Login Logout Audit information in ADF application

Similar Messages

• Login Window in a JSP /ADF Application...

  Hi ,
  I test the sample demo applications located in
  http://www.oracle.com/technology/obe/obe_as_1012/j2ee/index.html
  I have a question , however....
  Is it possible and 'easy' to create a login window , so as the user who types in a url in his browser ... such as :
  http://192.168.1.5:8988/bc_jsp_1-Model1Client-context-root/browse.jsp
  created following the "Creating a JSP Application with ADF Using a Model 1 Architecture" application , will view different rows than another user.....according to , let's say , a flag in the table(s) used in the construction of the ADF model.....
  NOTE:In the sample application "Creating a JSP Application with ADF Using a Model 1 Architecture" (found in http://www.oracle.com/technology/obe/obe_as_1012/j2ee/index.html) each user is logged in automatically , as the ADF model was constructed using a db user credentials...(hr in this case).
  Thanks , a lot for your interest
  Simon

  Hi,
  have a look at container managed J2EE security in which you protect an application's root URL. The user can either authenticate through basic authentication or a form based login screen.
  If using e.g. ADF BC, set the property jbo.security.enforce property to MUST and call getPrincipal() on the ApplicationmoduleImpl.
  From here you can set an application specific database context for the user to enforce VPD (Virtual Private Database).
  If you have time to wait, a whitepaper about this is in teh works, probably being leased end of January
  Frank

• Can external ADF application write to BPM Payload structures?

  Hi all
  New to BPM and trying to understand the best practices here.
  We have Oracle BPM 11.1.1.6.0.
  We have an external ADF application that will be used for online data entry, that comes in via public user. This data then needs to be reviewed and approved/rejected by the internal users and for this we are using BPM interface.
  I have many concerns implementing above scenario in BPM
  a) Can we login to BPM workspace via ADF application? If so, can you experts share with us some examples to look at?
  b) We dont want to use temp tables in the database, when user is doing online entry. We need to push this into BPM payload structures, when a user saves the data partially. When he does submit for approval, we need to initiate a task on the BPM side(for the reviewer). Is this possible? , especially saving the data into BPM payload structures from ADF application? Is this recommended or a good practice? Is there an example or how this can be achieved?
  I know this is a long list of questions, but going thru the web, really did not help us much. So checking with the community for the best way to get good reliable answers.
  Thanks
  SR
  Edited by: libran on Feb 28, 2013 1:29 PM

  Hi SR
  a) Can we login to BPM workspace via ADF application? If so, can you experts share with us some examples to look at?
  Not directly. BPM Application itself is a WebApplication. In high level it has 2 main things. List of Tasks with different status like Assigned, completed, active etc et.c And for each Task, click on that opens the task details page. This task details page is the ONE that can contain ACTUAL Data. Now this actual Data can be part of the process itself we call as Payload. Or this entire data can be in any other existing application or database. But the payload will just have like main PKs (Primiary keys) like order id, salesid, customer id, projectid etc etc. Using these IDs and some APIs you can use your existing application data. Coming to screen, you cannot use the existing screens as it is.
  b) We dont want to use temp tables in the database, when user is doing online entry. We need to push this into BPM payload structures, when a user saves the data partially. When he does submit for approval, we need to initiate a task on the BPM side(for the reviewer). Is this possible? , especially saving the data into BPM payload structures from ADF application? Is this recommended or a good practice? Is there an example or how this can be achieved?
  1) NO. I would NOT recommend to put your existing data filled out from online form into Payload. There is NO need for this. From online when user clicks on Submit for Approval, just pass the key information like IDs, some names, status etc. Just the core and it should like 2 or 3 at the most. Any complex data will have only couple of main primary master keys and rest are all the internal relations. Once these IDs are in paylosd, you can use ADF components to pull the full entire data set for display in the TaskForms (mostly display only). Use ManagedBeans or DataControls/EJBs that takes these IDs.
  2) From online web on Submit, YES, you can invoke automatically a BPM Process. BPM Process can be initiate in many ways: Using Workspace application, Email, scheduler, WebServices, Java based APIs etc. The ideal way is WebServices. I guess you want to do first some validation and then only create an approval instance.
  Giving a ready made example is tough. I do not have any old links on top of my head for reference. I will see if I can find them.
  My suggestion, leave the Payload as light as possible unless and untill if there is no other go.
  Thanks
  Ravi Jegga

• How to implement an audit system to track ADF applications DML activity?

