Migrating ADF Security from file-based provider to LDAP provider

We have deployed a small application using ADF Security with file-based provider in OAS and it works fine.
Now we want to migrate to ADF Security using LDAP provider.
In order to make this possible we followed the next steps:
- Migrate all the roles and policies from the file to OID with JAZNMigrationtool.
- In OAS we've changed the Application Security Provider to 'Oracle Identity Management'.
- Reset the OC4J instance.
But there was no success, the application continues working with the file-based provider.
What more is necessary to configurate?

Hi,
if you use EM make sure you change the setting for the application, not the general OC4J setting.
You can also deploy the provider settings with the orion-application.xml file added to your project
Frank

Similar Messages

Migrating ADF Security Policies to Active Directory

Hi,
Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
Thanks.

Hi,
Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
Thanks.

Migrating ADF Security to WLS using OID

I have seen a number of posts on this forum regarding deploying an application which has ADF Security enabled to a stand-alone WebLogic server, but none of them seem to address the following.
I have an application in JDeveloper which uses an XML-based identity store and policy store. I have a stand-alone WLS which is connected to OID. I am trying to migrate the credential store and policy store to the OID configured for my stand-alone WLS. The various blogs and OTN articles mentioned frequently in this forum regarding ADF Security address configuring OID in WLS, as well as how to migrate security to XML-based providers on WLS. However, I have not seen any information on how to migrate security to OID in WLS. I have a few questions in particular:
1) JDeveloper online help has limited information for modifying the jps-config.xml to have a destination context, service instance, and service provider for LDAP (OID). It has configuration parameters for “JpsFarmName” and “JpsRootNodeName”. What are these used for, and what should the values be?
2) Does the jps-config.xml file need to be modified in WLS (i.e. <Domain>/config/oracle/jps-config.xml)? Is this file even used at runtime by WLS?
3) How does WLS know to use OID for obtaining credential, identity, and policy information instead of system-jazn-data?
Any information on this topic would be very appreciated!
Thanks,
Erick

Hi,
I am using migrateSecurityStore for policy migration from xml to OID.
migrateSecurityStore(type="policyStore",configFile="t2p-policies.xml",src="XMLsourceContext",dst="LDAPdestinationContext")
when I run above command I am getting following error.
Jul 9, 2009 11:00:08 AM oracle.security.jps.internal.config.util.BootstrapConfig
urationUtil getCredentialFromBootstrapWallet
SEVERE: Cannot get credential. Reason java.security.PrivilegedActionException: o
racle.security.jps.service.credstore.CredStoreException.
COMMAND FAILED due to an unknown reason, Check the stack trace for details
Traceback (innermost last):
File "<console>", line 1, in ?
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 780, in migrateSec
urityStore
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 752, in migrateSec
urityStoreImpl
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(
LdapPolicyStore.java:230)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:108)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:55)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServ
iceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.DelegatingContextFactoryImp
l.findServiceInstance(DelegatingContextFactoryImpl.java:61)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:206)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getCo
ntextFromConfig(JpsContextFactoryImpl.java:171)
at oracle.security.jps.internal.tools.utility.util.JpsHelper.getContextF
romConfigObj(JpsHelper.java:115)
at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.g
etPolicyStoreForDestination(JpsPolicyAPIManager.java:157)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDs
tPolicy.<init>(JpsDstPolicy.java:186)
at oracle.security.jps.internal.tools.utility.destination.JpsInitializer
Dst.getDestinations(JpsInitializerDst.java:82)
at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtili
ty.java:63)
at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl
.migrateAllPolicyData(JpsUtilMigrationPolicyImpl.java:234)
at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand
(JpsUtilMigrationTool.java:167)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsRuntimeException
: Cannot read the default policy store.
thanks and regards
KishoreM

ADF security from Datababse

Hello ,
I am using JDeveloper 11.2.3.0.
I am using ADF security and I am using DB tables for authentication.
I created the DB authentication in th weblogic and I inserted the SQL queries in the provider configuration.
In the ADF app , I enabled adf security. I added the enterprise roles as mentioned in my DB tables. I created the application roles and I gave grants to users.
My problem is , when I run the application, the users are not loaded from weblogic but recreated with new IDs and like that the DB doesn't assign roles to every user ( because fdifferent ID).
Any want knows how to solve this problem ??
thanks in advance
FARAJ

