Obtain Username from ADF Security with BPM Task Page

All,
I have a requirement to obtain the currently logged on user within a BPM task page.
I log onto either the BPM workspace or our own custom workspace that leverages the BPM Tasklist Taskflow. When navigating from a task in the tasklist, I have attempted to use an ADF EL expression to obtain the current user #{securityContext.userName}. However this seems to return anonymous. I have created a very simple test case and process to prove this, just displaying the user on the screen. However it shows as anonymous. I have done nothing special with either the task page or my workspace application to configure security aspects. Other than the standard ADF security of the custom workspace loggin.
Does anyone know if this is achievable? (My ADF skills are limited)
Interestingly, this seems to work fine on some of our 11.1.1.6.3 sever installs but not on others, including my Local Windows install. Therefore it is concidence it works on the servers (Linux).
Many Thanks for any guidance you can provide
FYI, The Task actions, task comments etc all record the logged in user correctly. I also reviewed comments in https://blogs.oracle.com/bpmbestpractice/entry/bpm_adf_task_forms_checking
Regards Dave
Edited by: DavidGaskell on Dec 1, 2012 12:41 AM

Hi thanks,
I'm a little confused so apologies.
The steps we have followed to date as as follows:
1) Written our own login page which inplements ADF security to authenticate the user
2) Integrated the BPM task list task flow into our application as per Oracle docs.
3) Written a separate application for the task page.
4) run the application so u log into application, go to task list page, click in a bpm task in task list which launches the custom bpm task page. At this point the security context is anonymous evn though the login page shows the user logged in.
Therefore are you suggesting I need to add some additional steps to pass the context into the custom page. FYI we have no single sign on implemented.
I presume the BPM context must be set based on the logged on user as all task actions are performed as the user details are recorded.
In a simpler scenario I get the same outcome whe using the out the box bpm workspace.
Rgards Dave

Similar Messages

Adf security with upper case user results in 500-internal server error

Hello
JDev 11.1.1.0.2, Integrated WLS
I'v set up ADF security as explained in the documentation.
The only difference being that the role test-all has been removed.
I have one user 'paul' with a password of 'password'
I have one application role 'myrole'
'paul' is a member of 'myrole'
I have one unbounded task flow with one view (view1).
Via the janz-data.xml 'View1' has been granted to 'myrole' (view action)
When running View1 I get the login.html page which is correct.
The fun starts when playing around with the user/password.
If I login with 'paul' and 'password' view1 is display, this is correct
If I login with an unknown user or an incorrect password Windows Explorer 7 shows a generic HTTP 403 error page and not the error.html
If I login with 'PAUL' and 'password' (or Paul, or any mixed cased version of Paul with the correct password) I get the following stack trace :
oracle.adf.controller.security.AuthorizationException: ADFC-0619: Echec de la vérification des autorisations : '/view1.jspx' 'VIEW'.
     at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:145)
     at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:124)
     at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:639)
     at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:449)
     at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:44)
     at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:529)
     at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:118)
     at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:166)
     at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:122)
     at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:68)
     at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:51)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:354)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:175)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:181)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:279)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._invokeDoFilter(TrinidadFilterImpl.java:239)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:196)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:139)
     at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:85)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:257)
     at oracle.security.jps.wls.JpsWlsSubjectResolver.runJaasMode(JpsWlsSubjectResolver.java:250)
     at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:100)
     at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:65)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
The questions are :
- Why do I get the generic HTTP 403 error instead of the error.html (its not the end of the world but I would like to understand) ?
- Why do I get the error 500 if the case of the username is incorrect but the password is correct ?
Best Regards
Paul

Nope nothing in there that looks out of place...
Here's the contents of the web.xml file ..
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>addAllRoles</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jaas.mode</param-name>
<param-value>doasprivileged</param-value>
</init-param>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
Regards
Paul

GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0

If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!
First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.
http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html
Are you getting either of the following errors?
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextI'll show you where they're coming from. Follow along.
1) Create a new application.
2) Create three .jspx pages called login, error, and welcome.
3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
4) Right-Click on your Application and select Secure->Configure ADF Security
5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish
Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImplThat just won't do. Let's fix it, shall we?
6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
<policy-store>
    <applications>
      <application>
        <name>SecurityError</name>
        <app-roles>
          // Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
          <app-role>
            <name>anonymous-role</name>
            <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
            <display-name>anonymous-role</display-name>
          </app-role>
         // Whew, the end of that app role
        </app-roles>
        <jazn-policy>
          <grant>9) You're going to want to delete that app role XML
10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
12) Run your welcome page. Yay, the error is gone. How sweet it is.
Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
// You fool!
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not FoundThat's not so good. Let's fix that.
1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
3) Re-run your welcome page.
// Suckered AGAIN!
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContextThis is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.
Ahh!! Now THAT's how we do it in Kingsport!
Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?
Will

Ha :-)
Point being good summaries like yours tend to get lost on the forums because of the volume of posts. With a blog people have the chance to subscribe to your posts so it's just a better vehicle all round for posting content to help others.
I highly recommend writing blogs even if it's for scratch notes, because you'll learn a lot in structuring your thoughts. It's also a really good way to get noticed in the community because bloggers stand out.
But your call, no pressure of course ;-)
CM.

How to pass Username from OWSM Security policy in Oracle Apps Adapter .jca file

My BPEL process uses Oracle Applications Adapter. The following is the .jca file for the Adapter. The Username is initialized statically to "sysadmin" when I created the Adapter.Is it possible to pass in the username from the OWSM Security policy for the username value below? If so how to do? I appreciate your response.
<adapter-config name="EBSAdapter" adapter="Apps" wsdlLocation="../WSDLs/EBSAdapter.wsdl" xmlns="http://platform.integration.oracle/blocks/adapter/fw/metadata">
<connection-factory UIConnectionName="EBS1" location="eis/Apps/EBS1" UIConcurrentPgmName="" UIOracleAppType="DBOBJECT"/>
<endpoint-interaction portType="EBSAdapter_ptt" operation="EBSAdapter">
    <interaction-spec className="oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec">
      <property name="SchemaName" value="APPS"/>
      <property name="PackageName" value="INTG"/>
      <property name="ProcedureName" value="GET_USER_PROFILE1"/>
      <property name="IRepInternalName" value="PLSQL:INTG:WEBCENTER_GET_USER_PROFILE1"/>
      <property name="Username" value="sysadmin"/>
      <property name="Responsibility" value="System Administrator"/>
    </interaction-spec>
</endpoint-interaction>
</adapter-config>

1. Go to Invoke activity
2. Click on Properties tab.
3. click Add
4. Add this property "jca.apps.Username" and map it with either variable or expression.
5. Populate variable defined at previous step with some valid username value at runtime.
hope this helps.
Regards,
Karan
Oracle Fusion Middleware Blog

OAM and ADF Security with WebLogic 11

WebLogic Server 11, ADF 11, OAM 10.1.4.3
I understand (and have successfully implemented) an ADF application with application roles tied to enterprise roles which are mapped to OAM groups (and users). This appears to use the OAMAuthenticator and OAMIdentityAsserter authentication providers from OAM installed into the WLS.
However, there appears to be a gap in the authorization component beyond simple group membership. Does WLS support roles and policies defined in OAM as they might pertain to an ADF application? In the Oracle Access Manager Integration Guide, the entire section on integration with WLS has been removed between versions 10.1.4.0.1 and 10.1.4.3 (along with several other chapters). What is the future direction here? What would be the best means to create roles and policies (including dynamic roles) which extend beyond simple group membership?
Regards,
Tom Gresham

For a start JDeveloper 10.1.3 uses an older version of JSF that WebLogic 11g. You would be best upgrading your app with JDeveloper 11g and then re-deploying.