  We have implemented a complete audit system for one of our databases in order to keep history for every table and every value that has been modified.
  The solution that we currently have can be split into two discrete parts:
  1. Keeping a record of all connections to the db account
  This is achieved via a table ‘user_sessions’ into which we record data for every session in the database with the help of on-logon and on-logoff triggers and some PL/SQL procedures:
  Column name        |  Explanation
  -------------------|-------------------------------------------
  US_ID              | PK, based on a sequence
  SESSION_ID         | sys_context('USERENV' ,'SESSIONID')  
  USER_NAME          | sys_context('USERENV' ,'OS_USER')
  LOGON_TIME         | when the on-logon trigger fires
  LOGOFF_TIME        | when the on-logoff trigger fires
  USER_SCHEMA        | sys_context('USERENV' ,'SESSION_USER')
  IP_ADDRESS         | sys_context('USERENV' ,'IP_ADDRESS')
  us_id |session_id |user_name|user_sschema|ip_address|logon_time               |logoff_time     
  560066|8498062       |BOB      |ABD         |1.1.1.2   |14-SEP-06 03.51.52.000000|14-SEP-06 03.52.30.000000
  560065|8498061       |ALICE    |ABC         |1.1.1.1   |14-SEP-06 02.45.31.000000|14-SEP-06 04.22.43.0000002. Keeping the history of every change of data made by a given user
  For every table in the account there is a corresponding history table with all of the columns of the original table plus columns to denote the type of the operation (Insert, Delete, Update), start and end time of validity for this record (createtime, retiretime) and us_id (which points to the user_sessions table).
  The original table has triggers, which fire if there is an insert, update or delete and they insert the data into the corresponding history table. For every record inserted into a history table the us_id taken from the user_sessions table is recorded as well, allowing us to determine who has modified what data via the combination of these two tables.
  Below is an example of a table TASKS, the history related triggers and the history table TASKS_HIST.
  At the moment we are developing new applications by using ADF. Since there is an Application Module Pool and Database Connection Pool implemented for the ADF, one connection to the database could be used by several users at different moments of time. In that case the history records will point to a database session logged into the user_sessions table, but we will not know who actually modified the data.
  Could you, please, give us a suggestion, how we can know at any moment of time who (which of our users currently making use of an ADF application) is using a given database connection?
  By way of an example of the problem we are facing, here is how we solved the same problem posed by the use of Oracle Forms applications.
  When the user starts to work with a given Forms application, user_sessions table would attempt to record the relevant information about he user, but since the db session was created by the application server, would in actual fact record the username and ip address of the application server itself.
  The problem was easy to solve due to the fact that there is no connection pooling and when a user opens their browser to work with Forms applications, a db connection is opened for the duration of their session (until they close their browser window).
  In that case, the moment when the user is authenticated (they log in), there is a PL/SQL procedure called from the login Form, which updates the record in the user_sessions table with the real login name and ip address of the user.
  Example of a table and its ‘shadow’ history table
  CREATE TABLE TASKS (
       TASKNAME     VARCHAR2(40),
       DESCRIPTION  VARCHAR2(80)
  ALTER TABLE TASKS ADD (
       CONSTRAINT TASKS_PK PRIMARY KEY (TASKNAME));
  CREATE OR REPLACE TRIGGER TASKS_HISTSTMP
  BEFORE INSERT OR UPDATE OR DELETE ON TASKS
     BEGIN
       HISTORY.SET_OPERATION_TIME('TASKS');
     EXCEPTION
       WHEN OTHERS THEN
         ERROR.REPORT_AND_GO;
  END TASKS_HISTSTMP;
  CREATE OR REPLACE TRIGGER TASKS_WHIST
    AFTER INSERT OR UPDATE OR DELETE ON TASKS
    FOR EACH ROW
    BEGIN
  CASE
        WHEN INSERTING THEN
          UPDATE TASKS_HIST
             SET retiretime = HISTORY.GET_OPERATION_TIME
           WHERE createtime = (SELECT MAX(createtime)
                                 FROM TASKS_HIST
                                WHERE retiretime IS NULL AND TASKNAME=:NEW.TASKNAME)
             AND retiretime IS NULL AND TASKNAME=:NEW.TASKNAME;
          INSERT INTO TASKS_HIST (TASKNAME      ,DESCRIPTION      ,optype
                                  ,createtime                    
                                  ,us_id)
                 VALUES          (:NEW.TASKNAME ,:NEW.DESCRIPTION ,'I'
                                  ,HISTORY.GET_OPERATION_TIME    
                                  ,USER_SESSION.GET_USER_SESSIONS_ID);
        WHEN UPDATING THEN
          UPDATE TASKS_HIST
             SET retiretime = HISTORY.GET_OPERATION_TIME
           WHERE createtime = (SELECT MAX(createtime)
                                 FROM TASKS_HIST
                                WHERE TASKNAME=:OLD.TASKNAME) 
             AND TASKNAME=:OLD.TASKNAME;
          INSERT INTO TASKS_HIST (TASKNAME      ,DESCRIPTION      ,optype
                                  ,createtime
                                  ,us_id)
                 VALUES          (:NEW.TASKNAME ,:NEW.DESCRIPTION ,'U'
                                  ,HISTORY.GET_OPERATION_TIME
                                  ,USER_SESSION.GET_USER_SESSIONS_ID);
        ELSE
          UPDATE TASKS_HIST
             SET retiretime = HISTORY.GET_OPERATION_TIME
           WHERE createtime = (SELECT MAX(createtime)
                                 FROM TASKS_HIST
                                WHERE TASKNAME=:OLD.TASKNAME) 
             AND TASKNAME=:OLD.TASKNAME;
          INSERT INTO TASKS_HIST (TASKNAME      ,DESCRIPTION      ,optype
                                  ,createtime
                                  ,us_id)
                 VALUES          (:OLD.TASKNAME ,:OLD.DESCRIPTION ,'D'
                                  ,HISTORY.GET_OPERATION_TIME
                                  ,USER_SESSION.GET_USER_SESSIONS_ID);
      END CASE;
    EXCEPTION
      WHEN OTHERS THEN
        ERROR.REPORT_AND_GO;
  END TASKS_WHIST;
  CREATE TABLE TASKS_HIST (
       TASKNAME       VARCHAR2(40),
       DESCRIPTION    VARCHAR2(80),
       OPTYPE         VARCHAR2(1),
       CREATETIME     TIMESTAMP(6),
       RETIRETIME     TIMESTAMP(6),
       US_ID          NUMBER
  ALTER TABLE TASKS_HIST ADD (
       CONSTRAINT TASKS_HIST_PK PRIMARY KEY (TASKNAME, CREATETIME)
         );