Hello frank,
My problem is , when I run the application , the application roles are not loaded from DB ( as in weblogic ) but they are recreated with new IDs.
I have 3 tables : users , roles and grant_roles.
when I run the application , the roles are deleted and recreated with new IDs :
before running :
table user :
ID | User ......
1 | x
table roles:
ID | role ......
2 | y
table grant_roles:
ID | role | user
3 | 2 | 1
after running the tables become :
table user :
ID | User ......
1 | x
table roles:
ID | role ......
*4 |* y
table grant_roles:
ID | role | user
3 | 2 | 1
Edited by: Faraj on Feb 13, 2013 5:56 AM

Migrate ADF application from version 10.1.2 to 10.1.3

Dear all,
I have migrated a ADF application from version 10.1.2 to 10.1.3.
The original project has been opened with jdeveloper 10.1.3 and the 10.1.2 libraries set in the server.xml and orion-application.xml files as explained in this page
http://www.oracle.com/technetwork/developer-tools/jdev/10g-howto-deploy-a-1012-adf-applica-090135.html?ssSourceSiteId=otnjp
When I tried to run the application Ihad the following Java exception
Does anyone ever had the same problem?
java.lang.NoSuchMethodError: java.lang.String oracle.adf.model.BindingContext.findBindingContainerIdByPath(java.lang.String) at oracle.adf.controller.v2.struts.actions.DataAction.mappingCreate(DataAction.java:284) at oracle.adf.controller.v2.struts.actions.DataAction.execute(DataAction.java:101) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1485) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:509) at javax.servlet.http.HttpServlet.service(HttpServlet.java:743) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) ].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:239) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:644) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:391) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:908) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:458) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) ].server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:226) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:127) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:116) at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260) at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234) at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29) at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298) at java.lang.Thread.run(Thread.java:595)

java.lang.NoSuchMethodError: java.lang.String oracle.adf.model.BindingContext.findBindingContainerIdByPath(java.lang.String) at oracle.adf.controller.v2.struts.actions.DataAction.mappingCreate
Refer Steve's blog
http://radio-weblogs.com/0118231/stories/2006/02/28/notesOnMigratingAdfstruts1012ApplicationsTo1013.html

Migrate ADF application from OC4J to weblogic

Hi Experts,
we are trying to migrate ADF toystore demo(Version 10.1.2.46 (Built on 9-May-2005) from an IAS10.1.3 OC4J server to a fmw11g weblogic server,
We used the existing .ear from the old IAS server, and tried to deploy it though EM. Firstly we got below message:
[Wed Oct 21 22:21:44 PDT 2009] [Deployer:149191]Operation 'deploy' on application 'ADFToyStore' is initializing on 'fusion_demo'
[Wed Oct 21 22:21:44 PDT 2009] [Deployer:149192]Operation 'deploy' on application 'ADFToyStore' is in progress on 'fusion_demo'
[Wed Oct 21 22:21:44 PDT 2009] [Deployer:149193]Operation 'deploy' on application 'ADFToyStore' has failed on 'fusion_demo'
[Wed Oct 21 22:21:44 PDT 2009] java.lang.ClassNotFoundException: oracle.adf.model.servlet.ADFBindingFilter
[Wed Oct 21 22:21:44 PDT 2009] oracle.adf.model.servlet.ADFBindingFilter
[Wed Oct 21 22:21:45 PDT 2009] Deploy operation failed.
After installing adfmweb.jar as a library in target server, we tried again, but the error was just the same.
Can anyone give us a clue?
Thanks a lot,
Todd

That won't work. ADF 10g doesn't run on WLS. You need to upgrade to ADF 11g through JDeveloper.
See the Upgrade Guide: http://download.oracle.com/docs/cd/E12839_01/upgrade.1111/e10127/toc.htm
--olaf

ADF Security from Database Table

I have two database tables one holding username and password and other username and role.
I want to secure my ADF application based on this. I have already gone through the following link ->
http://www.oracle.com/technology/products/jdev/howtos/1013/oc4jjaas/oc4j_jaas_login_module.htm
But, after configuring all the things for embedded J2EE server also I am finding some problem. It's not trying to connect with the database.
If any other links or sample projects, you can mention that will be helpful for understanding.

