Oracle form based authentication

can anyone tell me how to do the simple form-based authentication with IIS in OAM10g ??? pls
Edited by: 859749 on May 19, 2011 4:32 AM

Please refer to the product documentation.
http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12488/v2form.htm#BABCDIEE

Similar Messages

Form Based Authentication Redirect URL

I'm using form based authentication in standalone OC4J 10.1.3.1. I have set the system property oc4j.formauth.redirect to true to force OC4J to redirect using 302 any successful authentication to j_security_check.
The problem is that the redirect URL loses any query parameters. Here's the raw HTTP being posted:
POST http://localhost:8988/manage/j_security_check HTTP/1.1
Host: mvakoc-pc.peoplesoft.com:8099
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://mvakoc-pc.peoplesoft.com:8099/manage/target?instanceName=denlcmlx1_entserver_1&targetType=entserver
Cookie: JSESSIONID=0a8b7ff6231c049914997fdb4ebb93b4854b0956862b; SignOnDefault=18438; e1AppState=
Content-Type: application/x-www-form-urlencoded
Content-Length: 62
X-Forwarded-For: 10.139.127.246
j_username=username&j_password=password&url=%2Fmanage%2Fhome
However the response back drops off the query parameters:
HTTP/1.1 302 Moved Temporarily
Date: Fri, 05 Jan 2007 21:59:22 GMT
Server: Oracle Containers for J2EE
Content-Length: 231
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Location: http://mvakoc-pc.peoplesoft.com:8099/manage/target
<HTML><HEAD><TITLE>Redirect to http://mvakoc-pc.peoplesoft.com:8099/manage/target</TITLE></HEAD><BODY>http://mvakoc-pc.peoplesoft.com:8099/manage/target</BODY></HTML>
Any workaround?

It does not appear to be quite the same issue. That bug indicates that everything works fine in a standalone OC4J environment. This would be true with the use case specified as the original URL (/em/console/ias) does not include any query parameters. In my case the original URL contains query parameters so the ultimate redirected URL should also contain those.

Form based authentication - users stored in db.

I must use form based authentication and the users are stored in an oracle table.
How can I configure OC4J to get this thing working ?
I have search some days on the internet and came up with nothing ... Oracle seems to be offering so much security options that I don't know what to choose from.
A simple example should be welcome ...
Please help, I'm really getting desperate ...
Thanks a lot in advance !

Hi Partner:
I'm having the some problem as you
configuring a JDBC security.
I yo have found some useful solution please
let me know.
Thank you.
Roger.
[email protected]
[email protected]

Issues with OSSO ,custom login module and form based authentication

Hi:
We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
authentication and Custom login module.
Application is going in infinite loop when we we try to login using osso ,from the logs
what I got is looks like tha when we we try to login from OSSO application goes to the login
page and it gets the remote user from request so it forwards it to the home page till now
it is correct behaviour ,but after that It looks like home page find that authentication is
not done and sends it back to the login page and login page again sends it to the home as it
finds that remote user is not null.
Our web.xml form authentication entry looks like this :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
</form-login-config>
</login-config>
While entry in orion-application.xml has the following entry for custom login :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
</jazn>
Whether If I change the authentication type to BASIC and add the following line
in orion-application.xml will solve the issue :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
<jazn-web-app auth-method="SSO" >
</jazn>
Any help regarding it will be appreciated .
Thanks
Anil

Hi:
We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
authentication and Custom login module.
Application is going in infinite loop when we we try to login using osso ,from the logs
what I got is looks like tha when we we try to login from OSSO application goes to the login
page and it gets the remote user from request so it forwards it to the home page till now
it is correct behaviour ,but after that It looks like home page find that authentication is
not done and sends it back to the login page and login page again sends it to the home as it
finds that remote user is not null.
Our web.xml form authentication entry looks like this :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
</form-login-config>
</login-config>
While entry in orion-application.xml has the following entry for custom login :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
</jazn>
Whether If I change the authentication type to BASIC and add the following line
in orion-application.xml will solve the issue :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
<jazn-web-app auth-method="SSO" >
</jazn>
Any help regarding it will be appreciated .
Thanks
Anil

