OC4J Security

Hi,
I am using OC4J to set up a basic authentication
mode (using security constraints in web.xml) with an
LDAP server and everything is working fine.
In the application i am retrieving the logged user
name by using the API:
request.getUserPrincipal().getName()
is it somehow possible to retrieve the logged user's
role, i need it to set up the JSP page (i.e buttons
etc. according to the logged user's role)
Thanks,
RockyNot that I know of -- this is standard Servlet API stuff and I don't recall seeing any form of extension we've provided.
You can check to see if the user is in a specific role using the boolean request.isUserInRole(String role) method.
It's kind of ugly but using it you should be able to build up a little helper on your own to handle this problem and perform the check you need to do and determine what role the user is in based on your known set of logical roles.
-steve-

Similar Messages

OC4J Security fails to authenticate users on a 64 bit solarisx86 machine

Hi,
I am using a database login module to authenticate users. The login module I use is DBTableLoginModule. On 32 bit windows based machine, the module functions perfectly fine. When I deployed my project on a 64 bit solarisx86 machine, users are no longer able to login. On debugging the DBTableLoginModule, the authentication shows success and the commit method is return true to the OC4J security. But OC4J is redirecting to error page and I have no clue as to why it is doing so. The problem is I am not able to debug OC4J security for I have no source code for that. My question is how can i turn on debugging for OC4J Security
so I can watch out for any errors or anything that OC4J complains about so I can have better chances to overcome this problem.
Thanks
Sam

Hi,
sounds like a OC4J bug to me (or issue at least). You may want to check
OC4J
Frank

SHA-1 Encryption is not working under OC4J security

Hi,
I have to turn to your help after no luck with other possible resource.
I implemented container managed security on my apps and it works well without the encrypted password(clear text) in the table column.
(Jdeveloper 10g, OC4J 10g)
Now I referred OC4J Security guide to implement the password encryption as follows:
1. Using the DBTableOraDataSourceLoginModule, set the option pw_encoding_class = oracle.security.jazn.login.module.db.util.DBLoginModuleSHA1Encoder
2. run the following procedure:
DECLARE
    l_password VARCHAR2(50) := 'welcome';
    l_password_raw RAW(128) := utl_raw.CAST_TO_RAW(l_password);
    l_encrypted_raw RAW(2048);
    l_encrypted_string VARCHAR2(2048);
    l_encrypted_string2 VARCHAR2(2048);
BEGIN
    dbms_output.put_line('Password in String: ' || l_password);
    dbms_output.put_line('Password in raw: ' || l_password_raw);
    l_encrypted_raw := dbms_crypto.hash(l_password_raw, dbms_crypto.HASH_SH1);
    dbms_output.put_line('SH1: ' || l_encrypted_raw);
    l_encrypted_string := UTL_ENCODE.BASE64_ENCODE(l_encrypted_raw);
    dbms_output.put_line('Base64Encoding: ' || l_encrypted_string);
END;
3. update the clear text password with the SHA-1 encrypted password and encoded in Base64Encoding (in my case, it's the parameter "l_encrypted_string")Before setting up pw_encoding_class option, the DBTableOraDataSourceLoginModule with the clearText password in table column is working well.
Now after the above steps, I run the application and login says "password not matching!" If anyone know what's going on, please advise me what's wrong...pls
thanks very much,

Hi,
hard to say without knowing the code the OC4J team uses in their login module. I know they based it on a JAAS LoginModule I wrote some years ago, but they did change some parts of it. In the original version. the password was read from the database and then compared with the provided password string. Using encryption it uses a class to encode and decode the password queried from teh database. My guess is that the returned string - after decoding - doesn't meet the password string you provide when authenticating. Since this piece of code is owned by the OC4J team, I suggest to try the Application Server forum or the Security forum
Frank

OC4J security with certificates

Hi,
I'm trying to develop OC4J (with JDeveloper 10g) application that has to use certificates X509 for authentication.
Can someone help me with links to demos or tutorials? Or some ideas how to build this?
Regards,
Niko

OK, I'll make an assumption. You see, you could want to do message-layer level security for web services. That is, use WS-Security. Since this thread started with SSL-enabling OC4J, I guess I should assume you want to just do transport-layer security. I got a little thrown off by your mention of optionally encrypting your SOAP message.
Anyway, it is a matter of obtaining certs, building and loading up the keystore with the appropriate certs and informing OC4J about the keystore and whether or not you will authenticate the client with a cert. You will need to modify server.xml, and modify your default-web-site.xml (or perhaps better, create a secure-web-site.xml from the default-web-site.xml base).
You know, Oracle has changed OC4J quite a bit from the Orion base. But you might try this out to see if it works.
http://www.orionserver.com/docs/ssl.html#configuring
If you try, please post back with your results.
regards,
tt

OC4J Security(JAZN,JAAS)

I try to apply an authentication to my web application(J2EE), and because i work with jdeveloper and oc4j, I try to use the oc4j authentication.but i can't do it. please who can help me.

I added an HttpSessionListener upon login here's what I get:
09/03/31 08:21:25 Inside sessionCreated
09/03/31 08:21:25 Before New session createb = 0
09/03/31 08:21:25 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:21:25 After New session count = 1
At session timeout here's what I get:
09/03/31 08:23:27 Count before destroyed = 1
09/03/31 08:23:27 Destroyed session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 Count after destroyed = 0
09/03/31 08:23:27 Inside sessionCreated
09/03/31 08:23:27 Before New session createb = 0
09/03/31 08:23:27 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 After New session count = 1
Notice that the session Id in each case is IDENTICAL. That is why the Filter code isn't doing what it is intended to do. Whay is the same session ID being created after it is destroyed? Is there a configuration parameter that controls it?
Thanks,
Dave