ADF BPM Task Pages launched from Worklist

All,
We have built a Custom BPM Workspace application that imports adflibTaskListFlow.jar. This essentially utilises the tasklist task flow to assisy in rendering the task lists, rather than implementing our own custom tasklist based on the API's. In our implementation we have disabled the preview window (showTaskDetailsPanel = false)
A descrepancy I have noticed between our Workspace and the standard Oracle BPM workspace is when launching the task list pages, the window it launches is presented in a different manner. From out tasklist it open the window using the adf.dialog-request and renders a panel with the sizes 750 by 600. Also when the page is launched, it is launched in Modal form and renders the task list disabled. When launching from the Oracle Workspace the window is larger and use the adf.task-flow. The worklist is also not disabled so it can still optionally be used (e.g. Not Modal)
My question is there a way of configuguring the Custom solution to resemble the standard task list as the presnetation is more suited to our client.
For Example:
1) The ADF Task flow page size is larger and reduces the need to maxmimise the screen.
2) The Task list is not rendered in Modal form (Modal form occasionally leads to issues with IE and results in teh screen staying in Modal form)
Does anyone know if this is feasible and how this can be done. I'm unsure whether the task flow can be configured differently.
If not is there any way to configure the adf.dialog-request to re-size the window and make this non modal.
Your experiences would be appreciated
Kind Regards
Dave

Hi,
Sorry to reply to my own threads. If anyone doesn't have a resolutin for this, has anyone experienced issues like this with your own custom workspaces?
Also in IE, when the tasklist page is closed (prior to it launching completely) the workspace reamins in model form.
Has anyone experience this issue?
Regards Dave

Issue in retrieving all the records from ADF Table with multiple row

Hi,
As per my requirement, I need to fill the table with multi selected LOV values and when user clicks on commit, I need to save them to database.
I am using ADF 11g, Multi select table. Using the below ADD method, I am able to add the records but if user clicks on cancel, I need to remove those from view and clear the table as well.
But the Issue I am facing is, in my cancel method, always I am getting half of the records. Lets assume table contains 100 records but in my cancel method, I am getting only 50 records.
Please let me know what is the issue in my source code.
ADD Method:
public void insertRecInCMProcessParamVal(String commType, String processType, Number seqNumber){
try{
Row row = this.getCmProcessParamValueView1().createRow();
row.setAttribute("ParamValue7", commType);
row.setAttribute("ProcessType", processType);
row.setAttribute("CreationDate", new Date());
row.setAttribute("CreatedBy", uid);
row.setAttribute("ParamValueSeqNum", seqNumber);
row.setAttribute("ProcessedFlag", "N");
this.getCmProcessParamValueView1().insertRow(row);
}catch(Exception e){
e.printStackTrace();
Table Code:
<af:table value="#{bindings.CmProcessParamValueView11.collectionModel}"
var="row"
rows="#{bindings.CmProcessParamValueView11.rangeSize}"
emptyText="#{bindings.CmProcessParamValueView11.viewable ? 'No data to display.' : 'Access Denied.'}"
fetchSize="#{bindings.CmProcessParamValueView11.rangeSize}"
rowBandingInterval="1"
selectedRowKeys="#{bindings.CmProcessParamValueView11.collectionModel.selectedRow}"
selectionListener="#{bindings.CmProcessParamValueView11.collectionModel.makeCurrent}"
rowSelection="multiple"
binding="#{backingBeanScope.backing_app_RunCalcPage.t1}"
id="t1" width="100%" inlineStyle="height:100px;" >
<af:column sortProperty="ParamValue6"
sortable="true"
headerText="#{bindings.CmProcessParamValueView11.hints.ParamValue6.label}"
id="c1" visible="false">
<af:inputText value="#{row.bindings.ParamValue6.inputValue}"
label="#{bindings.CmProcessParamValueView11.hints.ParamValue6.label}"
required="#{bindings.CmProcessParamValueView11.hints.ParamValue6.mandatory}"
columns="#{bindings.CmProcessParamValueView11.hints.ParamValue6.displayWidth}"
maximumLength="#{bindings.CmProcessParamValueView11.hints.ParamValue6.precision}"
shortDesc="#{bindings.CmProcessParamValueView11.hints.ParamValue6.tooltip}"
id="it3">
<f:validator binding="#{row.bindings.ParamValue6.validator}"/>
</af:inputText>
</af:column>
<af:column sortProperty="ParamValue7"
sortable="true"
headerText="Comm Type"
id="c2">
<af:inputText value="#{row.bindings.ParamValue7.inputValue}"
label="#{bindings.CmProcessParamValueView11.hints.ParamValue7.label}"
required="#{bindings.CmProcessParamValueView11.hints.ParamValue7.mandatory}"
columns="#{bindings.CmProcessParamValueView11.hints.ParamValue7.displayWidth}"
maximumLength="#{bindings.CmProcessParamValueView11.hints.ParamValue7.precision}"
shortDesc="#{bindings.CmProcessParamValueView11.hints.ParamValue7.tooltip}"
id="it4">
<f:validator binding="#{row.bindings.ParamValue7.validator}"/>
</af:inputText>
</af:column>
<af:column sortProperty="ParamValue8"
sortable="true"
headerText="#{bindings.CmProcessParamValueView11.hints.ParamValue8.label}"
id="c3" visible="false">
<af:inputText value="#{row.bindings.ParamValue8.inputValue}"
label="#{bindings.CmProcessParamValueView11.hints.ParamValue8.label}"
required="#{bindings.CmProcessParamValueView11.hints.ParamValue8.mandatory}"
columns="#{bindings.CmProcessParamValueView11.hints.ParamValue8.displayWidth}"
maximumLength="#{bindings.CmProcessParamValueView11.hints.ParamValue8.precision}"
shortDesc="#{bindings.CmProcessParamValueView11.hints.ParamValue8.tooltip}"
id="it2">
<f:validator binding="#{row.bindings.ParamValue8.validator}"/>
</af:inputText>
</af:column>
</af:table>
Backing Bean Code:
DCBindingContainer dcBindings=(DCBindingContainer)getBindings();
DCIteratorBinding dcIterator=dcBindings.findIteratorBinding("CmProcessParamValueView1Iterator");
RowSetIterator rs = dcIterator.getRowSetIterator();
System.out.println("In Cancel Row Count is : "+ rs.getRowCount());
if (rs.getRowCount() > 0) {
Row row = rs.first();
row.refresh(Row.REFRESH_UNDO_CHANGES);
row.remove();
while (rs.hasNext()) {
int count = rs.getRowCount();
System.out.println("Count is : "+ count);
Row row = rs.next();
System.out.println("Row === "+ row);
if(row != null){
row.refresh(Row.REFRESH_UNDO_CHANGES);
row.remove();
Thanks.