Performing form based authentication with entities

Hey everyone,
Im in a major dilemma.Im trying to perform form-based authentication using entities.I have created the entity class from the database,and I used a SLSB to access the bean method via JNDI(when I tried using dependency injection,there was an exception).I also cannot use hibernate as a persistent provider.I used toplink since it is the default in netbeans 5.5.1 and it did not raise any issues.But then,I noticed that toplink is most compatible with the oracle application server,and I use sun java system application server 9.1.I have not been able to successfully perform the authentication.
here's the code:note,there are still bugs as ive been going back and forth trying to find a solution and also because Ive been working with preexisting code.
model:
SLSB
* userValidationBean.java
* Created on 26 March 2008, 18:25
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
package Entities;
import javax.ejb.Stateless;
import javax.ejb.Remote;
import java.util.List;
import javax.persistence.PersistenceContext;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import Entities.UserTable;
import javax.transaction.UserTransaction;
import javax.annotation.Resource;
//the reason for the many comments is that im still debugging and there are still some bugs.Ive also been trying to go back and forth just
//to get a solution.
//the other accompanying classes had preexisting code i wrote earlier.
* @author Ayo
@Stateless
@Remote(userValidationRemote.class)
public class userValidationBean implements Entities.userValidationRemote {
@PersistenceContext private EntityManager manager;
@Resource private javax.transaction.UserTransaction tran;
/** Creates a new instance of userValidationBean */
public userValidationBean() {
//"SELECT u.username,u.password FROM UserTable u WHERE u.username =?1 and u.password=?2"
public boolean checkUser()
try
tran.begin();
UserTable user=new UserTable();
Query query=manager.createQuery("select u.username,u.password from u.user_table where u.username=:username and u.password=:password");
/*query.set("username",user.getUsername());
query.setParameter("password",user.getPassword());*/
query.setParameter("username",user.getUsername());
query.setParameter("password",user.getPassword());
userValidationBean ubean=(userValidationBean)query.getSingleResult();
boolean result=ubean==null?true:false;
tran.commit();
catch(Exception e)
System.out.println("Error:"+e);
// boolean result=ubean==null?true:false;
return result;
remote interface
package Entities;
import javax.ejb.Remote;
import Entities.UserTable;
* This is the business interface for userValidation enterprise bean.
@Remote
public interface userValidationRemote {
public boolean checkUser();
controller:servlet
* userCheck.java
* Created on 15 March 2008, 22:41
package servlets;
import Entities.UserTable;
import Entities.userValidationBean;
import javax.annotation.*;
import Entities.userValidationRemote;
import java.io.*;
import java.net.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.ejb.*;
import javax.naming.*;
import javax.persistence.*;
* @author Ayo
* @version
public class userCheck extends HttpServlet {
//@EJB userValidationRemote userRemote;
boolean checkUser;
String username,password;
/** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
* @param request servlet request
* @param response servlet response
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
/*con=null;
ps=null;
rs=null;
s=null;
*/response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
username=request.getParameter("username");
password=request.getParameter("password");
if(username==""||password=="")
//RequestDispatcher de=request.getRequestDispatcher("admin_error.jsp");
//de.forward(request,response);
//showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
else
try
Context ctx=new InitialContext();
userValidationRemote userRemote=(userValidationRemote)ctx.lookup("Entities.userValidationRemote");
checkUser= userRemote.checkUser();
//checkUser= userRemote.checkUser();
//return;
//checkUser(UserTable user);
catch(Exception e)
out.println("Error:"+e);
//userValidation.checkUser(UserTable user);
if(checkUser==true)
RequestDispatcher d=request.getRequestDispatcher("blah.jsp");
d.forward(request,response);
else if(checkUser==false)
// RequestDispatcher d=request.getRequestDispatcher("admin_error.jsp");
//d.forward(request,response);
showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
//call bean(stateless or stateful)which access method on entity that validates.
// checkUser(request,response);
/* TODO output your page here
out.println("<html>");
out.println("<head>");
out.println("<title>Servlet userCheck</title>");
out.println("</head>");
out.println("<body>");
out.println("<h1>Servlet userCheck at " + request.getContextPath () + "</h1>");
out.println("</body>");
out.println("</html>");
//out.close();
/* public synchronized void checkUser(HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
if(username==""&&password=="")
showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
else
try
Class.forName("com.mysql.jdbc.Driver");
con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
ps=con.prepareStatement("select username,password from user_table where username=?and password=?");
ps.setString(1,username);
ps.setString(2,password);
rs=ps.executeQuery();
if(rs.next())
user=rs.getString(1);
pass=rs.getString(2);
//check user type,wether super admin,user or the other subadmins or a regular user.
checkType(request,response);
else
//redirect to admin error page,then close the connection.
showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
con.close();
catch(Exception e)
private synchronized void checkType(HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
try
Class.forName("com.mysql.jdbc.Driver");
con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
ps=con.prepareStatement("select user_type,user_id,access_level from user_table where username=? and password=?");
ps.setString(1,user);
ps.setString(2,pass);
rs=ps.executeQuery();
if(rs.next())
user_type=rs.getString(1);
user_id=""+rs.getInt(2);
access_level=rs.getString(3);
if(user_type.equals("super")&&(access_level.equals("all")))
//create admin user session,add to the username and the user_id.
//redirect to super admin page,with access rights to create
//health admin,insurance admin and HMO admin.
//pretty cool stuff!
HttpSession session=request.getSession(true);
session.setAttribute("user",user);
session.setAttribute("user_id",user_id);