Error while running a trusted application in OC4J

I have created a trusted application to access the CDB and I can directly run this application in the Embedded OC4J and get the right result. The login code is :
public ManagersFactory loginCDB(){
FdkCredential credential = new S2SFdkCredential(
"orcladmin" , "orclapplicationcommonname=s2stestapplication,cn=ifs,cn=products,cn=oraclecontext",
"welcome1", null);
try {
session = ManagersFactory.login(credential, CDBURL);
Item user = session.getUser(null);
s_Logger.log("Connected user: "+LoggingUtils.log(user));
s_Logger.log(session.getUserManager().toString());
catch (FdkException e) {
s_Logger.log(e);
return session;
But when I deploy this application to the Local/Remote OC4J and access this application by web, the error is shown as below:
java.lang.RuntimeException:java.lang.RuntimeException: Unknown exception. See cause.
java.lang.RuntimeException: Unknown exception. See cause.
     at oracle.ifs.fdk.client.impl.AxisRemoteManagersFactory.handleException(AxisRemoteManagersFactory.java:1271)
     at oracle.ifs.fdk.client.impl.AxisRemoteManagersFactory.<init>(AxisRemoteManagersFactory.java:326)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
     at oracle.ifs.fdk.ManagersFactory.login(ManagersFactory.java:214)
     at oracle.ifs.fdk.ManagersFactory.login(ManagersFactory.java:121)
     at oracle.ifs.fdk.ManagersFactory.login(ManagersFactory.java:84)
     at oracle.l360.cdb.S2SLoginUtil.loginCDB(S2SLoginUtil.java:43)
     at view.backing.LearningActivity.getCdbFileList(LearningActivity.java:152)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:585)
     at com.sun.faces.el.PropertyResolverImpl.getValue(PropertyResolverImpl.java:99)
     at oracle.adfinternal.view.faces.model.FacesPropertyResolver.getValue(FacesPropertyResolver.java:92)
     at com.sun.faces.el.impl.ArraySuffix.evaluate(ArraySuffix.java:187)
     at com.sun.faces.el.impl.ComplexValue.evaluate(ComplexValue.java:171)
     at com.sun.faces.el.impl.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
     at com.sun.faces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:160)
     at com.sun.faces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:143)
     at javax.faces.component.UIData.getValue(UIData.java:547)
     at org.apache.myfaces.component.html.ext.HtmlDataTableHack.createDataModel(HtmlDataTableHack.java:437)
     at org.apache.myfaces.component.html.ext.HtmlDataTableHack.getDataModel(HtmlDataTableHack.java:414)
     at org.apache.myfaces.component.html.ext.HtmlDataTableHack.getRowCount(HtmlDataTableHack.java:87)
     at org.apache.myfaces.custom.datalist.HtmlListRenderer.encodeChildren(HtmlListRenderer.java:120)
     at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:721)
     at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:465)
     at com.sun.faces.renderkit.html_basic.GridRenderer.encodeChildren(GridRenderer.java:253)
     at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:721)
     at javax.faces.webapp.UIComponentTag.encodeChildren(UIComponentTag.java:629)
     at javax.faces.webapp.UIComponentTag.doEndTag(UIComponentTag.java:566)
     at com.sun.faces.taglib.html_basic.PanelGridTag.doEndTag(PanelGridTag.java:460)
     at mdssys.viewcontroller._public__html._LearningActivity_jspx._jspService(_LearningActivity_jspx.java:317)
     at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)
     at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
     at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:598)
     at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:522)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
     at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
     at oracle.mds.jsp.MDSJSPFilter.doFilter(Unknown Source)
     at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15)
     at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
     at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
     at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:620)
     at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:369)
     at com.evermind.server.http.ServletRequestDispatcher.unprivileged_forward(ServletRequestDispatcher.java:286)
     at com.evermind.server.http.ServletRequestDispatcher.access$100(ServletRequestDispatcher.java:50)
     at com.evermind.server.http.ServletRequestDispatcher$2.oc4jRun(ServletRequestDispatcher.java:192)
     at oracle.oc4j.security.OC4JSecurity.doPrivileged(OC4JSecurity.java:283)
     at com.evermind.server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:197)
     at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:346)
     at com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:152)
     at oracle.adfinternal.view.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:157)
     at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:107)
     at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:245)
     at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:137)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:214)
     at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
     at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:100)
     at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15)
     at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._invokeDoFilter(AdfFacesFilterImpl.java:228)
     at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._doFilterImpl(AdfFacesFilterImpl.java:197)
     at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl.doFilter(AdfFacesFilterImpl.java:123)
     at oracle.adf.view.faces.webapp.AdfFacesFilter.doFilter(AdfFacesFilter.java:103)
     at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:17)
     at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
     at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:17)
     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:162)
     at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:17)
     at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
     at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
     at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:620)
     at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:369)
     at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:865)
     at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:447)
     at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:215)
     at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117)
     at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110)
     at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
     at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
     at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
     at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
     at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
     at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.ClassCastException: org.apache.axis.attachments.AttachmentsImpl
     at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
     at org.apache.axis.client.Call.invoke(Call.java:1820)
     at oracle.ifs.fdk.SessionManagerSoapBindingStub.getCurrentUser(SessionManagerSoapBindingStub.java:365)
     at oracle.ifs.fdk.client.impl.AxisRemoteManagersFactory.<init>(AxisRemoteManagersFactory.java:319)
     ... 88 more
Caused by: java.lang.ClassCastException: org.apache.axis.attachments.AttachmentsImpl
     at org.apache.axis.Message.setup(Message.java:341)
     at org.apache.axis.Message.<init>(Message.java:243)
     at org.apache.axis.client.Call.invoke(Call.java:2406)
     at org.apache.axis.client.Call.invoke(Call.java:2347)
     at org.apache.axis.client.Call.invoke(Call.java:1804)
     ... 90 more
How can I resolve this problem? Do I need to config the OC4J server?
Thanks.
Message was edited by:
user564999

I am a little new to library management in this environment. I am also doing CDB Development and since the libraries are different from what is bundled with JDeveloper 10.1.3.x, I am curious, how did you end up dealing with the library conflicts in a production environment?
Also, I was under the impression that libraries defined in the application and included in the deploy (ear file) would take presidence over the "global" libraries. Is this not correct?
Thanks in advance,
Steve

