OAM and ADF Security with WebLogic 11

WebLogic Server 11, ADF 11, OAM 10.1.4.3
I understand (and have successfully implemented) an ADF application with application roles tied to enterprise roles which are mapped to OAM groups (and users). This appears to use the OAMAuthenticator and OAMIdentityAsserter authentication providers from OAM installed into the WLS.
However, there appears to be a gap in the authorization component beyond simple group membership. Does WLS support roles and policies defined in OAM as they might pertain to an ADF application? In the Oracle Access Manager Integration Guide, the entire section on integration with WLS has been removed between versions 10.1.4.0.1 and 10.1.4.3 (along with several other chapters). What is the future direction here? What would be the best means to create roles and policies (including dynamic roles) which extend beyond simple group membership?
Regards,
Tom Gresham

For a start JDeveloper 10.1.3 uses an older version of JSF that WebLogic 11g. You would be best upgrading your app with JDeveloper 11g and then re-deploying.

Similar Messages

  • Creating a WebCenter Application with PageCutomizable and ADF Security

    I created a Webcenter App in Jdev 11.1.1.2.0 with webcenter extension.
    I have 2 JSPX files.
    One called mainTemplate.jspx
    - contains header, footer in ADF and a center facet.
    One called Welcome.jspx created from mainTemplate
    - contains page customizable > panel customizable > layout customizable > various custom panel configs.
    ADF security is configured with BASIC, authentication only. Because form authentication seems harder to get working.
    We have one weblogic user, and currently deploy to the integrated WLS, although we'll deploy out to a full server once security/composer is working.
    The problem is, when we run the Welcome.jspx, and because we added a reference to a logged in var, it requests http login fine.
    We then refresh the page and see that we are indeed logged in as 'weblogic'.
    Is weblogic a special user? should I create a new one? Is there any setup required on the Integrated WLS to get this working?
    However when we click on 'add Content' using the composer we get a permission error.
    +<RegistrationConfigurator><handleError> Server Exception during PPR, #1+
    javax.el.ELException: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
    +     at com.sun.el.parser.AstValue.invoke(AstValue.java:161)+
    +...+
    Caused by: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
    +     at oracle.adfinternal.view.page.editor.bean.DialogBean.setDialogHelp(DialogBean.java:129)+
    +     at oracle.adfinternal.view.page.editor.bean.DialogBean.showResourceCatalog(DialogBean.java:356)+
    +     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
    +...+
    I tried using the Customization allowed var in the property inspector, but could not map 'allowed by' to a user or role that my setup would recognise. The doco specifies 'admin' which does not work for me.
    In my catalog I have a WCM portlet taskflow, which will require its own permissions.
    I tried enabling permissions for the test-all role to all of my pages/taskflows, leaving just the 'view' permission to the anonymous role.
    I also tried authentication/authorization profiles, and building my own jspx login/error pages, but no luck there either, the login button doesn't seem to tirgger my java doLogin class, even though I set the binding on the button using the method expression builder to the bean method.
    *note: I didn't try the welcome/login/error page auto create as they generate html files, I created JSFs with full UI in there. Am I required to use those html types instead of jspx? I found that the redirection worked by appending the jspx reference with '/faces/Login.jspx'. The problem seemed to have been somewhere else.
    If we have any Webcenter Composer / Security gurus out there, help would be greatly appreciated.
    Our main goal is to create a Webcenter App which has security/composer/navigation and a catalog with WCM/Siebel portlets similar to the Avitek demo without using WC Spaces.
    Thanks.
    Thanks.
    Edited by: Guillaume_Davies_SC on Apr 20, 2010 7:28 PM

    When you want to achieve this you need to configure ADF security with basic authentication & authorization. THe authorization is the part that takes care of what a user may and may not do in an application. Authentication is just the log in part.
    When you have configured your application for authorization as well, you have to create roles and groups.
    You will also have to set the authorization of your pages. Open a jsxp and in the design or source view, right click and "edit authorization". You then have to add roles to your pages and define their rights. Then you can set the authorization for edit,cuustomize,personlise,view,...
    Hope this helps.