RequestDispatcher dispatcher=request.getRequestDispatcher("admin_user_page.jsp");
dispatcher.forward(request,response);
//session.setAttribute(user_id);
//remember to create a hidden field if you need to pass this information
//to another page and retrieve the super admin id to track his activities.
else if(user_type.equals("health administrator")&&(access_level.equals("Health")))
HttpSession session=request.getSession(true);
session.setAttribute("user",user);
session.setAttribute("user_id",user_id);
RequestDispatcher des=request.getRequestDispatcher("health_admin_user_page.jsp");
des.forward(request,response);
//check for other user types,health admin,hmo admin and insurance admin.
else if(user_type.equals("hmo administrator")&&(access_level.equals("HMO")))
HttpSession session=request.getSession(true);
session.setAttribute("user",user);
session.setAttribute("user_id",user_id);
RequestDispatcher d=request.getRequestDispatcher("hmo_admin_user_page.jsp");
d.forward(request,response);
showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
else if(user_type.equals("insurance administrator")&&(access_level.equals("insurance")))
HttpSession session=request.getSession(true);
session.setAttribute("user",user);
session.setAttribute("user_id",user_id);
RequestDispatcher de=request.getRequestDispatcher("insurance_admin_user_page.jsp");
de.forward(request,response);
else if(user_type.equals("user")&&(access_level.equals("health")))
try
Class.forName("com.mysql.jdbc.Driver");
con=DriverManager.getConnection("jdbc:mysql:http://localhost:3306/Health_Management_System","root","");
ps=con.prepareStatement("select staff_id from user_table where username=?and password=?");
ps.setString(1,username);
ps.setString(2,password);
rs=ps.executeQuery();
if(rs.next())
String staff_id=""+rs.getInt(1);
Class.forName("com.mysql.jdbc.Driver");
con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
ps=con.prepareStatement("select * from health_staff_table where staff_id=?");
ps.setString(1,staff_id);
rs=ps.executeQuery();
if(rs.next())
//retrieve the values from health staff and store them in variables.
//store important variables in user sessions e.g.staff_id,username,place of work for display in the web page.
//redirect to required page.
String first_name=rs.getString("first_name");
String last_name=rs.getString("last_name");
String work_place=rs.getString("place_of_work");
HttpSession session=request.getSession(true);
session.setAttribute("first_name",first_name);
session.setAttribute("last_name",last_name);
session.setAttribute("work_place",work_place);
session.setAttribute("staff_id",staff_id);
//redirect to user page.
else
showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
else
showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
catch(Exception e)
//catch exception and redirect to page.
else if(user_type.equals("user")&&(access_level.equals("HMO")))
try
Class.forName("com.mysql.jdbc.Driver");
con=DriverManager.getConnection("jdbc:mysql:http://localhost:3306/Health_Management_System","root","");
ps=con.prepareStatement("select staff_id from user_table where username=?and password=?");
ps.setString(1,username);
ps.setString(2,password);
rs=ps.executeQuery();
if(rs.next())
String staff_id=""+rs.getInt(1);
Class.forName("com.mysql.jdbc.Driver");
con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
ps=con.prepareStatement("select * from hmo_staff_table where staff_id=?");
ps.setString(1,staff_id);
rs=ps.executeQuery();
if(rs.next())
//retrieve the values from HMO staff and store them in variables.
//store important variables in user sessions e.g.staff_id,username,place of work for display in the web page.
//redirect to required page.
String first_name=rs.getString("first_name");
String last_name=rs.getString("last_name");
String work_place=rs.getString("place_of_work");
HttpSession session=request.getSession(true);
session.setAttribute("first_name",first_name);
session.setAttribute("last_name",last_name);
session.setAttribute("work_place",work_place);
session.setAttribute("staff_id",staff_id);
else
showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
else
showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
catch(Exception e)
//catch exception and redirect to page.
else if(user_type.equals("user")&&(access_level.equals("insurance")))
try
Class.forName("com.mysql.jdbc.Driver");
con=DriverManager.getConnection("jdbc:mysql:http://localhost:3306/Health_Management_System","root","");
ps=con.prepareStatement("select staff_id from user_table where username=?and password=?");
ps.setString(1,username);
ps.setString(2,password);
rs=ps.executeQuery();
if(rs.next())
String staff_id=""+rs.getInt(1);
Class.forName("com.mysql.jdbc.Driver");
con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
ps=con.prepareStatement("select * from insurance_staff_table where staff_id=?");
ps.setString(1,staff_id);
rs=ps.executeQuery();
if(rs.next())
//retrieve the values from insurance staff and store them in variables.
//store important variables in user sessions e.g.staff_id,username,place of work for display in the web page.
//redirect to required page.
String first_name=rs.getString("first_name");
String last_name=rs.getString("last_name");
String work_place=rs.getString("place_of_work");
HttpSession session=request.getSession(true);
session.setAttribute("first_name",first_name);
session.setAttribute("last_name",last_name);
session.setAttribute("work_place",work_place);
session.setAttribute("staff_id",staff_id);
else
showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
else
showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
catch(Exception e)
//catch exception and redirect to page.
else
//invalid login details.After all else fails.
showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
catch(Exception e)
private void showError(String errorMsg,HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
request.setAttribute("error_msg",errorMsg);
RequestDispatcher dispatcher=request.getRequestDispatcher("admin_error.jsp");
dispatcher.forward(request,response);
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/** Handles the HTTP <code>GET</code> method.
* @param request servlet request
* @param response servlet response
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
/** Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
/** Returns a short description of the servlet.
public String getServletInfo() {
return "Short description";
// </editor-fold>
view
<%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<style type="text/css">