  Frank,
  Thanks for your reply.
  I checked the site that you mentioned.
  I try the sample “demo with bundle. The sample worked.
  But it needed to start separately with the application.
  I do not know how to build a help system with the existed web application developed with Jdeveloper (It has two projects: model and user-view-control. It is deployed on Oracle Application server).
  Could you help me step by step to build the help system?

• Error while loading a 10.1.3 ADF application login page on JBoss EAP 6.0.1

  I have a 10.1.3 ADF application that runs well on Web Sphere and OC4J. I'm trying to run it on JBoss EAP 6.0.1. The ear file was deployed successfully to JBOSS and according to ADF logging the connection to Oracle database is established.
  But when I try to load the application login page, I obtain the following exception
  ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/cv].[Faces Servlet]] (http-/0.0.0.0:8080-1) Servlet.service() for servlet Faces Servlet threw exception: oracle.jbo.common.ampool.ApplicationPoolException:
  JBO-30003: The application pool (com.claimvantage.adf.root.Oracle) failed to checkout an application module due to the following exception:
          at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:2002) [bc4jct.jar:]
          at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:2793) [bc4jct.jar:]
          at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:453) [bc4jct.jar:]
          at oracle.jbo.http.HttpSessionCookieImpl.useApplicationModule(HttpSessionCookieImpl.java:233) [adfmweb.jar:]
          at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:424) [bc4jct.jar:]
          at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:419) [bc4jct.jar:]
          at oracle.adf.model.bc4j.DCJboDataControl.rebuildApplicationModule(DCJboDataControl.java:1536) [adfm.jar:]
          at oracle.adf.model.bc4j.DCJboDataControl.beginRequest(DCJboDataControl.java:1396) [adfm.jar:]
          at oracle.adf.model.binding.DCDataControlReference.getDataControl(DCDataControlReference.java:99) [adfm.jar:]
          at oracle.adf.model.BindingContext.get(BindingContext.java:457) [adfm.jar:]
          at oracle.adf.model.BindingContext.findDataControl(BindingContext.java:308) [adfm.jar:]
          at com.claimvantage.web.bean.jsf.JhsPageLifecycle.getMessageHolder(JhsPageLifecycle.java:220) [cv-model.jar:]
          at com.claimvantage.web.bean.jsf.JhsPageLifecycle.reportErrors(JhsPageLifecycle.java:203) [cv-model.jar:]
          at oracle.adf.controller.v2.lifecycle.PageLifecycleImpl.prepareRender(PageLifecycleImpl.java:548) [adf-controller.jar:]
          at oracle.adf.controller.faces.lifecycle.FacesPageLifecycle.prepareRender(FacesPageLifecycle.java:99) [adf-controller.jar:]
          at oracle.jheadstart.controller.jsf.lifecycle.JhsPageLifecycle.prepareRender(JhsPageLifecycle.java:1080) [jhsadfrt-10.1.3.jar:]
          at oracle.adf.controller.v2.lifecycle.Lifecycle$1.execute(Lifecycle.java:297) [adf-controller.jar:]
          at oracle.adf.controller.v2.lifecycle.Lifecycle.executePhase(Lifecycle.java:116) [adf-controller.jar:]
          at oracle.adf.controller.faces.lifecycle.ADFPhaseListener.mav$executePhase(ADFPhaseListener.java:29) [adf-controller.jar:]
          at oracle.adf.controller.faces.lifecycle.ADFPhaseListener$1.before(ADFPhaseListener.java:426) [adf-controller.jar:]
          at oracle.adf.controller.faces.lifecycle.ADFPhaseListener.beforePhase(ADFPhaseListener.java:77) [adf-controller.jar:]
          at com.sun.faces.lifecycle.Phase.handleBeforePhase(Phase.java:228) [jsf-impl-2.1.13-redhat-1.jar:2.1.13-redhat-1]
          at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:99) [jsf-impl-2.1.13-redhat-1.jar:2.1.13-redhat-1]
          at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) [jsf-impl-2.1.13-redhat-1.jar:2.1.13-redhat-1]
          at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594) [jboss-jsf-api_2.1_spec-2.0.7.Final-redhat-1.jar:2.0.7.Final-redhat-1]
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:162) [adfm.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._invokeDoFilter(AdfFacesFilterImpl.java:228) [adf-faces-impl-no-oracle-desktop-xss.jar:10_1_3_2_0]
          at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._doFilterImpl(AdfFacesFilterImpl.java:197) [adf-faces-impl-no-oracle-desktop-xss.jar:10_1_3_2_0]
          at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl.doFilter(AdfFacesFilterImpl.java:123) [adf-faces-impl-no-oracle-desktop-xss.jar:10_1_3_2_0]
          at oracle.adf.view.faces.webapp.AdfFacesFilter.doFilter(AdfFacesFilter.java:103) [adf-faces-api.jar:10_1_3_2_0]
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:840) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:622) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:560) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:488) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at com.claimvantage.web.sso.AuthenticationFilter.doFilter(AuthenticationFilter.java:272) [cv-model.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:162) [adfm.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._invokeDoFilter(AdfFacesFilterImpl.java:228) [adf-faces-impl-no-oracle-desktop-xss.jar:10_1_3_2_0]
          at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._doFilterImpl(AdfFacesFilterImpl.java:197) [adf-faces-impl-no-oracle-desktop-xss.jar:10_1_3_2_0]
          at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl.doFilter(AdfFacesFilterImpl.java:123) [adf-faces-impl-no-oracle-desktop-xss.jar:10_1_3_2_0]
          at oracle.adf.view.faces.webapp.AdfFacesFilter.doFilter(AdfFacesFilter.java:103) [adf-faces-api.jar:10_1_3_2_0]
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:372) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:679) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:931) [jbossweb-7.0.17.Final-redhat-1.jar:]
          at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_16]
  Any help would be really appreciated.
  Thanks

