayed as expected. Pressing the test button redirect us to auto-generated login page. After successful authorization the test page is displayed. But nothing happens if we click now the return button for the first time. When we click the return button once more, the application crushes with Error-500 and message "Target Unreachable, identifier 'bindings' resolved to null". The exact error trace depends on UI control bindings, but looks like this:
javax.el.PropertyNotFoundException: //C:/Users/DUDKIN/AppData/Roaming/JDeveloper/system11.1.2.0.38.60.17/o.j2ee/drs/Test1/ViewControllerWebApp.war/test.jsf @10,120 value="#{bindings.Id.inputValue}": Target Unreachable, identifier 'bindings' resolved to null
at com.sun.faces.facelets.el.TagValueExpression.isReadOnly(TagValueExpression.java:122)
at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer._getUncachedReadOnly(EditableValueRenderer.java:476)
at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.getReadOnly(EditableValueRenderer.java:390)
at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.wasSubmitted(EditableValueRenderer.java:345)
at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.decodeInternal(EditableValueRenderer.java:116)
at oracle.adfinternal.view.faces.renderkit.rich.LabeledInputRenderer.decodeInternal(LabeledInputRenderer.java:56)
at oracle.adf.view.rich.render.RichRenderer.decode(RichRenderer.java:342)
at org.apache.myfaces.trinidad.render.CoreRenderer.decode(CoreRenderer.java:274)
at org.apache.myfaces.trinidad.component.UIXComponentBase.__rendererDecode(UIXComponentBase.java:1324)
(the rest of lines skipped).
Any suggestions?
Edited by: user13307311 on Apr 16, 2013 11:39 PM@Lovin_JV_941794
The welcome page is public available since it does not have appropriate PageDef file.
Login page comes not from the welcome page, it comes after attempt to access the test page. So after the login succeeded the test page appears, because redirect to welcome page after successful login is not configured. I do not need to return the welcome page at this moment, I need to go to the test page.
It seems the task flow call stack to be destroyed after redirect to login page.
Edited by: user13307311 on Apr 17, 2013 12:45 AM -
Role based oracle adf security and filtering data
while oracle adf security looks great its only role based... does anyone know of any resources describing an architecture where this is used in addition to filtering of data based on say, organization?
it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...Hi,
it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...
ADF Security is a JAAS based security implementation to protect resources (like entities). It is nota security provider like OPSS or OID which you can use for user provisioning and self service (if you code against the IDM APIs). ADF Security only checks for whether a user is authenticated and if the user has the permission to perform a task.
However, you can use groovy to access the security context from Groovy, which allows you to add the authenticated username to a query - for example to filter recrds out that match the username in one of its attributes.
For example, you could create a ViewCriteria that for example filters the query by a specific attribute. Say that managers can see data starting from department 10 whereas employees can see data starting from department 100. The ViewCriteria would reference a bind variable with the following default setting
adf.context.securityContext.isUserInRole('manager')? 10 : 100
Frank -
OAM and ADF Security with WebLogic 11
WebLogic Server 11, ADF 11, OAM 10.1.4.3
I understand (and have successfully implemented) an ADF application with application roles tied to enterprise roles which are mapped to OAM groups (and users). This appears to use the OAMAuthenticator and OAMIdentityAsserter authentication providers from OAM installed into the WLS.
However, there appears to be a gap in the authorization component beyond simple group membership. Does WLS support roles and policies defined in OAM as they might pertain to an ADF application? In the Oracle Access Manager Integration Guide, the entire section on integration with WLS has been removed between versions 10.1.4.0.1 and 10.1.4.3 (along with several other chapters). What is the future direction here? What would be the best means to create roles and policies (including dynamic roles) which extend beyond simple group membership?
Regards,
Tom GreshamFor a start JDeveloper 10.1.3 uses an older version of JSF that WebLogic 11g. You would be best upgrading your app with JDeveloper 11g and then re-deploying.
-
Hello,
I want to authenticate users of my adf application against OID.
But it doesn't work.
The users wich are created in the default authenticator of the weblogic server can be authenticated an everything works fine.
The users wich came from the OID cannot be authenticated!?!?
I can see all users and theirs roles from OID in the weblogic server.
I set the control flag of both, the default authenticator and my authenticator (OID) to sufficient.