JDeveloper 10.1.3.2 - Nullpointer in Embedded OC4J Preferences

When I want to have a look at the jazn-data file holding the users and policies I'm getting the followin error in the dialog-screen:
java.lang.NullPointerException
     at oracle.jdevimpl.xml.oc4j.jazn.PolicyPanel.onEntry(PolicyPanel.java:38)
     at oracle.ide.panels.MDDPanel.enterTraversableImpl(MDDPanel.java:926)
     at oracle.ide.panels.MDDPanel.enterTraversable(MDDPanel.java:899)
     at oracle.ide.panels.MDDPanel.mav$enterTraversable(MDDPanel.java:106)
     at oracle.ide.panels.MDDPanel$Tsl.updateSelectedNavigable(MDDPanel.java:1348)
     at oracle.ide.panels.MDDPanel$Tsl.updateSelection(MDDPanel.java:1216)
     at oracle.ide.panels.MDDPanel$Tsl.actionPerformed(MDDPanel.java:1210)
     at javax.swing.Timer.fireActionPerformed(Timer.java:271)
     at javax.swing.Timer$DoPostEvent.run(Timer.java:201)
     at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
     at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
     at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
     at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
     at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:153)
     at java.awt.Dialog$1.run(Dialog.java:515)
     at java.awt.Dialog.show(Dialog.java:536)
     at java.awt.Component.show(Component.java:1300)
     at java.awt.Component.setVisible(Component.java:1253)
     at oracle.bali.ewt.dialog.JEWTDialog.runDialog(Unknown Source)
     at oracle.bali.ewt.dialog.JEWTDialog.runDialog(Unknown Source)
     at oracle.ide.dialogs.WizardLauncher.runDialog(WizardLauncher.java:55)
     at oracle.ide.panels.TDialogLauncher.showDialog(TDialogLauncher.java:276)
     at oracle.jdevimpl.xml.ModalEditor.showDialog(ModalEditor.java:112)
     at oracle.jdevimpl.xml.ModalEditor.showDialog(ModalEditor.java:88)
     at oracle.jdevimpl.runner.oc4j.EmbeddedServerAdminCommand.doit(EmbeddedServerAdminCommand.java:68)
     at oracle.ide.controller.CommandProcessor.invoke(CommandProcessor.java:259)
     at oracle.ide.controller.IdeAction.performAction(IdeAction.java:541)
     at oracle.ide.controller.IdeAction$1.run(IdeAction.java:772)
     at oracle.ide.controller.IdeAction.actionPerformedImpl(IdeAction.java:789)
     at oracle.ide.controller.IdeAction.actionPerformed(IdeAction.java:498)
     at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1849)
     at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2169)
     at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
     at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
     at javax.swing.AbstractButton.doClick(AbstractButton.java:302)
     at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:1000)
     at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:1041)
     at java.awt.Component.processMouseEvent(Component.java:5488)
     at javax.swing.JComponent.processMouseEvent(JComponent.java:3126)
     at java.awt.Component.processEvent(Component.java:5253)
     at java.awt.Container.processEvent(Container.java:1966)
     at java.awt.Component.dispatchEventImpl(Component.java:3955)
     at java.awt.Container.dispatchEventImpl(Container.java:2024)
     at java.awt.Component.dispatchEvent(Component.java:3803)
     at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4212)
     at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3892)
     at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3822)
     at java.awt.Container.dispatchEventImpl(Container.java:2010)
     at java.awt.Window.dispatchEventImpl(Window.java:1774)
     at java.awt.Component.dispatchEvent(Component.java:3803)
     at java.awt.EventQueue.dispatchEvent(EventQueue.java:463)
     at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
     at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
     at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
     at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
     at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
The only changes I've made in my application was unchecking the Extensions I'm not using in my application. After changing these Extensions (this is a tip regarding memory-consumption of jdeveloper) I'm getting these errors in the realm-dialog.
Regards,
Nathalie
PS: I've unchecked the following extensions:
- ADF Security 10.1.3.40.66
- BI Beans Graph 10.1.3
- Oracle Webcenter Preconfigured OC4J 10.1.3.2.0
- Portlet Creation Extension 10.1.3.40.66
- Versioning Support 10.1.3.40.66

Hi,
OC4J needs to be configured to support HTTP and HTTPS sessions. Because the embedded OC4J uses the default-web-app configuration during testing I am not so sure about configuring it for HTTPS. However, in this case I suggest you test it as a stand alone container in which case HTTPS configuration happen as described in the OC4J security guide.
"How do I make the Embedded OC4J redirect http requests for secure web content to https automatically as required in the servlet 2.4 spec ?"
I don't find this statement in my version of the Servet 2.4 spec. Can you point me to the line in the document?
If you mean transport guarantee, then this is not exactly what you say:
"The transport-guarantee element specifies that the communication between client and server should be NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application does not require any transport guarantees. A value of INTEGRAL means that the application requires that the data sent between the client and server be sent in
such a way that it can’t be changed in transit. CONFIDENTIAL means that the application requires that the data be transmitted in a fashion that prevents other entities from observing the contents of the transmission. In most cases, the presence of the INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is required."
Servlet 2.4 spec
This however doesn't mean automated redirect to https but says that this requires SSL, which means that a http error is thrown if https isn't used
Frank