  Thanks Frank for your answer.
  I can't see where the exception states that DB connection was not established!
  In the log, I have:
  21:49:06,874 INFO  [stdout] (http-/0.0.0.0:8080-1) [3011] Created root application module: 'com.claimvantage.adf.root.RootAppModule'
  21:49:06,874 INFO  [stdout] (http-/0.0.0.0:8080-1) [3012] Locale is: 'en_US'
  21:49:06,874 INFO  [stdout] (http-/0.0.0.0:8080-1) [3013] ApplicationPoolImpl.resourceStateChanged wasn't release related. No notify invoked.
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3014] Oracle SQLBuilder: Registered driver: oracle.jdbc.driver.OracleDriver
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3015] import java.util.*;  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3016] import java.sql.*;  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3017] import java.io.*;  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3018] public class JDBCCalls  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3019] {  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3020]    public Connection conn = null;  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3021]    public CallableStatement cStmt = null;  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3022]    public PreparedStatement pStmt = null;  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3023]    public Statement stmt = null;  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3024]    public ResultSet rslt = null;  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3025]    public static void main(String argv[])  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3026]    {  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3027]       DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());  // JBO-JDBC-INTERACT
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3028] Creating a new pool resource
  21:49:06,890 INFO  [stdout] (http-/0.0.0.0:8080-1) [3029] Trying connection/2: url='jdbc:oracle:thin:@s1ora01s:1521:s1ora01a' ...
  21:49:07,093 INFO  [stdout] (http-/0.0.0.0:8080-1) [3030]       conn = DriverManager.getConnection("jdbc:oracle:thin:@s1ora01s:1521:s1ora01a", /*properties*/);  // JBO-JDBC-INTERACT
  21:49:07,093 INFO  [stdout] (http-/0.0.0.0:8080-1) [3031]       conn.setAutoCommit(false);  // JBO-JDBC-INTERACT
  21:49:07,093 INFO  [stdout] (http-/0.0.0.0:8080-1) [3032] Successfully logged in
  21:49:07,093 INFO  [stdout] (http-/0.0.0.0:8080-1) [3033] JDBCDriverVersion: 10.2.0.1.0XE
  21:49:07,093 INFO  [stdout] (http-/0.0.0.0:8080-1) [3034] DatabaseProductName: Oracle
  21:49:07,093 INFO  [stdout] (http-/0.0.0.0:8080-1) [3035] DatabaseProductVersion: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options
  Don't you think that it indicates that DB connection is well established?
  MBen

• ADF Application and Oracle Portal Login Page

  We have developed ADF application and deployed it in Oracle AS 10.1.2 along with the custom JAAS module, which is working fine with the application custom login page. As a next page, I want to use Oracle Portal login page for the authentication and authorization.
  How can I accomplished it? Any idea?
  Thanks,
  AP

  Shay,
  1. I created blank ADF project
  2. I copied myreport.jsp file (this one was generated by Oracle Report Builder) under ..ViewController/public_html directory
  3. Created directory 'lib' under ViewController/public_html/WEB-INF/lib
  4. Copied reports_tld.jar file under the directory created in 3.
  5. Created simple jspx page with the af:link (btw af:goLink does not exists in JDev 12c), set 'destination' to myreport.jsp
  After the steps above I could not even compile the application, many problems too many to list here, Basically JDev is trying to build the project with .jsp file generated in Report Builder and is unable to.
  So to be sure we are on the same page: I am trying to embed JSP report files generated by Report Builder into ADF project, then create EAR file and deploy on standalone WLS. Finally execute JSP web only report.