Has anyone an idea?Hi,
works for me, so its definitively not a bug. Check this: http://oracle.com/technology/products/jdev/tips/fnimphius/oidconfig/index.html
Frank -
Oracle ADF Security Login page
hi.
I am using oracle ADF 11.1.2.2.0 (oracle Jdevelopr 11g release 2) in my job environment. There are 3000 users working as client level in our company. They have separated user Id and roles. They can change their passwords. There are expiration period for passwords which is handle by in database level. when the employees are going to terminate or retirement , we can control their login status. that mean we change their Active status as a Inactive status. some times we recruit number of emplooyes for cover our business targets. Their User Id also in database table level.
My main problem is how we can handle number of employees using Oracle ADF security configuration.
second one is how user can change their passwords.
Third is how number of employees going to terminate ,handle their Active/Inactive State.
Fourth one is If we use this Oracle Security system ,project managers or project cordinator or Adminstrator level authenticator must need to deploy time to time war file, because of adding removing users in jazn-data.xml.
hoping help from you.Thanking for all.So, you can define SQLAuthenticator/SQLReadOnlyAuthenticator on Weblogic which will retrieve users from your db table(instead of jazn-data file) to application server.
Then, in your application you can enable ADF Security and this will generate login page.
And, this is it :)
If you need some custom processing before users login to your app, then you can create custom login page and do whatever you want in Java code:
http://docs.oracle.com/cd/E16162_01/web.1112/e16182/adding_security.htm#BABDEICH
>
But 11g has Database connection in Application Resource. Using that connection I need to log to the system using user's User iD and Password
>
This connection is valid only in design time. When you deploy your application to application server, then you can include this connection in .ear file, or you can define Data Source on Weblogic(which is better approach).
To programmatically retreive db connection, you can create utility method in your Application Module.
Dario -
Hello ,
I am using JDeveloper 11.2.3.0.
I am using ADF security and I am using DB tables for authentication.
I created the DB authentication in th weblogic and I inserted the SQL queries in the provider configuration.
In the ADF app , I enabled adf security. I added the enterprise roles as mentioned in my DB tables. I created the application roles and I gave grants to users.
My problem is , when I run the application, the users are not loaded from weblogic but recreated with new IDs and like that the DB doesn't assign roles to every user ( because fdifferent ID).
Any want knows how to solve this problem ??
thanks in advance
FARAJHello frank,
My problem is , when I run the application , the application roles are not loaded from DB ( as in weblogic ) but they are recreated with new IDs.
I have 3 tables : users , roles and grant_roles.
when I run the application , the roles are deleted and recreated with new IDs :
before running :
table user :
ID | User ......
1 | x
table roles:
ID | role ......
2 | y
table grant_roles:
ID | role | user
3 | 2 | 1
after running the tables become :
table user :
ID | User ......
1 | x
table roles:
ID | role ......
*4 |* y
table grant_roles:
ID | role | user
3 | 2 | 1
Edited by: Faraj on Feb 13, 2013 5:56 AM -
Hi,
We have implemented ADF security and using form based authentication. The problem we are facing is during logout, in IE we see a NullPointerException, before the login page is displayed. Please note that this functionality works fine in Firefox and Chrome. Also this happens only in standalone weblogic server. It works perfectly fine in a cluster. The logout link is command link which goes to logout.jspx. The implementation in logout.jspx is as follows
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1">
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<jsp:forward page="/adfAuthentication">
<jsp:param name="logout" value="true"/>
<jsp:param name="end_url" value="#{initParam.loginURL}"/>
</jsp:forward>
</jsp:root>
the loginURL is configured in web.xml as */faces/login.jspx.*
The exception stack trace is .
<Dec 10, 2012 7:44:44 AM UTC> <Notice> <WebLogicServer> <BEA-000360> <Server
started in RUNNING mode>
<Dec 10, 2012 7:45:51 AM UTC> <Warning> <oracle.adf.share.ADFContext>
<BEA-000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic
initialization is performed improperly.
This message may be avoided by performing initADFContext before using
getCurrent().