Problem in deploying EJBs in oc4j

Hi folks,
I am new to ejbs and now I am into support role for ejb2.0 project devoloped long ago. one of the module in that proj has ejb2.0 (Using CMP entity beans & Session beans(stateless))
The problem I am facing currently is , while running the the ejb module (by running a jsp page in that module) I am getting the following error.
In this log I found two things primarily
1) All ejbs are not deployed successfully (due to IntialContext lookup failure)
2) java.lang.NoSuchMethodError while calling the static method of a bean in the jsp
I have cross checked about the second one I didn't find any issue..is there any issue about jar(?) versions and I have run another jsp having no call to that static method then it is worked fine and the jsp view came(but still the first problem is there)
please help me...
[Starting OC4J using the following ports: HTTP=9001, RMI=23904, JMS=9237.]
D:\Robbin_Brothers\jdevstudio10132\jdev\system\oracle.j2ee.10.1.3.40.66\embedded-oc4j\config>
D:\Robbin_Brothers\jdevstudio10132\jdk\bin\javaw.exe -client -classpath D:\Robbin_Brothers\jdevstudio10132\j2ee\home\oc4j.jar;D:\Robbin_Brothers\jdevstudio10132\jdev\lib\jdev-oc4j-embedded.jar -Xverify:none -XX:MaxPermSize=256m -DcheckForUpdates=adminClientOnly -Doracle.application.environment=development -Doracle.j2ee.http.socket.timeout=500 -Doc4j.jms.usePersistenceLockFiles=false oracle.oc4j.loader.boot.BootStrap -config D:\Robbin_Brothers\jdevstudio10132\jdev\system\oracle.j2ee.10.1.3.40.66\embedded-oc4j\config\server.xml
[waiting for the server to complete its initialization...]
Jan 29, 2013 6:48:33 PM com.evermind.server.XMLDataSourcesConfig parseRootNode
INFO: Legacy datasource detected...attempting to convert to new syntax.
Jan 29, 2013 6:48:34 PM com.evermind.server.jms.JMSMessages log
INFO: JMSServer[]: OC4J JMS server recovering transactions (commit 0) (rollback 0) (prepared 0).
Jan 29, 2013 6:48:34 PM com.evermind.server.jms.JMSMessages log
INFO: JMSServer[]: OC4J JMS server recovering local transactions Queue[jms/Oc4jJmsExceptionQueue].
WARNING: Code-source D:\Robbin_Brothers\SVN_CHECKOUT_Latest_Sravani\production\project_jars\activation.jar (from <library> in /D:/Robbin_Brothers/jdevstudio10132/jdev/mywork/XXSTS/XXSTS-oc4j-app.xml) has the same filename but is not identical to /D:/Robbin_Brothers/jdevstudio10132/j2ee/home/lib/activation.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in D:\Robbin_Brothers\jdevstudio10132\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.root:0.0.0.
WARNING: Code-source D:\Robbin_Brothers\SVN_CHECKOUT_Latest_Sravani\production\project_jars\classes12.jar (from <library> in /D:/Robbin_Brothers/jdevstudio10132/jdev/mywork/XXSTS/XXSTS-oc4j-app.xml) has the same filename but is not identical to /D:/Robbin_Brothers/jdevstudio10132/jdbc/lib/ojdbc14dms.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in D:\Robbin_Brothers\jdevstudio10132\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.root:0.0.0.
WARNING: Code-source D:\Robbin_Brothers\SVN_CHECKOUT_Latest_Sravani\production\project_jars\ejb.jar (from <library> in /D:/Robbin_Brothers/jdevstudio10132/jdev/mywork/XXSTS/XXSTS-oc4j-app.xml) has the same filename but is not identical to /D:/Robbin_Brothers/jdevstudio10132/j2ee/home/lib/ejb.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in D:\Robbin_Brothers\jdevstudio10132\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.root:0.0.0.
WARNING: Code-source D:\Robbin_Brothers\SVN_CHECKOUT_Latest_Sravani\production\project_jars\jms.jar (from <library> in /D:/Robbin_Brothers/jdevstudio10132/jdev/mywork/XXSTS/XXSTS-oc4j-app.xml) has the same filename but is not identical to /D:/Robbin_Brothers/jdevstudio10132/j2ee/home/lib/jms.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in D:\Robbin_Brothers\jdevstudio10132\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.root:0.0.0.
WARNING: Code-source D:\Robbin_Brothers\SVN_CHECKOUT_Latest_Sravani\production\project_jars\jsse.jar (from <library> in /D:/Robbin_Brothers/jdevstudio10132/jdev/mywork/XXSTS/XXSTS-oc4j-app.xml) has the same filename but is not identical to /D:/Robbin_Brothers/jdevstudio10132/jdk/jre/lib/jsse.jar (from system property sun.boot.class.path). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.root:0.0.0.
WARNING: Code-source D:\Robbin_Brothers\SVN_CHECKOUT_Latest_Sravani\production\project_jars\mail.jar (from <library> in /D:/Robbin_Brothers/jdevstudio10132/jdev/mywork/XXSTS/XXSTS-oc4j-app.xml) has the same filename but is not identical to /D:/Robbin_Brothers/jdevstudio10132/j2ee/home/lib/mail.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in D:\Robbin_Brothers\jdevstudio10132\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.root:0.0.0.
WARNING: Code-source D:\Robbin_Brothers\SVN_CHECKOUT_Latest_Sravani\production\project_jars\servlet.jar (from <library> in /D:/Robbin_Brothers/jdevstudio10132/jdev/mywork/XXSTS/XXSTS-oc4j-app.xml) has the same filename but is not identical to /D:/Robbin_Brothers/jdevstudio10132/j2ee/home/lib/servlet.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in D:\Robbin_Brothers\jdevstudio10132\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.root:0.0.0.
WARNING: Code-source D:\Robbin_Brothers\SVN_CHECKOUT_Latest_Sravani\production\project_jars\soap.jar (from <library> in /D:/Robbin_Brothers/jdevstudio10132/jdev/mywork/XXSTS/XXSTS-oc4j-app.xml) has the same filename but is not identical to /D:/Robbin_Brothers/jdevstudio10132/webservices/lib/soap.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in D:\Robbin_Brothers\jdevstudio10132\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.root:0.0.0.
13/01/29 18:48:35 WARNING: EJBPackage.parseOrionBean Bean NoReasonType does not exist; skipping deployment
13/01/29 18:48:35 WARNING: EJBPackage.parseOrionBean Bean CompetitorsList does not exist; skipping deployment
13/01/29 18:48:40 Activity: Class 'com.osit.ejb.entity.ActivityLocal' has been updated since last deployment
13/01/29 18:48:40 OccasionTypes: Class 'com.osit.ejb.entity.OccasionTypesLocal' has been updated since last deployment
13/01/29 18:48:40 Rules: Class 'com.osit.ejb.entity.RulesLocal' has been updated since last deployment
13/01/29 18:48:40 Messages: Class 'com.osit.ejb.entity.MessagesLocal' has been updated since last deployment
Jan 29, 2013 6:48:47 PM com.evermind.server.ejb.logging.EJBCompilationMessages infoAutoCreateTable
INFO: [current-workspace-app:XXSTS_XXSTS_0] Auto-creating table: create table STS_ACTIVITY (ACTIVITY_ID NUMBER(22) primary key, ACTIVITY_DATE DATE, CALLBACK_DATE DATE, ACTIVITY_TYPE CHAR(50), STATUS_ID CHAR(50), COMMENTS VARCHAR2(300), NO_REASON_ID CHAR(50), COMPETITOR_ID CHAR(50), CALL_SEQ NUMBER(22), MAIL_SEQ NUMBER(22), EMAIL_SEQ NUMBER(22), FAX_SEQ NUMBER(22), TEXT_SEQ NUMBER(22), PRESENT_SEQ NUMBER(22), PERSON_ID NUMBER(22), CUSTOMER_ID NUMBER(22), OCCASSION CHAR(100), REASON CHAR(100), call_type VARCHAR2(255) null, MAIL_TYPE VARCHAR2(20), INCORRECTCONTACT_TYPE VARCHAR2(20), other_competitor VARCHAR2(500), CSF_NUMBER VARCHAR2(50), IS_COMPLETED CHAR(1)).
13/01/29 18:48:47 Warning: ORA-00955: name is already used by an existing object
Jan 29, 2013 6:48:48 PM com.evermind.server.ejb.logging.EJBCompilationMessages infoAutoCreateTable
INFO: [current-workspace-app:XXSTS_XXSTS_0] Auto-creating table: create table STS_OCCASION_TYPES (OCCASSION_ID CHAR(50) primary key, DESCRIPTION CHAR(200)).
13/01/29 18:48:48 Warning: ORA-00955: name is already used by an existing object
Jan 29, 2013 6:48:49 PM com.evermind.server.ejb.logging.EJBCompilationMessages infoAutoCreateTable
INFO: [current-workspace-app:XXSTS_XXSTS_0] Auto-creating table: create table STS_RULES (RULE_ID NUMBER(22) primary key, OCCASION_ID CHAR(20), OCCASION_STATUS CHAR(2), CONDITION CHAR(20), DAYS NUMBER(22), STATUS NUMBER(22), TYPE CHAR(20)).
13/01/29 18:48:50 Warning: ORA-00955: name is already used by an existing object
Jan 29, 2013 6:48:50 PM com.evermind.server.ejb.logging.EJBCompilationMessages infoAutoCreateTable
INFO: [current-workspace-app:XXSTS_XXSTS_0] Auto-creating table: create table STS_MESSAGES (MSG_ID NUMBER(22) primary key, PERSON_ID NUMBER(22), SUBJECT CHAR(500), DESCRIPTION VARCHAR2(3000), MSG_TO NUMBER(22), READ NUMBER(22)).
13/01/29 18:48:51 Warning: ORA-00955: name is already used by an existing object
Ready message received from Oc4jNotifier.
Embedded OC4J startup time: 22360 ms.
Target URL -- http://192.168.9.66:9001/STS/ActivitySummary.jsp
Checking that EJBs were successfully deployed in embedded OC4J...
13/01/29 18:48:54 Oracle Containers for J2EE 10g (10.1.3.1.1) initialized
**** Warning: The EJB Activity was not found via an InitialContext lookup. Error encountered: Activity not found.
**** Warning: The EJB OccasionTypes was not found via an InitialContext lookup. Error encountered: OccasionTypes not found.
**** Warning: The EJB Rules was not found via an InitialContext lookup. Error encountered: Rules not found.
**** Warning: The EJB Messages was not found via an InitialContext lookup. Error encountered: Messages not found.
**** Warning: Not all EJBs were successfully deployed. The EJB application may fail during testing.
**** Please use the EJB Verifier to check your EJB modules for errors by right-clicking on ejb-jar.xml and choosing 'Verify Enterprise Beans'.
13/01/29 18:48:55 log4j:ERROR Could not open [home/oracle/xmllog4jconfig.xml].
13/01/29 18:48:55 java.io.FileNotFoundException: \home\oracle\xmllog4jconfig.xml (The system cannot find the path specified)
13/01/29 18:48:55      at java.io.FileInputStream.open(Native Method)
13/01/29 18:48:55      at java.io.FileInputStream.<init>(FileInputStream.java:106)
13/01/29 18:48:55      at java.io.FileInputStream.<init>(FileInputStream.java:66)
13/01/29 18:48:55      at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:583)
13/01/29 18:48:55      at org.apache.log4j.xml.DOMConfigurator.configure(DOMConfigurator.java:687)
13/01/29 18:48:55      at com.osit.factory.LoggerFactory.<init>(LoggerFactory.java:19)
13/01/29 18:48:55      at com.osit.factory.LoggerFactory.getInstance(LoggerFactory.java:30)
13/01/29 18:48:55      at Error.<clinit>(Error.java:17)
13/01/29 18:48:55      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
13/01/29 18:48:55      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
13/01/29 18:48:55      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
13/01/29 18:48:55      at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
13/01/29 18:48:55      at java.lang.Class.newInstance0(Class.java:350)
13/01/29 18:48:55      at java.lang.Class.newInstance(Class.java:303)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspPageInstFacade.createInst(JspPageInstFacade.java:157)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspPageInstFacade.getInstance(JspPageInstFacade.java:186)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:445)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:598)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:522)
13/01/29 18:48:55      at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:712)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:369)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher.unprivileged_forward(ServletRequestDispatcher.java:258)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher.access$100(ServletRequestDispatcher.java:50)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher$2.oc4jRun(ServletRequestDispatcher.java:192)
13/01/29 18:48:55      at oracle.oc4j.security.OC4JSecurity.doPrivileged(OC4JSecurity.java:283)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:197)
13/01/29 18:48:55      at com.evermind.server.http.EvermindPageContext.handlePageThrowable(EvermindPageContext.java:790)
13/01/29 18:48:55      at com.evermind.server.http.EvermindPageContext.handlePageException(EvermindPageContext.java:756)
13/01/29 18:48:55      at ActivitySummary.jspService(_ActivitySummary.java:629)
13/01/29 18:48:55      at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:598)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:522)
13/01/29 18:48:55      at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:712)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:369)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:865)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:447)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:215)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110)
13/01/29 18:48:55      at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
13/01/29 18:48:55      at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
13/01/29 18:48:55      at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
13/01/29 18:48:55      at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
13/01/29 18:48:55      at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
13/01/29 18:48:55      at java.lang.Thread.run(Thread.java:595)
13/01/29 18:48:55 java.lang.NoSuchMethodError: com.osit.bean.Common.getUserDetails(Ljava/lang/String;)Ljava/util/Hashtable;
13/01/29 18:48:55      at ActivitySummary.jspService(_ActivitySummary.java:80)
13/01/29 18:48:55      at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:598)
13/01/29 18:48:55      at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:522)
13/01/29 18:48:55      at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:712)
13/01/29 18:48:55      at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:369)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:865)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:447)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:215)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117)
13/01/29 18:48:55      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110)
13/01/29 18:48:55      at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
13/01/29 18:48:55      at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
13/01/29 18:48:55      at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
13/01/29 18:48:55      at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
13/01/29 18:48:55      at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298)
13/01/29 18:48:55      at java.lang.Thread.run(Thread.java:595)
13/01/29 18:48:55 log4j:WARN No appenders could be found for logger (Error.jsp).
13/01/29 18:48:55 log4j:WARN Please initialize the log4j system properly.