Hi,
check the data source name that you use with the LoginModule. Use Enterprise Manager in OC4J to verify that the data source can connect to the database. If not, change the data source's connection information. This most likely is your problem.
Frank

Unable to migrate ADF security policy updates to Weblogic production server

Hi all,
I am using JDeveloper 11.1.1.2.0. I can successfully deploy & run the application on my Integrated & Standalone WLS 10.3.2.
If I make changes to the security policy, I can see the change reflecting in the next run, after being deployed on the Integrated & Standalone server.
However, making changes to the security policy & deploying it on the production UNIX WLS server (10.3.2) does not reflect the changes. In fact I do not see the changes on System-jazn-data.xml on the server.
I will appreciate any help on this issue.
Thank you,

Hi again
for a work around we tried deploying the .ear with a different name. Every thing is now working.
The problem is not completely resolved as this should not be an idle way to deploy.
The System-jazn-data.xml on the Unix server still shows the old deployed file name along with the new (with correct policies).
Thanks,

Issue while migrating from File to DB based repository for SAP adapter

Hi
I recently migrated from file based repository to DB based repository.
SAP Adapter: DB repository for JCA configuration
After that I created the new targets and the jca log file showed me correct entry saying that it read from DB repository.
Thread[Thread-6,6,main] [info ] Repository URL 'jdbc:oracle:thin:@db_host:1521/fmwdbqa' resolved to repositoty type: oracle
But when I restarted the weblogic server I observed that it is again reading from the file repository.
Thread[[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads] [info ] Repository URL 'file:///opt/apps/Oracle/Middleware/Oracle_SOA1/soa/thirdparty/ApplicationAdapters/config/XYZ/repository.xml' resolved to repositoty type: file
Any reason why this is happening? Any other setting required to avoid this?
Regards
Subhankar

Hi Manoj
I checked the web.xml under MW_HOME/Oracle_SOA1/soa/thirdparty/ApplicationAdapters/iwafjca.war/WEB-INF folder. The iway.jndi is set to below :
<param-name>iway.jndi</param-name>
<param-value>eis/OracleJCAAdapter/DefaultConnection</param-value>
I checked the outbound connection settings from Admin console under below path
Home >Summary of Deployments >iwafjca > configuration
I can see that the properties IWayRepoURL, IWayRepoUser and IWayRepoPassword are set to blank here. Where exactly are these property values picked from ? Or do I need to manually edit it here in admin console itself?
Regards
Subhankar