For more information please enable logging for oracle.adf.share.ADFContext at
FINEST level.>
<Dec 10, 2012 7:45:51 AM UTC> <Error>
<oracle.adf.controller.internal.binding.TaskFlowRegionModel> <BEA-000000>
<1i9kmqwku_121>
<Dec 10, 2012 7:45:51 AM UTC> <Warning>
<oracle.adf.view.rich.component.fragment.UIXRegion> <ADF_FACES-00009> <Error
processing viewId: /InventoryUIShell URI:
/oracle/communications/inventory/ui/framework/templates/InventoryUIShell.jspx
actual-URI: /oracle/communications/platform/cui/fragments/mainArea.jsff.
oracle.adf.controller.internal.InvalidViewPortIdException: ADFC-14000: View
port ID '1i9kmqwku_33' is invalid.
at
oracle.adfinternal.controller.state.ControllerState.setCurrentViewPort(Control
lerState.java:1319)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:135)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:52)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.doProcessEndRegion(
TaskFlowRegionModel.java:320)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.processEndRegion(Ta
skFlowRegionModel.java:237)
at
oracle.adf.view.rich.component.fragment.UIXRegion$RegionContextChange.undoChan
geImpl(UIXRegion.java:1209)
at
oracle.adf.view.rich.context.DoableContextChange.suspend(DoableContextChange.j
ava:49)
at
oracle.adf.view.rich.context.DoableContextChange.undoChange(DoableContextChang
e.java:103)
at
oracle.adf.view.rich.component.fragment.UIXRegion._endInterruptibleRegion(UIXR
egion.java:726)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:576)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:565)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
Any pointers to resolve this would be helpful.
Thanks,Hi,
Check these
http://tompeez.wordpress.com/2010/07/26/logout-with-confirmation-dialog/
http://www.oracle.com/technetwork/developer-tools/adf/learnmore/jan2011-otn-harvest-300940.pdf -
I've been reading about the adf security and have been trying to implement it in a simple application. The documents I've been referring to are the Oracle Fusion middleware developer guide, Chapter 28 and the online videos from the Core Code center. I've also read some blog entries but there isn't much information about adf security on the web.
This is what I'm trying to do:
I want a welcome page which is accessable to everybody. You can choose to login from the welcome page and then you have a option to go to a task flow which the user has access rights to.
I set up the security context in the web.xml accordingly:
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
Thus securing the / url pattern. I then gave anonymous-role access to the welcome page, thinking that it would make the page public. But I still have to log in to get access to the welcome.jspx. Maybe I'm not supposed to set the url pattern to / in the security-constraint, but it was the only way I could find to secure the task-flow. If the url pattern was only /adfAuthentication then I was not redirected to the login.jspx page when trying to access it as anonymous.
I've read chapter 28 three times but I still find it somewhat confusing. How are the web.xml and the jazn-data.xml files linked? What am I doing wrong here?
I've managed to secure the taskflow and users with view access to that task flow are the only users that can see it. But there also seem to be some bugs conserning jdeveloper and the jazn-data.xml file. For example I made access right changes in the jazn-data.xml file. I granted view access to a specific page to a user. I then ran the applicaion to see if he had access and he didn't. I then shut down jdeveloper and started it up again and re-ran the application and then the user had access. Hopefully the future updates will fix this.
Best regards,
Sturla ThorHi,
"/" protects the application root and requires users to login before the application renders the first page. There is no way to grant anonymous access to this. To defer authentication you will have to remove "/" and just stick with the other entry, which is used by the ADF Security authentication servlet.
To login from the welcome page is a it tricky because there exist no standard API for this. There is a WebLogic proprietary API that you can use. But then you will need to make sure that the user is explicitly redirected after providing the login credentials so the container becomes aware of it
The code below is from a sample I wrote
import weblogic.servlet.security.ServletAuthentication;
public String login() {
FacesContext fctx = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest)fctx.getExternalContext().getRequest();
HttpServletResponse response = (HttpServletResponse)fctx.getExternalContext().getResponse();
int authSuccess;
try {
authSuccess = ServletAuthentication.login(username,password,request,response);
if (authSuccess == ServletAuthentication.AUTHENTICATED){
userAuthenticated = true;
loginPanel.setRendered(false);
return "login";
// the login exception provides information abput the cause of the failure (e.g. account locked,
// password expired etc. For this, make sure the authentication provider propagates the exception
catch(FailedLoginException fle){
String excmessage = fle.getMessage();
boolean authentication_failed = excmessage.indexOf("090304") > -1?true:false;
if (authentication_failed){
informUser("Authentication failed because of a wrong credentials pair",
"Please make sure a valid username and password pair is provided in correct case",usernamefield);
else{
informUser("Authentication failed with unknown reason",
"Please call the IT SWAT team at 0123-456-7",usernamefield);
catch (LoginException le) {
informUser("Authentication failed with unknown reason","Please call the IT SWAT team at 0123-456-7",usernamefield);
// once you explored the possibilities that raise the exception you can
// provide finer grained messages
le.printStackTrace();
// parse error message for information to give to the user
return null;
}Frank -
ADF security logout problem in adfAuthentication?logout =true
Hi,
I've configured ADF security and implementing logout as in http://blogs.oracle.com/jdevotnharvest/entry/how-to_logout_from_adf_security
Also I have configured OID in the standalone WL server and when deployed this to the standalone wl, the login works fine. But when I click the logout the page redirects saying 10.4.4 403 Forbidden. and the redirected url is
/adfAuthentication?logout=true & end_url=/faces/AppLogin.jspx Please help, why the logout is forbidden?