  • Adf security with upper case user results in 500-internal server error

    Hello
    JDev 11.1.1.0.2, Integrated WLS
    I'v set up ADF security as explained in the documentation.
    The only difference being that the role test-all has been removed.
    I have one user 'paul' with a password of 'password'
    I have one application role 'myrole'
    'paul' is a member of 'myrole'
    I have one unbounded task flow with one view (view1).
    Via the janz-data.xml 'View1' has been granted to 'myrole' (view action)
    When running View1 I get the login.html page which is correct.
    The fun starts when playing around with the user/password.
    If I login with 'paul' and 'password' view1 is display, this is correct
    If I login with an unknown user or an incorrect password Windows Explorer 7 shows a generic HTTP 403 error page and not the error.html
    If I login with 'PAUL' and 'password' (or Paul, or any mixed cased version of Paul with the correct password) I get the following stack trace :
    oracle.adf.controller.security.AuthorizationException: ADFC-0619: Echec de la vérification des autorisations : '/view1.jspx' 'VIEW'.
         at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:145)
         at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:124)
         at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:639)
         at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:449)
         at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:44)
         at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:529)
         at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:118)
         at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:166)
         at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:122)
         at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:68)
         at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:51)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:354)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:175)
         at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
         at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:181)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
         at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:279)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._invokeDoFilter(TrinidadFilterImpl.java:239)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:196)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:139)
         at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
         at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:85)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:257)
         at oracle.security.jps.wls.JpsWlsSubjectResolver.runJaasMode(JpsWlsSubjectResolver.java:250)
         at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:100)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:65)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    The questions are :
    - Why do I get the generic HTTP 403 error instead of the error.html (its not the end of the world but I would like to understand) ?
    - Why do I get the error 500 if the case of the username is incorrect but the password is correct ?
    Best Regards
    Paul

    Nope nothing in there that looks out of place...
    Here's the contents of the web.xml file ..
    <?xml version = '1.0' encoding = 'windows-1252'?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
    <description>Empty web.xml file for Web Application</description>
    <context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>client</param-value>
    </context-param>
    <context-param>
    <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
    <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
    <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
    <param-value>false</param-value>
    </context-param>
    <filter>
    <filter-name>JpsFilter</filter-name>
    <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
    <init-param>
    <param-name>enable.anonymous</param-name>
    <param-value>true</param-value>
    </init-param>
    <init-param>
    <param-name>remove.anonymous.role</param-name>
    <param-value>false</param-value>
    </init-param>
    <init-param>
    <param-name>addAllRoles</param-name>
    <param-value>true</param-value>
    </init-param>
    <init-param>
    <param-name>jaas.mode</param-name>
    <param-value>doasprivileged</param-value>
    </init-param>
    </filter>
    <filter>
    <filter-name>trinidad</filter-name>
    <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
    </filter>
    <filter>
    <filter-name>adfBindings</filter-name>
    <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>JpsFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>trinidad</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfBindings</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
    <servlet-name>resources</servlet-name>
    <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/adf/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/afr/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication/*</url-pattern>
    </servlet-mapping>
    <session-config>
    <session-timeout>35</session-timeout>
    </session-config>
    <mime-mapping>
    <extension>html</extension>
    <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
    <extension>txt</extension>
    <mime-type>text/plain</mime-type>
    </mime-mapping>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>adfAuthentication</web-resource-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>valid-users</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/login.html</form-login-page>
    <form-error-page>/error.html</form-error-page>
    </form-login-config>
    </login-config>
    <security-role>
    <role-name>valid-users</role-name>
    </security-role>
    </web-app>
    Regards
    Paul

  • GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0

    If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
    First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
    http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
    http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
    http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
    http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
    Are you getting either of the following errors?
    <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
    oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
    Error 500--Internal Server Error
    java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
    1) Create a new application.
    2) Create three .jspx pages called login, error, and welcome.
    3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
    4) Right-Click on your Application and select Secure->Configure ADF Security
    5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
    Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
    <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
    oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
    6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
    7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
    8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
      <policy-store>
        <applications>
          <application>
            <name>SecurityError</name>
            <app-roles>
              // Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
              <app-role>
                <name>anonymous-role</name>
                <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
                <display-name>anonymous-role</display-name>
              </app-role>
             // Whew, the end of that app role
            </app-roles>
            <jazn-policy>
              <grant>9) You're going to want to delete that app role XML
    10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
    11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
    12) Run your welcome page. Yay, the error is gone. How sweet it is.
    Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
    // You fool!
    Error 404--Not Found
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.5 404 Not FoundThat's not so good. Let's fix that.
    1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
    2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
    3) Re-run your welcome page.
    // Suckered AGAIN!
    Error 500--Internal Server Error
    java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
    Ahh!! Now THAT's how we do it in Kingsport!
    Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
    Will

    Ha :-)
    Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
    I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
    But your call, no pressure of course ;-)
    CM.