Thanks for quick reply dvohra16
I have checked with the path of xmllog4jconfig.xml which is in classpath.I tried with changing the string in LoggerFactory class
DOMConfigurator.configure("xmllog4jconfig.xml");
but still I am facing the same error.
from where this path "/home/oracle/xmllog4jconfig.xml" is taking I can't understand.....
error:
13/01/30 17:31:17 log4j:ERROR Could not open [home/oracle/xmllog4jconfig.xml].
13/01/30 17:31:17 java.io.FileNotFoundException: \home\oracle\xmllog4jconfig.xml (The system cannot find the path specified)
13/01/30 17:31:17      at java.io.FileInputStream.open(Native Method)
My LoggerFactory class:
import org.apache.log4j.Logger;
import org.apache.log4j.xml.DOMConfigurator;
import java.net.URL;
public class LoggerFactory
private static LoggerFactory loggerFactory= null;
private LoggerFactory()
try{
DOMConfigurator.configure("xmllog4jconfig.xml");
}catch (Exception e)
e.printStackTrace();
     public static LoggerFactory getInstance() {
if (loggerFactory == null){
loggerFactory = new LoggerFactory();
return loggerFactory;
Thanks,
Tej

Using a JAAS compliant LoginModule in OC4j

Hi.
I'm trying to set up an application to use a custom LoginModule in OC4J. The OC4J security FAQ states that this can be done by adding ... to the jazn-data.xml file as it is done with the oracle.security.jazn.tools.Admintool. The only users I seem to be able to authenticate with is the ones defined in the <jazn-realm> section of jazn-data.xml. If I try to remove this or parts of this section, the application fails to start.
If I deliberately misspells the classname of the login module, no error message is displayed.
Do I have to enable the use of custom login modules in any way other then adding them to the jazn-data.xml file? I not, can anyone tell me why I cant get it to work, and what I can do to get it to work?
I am using a SampleLoginModule from sun.
The classfiles for the login module is placed in a jar file in <j2ee-home>\lib directory
The OC4J is version 9.0.3.0.0
(standalone)
The login module data in jazn-data.xml:
<jazn-loginconfig>
<application>
<name>jazntest</name>
<login-modules>
<login-module>
<class>sample.module.SampleLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>debug</name>
<value>true</value>
</option>
</options>
</login-module>
</login-modules>
<application>
I am wondering about the name tag in application. What name is this?
The name of the app IS jazntest.
Both in server.xml:
<application name="jazntest" path="../applications/jazntest.ear" auto-start="true" />
and in http-web-site.xml:
<web-app application="jazn-test" name="jazntest" root="/jazntest" />
Any help appreciated.
Ole