ver. 11.1.1.4
my web.xml entries
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/faces/AppLogin.jspx</form-login-page>
<form-error-page>/faces/error.jspx</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>and weblogic.xml
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>users</principal-name>
</security-role-assignment>What I get is a Error 403--Forbidden and not 404 - not found. The two links provided above talks about 404 error and similar.
What I have is I can login successfully, but when I use the logout procedure it gives me a 403 --Forbidden error. Any other suggestion? -
ADF Security: javax.servlet.jsp.JspException: Cannot find FacesContext
Hi,
In my ADF Application, new users are to be allowed to Register by clicking a button in login page. The Application is based on ADF Security Wizard and I have created default pages for Login and Error, so the application's login page is login.html.
Now when I’m trying to navigate to 'NewUserRegistrationPage.jspx' Im getting javax.servlet.jsp.JspException: Cannot find FacesContext error.
I thought the issue might be from calling a .jspx from .html so I created a 'NewLogin.jspx' Page with below code and specified this page in ADF Security Wizard for Login Page.
Please advice me some way of calling the 'newRegistrationpage.jspx' from my login page.
Im using JDeveloper 10.1.3.4.
Page Code:
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:af="http://xmlns.oracle.com/adf/faces"
xmlns:afh="http://xmlns.oracle.com/adf/faces/html">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<f:view>
<html>
<head>
<title>Login</title>
</head>
<body><form method="POST" action="j_security_check">
<font face="Verdana" color="Navy">
<table cellspacing="2" cellpadding="3" border="0" align="center">
<tr>
<th>Username:</th>
<td>
<input type="text" name="j_username"/>
</td>
</tr>
<tr>
<th>Password:</th>
<td>
<input type="password" name="j_password"/>
</td>
</tr>
</table>
</font>
<p align="center">
<input type="submit" name="submit" value="Submit"/>
<input type="button" name="" value="Request Password"/>
<input type="button" name="" value="New User Registration"/>
</p>
</form></body>
</html>
</f:view>
</jsp:root>
Error::
javax.servlet.jsp.JspException: Cannot find FacesContext at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:427) at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java:125) at webpages.REACHLoginPage_jspx._jspService(_REACHLoginPage_jspx.java:47) [WebPages/REACHLoginPage.jspx] at com.orionserver[Oracle Containers for J2EE 10g (10.1.3.4.0) ].http.OrionHttpJspPage.service(OrionHttpJspPage.java:59) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462) at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.unprivileged_forward(ServletRequestDispatcher.java:259) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.access$100(ServletRequestDispatcher.java:51) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher$2.oc4jRun(ServletRequestDispatcher.java:193) at oracle.oc4j.security.OC4JSecurity.doPrivileged(OC4JSecurity.java:284) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:198) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.FormHttpAuthenticator.reject(FormHttpAuthenticator.java:83) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6435) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3030) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:738) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:122) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:111) at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260) at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234) at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29) at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298) at java.lang.Thread.run(Thread.java:595)
Edited by: Manasa Tadi on Jul 1, 2009 11:52 PMHi Branislav,
Thanks a lot for your suggestion through which now Im able to navigate to NewRegistration page from login.html.
In my application login.html is under public_html folder where as the NewRegistration page in public_html/WebPages.
Code I used:
New User Registration
But the issue now is, the NewUserRegistrationPage was also under the ADFSecurity, so inorder to navigate to it again the user had to provide authentication. So, I have removed this particular page from Security and it has started to work.