Issue resolved.
remove selectionListener and selectedRowKeys....
code to get all the selectedRows.
RowSetIterator rs = dcIterator.getRowSetIterator();
RowKeySet rks = this.t1.getSelectedRowKeys();
Iterator rksIter = rks.iterator();
while (rksIter.hasNext()) {
List l = (List) rksIter.next();
Key key = (Key)l.get(0);
Row row = rs.getRow(key);
Thanks.

Declarative ADF Security with LDAP provider other than OID possible ?

All samples I found regarding declarative security in ADF are done with an .xml repository or mention the possible use of OID as such repository.
Thing is that client will not have OID but other LDAP v3 compilant provider.
In this scenario is it possible to use the ADF Declarative Security or should we have to implement a custom module for the interaction ?
Thanks,
Claudio.

You are right, in this article:
http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
says:
In Oracle Containers for J2EE 10.1.3, users can also be defined in 3rd party LDAP servers.
However it doesn't give any concrete sample.
Question is: can I say the client that we can develop based on .xml or OID and then change to other 3rd party LDAP server without changing code ?
Thanks,
Claudio.

How do I keep an incorrect username from coming up with a click on the box?

I typed in an incorrect username. Now, when I click on the username box to bring up my username, it shows the incorrect name as a choice, but I don't want that to show. Is there some way to delete that name?

Hello, joho.
To get rid of any saved login credentials, you may place your mouse pointer on the item you desire to remove and press the 'Del' key of your keyboard.
You may also go to '''Edit -> Preferences -> Security -> Saved Passwords''' and again delete the desired credentials.
Thank you for your valuable time and please let us know if this solution resolved your issue.

Unable to obtain 4G from my network with the Z10

I recently purchased my z10 from verizon in the United States unlocked. When i inserted the sim card of my local network (4G plan) i was only able to identify an 'E' in the upper right hand corner of the screen. After speaking with my network provider their agent said that it was the phone or a possible setting which i needed to make because after trying the same sim card in one of their own phones they observed the '4G' on the screen.
please advise......