  • Obtain Username from ADF Security with BPM Task Page

    All,
    I have a requirement to obtain the currently logged on user within a BPM task page.
    I log onto either the BPM workspace or our own custom workspace that leverages the BPM Tasklist Taskflow. When navigating from a task in the tasklist, I have attempted to use an ADF EL expression to obtain the current user #{securityContext.userName}. However this seems to return anonymous. I have created a very simple test case and process to prove this, just displaying the user on the screen. However it shows as anonymous. I have done nothing special with either the task page or my workspace application to configure security aspects. Other than the standard ADF security of the custom workspace loggin.
    Does anyone know if this is achievable? (My ADF skills are limited)
    Interestingly, this seems to work fine on some of our 11.1.1.6.3 sever installs but not on others, including my Local Windows install. Therefore it is concidence it works on the servers (Linux).
    Many Thanks for any guidance you can provide
    FYI, The Task actions, task comments etc all record the logged in user correctly. I also reviewed comments in https://blogs.oracle.com/bpmbestpractice/entry/bpm_adf_task_forms_checking
    Regards Dave
    Edited by: DavidGaskell on Dec 1, 2012 12:41 AM

    Hi thanks,
    I'm a little confused so apologies.
    The steps we have followed to date as as follows:
    1) Written our own login page which inplements ADF security to authenticate the user
    2) Integrated the BPM task list task flow into our application as per Oracle docs.
    3) Written a separate application for the task page.
    4) run the application so u log into application, go to task list page, click in a bpm task in task list which launches the custom bpm task page. At this point the security context is anonymous evn though the login page shows the user logged in.
    Therefore are you suggesting I need to add some additional steps to pass the context into the custom page. FYI we have no single sign on implemented.
    I presume the BPM context must be set based on the logged on user as all task actions are performed as the user details are recorded.
    In a simpler scenario I get the same outcome whe using the out the box bpm workspace.
    Rgards Dave

  • Single Sign On and user security with IS

    We have installed Information Steward 4.1 SP1 Patch 1 with Data Services 4.1 SP1 Patch 2 on Information Platform Services 4.0 SP 5 patch 6.  The Information Steward system is installed on it's own server.  We are connecting IS to our SAP Netweaver 7.3 system. 
    I have set up Single Sign On using Windows AD authentication.  The connection to the SAP system uses a service account. 
    Because the SAP system has our payroll information on it, we want to restrict Information Steward users based on their SAP security profiles.  We don't want to have to maintain security settings in both SAP and Information Steward. 
    Does anyone know if there's a way to set up Single Sign On so it passes the user credentials from SAP to Information Steward?  Then restrict the users on Information Steward based on their SAP security settings?
    Any advice would be appreciated!

    Hi,
    You can use Windows AD or SAP Authentication and configure it with SSO. However this should be done in the BI/IPS plaftorm and not IS. See the BI admin guide (http://help.sap.com/bobip40) section "Authentication options in BI platform". Please let me know if that's what you wanted.
    thanks

  • SOA Suite 11g and its compatibility with Weblogic

    Hi ,
    I have two questions:
    1. From where do I download the SOA Suite 11g --Link to the download?
    2.If SOA suite 11g can be installed on weblogic. I understand that SOA suite 10.1.3.4 is compatible with weblogic 9.2 but need some inputs on the SOA Suite11g!
    Cheers
    Prabal

    Prabal,
    Did you get an answer or we have to wait for the official release till July-1-2009.
    Thanks,
    Rahul

  • Jdeveloper version and ADF runtime on weblogic

    Hi
    I would need to understand the link between the jdeveloper version and the Weblogic version.
    Based on this article http://tompeez.wordpress.com/2011/09/14/jdeveloper-versions-vs-weblogic-server-versions/
    it sounds like the server version to use is directly linked to the version of ADF used for the development. It is true?
    Specially is it true that there is not backward compatibility. A new weblogic server would not support a application that would have been developed with a older version of jdeveloper?
    At the end I would like to get all my weblogic servers on the same version and as much possible on the newest version but if I need to rework the applications that were developed on a previous version of ADF , that can be really time consuming.
    I would need best practice ideas .
    When I have various projects oven a two -three years period how should we deal with keeping up with the new versions of weblogic and jdeveloper?
    An another question I have is regarding the ADF run time. What is so special about it comparing to a regular set of libraries?. Why can I not deploy it as part of my application? Or is it possible and it is a better path then?
    FInal point, I have a application that was developed with jdeveloper 11.1.1.0 and run on weblogic 10.3.0.0 . I would like to migrate to jdeveloper 11.1.1.4. I already converted the project with jdeveloper 11.1.1.4. What should I do next? What testing should I do to verfy the conversion worked? Should I update the weblogic server to 10.3.4 or can I go with a newer version like 10.3.5?
    Thanks