</style>
</head>
<body>
<table width="564" border="0" align="center">
<tr>
<td width="558" bgcolor="#CCCCCC" class="style1"><div align="center">
<p> </p>
<h1 class="style7">Welcome to HealthPort</h1>
<p>HealthPort Login</p>
<p><span class="style8">Today's date is:<%= new java.util.Date() %></span></p>
<form id="form1" name="form1" method="post" action="userCheck">
<p align="right" class="style3">Username
<label></label>
<input type="text" name="username" id="username" />
</p>
<p align="right" class="style3">Password
<input type="password" name="password" id="password" />
</p>
<p align="right" class="style3">
<span class="style6">
<label></label>
<label></label>
</span>
<span class="style5">
<label></label>
</span>
<label>
<input type="submit" name="button" id="button" value="Login" />
</label>
</p>
<div align="right">
</div></form>
<div align="right"><div align="left"><p align="right"> </p>
</div></div></div></td>
</tr>
<tr>
<td bgcolor="#CCCCCC" class="style1"> </td>
</tr>
</table>
</body>
</html>
so,that's about it.I'd appreciate it.I know this is a lot.I'm grateful
Ayo.

Hi.Im still having issues trying to perform form based authenticatin with entities.I tried this method but im getting errors on the marked lines.
controller servlet
* userCheck.java
* Created on 15 March 2008, 22:41
package servlets;
import Entities.UserTable;
import Entities.userValidationBean;
import javax.annotation.*;
import Entities.userValidationRemote;
import java.io.*;
import java.net.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.ejb.*;
import javax.naming.*;
import javax.persistence.*;
* @author Ayo
* @version
public class userCheck extends HttpServlet {
//@EJB userValidationRemote userRemote;
boolean checkUser;
String username,password;
/** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
* @param request servlet request
* @param response servlet response
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
/*con=null;
ps=null;
rs=null;
s=null;
*/response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
username=request.getParameter("username");
password=request.getParameter("password");
if(username==""||password=="")
showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
else
try
Context ctx=new InitialContext();
userValidationRemote userRemote=(userValidationRemote)ctx.lookup("Entities.userValidationRemote");
(error on this line-saying ')' expected and no matter if i add ) there is still erro)userRemote.authenticate(String p_user,String p_password);
catch(Exception e)
out.println("Error:"+e);
if(checkUser==true)
RequestDispatcher d=request.getRequestDispatcher("blah.jsp");
d.forward(request,response);
else if(checkUser==false)
showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
private void showError(String errorMsg,HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
request.setAttribute("error_msg",errorMsg);
RequestDispatcher dispatcher=request.getRequestDispatcher("admin_error.jsp");
dispatcher.forward(request,response);
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/** Handles the HTTP <code>GET</code> method.
* @param request servlet request
* @param response servlet response
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
/** Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
/** Returns a short description of the servlet.
public String getServletInfo() {
return "Short description";
// </editor-fold>
view
<%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<style type="text/css">