Hi and Welcome to the Community!
Your issue may actually be worse...there are 4 different Z10 models, each with different capabilities...refer:
http://www.bbin.in/en/2013/03/03/4-types-blackberry-z10-models-fits-better/?utm_campaign=4-types-of-...
If the device you have does not support the 4G bands of the network you are attempting to operate it on, then that would of course fully explain the problem.
Good luck!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code

Error when trying to see pages in webcenter app with adf security activated

Greetings
I have this problem
I developed a WebCenter Application that uses ADF Security with form authentication. This App has
two JSPX the first one is the login page and the second one is the page where i manage runtime created pages
using the CREATE PAGE task flow and a page tree iterator to see my created pages.
when i deploy de application on the weblogic server i am able to login successfully and create as many pages as
i want and also see them using the link generated. the problem is that when a delete the application from the weblogic
server, i mean the deployed application, then redeploy the same application on the server i can login again and
see the pages i created before but when i try to reach them i get this error showed in my internet browser:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46)
containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization
header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that
authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response,
and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was
given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained
in section 11.
Does anybody now what kind of configuration i am missing or what is happening?
thanks for your help

this issue has a solution showed on the this thread Re: ERROR when trying to see pages created with create page task flow

Creating a WebCenter Application with PageCutomizable and ADF Security

I created a Webcenter App in Jdev 11.1.1.2.0 with webcenter extension.
I have 2 JSPX files.
One called mainTemplate.jspx
- contains header, footer in ADF and a center facet.
One called Welcome.jspx created from mainTemplate
- contains page customizable > panel customizable > layout customizable > various custom panel configs.
ADF security is configured with BASIC, authentication only. Because form authentication seems harder to get working.
We have one weblogic user, and currently deploy to the integrated WLS, although we'll deploy out to a full server once security/composer is working.
The problem is, when we run the Welcome.jspx, and because we added a reference to a logged in var, it requests http login fine.
We then refresh the page and see that we are indeed logged in as 'weblogic'.
Is weblogic a special user? should I create a new one? Is there any setup required on the Integrated WLS to get this working?
However when we click on 'add Content' using the composer we get a permission error.
+<RegistrationConfigurator><handleError> Server Exception during PPR, #1+
javax.el.ELException: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at com.sun.el.parser.AstValue.invoke(AstValue.java:161)+
+...+
Caused by: oracle.adf.view.page.editor.security.ComposerSecurityException: You do not have permission to edit the page
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.setDialogHelp(DialogBean.java:129)+
+     at oracle.adfinternal.view.page.editor.bean.DialogBean.showResourceCatalog(DialogBean.java:356)+
+     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+...+
I tried using the Customization allowed var in the property inspector, but could not map 'allowed by' to a user or role that my setup would recognise. The doco specifies 'admin' which does not work for me.
In my catalog I have a WCM portlet taskflow, which will require its own permissions.
I tried enabling permissions for the test-all role to all of my pages/taskflows, leaving just the 'view' permission to the anonymous role.
I also tried authentication/authorization profiles, and building my own jspx login/error pages, but no luck there either, the login button doesn't seem to tirgger my java doLogin class, even though I set the binding on the button using the method expression builder to the bean method.
*note: I didn't try the welcome/login/error page auto create as they generate html files, I created JSFs with full UI in there. Am I required to use those html types instead of jspx? I found that the redirection worked by appending the jspx reference with '/faces/Login.jspx'. The problem seemed to have been somewhere else.
If we have any Webcenter Composer / Security gurus out there, help would be greatly appreciated.
Our main goal is to create a Webcenter App which has security/composer/navigation and a catalog with WCM/Siebel portlets similar to the Avitek demo without using WC Spaces.
Thanks.
Thanks.
Edited by: Guillaume_Davies_SC on Apr 20, 2010 7:28 PM

When you want to achieve this you need to configure ADF security with basic authentication & authorization. THe authorization is the part that takes care of what a user may and may not do in an application. Authentication is just the log in part.
When you have configured your application for authorization as well, you have to create roles and groups.
You will also have to set the authorization of your pages. Open a jsxp and in the design or source view, right click and "edit authorization". You then have to add roles to your pages and define their rights. Then you can set the authorization for edit,cuustomize,personlise,view,...
Hope this helps.