    Ok but then if you don't migrate and you are in a environment with also new development you are going to need many different servers no?
    One welogic server for jdevleoper 11.1.0.0
    One weblogic server for jdeveloper 11.1.2.0
    One weblogic server for jdeveloper 11.1.3.0
    One weblogic server for jdeveloper 11.1.4.0
    How often should you migrate then because if you don't update you could be very behind after a couple of years and may be the migration could be almost impossible at that point.
    We still have applications that where developed for oc4j 10 g and migration is almost rewrite at this point. (only after 3 years).
    At the end, you get servers dedicated to some applications instead of having a stack of multi purpose servers.
    Also let say you are starting with a project that is going to take two years, you start the developement with jdeveloper 11.1.5.0 and in two years it will jdeveloper 13.1.1.0. How do you manage this? You stay with 11.1.5.0?
    We noticed that getting support for 10 g is really difficult at this point. Many people don't know anymore about 10 g and you don't get bug fix. If you don't get bug fix, how can you survive with your old version?
    I know that ADF is not only about the face part, I 've been using the business services too but under ADF it is J2EE and then why ADF does not come as a set of libraries that you can link to in your J2EE project instead of becoming a server centric runtime?
    People went to J2EE to get plateform independent, with ADF you are becoming server dependant. ADF is supposed to do better than .net but if you look at .net the IDE actually support old and new frameworks. If you get to develop on a older framework you can still use the new IDE. Also you can install several versions of the framework on the same server with .net.
    From what I can read ADF is not even supported on JBOSS anymore so give me argument to choose ADF as a enterprise solution? Is it really the future?

  • Stuck thread in adf application with weblogic

    hi every body
    I am working in JDev 11.1.1.4 and weblogic 10.3.4
    when I deploy my Application in my production weblogic
    after some time (it does not constant it is variable) I got warnning on the server
    when I check the server I got some stuck thread
    any idea or notes how can I know what is the reason of these stuck threads?
    is there any objects have thread unsafe issue, resource contention or race condition in ADF?
    BR,
    Alaa