Adf security misbehaving in production environment

Hi all,
I am using jdev 11.1.2.2 and weblogic 10.3.6
I have implemented adf security from based authentication in my web application and i have used sql authenticator for authentication.
In my integrated WLS everything works fine . but in the production WLS what is happening is when the user access a Protected Page without login it navigates to the protected page instead of navigating him to the login page. In the integrated WLS this happens normally .
Has anyone faced this issue before ? What can be wrong ?
I have added my web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5">
<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>client</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
    <param-value>false</param-value>
</context-param>
<session-config>
    <session-timeout>5</session-timeout>
</session-config>
<context-param>
    <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
    <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
    <param-value>false</param-value>
</context-param>
<context-param>
    <param-name>oracle.adf.view.rich.SUPPRESS_IDS</param-name>
    <param-value>auto</param-value>
</context-param>
<context-param>
    <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
    <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
    <param-value>false</param-value>
</context-param>
<context-param>
    <description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
    <param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
    <param-value>differentOrigin</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_VIEW_MAPPINGS</param-name>
    <param-value>*.jsf;*.xhtml</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_SKIP_XML_INSTRUCTIONS</param-name>
    <param-value>true</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
    <param-value>true</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_DECORATORS</param-name>
    <param-value>oracle.adfinternal.view.faces.facelets.rich.AdfTagDecorator</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_RESOURCE_RESOLVER</param-name>
    <param-value>oracle.adfinternal.view.faces.facelets.rich.AdfFaceletsResourceResolver</param-value>
</context-param>
<filter>
    <filter-name>JpsFilter</filter-name>
    <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
    <init-param>
      <param-name>enable.anonymous</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>remove.anonymous.role</param-name>
      <param-value>false</param-value>
    </init-param>
</filter>
<filter>
    <filter-name>trinidad</filter-name>
    <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
    <filter-name>ADFLibraryFilter</filter-name>
    <filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
</filter>
<filter>
    <filter-name>adfBindings</filter-name>
    <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>JpsFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
    <filter-name>trinidad</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
    <filter-name>ADFLibraryFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
    <filter-name>adfBindings</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
    <filter-name>adfBindings</filter-name>
    <servlet-name>adfAuthentication</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
    <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
    <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet>
    <servlet-name>resources</servlet-name>
    <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
</servlet>
<servlet>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
</servlet>
<servlet>
    <servlet-name>MapProxyServlet</servlet-name>
    <servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
</servlet>
<servlet>
    <servlet-name>adflibResources</servlet-name>
    <servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>MapProxyServlet</servlet-name>
    <url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/bi/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>adflibResources</servlet-name>
    <url-pattern>/adflib/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<mime-mapping>
    <extension>swf</extension>
    <mime-type>application/x-shockwave-flash</mime-type>
</mime-mapping>
<mime-mapping>
    <extension>amf</extension>
    <mime-type>application/x-amf</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
    <web-resource-name>Allowed ADF Resources</web-resource-name>
    <url-pattern>/adf/*</url-pattern>
    <url-pattern>/afr/*</url-pattern>
    <url-pattern>/bi/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
    <web-resource-collection>
      <web-resource-name>adfAuthentication</web-resource-name>
      <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>valid-users</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/faces/login</form-login-page>
      <form-error-page>/faces/login</form-error-page>
    </form-login-config>
</login-config>
<security-role>
    <role-name>valid-users</role-name>
</security-role>
</web-app>Thanks,
Rakesh

Hi Rakesh,
Make sure you have migrated the policy store to the production server. When Weblogic Server is running in production mode, automatic credential overwrite is not allowed. From the developer's guide:
When the target server is configured for production mode, you typically handle the migration task outside of JDeveloper using tools like Oracle Enterprise Manager. For details about using tools outside of JDeveloper to migrate the policy store to the domain-level in a production environment, see the Oracle Containers for J2EE Security Guide. Note that Oracle WebLogic Server running in production mode does not support the overwriting of system credentials under any circumstances.http://docs.oracle.com/cd/E26098_01/web.1112/e16182/adding_security.htm#CDDGFDFH
HTH,
Joonas

Error While Login ADF Security Sample Application

Hi All,
Jdevloper Version : 11.1.1.5.0
we are Creating ADF Login Application contains login.jspx and main.jspx pages.
we define ADF Security on this Sample Application.
when we provide valid credentials to login(username and password) it shows Error:
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
that an old resource is permanently unavailable and has no forwarding address.
ManagedBean(BackingbeanScope) doLogin():
         public String doLogin() {
        String un = _userName;
        byte[] pw = _password.getBytes();
        FacesContext ctx = FacesContext.getCurrentInstance();
        HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
        try {
            Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
            weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
            String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
            HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
            RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
     ctx.responseComplete();
    catch (FailedLoginException fle)
                FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
                ctx.addMessage(null, msg);
        return null;
In ADF Security We Define :
User : admin1
Enterprise Role : ManagerGroup(added user admin1 to this EnterpriseRole)
Application Role : Manager
Resource Grants : Resource Type : Web Page
                           login page
                          main page - Granted Role(Manager)
jazn-data.xml file
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
<jazn-realm default="jazn.com">
    <realm>
      <name>jazn.com</name>
      <users>
        <user>
          <name>admmin1</name>
          <display-name>admmin1</display-name>
          <credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
        </user>
      </users>
      <roles>
        <role>
          <name>ManagerGroup</name>
          <display-name>ManagerGroup</display-name>
          <members>
            <member>
              <type>user</type>
              <name>admmin1</name>
            </member>
          </members>
        </role>
      </roles>
    </realm>
</jazn-realm>
<policy-store>
    <applications>
      <application>
        <name>ADFLogin</name>
        <app-roles>
          <app-role>
            <name>Manager</name>
            <class>oracle.security.jps.service.policystore.ApplicationRole</class>
            <display-name>Manager</display-name>
            <members>
              <member>
                <name>ManagerGroup</name>
                <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
              </member>
            </members>
          </app-role>
        </app-roles>
        <jazn-policy>
          <grant>
            <grantee>
              <principals>
                <principal>
                  <name>Manager</name>
                  <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                </principal>
              </principals>
            </grantee>
            <permissions>
              <permission>
                <class>oracle.adf.share.security.authorization.RegionPermission</class>
                <name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
                <actions>view</actions>
              </permission>
            </permissions>
          </grant>
        </jazn-policy>
      </application>
    </applications>
</policy-store>
</jazn-data>
Please help us how to resolve it.
Thanks,
kumar