Migrating ADF Security from file-based provider to LDAP provider

We have deployed a small application using ADF Security with file-based provider in OAS and it works fine.
Now we want to migrate to ADF Security using LDAP provider.
In order to make this possible we followed the next steps:
- Migrate all the roles and policies from the file to OID with JAZNMigrationtool.
- In OAS we've changed the Application Security Provider to 'Oracle Identity Management'.
- Reset the OC4J instance.
But there was no success, the application continues working with the file-based provider.
What more is necessary to configurate?

Hi,
if you use EM make sure you change the setting for the application, not the general OC4J setting.
You can also deploy the provider settings with the orion-application.xml file added to your project
Frank

Missing "RESERVED" BPM-Tasks from my Substitute in Taskcollection BPM OData

Hello,
i'm developing a Integration-scenario with BPM-Tasks. Therfore i'm using the ODATA-REST Service.
The access to the Taskcollection shows me all my BPM-Tasks.
Now a second User activated me as his substitute. I expected that my TaskCollection shows me all the Tasks of my substitute, but he just delivered me the tasks that are in statuts "READY". The Tasks which are in status "RESERVED" were not shown in the TAskCollection.
Has anybody an idea, what i have to do for getting all Task in every status.
this is my request for the TaskCollection:
http://xxx:99999/bpmodata/tasks.svc/TaskCollection?$orderby=CreatedOn%20desc&$filter=Status%20ne%20%27COMPLETED%27&$expand=TaskDefinitionData&$inlinecount=allpages
There is one more Problem with the TaskCollection:
The propertie "SubstitutedUser" is always initial, even when the Task is from the Subsituted User by activated substitutionrule.
I'm thankfull for every idea.
Regards
Demetrius P.

Hello Andre,
thank you for your reply. That is unfortunately not the answer i hoped for ;-)
Than i have question for claiming a task. I'm always getting the same error:
Befor sending the POST-Request I fill the Header with a X-CSRF-token and the coockies. Here is my code and my URL i'm sending with the client-request. I have tested the same URL with the CHROME Postman and there it works fine:
Can you say me what i'm doing wrong?
URL-Request in "path": http://host:porthttp://czt.rz.sys.aok.de:52600/bpmodata/tasks.svc/Claim?&%26InstanceID=%27bpm%253A%252F%252Fbpm.sap.com%252Ftask-instance%252F0218e66cd9a511e3c1f800000ffbd0e3%27&%26SAP__ORIGIN=%27CZT_CZT_26%27/bpmodata/tasks.svc/Claim?InstanceID='bpm%3A%2F%2Fbpm.sap.com%2Ftask-instance%2F0218e66cd9a511e3c1f800000ffbd0e3'&SAP__Origin='CZT_CZT_26'
Code:
    DATA: path TYPE string,
      errortext TYPE string, "used for error handling
      subrc TYPE sysubrc,
      l_str_subrc TYPE string,
      dummy TYPE string,
      l_wrk_message TYPE bapiret2,
      l_token TYPE string,
      l_instance TYPE string,
      l_origin TYPE string.
      client->refresh_request(    ).
    " setzen POST-Methode---------------------------
    client->request->set_method( if_http_request=>co_request_method_post ).
    "erst den absoluten Teil generieren lassen
    client->create_abs_url(
      EXPORTING
        path        = '/bpmodata/tasks.svc/Claim?'
      RECEIVING
        url         =     path
   CONCATENATE path 'InstanceID=''' i_instance_id '''&SAP__Origin=''' i_sap_origin '''' into path.
    cl_http_utility=>set_request_uri( request = client->request
     uri = path ).
    "x-crsf-token auslesen und setzten für die Post-Methode
    l_token = client->response->get_header_field( me->co_csrf_token ).
    DATA: lt_cookies TYPE tihttpcki,
          lw_coockies LIKE LINE OF lt_cookies.
    client->response->get_cookies(
      CHANGING
        cookies = lt_cookies    " Cookies
    LOOP AT lt_cookies INTO lw_coockies.
      client->request->set_cookie(
       EXPORTING
         name    = lw_coockies-name   " Name des Cookies
         value   = lw_coockies-value   " Wert des Cookies
    ENDLOOP.
    client->request->set_header_field(
      EXPORTING
        name = me->co_csrf_token   " Name des Header-Feldes
        value = l_token   " Wert des Header-Feldes
    client->request->set_header_field(
      EXPORTING
        name = 'Content-Type'   " Name des Header-Feldes
        value = 'application/atom+xml'   " Wert des Header-Feldes
    client->send(
*    EXPORTING
*      timeout                    = CO_TIMEOUT_DEFAULT    " Timeout von Antwortwartezeit
      EXCEPTIONS
        http_communication_failure = 1
        http_invalid_state         = 2
        http_processing_failed     = 3
        http_invalid_timeout       = 4
        OTHERS                     = 5
    IF sy-subrc <> 0.
      l_wrk_message-type = sy-msgty.
      l_wrk_message-id   = sy-msgid.
      CALL METHOD client->get_last_error
        IMPORTING
          code    = subrc
          message = errortext.
      l_str_subrc = subrc.
      CONCATENATE 'Receive-Fehler:(' 'Code:' l_str_subrc '):' errortext INTO l_wrk_message-message SEPARATED BY space.
      APPEND l_wrk_message TO t_message.
      EXIT.
    ENDIF.
    client->receive(
      EXCEPTIONS
        http_communication_failure = 1
        http_invalid_state         = 2
        http_processing_failed     = 3
        OTHERS                     = 4
    IF sy-subrc <> 0.
      l_wrk_message-type = sy-msgty.
      l_wrk_message-id   = sy-msgid.
      CALL METHOD client->get_last_error
        IMPORTING
          code    = subrc
          message = errortext.
      l_str_subrc = subrc.
      CONCATENATE 'Receive-Fehler:(' 'Code:' l_str_subrc '):' errortext INTO l_wrk_message-message SEPARATED BY space.
      APPEND l_wrk_message TO t_message.
      EXIT.
    ELSE.
      xmlstring = client->response->get_data( ).
    ENDIF.
regards
Demetrius