    actully I do that guys
    but what I get does not have any related to my application
    even those http request does not request the same page
    this is the stuck thread when I dump
    "[STUCK] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'" id=61 idx=0xe8 tid=13369 prio=1 alive, waiting, native_blocked, daemon
    -- Waiting for notification on: oracle/adfinternal/controller/util/RequestLock@0x88e06b58[fat lock]
    at jrockit/vm/Threads.waitForNotifySignal(JLjava/lang/Object;)Z(Native Method)
    at jrockit/vm/Locks.wait(Locks.java:1973)[inlined]
    at java/lang/Object.wait(Object.java:485)[inlined]
    at oracle/adfinternal/controller/util/RequestLock.lock(RequestLock.java:42)[inlined]
    at oracle/adfinternal/controller/state/RootViewPortContextImpl.lockViewPortRequestLock(RootViewPortContextImpl.java:604)[optimized]
    ^-- Lock released while waiting: oracle/adfinternal/controller/util/RequestLock@0x88e06b58[fat lock]
    at oracle/adfinternal/controller/state/ControllerState.initializeRequest(ControllerState.java:833)[inlined]
    at oracle/adfinternal/controller/state/ControllerState.initializeRequest(ControllerState.java:754)[inlined]
    at oracle/adfinternal/controller/application/AdfcConfigurator.beginRequest(AdfcConfigurator.java:50)[optimized]
    at org/apache/myfaces/trinidadinternal/config/GlobalConfiguratorImpl._startConfiguratorServiceRequest(GlobalConfiguratorImpl.java:562)[inlined]
    at org/apache/myfaces/trinidadinternal/config/GlobalConfiguratorImpl.beginRequest(GlobalConfiguratorImpl.java:212)[optimized]
    at org/apache/myfaces/trinidadinternal/webapp/TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:155)[optimized]
    at org/apache/myfaces/trinidad/webapp/TrinidadFilter.doFilter(TrinidadFilter.java:92)[optimized]
    at weblogic/servlet/internal/FilterChainImpl.doFilter(FilterChainImpl.java:56)[optimized]
    at oracle/adf/library/webapp/LibraryFilter.doFilter(LibraryFilter.java:175)[optimized]
    at weblogic/servlet/internal/FilterChainImpl.doFilter(FilterChainImpl.java:56)[optimized]
    at oracle/security/jps/ee/http/JpsAbsFilter$1.run(JpsAbsFilter.java:111)[optimized]
    at jrockit/vm/AccessController.doPrivileged(AccessController.java:254)[inlined]
    at oracle/security/jps/util/JpsSubject.doAsPrivileged(JpsSubject.java:313)[inlined]
    at oracle/security/jps/ee/util/JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)[inlined]
    at oracle/security/jps/ee/http/JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)[inlined]
    at oracle/security/jps/ee/http/JpsAbsFilter.doFilter(JpsAbsFilter.java:161)[optimized]
    at oracle/security/jps/ee/http/JpsFilter.doFilter(JpsFilter.java:71)[optimized]
    at weblogic/servlet/internal/FilterChainImpl.doFilter(FilterChainImpl.java:56)[optimized]
    at oracle/dms/servlet/DMSServletFilter.doFilter(DMSServletFilter.java:136)[optimized]
    at weblogic/servlet/internal/FilterChainImpl.doFilter(FilterChainImpl.java:56)[optimized]
    at weblogic/servlet/internal/RequestEventsFilter.doFilter(RequestEventsFilter.java:27)[optimized]
    at weblogic/servlet/internal/FilterChainImpl.doFilter(FilterChainImpl.java:56)[inlined]
    at weblogic/servlet/internal/WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)[inlined]
    at weblogic/servlet/internal/WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)[optimized]
    at weblogic/security/acl/internal/AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)[optimized]
    at weblogic/security/service/SecurityManager.runAs(SecurityManager.java:120)[inlined]
    at weblogic/servlet/internal/WebAppServletContext.securedExecute(WebAppServletContext.java:2277)[inlined]
    at weblogic/servlet/internal/WebAppServletContext.execute(WebAppServletContext.java:2183)[optimized]
    at weblogic/servlet/internal/ServletRequestImpl.run(ServletRequestImpl.java:1454)[optimized]
    at weblogic/work/ExecuteThread.execute(ExecuteThread.java:207)[optimized]
    at weblogic/work/ExecuteThread.run(ExecuteThread.java:176)
    at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
    -- end of trace
    any another ideas?
    BR,
    Alaa

  • Declarative ADF Security with LDAP provider other than OID possible  ?

    All samples I found regarding declarative security in ADF are done with an .xml repository or mention the possible use of OID as such repository.
    Thing is that client will not have OID but other LDAP v3 compilant provider.
    In this scenario is it possible to use the ADF Declarative Security or should we have to implement a custom module for the interaction ?
    Thanks,
    Claudio.

    You are right, in this article:
    http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
    says:
    In Oracle Containers for J2EE 10.1.3, users can also be defined in 3rd party LDAP servers.
    However it doesn't give any concrete sample.
    Question is: can I say the client that we can develop based on .xml or OID and then change to other 3rd party LDAP server without changing code ?
    Thanks,
    Claudio.

  • ADF-Security - OID - Weblogic

    Hello,
    I want to authenticate users of my adf application against OID.
    But it doesn't work.
    The users wich are created in the default authenticator of the weblogic server can be authenticated an everything works fine.
    The users wich came from the OID cannot be authenticated!?!?
    I can see all users and theirs roles from OID in the weblogic server.
    I set the control flag of both, the default authenticator and my authenticator (OID) to sufficient.
    Has anyone an idea?