• How to pass parameter from SSO login page to ADF application page?

  We have ADF-JSF application (running on AS 1013) that is being protected by OID running on AS 1012. SSO login page contains (among others) paramter ssousername and I wish to pass this to my ADF application. For the testing purpose I created ADF application entry point page that has something like this:
  <h:outputText value="#{param.ssousername}"/>and my sso login page has:
  <input type="text" size="30" maxlength="50" name="ssousername" value="<%=str_user%>">OID and ADF OC4j are running on two different servers, same network.
  So after successful login, when my page displays param passed is NULL?!
  Why?

  I solved it with the following....when my page loads, I execute test method:
      public void processLogin(String ssousername) {
           Object o  = JSFUtils.getUserFromSSOLogin();
           if (o!=null) System.out.println(o.toString());
      public static Object getUserFromSSOLogin(){
          FacesContext ctx = FacesContext.getCurrentInstance();
          return ctx.getExternalContext().getRemoteUser();
      }

• How to Generate Audit table entries for user navigation in ADF application?

  Hi all,
  I have a requirement that I need to have audit table entries for each user action in my application. Along with entries for user actions like insertion,deletion and updation I also need to have entries in the audit log even when a user simply navigates to or views any page.
  Although I was successful in creating the entries for user actions like insertion,deletion and updation I failed to do so for simple user navigation through the pages.
  Can anyone please help me out?
  Thanks in advance,
  Arijit

  Hi,
  Thanks for the quick reply. I am using JSF for my ADF application.Could u please elaborate how to use the PhaseListener for Auditing user navigation?
  Arijit

• How To Integrate ADF Application with Oracle Fusion Middleware Audit Fmwk ?

  Hi All,
  I'm having ADF/ADF Face Application (using Jdev 11.1.1.5) and want to integrate it with Oracle Fusion Middleware Audit Framework.
  I want to generate audit records by using oracle.security.jps.service.audit API and also want that Audit Policy
  for my Application will be visible and manageable through FusionMiddlewareControl (as well as othe admin tools)
  on the same way how it is for the OPSS services for example.
  Unfortunately i didn't find any detailed docs for the topics above. In the Oracle Fusion Middleware Security Guide,
  it is steated only that:
  "Stand-alone applications can be integrate d with the Oracle Fusion Middleware Audit Framework through configuration with the jps-config.xml file."
  , but nothing in details.
  Can somebody help with this, giving some more detailed info or links to the appropriate detailed documentation(if any) ?
  Thanks in advance,
  Krasimir

  deepak - why not link to the real documentation instead of that site that illegally publishes stuff?
  Krasimir - I had a look at this a long way back, and didn't explore it much further because I reached a dead end in trying to figure out how it worked. It seems to me that the function is there and may be used internally within Oracle, but that it's not documented well enough for we mere mortals of the public to use it.
  Have you tried opening an SR with Support? They won't know, but they will be able to raise it up and perhaps find someone who does know - be sure to reference this thread in your SR if you go that route.
  John

• Email address as an username for the ADF application login.

  Hi All,
  We have a requirement in our ADF application by creating usernames as an email address .We created an ADF application and deployed on the server by creating some users in the jazn-data.xml in our project code with the users as "admin1","admin2" as the actual requirement is to created the usernames as an email address say example "[email protected]".
  Can we create the user names with the email address as i have created some usernames in the Enterpise Manager as it dosent allow the special characters other thatn "."
  Any help in this highly appreciated.
  Please see the below link
  Re: Email address as an User in ADF application.
  Regards,
  Nagaraju .D

  Nagaraju,
  You can configure the application to use a different security mechanism other than jazn-data.xml (known as the file-based provider). Using something like LDAP or a custom JAAS provider would enable you to do what you want.
  The security documentation for OC4J is [url http://download.oracle.com/docs/cd/E12524_01/web.1013/e12514/toc.htm]here
  John