Ole, Anders,
A custom LoginModule can indeed be setup with JAZN if it's JAAS-compliant. In order to setup this up, you'll need to do the following:
1. Define the custom LoginModule in the global jazn-data.xml file (i.e. in the j2ee/home/config directory). The name-value tags are for optional parameters. Most LoginModules have a debug mode but this is optional (see the LoginModule specific documentation).
2. Put all the LoginModule files in the lib/ext directory of whichever JRE you are using (e.g. $oracle_home/jdk/jre/lib/ext). You may also need to place a copy of the "jaas.jar" file in that same directory.
3. For the actual application, you want to make sure that you do not use the container's security and authentication constraints defined in the application's web.xml file. Note: unlike the default JAZN RealmLoginModule, custom LoginModules are not integrated with these container security constraints. This means that with the custom LoginModule, you need to programmatically create a LoginContext and explicitly do a "login()" (as described in most JAAS tutorials). You may also need to restart the OC4J instance for some of these changes to take affect.
Regards,
-Lee

SHA-1 Encryption is not working in Container managed security

Hi,
I have to turn to your help after no luck with other possible resource.
I implemented container managed security on my apps and it works well without the encrypted password(clear text) in the table column. Now I referred OC4J Security guide to implement the password encryption as follows:
1. Using the DBTableOraDataSourceLoginModule, set the option pw_encoding_class = oracle.security.jazn.login.module.db.util.DBLoginModuleSHA1Encoder
2. run the following procedure:
DECLARE
    l_password VARCHAR2(50) := 'welcome';
    l_password_raw RAW(128) := utl_raw.CAST_TO_RAW(l_password);
    l_encrypted_raw RAW(2048);
    l_encrypted_string VARCHAR2(2048);
    l_encrypted_string2 VARCHAR2(2048);
BEGIN
    dbms_output.put_line('Password in String: ' || l_password);
    dbms_output.put_line('Password in raw: ' || l_password_raw);
    l_encrypted_raw := dbms_crypto.hash(l_password_raw, dbms_crypto.HASH_SH1);
    dbms_output.put_line('SH1: ' || l_encrypted_raw);
    l_encrypted_string := UTL_ENCODE.BASE64_ENCODE(l_encrypted_raw);
    dbms_output.put_line('Base64Encoding: ' || l_encrypted_string);
END;
3. update the clear text password with the SHA-1 encrypted password and encoded in Base64Encoding (in my case, it's the parameter "l_encrypted_string")Now I run the application and login says "password not matching!" If anyone know what's going on, please advise me what's wrong...pls
thanks very much,

Hi,
hard to say without knowing the code the OC4J team uses in their login module. I know they based it on a JAAS LoginModule I wrote some years ago, but they did change some parts of it. In the original version. the password was read from the database and then compared with the provided password string. Using encryption it uses a class to encode and decode the password queried from teh database. My guess is that the returned string - after decoding - doesn't meet the password string you provide when authenticating. Since this piece of code is owned by the OC4J team, I suggest to try the Application Server forum or the Security forum
Frank

OC4J instance configuration assistant failed

Hi,
I installed oracle 11g 11.1.0.7 database,weblogic server 10.3.2 and identity management 11.1.1.1.0.Till this every thing is fine.
Next i created schema using sso-metadata repository of 11.1.1.1.0 and it also went fine. Now i am trying to install OSSO of 10.1.4.0.1 on it but during this the OC4J instance configuration assistant is getting failed.
I checked in the log files and i found this.
Binding web app 'web' to default-web-site for application 'sso' in OC4J instance 'OC4J_SECURITY'
ERROR: Caught exception while binding web app 'web' to default-web-site:
java.lang.reflect.InvocationTargetException
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at oracle.j2ee.tools.deploy.Oc4jDeploy.doDeploy(Unknown Source)
     at oracle.j2ee.tools.deploy.Oc4jDeploy.execute(Unknown Source)
     at oracle.j2ee.tools.deploy.Oc4jDeploy.deploy(Unknown Source)
     at oracle.j2ee.tools.deploy.Oc4jDeploy.main(Unknown Source)
Caused by: com.evermind.client.orion.AdminCommandException: Disconnected: Connection reset
     at com.evermind.client.orion.BindWebAppCommand.execute(BindWebAppCommand.java:31)
     at com.evermind.client.orion.Oc4jAdminConsole.executeCommand(Oc4jAdminConsole.java:139)
     ... 8 more
Caused by: com.evermind.server.rmi.OrionRemoteException: Disconnected: Connection reset
     at com.evermind.server.rmi.RMIConnection.EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER(RMIConnection.java:1621)
     at com.evermind.server.rmi.RMIConnection.invokeMethod(RMIConnection.java:1572)
     at com.evermind.server.rmi.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:55)
     at com.evermind.server.rmi.RecoverableRemoteInvocationHandler.invoke(RecoverableRemoteInvocationHandler.java:22)
     at __Proxy0.bindWebApp(Unknown Source)
     at com.evermind.client.orion.BindWebAppCommand.execute(BindWebAppCommand.java:28)
     ... 9 more
Calling updateConfig to notify DCM of new web-bindings...done.
In the oc4j~oc4j-security log file I found this:
SSO: Initializing the encryption objects failed
09/12/16 07:36:38 oracle.security.sso.server.conf.ConfigurationException: Invalid SSO DB schema information
09/12/16 07:36:38      at oracle.security.sso.server.conf.DatabaseConfigReader.init(DatabaseConfigReader.java:418)
09/12/16 07:36:38      at oracle.security.sso.server.auth.AuthUtil.init(AuthUtil.java:194)
09/12/16 07:36:38      at oracle.security.sso.server.ui.SSOLoginServlet.init(SSOLoginServlet.java:284)
09/12/16 07:36:38      at javax.servlet.GenericServlet.init(GenericServlet.java:258)
09/12/16 07:36:38      at com.evermind.server.http.HttpApplication.loadServlet(HttpApplication.java:2354)
09/12/16 07:36:38      at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4795)
09/12/16 07:36:38      at com.evermind.server.http.HttpApplication.initPreloadServlets(HttpApplication.java:4889)
09/12/16 07:36:38      at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:1015)
09/12/16 07:36:38      at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:549)
09/12/16 07:36:38      at com.evermind.server.Application.getHttpApplication(Application.java:890)
09/12/16 07:36:38      at com.evermind.server.http.HttpServer.getHttpApplication(HttpServer.java:707)
09/12/16 07:36:38      at com.evermind.server.http.HttpSite.initApplications(HttpSite.java:625)
09/12/16 07:36:38      at com.evermind.server.http.HttpSite.setConfig(HttpSite.java:278)
09/12/16 07:36:38      at com.evermind.server.http.HttpServer.setSites(HttpServer.java:278)
09/12/16 07:36:38      at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:179)
09/12/16 07:36:38      at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2394)
09/12/16 07:36:38      at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1551)
09/12/16 07:36:38      at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:92)
09/12/16 07:36:38      at java.lang.Thread.run(Thread.java:534)
09/12/16 07:36:38 SSO: FAILED TO START SSO SERVER!
Can anyone help me to solve this problem.
Thanks&Regards,
Rajesh

Results from our TAR:
1. There is an updated deinstall document available on Metalink that details in greater detail how to completely remove 9iAS from Windows NT/2000.
2. The middle-tier machine cannot be named "portal." The name is reserved by 9iAS R2. Now if only the installer could catch reserved names ... a note to this effect in the installation docs would be nice as well. I believe the infrastructure machine cannot be called "iasdb" as that name is also reserved but I'm not about to find out.