    Hi,
    works for me, so its definitively not a bug. Check this: http://oracle.com/technology/products/jdev/tips/fnimphius/oidconfig/index.html
    Frank

  • War file and access control with WebLogic

    I am trying to put some access control on different files in my war-file, but just can't get it to work... It seems like all roles defined in weblogic.properties gives the user access to all files in the war. I just don't understand the connections between the security realm, the weblogicURL.policy file and the web.xml file... If I do not specify a weblogic.security.URLAclFile, no access control is done at all.
    This is how my weblogic.properties file looks like:
    weblogic.security.URLAclFile=e:\\weblogic\\weblogicURL.policy
    weblogic.password.koko=kokokoko
    weblogic.password.arnebelinda=arne1234
    weblogic.security.group.ppuseradmins=arnebelinda
    and my weblogicURL.policy:
    deny Principal weblogic.security.acl.GroupImpl "everyone" {
    Permission weblogic.security.acl.URLAcl "weblogic.url", "/admin/-";
    and finally, my web.xml-file:
    <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
    <web-app>
         <session-config>
              <session-timeout>30</session-timeout>
         </session-config>
         <welcome-file-list>
              <welcome-file>index.jsp</welcome-file>
         </welcome-file-list>
         <security-constraint>
              <web-resource-collection>
                   <web-resource-name>admin</web-resource-name>
                   <url-pattern>index.jsp</url-pattern>          </web-resource-collection>
              <auth-constraint>
                   <role-name>ppuseradmins</role-name>
              </auth-constraint>
         </security-constraint>
         <login-config>
              <auth-method>BASIC</auth-method>
              <realm-name>WebLogic Server</realm-name>
         </login-config>
         <security-role>
              <role-name>ppuseradmins</role-name>
         </security-role>
    </web-app>
    it does not matter which user is part of the ppuseradmins group. The user koko is not a member, but is given access to my whole .war anyway (after submitting correct username/password). Omitting the <realm-name> does not seem to work either; the default realm is not used, instead null is used.
    Does anybody have a clue? I would really appreciate it!
    I am using WebLogic 5.1 sp 9
    best regards,
    PJ

    In you pocily file entry, you have specified "/admin/-"
    However, in the <security-constraint> element in web.xml, your <url-pattern> is not set to /admin
    Could that be the problem ?

  • Software compatibility About ORACLE BC and ADF 11g with Sybase Database

    I am using jdeveloper 11g xxx.0.2, and our company is using Sybase 12.x ASE. Our team chose Jdeveloper 11g and BC with ADF as our architecture. But during about 2 months, we found the bug (just with sybase db server) becomes more and more, strange, the dialect which we can choose does not have sybase (the have Oracle,Sql Server,DB2,SQL92 and others), we now have the only one way -- to choose SQL 92. But many bugs or other problem comes out, sometimes we event have to write lots of codes to realise a very very simple function. is that all because there's no sybase dialect or i guess the sqlbuilder for sybase database? Someone can explain why? or can help me go through the trouble? We need your help!!!!!!

    Thanks for reply, we can not change our tech now, and could you please show me a way? should I extend baseSqlBuilderImpl and override some important methods there to generate sql suitable in sybase?
    I have override the sql generate method and the lov bug was fixed( The bug is IT recognize int var as a string var, and uses like instead of =), but we still can't fix view criteria, the default declarative view criteria can not run most time. And i don't know why. can adf support team to do a enhancement for sybase? Thanks a lot
    Edited by: Roger Liu on Oct 29, 2009 6:10 AM

  • OBIEE 11g and high availabilty with weblogic

    Hello all,
    Have anyone already tried to configure an high availabilty environment with more weblogic server and more business intelligence environemnt?
    I want to say for example weblogic installed as cluster using 3 nodes and then 2 environet (TEST/PRODUCTION) over this 3-nodes cluster?
    Thanks
    Stefano

    Prabal,
    Did you get an answer or we have to wait for the official release till July-1-2009.
    Thanks,
    Rahul

  • HTTP Tunneling and Load Balancing with Weblogic Server 6.1

    We use T3 for Java client to application server communication (Weblogic Server
    6.1) and keep the session open for the life of the client. We many customers
    using this with load balancers and all works fine. We have just started to use
    BEA's HTTP tunneling and I have a question concerning how this will work with
    load balancers. Since the single T3 connection has been replaced with a series
    of stateless HTTP connections, does the BEA tunneling code put session information
    in the HTTP header? If so, what information does it place in the header. If
    it does we should be able to use that to make sure that the load balancer always
    sends HTTP requests with that session to the same application server.
    Thanks!
    Rick

    Rick,
    You may want to look at the Alteon and F5 configuration we have on edocs.
    Take a look at the following URLs for a possible solution
    http://edocs.bea.com/wls/docs61/cluster/alteon.html#591902
    http://edocs.bea.com/wls/docs61/cluster/bigip.html#591902
    Chuck Nelson
    DRE
    BEA Technical Support

Maybe you are looking for