• Error while deploying adf application on oracle cloud service

  hello, i hv registered oracle cloud service for java and database. i hv created simple adf application in which there are 2 jsf pages only linked together. I m using oracle jdeveloper 11gr2. so i hv created ear file for deployment on cloud. i deployed adf application on cloud using java console. But, after uploading application, deployment was failed. I tried 3 times this, but the result was same. I checked log, where i got 3 warnings in whitelist log and error in deploy log. Those are as follows:
  Warnings in   whitelist log:
  2013-04-14 06:57:11 CDT: Starting action "API Whitelist"
  2013-04-14 06:57:11 CDT: API Whitelist started
  2013-04-14 06:57:12 CDT: WARNING - There are 3 warnings(s) found for Testapp.ear.
  2013-04-14 06:57:12 CDT: WARNING - Path:Testapp.ear (3 Warnings)
  2013-04-14 06:57:12 CDT: WARNING - Path:Testapp.ear (3 Warnings)
  2013-04-14 06:57:12 CDT: WARNING - Path:Test_ViewController_webapp.war (3 Warnings)
  2013-04-14 06:57:12 CDT: WARNING - Path:WEB-INF**** (1 Warning)
  2013-04-14 06:57:12 CDT: WARNING - 1:Recommended child element "login-config" missing under element /
  javaee:web-app.
  If you want to make your application public, you can have empty
  <login-config/> in your web.xml. If you need authentication then you must
  have <login-config> and its child <auth-method> element in web.xml.
  Without this element(<login-config>), users may be challenged by SSO, but
  the application code will be executed as anonymous user only. Line No:4.
  2013-04-14 06:57:12 CDT: WARNING - Path:WEB-INF**** (2 Warnings)
  2013-04-14 06:57:12 CDT: WARNING - 1:Recommended child element "jsp-descriptor" missing under element /
  orcl-weblogic:weblogic-web-app.
  If you have a JSP file that is not pre-compiled, The compilation errors
  could be shown on the browser. It is recommended to include
  <jsp-descriptor><verbose>false<****><****-descriptor> in weblogic.xml.
  Line No:2.
  2013-04-14 06:57:12 CDT: WARNING - 2:Recommended child element "session-descriptor" missing under element /
  orcl-weblogic:weblogic-web-app.
  You will be required to have distinct cookie-path, if multiple
  applications are accessed with in the same SSO session or if you have
  multiple applications with different auth-method(CLIENT-CERT, FORM, BASIC)
  in the same service instance.
  Line No:2.
  2013-04-14 06:57:12 CDT: WARNING - Testapp.ear had 3 warning(s).
  2013-04-14 06:57:12 CDT: INFO - Whitelist validation has completed with 0 error(s) and 3 warning(s).
  2013-04-14 06:57:12 CDT: Whitelist validation passed.
  2013-04-14 06:57:12 CDT: "API Whitelist" complete: status SUCCESS
  and Error in deploy log:
  2013-04-14 06:57:12 CDT: Starting action "Deploy Application"
  2013-04-14 06:57:12 CDT: Deploy Application started
  2013-04-14 06:57:15 CDT: weblogic.application.ModuleException: Failed to load webapp: Test-ViewController-context-root because of DeploymentException: java.lang.ClassNotFoundException: oracle.adf.view.faces.bi.webapp.MapProxyServlet
  2013-04-14 06:57:15 CDT: WL action state: failed
  2013-04-14 06:57:15 CDT: Action FAILED with WL action state: failed
  2013-04-14 06:57:15 CDT: Check the server log of your Java cloud service for more info about the failure.
  2013-04-14 06:57:16 CDT: Application deployment failed.
  2013-04-14 06:57:16 CDT: "Deploy Application" complete: status FAILED
  I am using jdeveloper 11gr2, so pls dont tell me to use jdeveloper 11gr1. because, i hv already developed an application for my final year B.Tech and i cant migrate to previous release. So there is only one way for me by generating ear file and deploying from console.
  So,
  I m not getting what is the problem and what will be solution for this?
  What should i do?
  What changes should required?
  pls, help me to get out from this problem !!!!!

  Well, I guess you have a problem here. Check http://multikoop.blogspot.de/2012/12/deploying-adf-applications-into-oracle.html and from this
  >
  Note: In its current stage Oracle Java Cloud Service runs WebLogic Server 10.3.6 with the appropriate Runtime ADF 11.1.1.6. Deployment of ADF 11gR2 Applications is currently not supported. Beside this limitation some ADF Features are not supported on the Oracle Cloud. According to the Oracle Cloud Documentation it is not supported to use the following ADF features
  ADF Desktop Integration
  ADF mBean
  ADF MDS (Seeded customizations or cross-session personalization)
  ADF Mobile
  ADF Active Data Services (=> No real-time ADF Web Apps in Oracles Cloud)
  ADF Business Components services interfaces (web services) or events
  ADF Data Controls for BI, Essbase, BAM, and JMX
  Further there are some restrictions which are good to know I think
  No Java Mail API (=>Sending Mails is prohibited)
  No File system access by deployed applications (=>Writing files is prohibited)
  No Direct use of Oracle JDBC Driver APIs
  No Java Message Service (JMS)
  Max Size for deployment archive 95MB
  >
  I hope for you that the information from the blog has changes in the meantime (blog is from end of last year). Check the current doc for the cloud ...
  Timo