A best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
I guess your resource grants are not set correctly.
Timo

How to move ADF HumanTask (ADF Project) from One BPM Application to ANother

Good DAy!
Problem
We've created huge Project on ADF with difficult form and now we have to create the same (95%) form in another BPM Application
Is it possible to migrate ADF Project from one BPM Application to Another???

Hi,
You can deploy the ADF Project as an ADF Library Jar file and reuse the taskflow from that jar file in another BPM Application.

Regarding ADF Security

hi,
I have enabled the ADF security from application --> configure ADF Security .
while configuring ADF Security Wizard,
1>i have selected the ADF Authentication model/ form Based Authentication .
2> in the Application roles I have added a role (manager). and added a user in that *(manager1).*
In my application i have 3 pages*.(home.jspx, search.jspx, setting.jspx)*
1>in home.jspx i have 2 go links to the search and setting pages i.e. search and setting respectively.
here my requirement is only the user with role manager should be able to access the setting page. I tried it by using granted to roles in the edit
authorization of setting.jspx. but it is of no use i.e allows all the users to access the setting page.
can anybody suggest any idea?....

hi Frank,
Thanks for the reply. i just followed what you have told ..i.e
While configuring adf security i selected adf authentication and authorization with no automatic grants. and after successful log in it should go to the home.jspx.
in the application role setting ...
1> i created a role manager.
2> added a user manager1 to role manager
3> created a application role appmanager
4> added manager to appmanager.
and in the application policy setting
1> for home page and search page - ( granted to role= anonymous_role)
2> manager setting(pagdef) - (*granted to role = appmanager*)
Here the problem is , after giving username and password when i click on submit it is giving an error that Error 500--Internal Server Error how can i solve this?...

LCM Migration of Security only

Hi All
Is it possible to migrate only security from Dev to Stage. All other planning artifacts have already been migrated using LCM.
Thanks

Yes, it can be done with LCM as well as individual export/imports...
Refer the previous posts
Error in exporting secfile from Dev to Test environment in Planning11.1.2.1
Thanks,
Siva

Role based oracle adf security and filtering data

while oracle adf security looks great its only role based... does anyone know of any resources describing an architecture where this is used in addition to filtering of data based on say, organization?
it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...

Hi,
it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...
ADF Security is a JAAS based security implementation to protect resources (like entities). It is nota security provider like OPSS or OID which you can use for user provisioning and self service (if you code against the IDM APIs). ADF Security only checks for whether a user is authenticated and if the user has the permission to perform a task.
However, you can use groovy to access the security context from Groovy, which allows you to add the authenticated username to a query - for example to filter recrds out that match the username in one of its attributes.
For example, you could create a ViewCriteria that for example filters the query by a specific attribute. Say that managers can see data starting from department 10 whereas employees can see data starting from department 100. The ViewCriteria would reference a bind variable with the following default setting
adf.context.securityContext.isUserInRole('manager')? 10 : 100
Frank

Migrating ADF Security from file-based provider to LDAP provider

Similar Messages

Maybe you are looking for