[SOLVED] AdfFacesContext had not been properly released ... & Security

Hi,
While evaluating version 10.1.3.2.49 of JHeadstart some warning messages appears in the log window :
23 oct. 2007 08:56:53 oracle.adfinternal.view.faces.webapp.AdfFacesFilterHelperImpl startFilter
ATTENTION: AdfFacesContext had not been properly released on earlier request
I just made a very basic application, generated it and got the messages when running it.
The problem seems to be the filter mappings section of the web.xml generated by JHeastart which is :
    <filter-mapping>
        <filter-name>adfFaces</filter-name>
        <url-pattern>*.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>adfFaces</filter-name>
        <url-pattern>*.jspx</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>adfBindings</filter-name>
        <url-pattern>*.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>adfBindings</filter-name>
        <url-pattern>*.jspx</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>adfBindings</filter-name>
        <servlet-name>ordDeliverMedia</servlet-name>
    </filter-mapping>When I change these mapping in flavor of :
    <filter-mapping>
        <filter-name>adfFaces</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
    <filter-mapping>
        <filter-name>adfBindings</filter-name>
        <url-pattern>*.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>adfBindings</filter-name>
        <url-pattern>*.jspx</url-pattern>
    </filter-mapping> then I get no error.
BUT when I keep these settings and try to use security features, I get :
500 Internal Server Error
java.lang.NullPointerException
     at oracle.adfinternal.view.faces.renderkit.AdfRenderingContext.getTranslatedString(AdfRenderingContext.java:70)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.jsLibs.GlobalVariablesScriptlet.outputScriptletContent(GlobalVariablesScriptlet.java:49)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.jsLibs.Scriptlet.outputScriptletImpl(Scriptlet.java:111)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.jsLibs.Scriptlet.outputScriptlet(Scriptlet.java:52)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.XhtmlUtils.addLib(XhtmlUtils.java:166)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.jsLibs.Scriptlet.outputDependency(Scriptlet.java:144)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.jsLibs.AliasedScriptlet.outputScriptletImpl(AliasedScriptlet.java:112)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.jsLibs.Scriptlet.outputScriptlet(Scriptlet.java:52)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.XhtmlUtils.addLib(XhtmlUtils.java:166)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.jsLibs.Scriptlet.outputDependency(Scriptlet.java:144)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.jsLibs.DefaultTimeZoneScriptlet.outputScriptletImpl(DefaultTimeZoneScriptlet.java:41)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.jsLibs.Scriptlet.outputScriptlet(Scriptlet.java:52)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.XhtmlUtils.addLib(XhtmlUtils.java:166)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.HeadRenderer._writeCookieScript(HeadRenderer.java:124)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.HeadRenderer.encodeBegin(HeadRenderer.java:72)
     at oracle.adfinternal.view.faces.renderkit.core.CoreRenderer.encodeBegin(CoreRenderer.java:149)
     at oracle.adf.view.faces.component.UIXComponentBase.encodeBegin(UIXComponentBase.java:593)
     at javax.faces.webapp.UIComponentTag.encodeBegin(UIComponentTag.java:613)
     at oracle.adf.view.faces.webapp.UIXComponentTag.encodeBegin(UIXComponentTag.java:108)
     at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:500)
     at oracle.adf.view.faces.webapp.UIXComponentTag.doStartTag(UIXComponentTag.java:85)
     at _security._pages._Login_jspx._jspService(_Login_jspx.java:62)
     [/security/pages/Login.jspx]
...and in the embedded OC4J log window :
23 oct. 2007 09:52:00 oracle.adf.view.faces.webapp.AdfFacesFilterHelper verifyFilterIsInstalled
ATTENTION: The AdfFacesFilter has not been installed. ADF Faces requires this filter for proper execution.
23 oct. 2007 09:52:00 oracle.adfinternal.view.faces.application.ViewHandlerImpl _checkTimestamp
INFO: ADF Faces is running with time-stamp checking enabled. This should not be used in a production environment. See the oracle.adf.view.faces.CHECK_FILE_MODIFICATION property in WEB-INF/web.xml
09:52:00 DEBUG (oracle.jheadstart.controller.jsf.lifecycle.JhsPageLifecycle) -Executing prepareRender, page=/security/pages/Login.jspx, pagedef=null
09:52:00 DEBUG (oracle.jheadstart.controller.jsf.lifecycle.JhsPageLifecycle) -Locale fr set on current JSF page
23 oct. 2007 09:52:01 oracle.adfinternal.view.faces.renderkit.core.CoreAdfRenderingContext _initializeSkin
ATTENTION: There is no SkinFactory
23 oct. 2007 09:52:01 oracle.adfinternal.view.faces.renderkit.core.StyleContextImpl _getDefaultStyleProvider
GRAVE: Could not get stylesheet cache
java.lang.IllegalArgumentException: No Skin specified.
     at oracle.adfinternal.view.faces.skin.SkinStyleProvider.getSkinStyleProvider(SkinStyleProvider.java:51)
     at oracle.adfinternal.view.faces.renderkit.core.StyleContextImpl._getDefaultStyleProvider(StyleContextImpl.java:89)
     at oracle.adfinternal.view.faces.renderkit.core.StyleContextImpl.<init>(StyleContextImpl.java:31)
     at oracle.adfinternal.view.faces.renderkit.core.CoreAdfRenderingContext.getStyleContext(CoreAdfRenderingContext.java:176)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.StyleSheetRenderer.encodeAll(StyleSheetRenderer.java:74)
     at oracle.adfinternal.view.faces.renderkit.core.CoreRenderer.delegateRenderer(CoreRenderer.java:281)
     at oracle.adfinternal.view.faces.renderkit.core.xhtml.HeadRenderer.encodeBegin(HeadRenderer.java:70)
     at oracle.adfinternal.view.faces.renderkit.core.CoreRenderer.encodeBegin(CoreRenderer.java:149)
     at oracle.adf.view.faces.component.UIXComponentBase.encodeBegin(UIXComponentBase.java:593)
     at javax.faces.webapp.UIComponentTag.encodeBegin(UIComponentTag.java:613)
     at oracle.adf.view.faces.webapp.UIXComponentTag.encodeBegin(UIXComponentTag.java:108)
     at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:500)
     at oracle.adf.view.faces.webapp.UIXComponentTag.doStartTag(UIXComponentTag.java:85)
     at _security._pages._Login_jspx._jspService(_Login_jspx.java:62)
     at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)
     at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
     at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594)
     at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
     at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713)
     at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
     at com.evermind.server.http.ServletRequestDispatcher.unprivileged_forward(ServletRequestDispatcher.java:259)
     at com.evermind.server.http.ServletRequestDispatcher.access$100(ServletRequestDispatcher.java:51)
     at com.evermind.server.http.ServletRequestDispatcher$2.oc4jRun(ServletRequestDispatcher.java:193)
     at oracle.oc4j.security.OC4JSecurity.doPrivileged(OC4JSecurity.java:283)
...The workaround is to always call the Login.jspx page. But that's a major issue since I can't count on container redirection.
Do you know any other combination that would allow me to get rid of the warning message and use security as it should be ?
Thanks,
Seb.