• 403 Error running ADF application in JCS

  I am getting a 403 error while running a ADF application in JCS. I defined a security role and mapped it to a custom role. web.xml and weblogic.xml are pasted below
  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
           version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
    <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>client</param-value>
    </context-param>
    <context-param>
      <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
      <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
      <param-value>false</param-value>
    </context-param>
    <context-param>
      <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
      <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
      <param-value>true</param-value>
    </context-param>
    <filter>
      <filter-name>trinidad</filter-name>
      <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
    </filter>
    <filter>
      <filter-name>ServletADFFilter</filter-name>
      <filter-class>oracle.adf.share.http.ServletADFFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>trinidad</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
      <dispatcher>FORWARD</dispatcher>
      <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
      <filter-name>ServletADFFilter</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
      <dispatcher>FORWARD</dispatcher>
      <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
      <servlet-name>resources</servlet-name>
      <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet>
      <servlet-name>BIGRAPHSERVLET</servlet-name>
      <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.GraphServlet</servlet-class>
    </servlet>
    <servlet>
      <servlet-name>BIGAUGESERVLET</servlet-name>
      <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.gauge.GaugeServlet</servlet-class>
    </servlet>
    <servlet>
      <servlet-name>MapProxyServlet</servlet-name>
      <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.geoMap.servlet.MapProxyServlet</servlet-class>
    </servlet>
    <servlet>
      <servlet-name>GatewayServlet</servlet-name>
      <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.FlashBridgeServlet</servlet-class>
    </servlet>
    <servlet-mapping>
      <servlet-name>Faces Servlet</servlet-name>
      <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>resources</servlet-name>
      <url-pattern>/adf/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>resources</servlet-name>
      <url-pattern>/afr/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>BIGRAPHSERVLET</servlet-name>
      <url-pattern>/servlet/GraphServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>BIGAUGESERVLET</servlet-name>
      <url-pattern>/servlet/GaugeServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>MapProxyServlet</servlet-name>
      <url-pattern>/mapproxy/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>resources</servlet-name>
      <url-pattern>/bi/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>GatewayServlet</servlet-name>
      <url-pattern>/flashbridge/*</url-pattern>
    </servlet-mapping>
    <mime-mapping>
      <extension>swf</extension>
      <mime-type>application/x-shockwave-flash</mime-type>
    </mime-mapping>
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>constraint1</web-resource-name>
        <url-pattern>*</url-pattern>
      </web-resource-collection>
    </security-constraint>
    <login-config>
      <auth-method>CLIENT-CERT</auth-method>
      <realm-name>default</realm-name>
    </login-config>
    <security-role>
      <description>javauser</description>
      <role-name>javauser</role-name>
    </security-role>
  </web-app>
  <weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd"
                    xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app">
    <security-role-assignment>
      <role-name>javauser</role-name>
      <principal-name>manager</principal-name>
    </security-role-assignment>
    <session-descriptor>
      <cookie-path>cloudTest1</cookie-path>
    </session-descriptor>
    <context-root>/cloudTest1</context-root>
  </weblogic-web-app>

  Does it work without security ? Does it work with "BASIC" authentication ? Which browser are you using, there have been authorization issues with CLIENT-CERT on IE. Try FF and clear your cookies / cache before accessing.
  Jani Rautiainen
  Fusion Applications Developer Relations
  https://blogs.oracle.com/fadevrel/

• Email address as a User in ADF application (part 2)

  It is fairly normal these days to sign into into public-facing applications using an email address and password. However, people change email address periodically so you really want some sort of long-lived "users" entity of which the email address is an attribute that can be updated over time.
  Of course we code all the work manually and log in against a database table (with an alternate/unique key of user ID), but really we should try to use the tools already provided and do this in a JEE standard way. Then if you have some sort of unique user ID as the principal then you get the benefit, for example, of using automatically populated audit columns in ADF BC.
  This [recent discussion|http://forums.oracle.com/forums/thread.jspa?messageID=3440934] talked about a similar requirement but in that instance the poster was happy to have the email address as the unique identifier.
  I think there are two ways to go about this:
  1) you have a unique ID as principal but the login module has to do a lookup from email address to ID before the authentication call can be made (e.g. out to LDAP)
  2) you have the email address as the principal (there may be problems with the length/characters for some backend authentication providers) and then an additional attribute for the unique ID (which is subsequently used for auditing)
  My initial feeling is that the first method ought to be the best compromise, but am I missing anything that is available "out of the box" as I think this requirement will become increasingly common?
  -Simon

  Hi Simon,
  You can always add additional principals to the Subject during login,but keep the primay principal as the first one in the set.
  If you write your own login module, you can fetch the user-id from the database/directory server based on
  the email and add it to the Subject as the primary principal and then add the email as subsequent pruncipal; i.e.
  if the System requires ID(PK) as the primary principal, then add ID as the Subject's first Principal and later add the email,and vice versa.
  You can use both at any moment in the execution cycle; howewver, when you call
    ejbContext.getCallerPrincipal() or ServletRequest.getCallerPrincipal()   you would only get the primary principal.
  To retrieve all the principals a subject is carrying, you need to try
      Set<Principal> principals= Subject.getSubject(AccessController.getContext()).getPrincipals();    and then iterate over the set to find the appropriate principal that you want.
  Writing LoginModule is not so difficult as some put it; some time back Frank Nimphius has written a how-to article on this topic
  which you can easily find by little googling.
  I hope this helps,
  Regards,
  Samba

• Not able to portletise an ADF application with Security Feature.