But the issue now I face is something else. In the NewUserRegistrationPage I have a selection to be made by user about the type of user he is and based on the selection he would be navigated to next page, This next page has a VO on it as a 'create form', through which he can directly fill the form and submit his details to database table.
But as I have removed these pages from ADF Security and authentication, the form fields/attributes in the VO are not getting binded, Im getting this Exception:
500 Internal Server Error
javax.faces.el.PropertyNotFoundException: Error testing property 'inputValue' in bean of type null
For testing purpose when I have provided link from application page to NewRegistrationPage the flow is working properly, able to navigate to second page and submit the filled form to database, I think this is working because we have entered the application after providing the login credentials.'
Help in this greatly needed.
Thanks,
Manasa. -
Could someone explain me about ADF Security in UI Shell?
Hello.
I have my application main page implemented with a dynamic region and it's working fine.
The application is secured using ADF Security and it is fine too.
All the bounded taskflows are imported as ADF Libs. They have their permissions in jazn-data.xml. All the permissions work fine when the page is implemented with a dynamic region.
Now I'm trying to rebuild it using UI Shell.
All the permissions are the same, but now all my taskflows are not available.
I've checked that it's a security issui by disabling security. Everything began to work fine.
What changes should I do to permissions to make them work in UI Shell page?
I've read this article http://one-size-doesnt-fit-all.blogspot.com/2009/12/adf-ui-shell-adf-security.html but didn't get the clue. It seems to me that everything's configured correctly.
Thanks.
JDev 11.1.2.2Hello Frank,
I've added some test code to the lauching method and it shows no error:
// name = User Info ;fullFlowId = /WEB-INF/info-tfd.xml#info-tfd
System.out.println("userInRole = "+
JSFUtils.resolveExpression("#{securityContext.userInRole['personal_office-app']}")
); // -> true
System.out.println("taskflowViewable = "+JSFUtils.resolveExpression("#{securityContext.taskflowViewable['"+fullFlowId+"']}")); // -> trueBut still addOrSelectTab opens a new tab with "User Info" as a title but nothing is viewable in it.
And here's jazn-data.xml part:<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<name>personal_office-app</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.controller.security.TaskFlowPermission</class>
<name>/WEB-INF/info-tfd.xml#info-tfd</name>
<actions>view</actions>
</permission>
...Also, my previous main page wuth a dynamic region in the same application is still working fine. -
ADF Security in JDeveloper 10.1.3.4
Hello all,
Although I have followed all the steps outlined in Ch. 30 Adding Security to an Application (ADF Dev Guide for Forms/4GL Developers) I cannot get ADF security running in JDev 10.1.3.4. Specifically,update, create and delete buttons are enabled even though I have put constraints on the respective iterator bindings. At the same time, i am not getting any errors.
Container managed security works fine and when I access a protected URL, the basic pop-up window shows (I am using basic authentication). The 4GL guide states the adfAuthenticationServlet should be mapped to its own URL pattern, like /adfAuthentication/*.
However, when I try to access an ADF protected resource, nothing happens.
What is the interaction between container managed security and the adfAuthentication servlet? is it mandatory to use a login page for the adfAuthentication servlet to work?
I understand a backing bean is needed if we want to make user information accessible in the expression language. However, according to table 30-1 (on pg. 30-24) no further action is needed in order for the, e.g. Create button to be disabled. In other words, a backing bean is not needed and I don't have to change the "disabled" property for the Create button from false and check it using EL.
COuld someoneplease shed some light how is ADF security actually used? Curiously enough, SRDemo is not using ADF security and I wonder why?
Many thanks,
Boris
Edited by: user616226 on Sep 12, 2008 2:53 PMI made some progress. The missing link was running the ADF security wizard (under "Tools").
The buttons are behaving OK (rendered but disabled) but now no table data is displayed!?
I have granted a view permission on the binding container as well as a read permission on the iterator and attributes.
BTW, the ADF security wizard will create the adf-config file for you (had to be done manually, check pg. 30-25 in the 4GL guide). -
I accessed the page protected by ADF security using direct url access attac
hi,
I played with my application which is based on SRDemo code (with added ADF security handling protection of resources) using direct url access scenarios. I was able to access a protected page as authenticated but not authorized user. I'll try to explain what I did.