How to handle multiple SSO in ADF Security Framework

Hello All,
I have a question about ADF security with multiple SSO provider.
What I am trying to achieve:
Assume there are SSO provider A, B and C. Each provider will grant a different role to the ADF application (A grant Admin, B grant Business Manager, C grant Configuration Manager). Sign out from the ADF application will log all the SSO out at the same time.
What I know:
Each SSO will need to have information about the role it provides. I will also need to write code like the following: (modified from an old answer from Frank Nimphius before)
    try {
        IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore(); //Need to get the specific IDM store based on the SSO the user is using.
        try {
            UserManager userManager = idstore.getUserManager();
            RoleManager roleManager = idstore.getRoleManager();
            Role role = idstore.searchRole(Role.SCOPE_APPLICATION,idmRole); //Again, idmRole based on which SSO the user is using.
                // create user
                //TODO check for empty username and password
                User user = userManager.getUser(SecurityContext.getUserName()); //the user may already login from another SSO.
                if (user == null)
                    user = userManager.createUser(this.username,this.password.toCharArray());
                roleManager.grantRole(role,user.getPrincipal());
            } catch (IMException e) {
                // TODO
        } catch (JpsException e) {
            // TODO
        return null;
}Also a logout code like this
      doLogout()
         if(A) logoutFromA(user);
         if(B) logoutFromB(user);
         if(C) logoutFromC(user);
      } My Question:
Would the code above handle what I described? Also, how do I set the SecurityContext for ADF security - Or the grantRole automatically does that for me?

Hello Sudipto,
Yeah, I had watched that tutorial, it is pretty helpful on getting 1 SSO working with the ADF security.
I am confused when there is multiple provider - do I setup the web gate so that "http://myapp:7777/LoginViaA" point to SSO Provider A, "http://myapp:7777/LoginViaB" point to SSO Provider B and so forth? **Note: the login/username can be different on different SSO provider.
In that case, I will still need to set the value in SecurityContext to say "This current user login as [email protected] via SSO A and [email protected] via SSO B", or is there some other way to handle this?
Thanks,
Louis

Obtain Username from ADF Security with BPM Task Page

Similar Messages

Maybe you are looking for