  Dear All,
  I am able to portletise a normal ADF application and is running fine on Portal. But as I add security feature to it I am not able to portletise it, For reference i am pasting my web.xml and portlet.xml. Do i need to include any filter or listener?
  ------------------------web.xml-------------------------------------------------------------
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee">
  <description>Empty web.xml file for Web Application</description>
  <context-param>
  <param-name>javax.faces.application.CONFIG_FILES</param-name>
  <param-value>/WEB-INF/faces-config.xml,/WEB-INF/portlet.xml</param-value>
  </context-param>
  <context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>server</param-value>
  </context-param>
  <context-param>
  <param-name>CpxFileName</param-name>
  <param-value>view.DataBindings</param-value>
  </context-param>
  <filter>
  <filter-name>adfFaces</filter-name>
  <filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
  </filter>
  <filter>
  <filter-name>adfBindings</filter-name>
  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>adfFaces</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <url-pattern>*.jspx</url-pattern>
  </filter-mapping>
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>faces/Welcome.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>adfAuthentication</servlet-name>
  <url-pattern>/adfAuthentication/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/adf/*</url-pattern>
  </servlet-mapping>
  <session-config>
  <session-timeout>35</session-timeout>
  </session-config>
  <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html</mime-type>
  </mime-mapping>
  <mime-mapping>
  <extension>txt</extension>
  <mime-type>text/plain</mime-type>
  </mime-mapping>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>Guest</role-name>
  <role-name>oc4j-administrators</role-name>
  <role-name>users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>Login.jspx</form-login-page>
  <form-error-page>Login.jspx</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>Guest</role-name>
  </security-role>
  <security-role>
  <role-name>oc4j-administrators</role-name>
  </security-role>
  <security-role>
  <role-name>users</role-name>
  </security-role>
  </web-app>
  ---------------------------------portlet.xml----------------------------------------------
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <portlet-app version="1.0" xsi:schemaLocation="http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd">
  <portlet>
  <portlet-name>UC68PortletKunal</portlet-name>
  <display-name>UC68PortletKunal</display-name>
  <portlet-class>oracle.portlet.server.bridges.jsf.FacesPortlet</portlet-class>
  <init-param>
  <name>DefaultPage.view</name>
  <value>/SearchInput.jspx</value>
  </init-param>
  <init-param>
  <name>BridgeLifecycleListeners</name>
  <value>
  oracle.portlet.server.bridges.jsf.adf.ADFFacesBridgeLifecycleListener,oracle.portlet.server.bridges.jsf.adf.BindingFacesBridgeLifecycleListener
  </value>
  </init-param>
  <supports>
  <mime-type>text/html</mime-type>
  <portlet-mode>VIEW</portlet-mode>
  </supports>
  <supported-locale>en</supported-locale>
  <portlet-info>
  <title>UC68PortletKunal</title>
  <short-title>UC68PortletKunal</short-title>
  </portlet-info>
  </portlet>
  </portlet-app>
  Your reply is most welcomed. I am working for 2 days, if you know just give few minutes to address this issue.

  hi thanks for reply,
  I am using 10.1.3.3 version
  Steps followed are mentioned in one of the PDF
  Oracle WebCenter Framework Tutorial, 10g (10.1.3.2.0)
  B31072-02
  Here I am tring to secure some page of application as per user role usinf ADF secuiry feature.
  The application runs fine in "stand alone" mode.
  While tring portletise i am getting portlet unavilable. So i think i need to modify my portlet.xml OR web.xml
  From Welcome Page:
  I have login and logout link displayed to user not loggged in and logged in user respectively I have done using golink propery.
  Also i have some command button as:
  On clicking: Go To MyWeather Rendered to #{backing_Welcome.authenticated &&
  bindings.permissionInfo['MyWeatherPageDef'].allowsView}
  On clicking: Go To MyContent Rendered to #{backing_Welcome.authenticated &&
  bindings.permissionInfo['MyContentPageDef'].allowsView}

• Multiple user sessions for ADF application

  Hi All,
  We have a ADF application with 3-4 pages starting with a login screen.
  Assume we have two users, user1 and user2. In same system but different browser windows, when both users are logging in, only user2 's session is active. Though user1 logged in first and is able to perform transactions, the moment user2 logs in, user1's session is being over-written by user2 (user1's window now displays user2's information). I have observed the URL of user1 window which now changes to user2's URL (_adf.ctrl-state parameter of user2 is displayed in user1 browser)
  How do we overcome this?? We have a requirement to be able to open multiple user sessions.
  We are using JDeveloper 11.1.2.3.0 and browsers being used are IE 8, IE9 and chrome.
  Thanks,
  Deepti

  Hi,
  Continuation to my above question
  I am using these two statements in my code..
  ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
  HttpSession httpSession = (HttpSession)ectx.getSession(true);
  On any event in Window1, I gues it is getting the context and session of window2(this being the latest)..
  Shouldnt it return the context and session of the current window instead of the latest window???
  This problem is well explained here
  internet explorer 8 - How to avoid session sharing provided by IE8 programmatically in Java EE application? - Stack Over…
  I want to know.. what is the best way to handle this in ADF... We are using managed beans with request scope and using HttpSession to store few values like user Id.