There are two folders/web resources in my application, faces/folderA/* and faces/folderB/*.
roleA only is configured to access first web resource and the roleB is configured to access the second resource.
I used ADF security to authorize only roleA for page in folderA and to authorize only roleB for page in folderB.
I configured error pages in web.xml:
<error-page>
<error-code>400</error-code>
<location>faces/error/error400.jspx</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>faces/error/error401.jspx</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>faces/error/error403.jspx</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>faces/error/error404.jspx</location>
</error-page>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>faces/error/error500.jspx</location>
</error-page>
Other config params are:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>infrastructure/ABLogin.jspx</form-login-page>
<form-error-page>faces/error/error401.jspx</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>AB Prototype</web-resource-name>
<url-pattern>faces/ABAbout.jspx</url-pattern>
<url-pattern>faces/ABHelp.jspx</url-pattern>
<url-pattern>faces/ABLogout.jspx</url-pattern>
<url-pattern>faces/ABWelcome.jspx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>A</role-name>
<role-name>B</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AZone</web-resource-name>
<url-pattern>faces/folderA/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>A</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>BZone</web-resource-name>
<url-pattern>faces/folderB/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>B</role-name>
</auth-constraint>
</security-constraint>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
<init-param>
<param-name>unauthorizedErrorPage</param-name>
<param-value>faces/error/error401.jspx</param-value>
</init-param>
</filter>
<filter>
<filter-name>adfFaces</filter-name>
<filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jspx</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<url-pattern>*.jsp</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<url-pattern>*.jspx</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
Once I authenticated as user in roleA I was trying to directly access URLs accessible only by users in roleB. In the beginning everything worked OK: I was dispatched to error401.jspx page with message Not authorized... etc.
But I kept trying to access different URLs, like http://localhost:8988/AB/faces, http://localhost:8988/AB/faces/folderB, http://localhost:8988/AB/faces/folderB/pageB.jspx, http://localhost:8988/AB
(not necessarily in that order, I played for a couple of minutes and the system would always dispatch to error401.jspx page if unauthorized attempt. But all of sudden, to my surprise, I got the pageB.jspx page while logged in as user belonging to roleA!)
Not sure how that happened but the connectedUser on pageB (#{userInfo.authenticated}) shows that I am logged in as user whose role is A.
I checked Authorization in ADF security and it is still correct: pageB is only accessible to roleB and pageA is only accessible to roleA.
I hope I made some stupid mistake in my configuration?Hi,
ADF Security is JAAS permission based and not container managed. Note that unless you explicitly configured ADF Security you don't use ADF Security but container managed security, which is all that I can see in your configurations.
Not sure which version fo JDeveloper you use, but if you could change the following setting
<security-constraint>
<web-resource-collection>
<web-resource-name>AZone</web-resource-name>
<url-pattern>faces/folderA/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>A</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>BZone</web-resource-name>
<url-pattern>faces/folderB/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>B</role-name>
</auth-constraint>
</security-constraint>
to contain jspx file references instead of wildcards like in faces/folderB/* then what you see should no longer be possible. There was a known issue with the security settings in SRDemo that was caused by a defect in OC4J container managed security. I would expect this issue to be fixed in a more recent version of OC4J.
However, the work around until then is to protect all JSPX files in a directory instead of using wild card matches
Frank
Maybe you are looking for
-
How to find a program which modifies the variant of a standard program?
Hi, I have an issue where the variant values of the standard program RKEVEXT3 (Transaction : KEFC), is getting changed by a background job.I need to find the program which modifies the values of the variant. Any input on this will be helpful. Regards
-
Very slow loading time - Crystal Reports Viewer 2008
Hi, I search this forum to find another thread regarding this issue. Since I've found nothing in particular, I started this one. We are currently developping a new report engine based on the .Net Crystal Report Viewer. This engine will be used i
-
A question about share interface in java card
I meet a big problem in java card recently. I try to develop a loyalty and a purse in the JCOP 20 . I use the share interface to share data between two applets.At first I write two small applets to test the share interface.Then I manully dowon the tw
-
after I install new version of mac osx 10.9 my trackpad is out of my control and Do anything tahat i want do them
-
using LabVIEW 7.1 I want to list and read several files in a certain directory. I want to recursively search and read these files starting from a root-directory, however the directory-path at some point contains illegal characters, probably because