Ok, I found how to correctly configure the filter mapping section.
Here is what works for me :
    <filter-mapping>
        <filter-name>adfFaces</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>adfBindings</filter-name>
        <url-pattern>*.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>adfBindings</filter-name>
        <url-pattern>*.jspx</url-pattern>
    </filter-mapping> Seb.

ADF Security: javax.servlet.jsp.JspException: Cannot find FacesContext

Hi,
In my ADF Application, new users are to be allowed to Register by clicking a button in login page. The Application is based on ADF Security Wizard and I have created default pages for Login and Error, so the application's login page is login.html.
Now when I’m trying to navigate to 'NewUserRegistrationPage.jspx' Im getting javax.servlet.jsp.JspException: Cannot find FacesContext error.
I thought the issue might be from calling a .jspx from .html so I created a 'NewLogin.jspx' Page with below code and specified this page in ADF Security Wizard for Login Page.
Please advice me some way of calling the 'newRegistrationpage.jspx' from my login page.
Im using JDeveloper 10.1.3.4.
Page Code:
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:af="http://xmlns.oracle.com/adf/faces"
xmlns:afh="http://xmlns.oracle.com/adf/faces/html">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<f:view>
<html>
<head>
<title>Login</title>
</head>
<body><form method="POST" action="j_security_check">
<font face="Verdana" color="Navy">
<table cellspacing="2" cellpadding="3" border="0" align="center">
<tr>
<th>Username:</th>
<td>
<input type="text" name="j_username"/>
</td>
</tr>
<tr>
<th>Password:</th>
<td>
<input type="password" name="j_password"/>
</td>
</tr>
</table>
</font>
<p align="center">
<input type="submit" name="submit" value="Submit"/>
<input type="button" name="" value="Request Password"/>
<input type="button" name="" value="New User Registration"/>
</p>
</form></body>
</html>
</f:view>
</jsp:root>
Error::
javax.servlet.jsp.JspException: Cannot find FacesContext at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:427) at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java:125) at webpages.REACHLoginPage_jspx._jspService(_REACHLoginPage_jspx.java:47) [WebPages/REACHLoginPage.jspx] at com.orionserver[Oracle Containers for J2EE 10g (10.1.3.4.0) ].http.OrionHttpJspPage.service(OrionHttpJspPage.java:59) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462) at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.unprivileged_forward(ServletRequestDispatcher.java:259) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.access$100(ServletRequestDispatcher.java:51) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher$2.oc4jRun(ServletRequestDispatcher.java:193) at oracle.oc4j.security.OC4JSecurity.doPrivileged(OC4JSecurity.java:284) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:198) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.FormHttpAuthenticator.reject(FormHttpAuthenticator.java:83) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication.java:6435) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:3030) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:738) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:122) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:111) at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260) at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234) at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29) at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879) at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:298) at java.lang.Thread.run(Thread.java:595)
Edited by: Manasa Tadi on Jul 1, 2009 11:52 PM

Hi Branislav,
Thanks a lot for your suggestion through which now Im able to navigate to NewRegistration page from login.html.
In my application login.html is under public_html folder where as the NewRegistration page in public_html/WebPages.
Code I used:
New User Registration
But the issue now is, the NewUserRegistrationPage was also under the ADFSecurity, so inorder to navigate to it again the user had to provide authentication. So, I have removed this particular page from Security and it has started to work.
But the issue now I face is something else. In the NewUserRegistrationPage I have a selection to be made by user about the type of user he is and based on the selection he would be navigated to next page, This next page has a VO on it as a 'create form', through which he can directly fill the form and submit his details to database table.
But as I have removed these pages from ADF Security and authentication, the form fields/attributes in the VO are not getting binded, Im getting this Exception:
500 Internal Server Error
javax.faces.el.PropertyNotFoundException: Error testing property 'inputValue' in bean of type null
For testing purpose when I have provided link from application page to NewRegistrationPage the flow is working properly, able to navigate to second page and submit the filled form to database, I think this is working because we have entered the application after providing the login credentials.'
Help in this greatly needed.
Thanks,
Manasa.

ADF security : JAZN-LDAP

Hi,
We are working on the development of an application with Oracle ADF (JDev 10.1.3).
We implemented security with lightweight XML provider and it's working perfectly.
Next month we will deploy our application and so we will use a LDAP server.
Is it easy to jump from XML to LDAP?
Do we just have to select LDAP prodiver in the security wizard and then to map application groups to LDAP groups in the orion-application.xml file?
With this solution, is it still possible to edit authorizations at design time for pages, iterators, etc ?
Thanks in advance for your help!

Hi,
you didn't read the documentation, do you ? Anyway, the LDAP upload is a bit difference from how you imagine it
- ADF Security permissions are written to the workspaces' \.adf\META-INF\app-jazn-data.xml file. So in fact you don't change the security settings for your project in JDeveloper. This means it remains for future addition
- You use a migration utility provided by OC4J Security to create an XLIFF file out of \.adf\META-INF\app-jazn-data.xml
http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/configxml.htm#CIHIFGBJ
- Then you upload this to OID
Frank

Oracle Security Implementation in JDev 10.1.2.0.0

Dear J Dev Fellows I am New to J dev. Having version mentioned in title.
I want to implement oracle security for multiple users. Please guide me to achieve this.
Aamer

Hi,
in JDeveloper 10.1.2 you have container managed security with JAZN. Have a look at the OC4J Security Guide that you can access from the Oracle Application Server documentation on otn.oracle.com --> Documentation
or you have a look at
http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf
Frank

OC4J Security

Similar Messages

Maybe you are looking for