</style>
</head>
<body>
<table width="564" border="0" align="center">
<tr>
<td width="558" bgcolor="#9DACBF" class="style1"><div align="center">
<p> </p>
<h1 class="style7">Welcome to HealthPort</h1>
<p>HealthPort Login</p>
<p><span class="style8">Today's date is:<%= new java.util.Date() %></span></p>
<form id="form1" name="form1" method="post" action="userCheck">
<p align="right" class="style3">Username
<label></label>
<input type="text" name="username" id="username" />
</p>
<p align="right" class="style3">Password
<input type="password" name="password" id="password" />
</p>
<p align="right" class="style3">
<span class="style6">
<label></label>
<label></label>
</span>
<span class="style5">
<label></label>
</span>
<label>
<input type="submit" name="button" id="button" value="Login" />
</label>
</p>
<div align="right">
</div></form>
<div align="right"><div align="left"><p align="right"> </p>
</div></div></div></td>
</tr>
<tr>
<td bgcolor="#CCCCCC" class="style1"> </td>
</tr>
</table>
</body>
</html>
SLSB (implements userValidationRemote)
* userValidationBean.java
* Created on 26 March 2008, 18:25
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
package Entities;
import javax.ejb.Stateless;
import javax.ejb.Remote;
import javax.persistence.PersistenceContext;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import Entities.UserTable;
import javax.annotation.*;
//import javax.transaction.UserTransaction;
* @author Ayo
@Stateless(mappedName="ejb/facade/userValidationBean")
@Remote(userValidationRemote.class)
(error on this line saying can't find class TransactionManagement)@TransactionManagement(value=TransactionManagementType.CONTAINER)
public class userValidationBean implements Entities.userValidationRemote {
@PersistenceContext(unitName="HealthInsuranceApp-ejbPU") private EntityManager manager;
/** Creates a new instance of userValidationBean */
public userValidationBean() {
//"SELECT u.username,u.password FROM UserTable u WHERE u.username =?1 and u.password=?2"
public boolean authenticate(String p_user,String p_password)
UserTable m_user=manager.find(UserTable.class,p_user);
if(m_user!=null)
return m_user.getPassword().equals(p_password);
return false;
Entity
* UserTable.java
* Created on 29 March 2008, 13:24
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
package Entities;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Table;
* Entity class UserTable
* @author Ayo
@Entity(name="qs_UserPwd")
@Table(name = "user_table")
public class UserTable implements Serializable {
@Id
@Column(name = "user_id", nullable = false)
private Integer userId;
@Column(name = "username")
private String username;
@Column(name = "password")
private String password;
@Column(name = "user_type")
private String userType;
@Column(name = "access_level")
private String accessLevel;
@Column(name = "staff_id")
private Integer staffId;
@Column(name = "staff_type", nullable = false)
private String staffType;
@Column(name = "time_created")
private String timeCreated;
@Column(name = "time_modified")
private String timeModified;
@Column(name = "time_logged_in")
private String timeLoggedIn;
@Column(name = "time_logged_out")
private String timeLoggedOut;
@Column(name = "created_by")
private String createdBy;
/** Creates a new instance of UserTable */
public UserTable() {
* Creates a new instance of UserTable with the specified values.
* @param userId the userId of the UserTable
public UserTable(Integer userId) {
this.userId = userId;
* Creates a new instance of UserTable with the specified values.
* @param userId the userId of the UserTable
* @param staffType the staffType of the UserTable
public UserTable(Integer userId, String staffType) {
this.userId = userId;
this.staffType = staffType;
public UserTable(String p_user,String p_password)
setUsername(p_user);
setPassword(p_password);
* Gets the userId of this UserTable.
* @return the userId
public Integer getUserId() {
return this.userId;
* Sets the userId of this UserTable to the specified value.
* @param userId the new userId
public void setUserId(Integer userId) {
this.userId = userId;
* Gets the username of this UserTable.
* @return the username
public String getUsername() {
return this.username;
* Sets the username of this UserTable to the specified value.
* @param username the new username
public void setUsername(String p_user) {
p_user = username;
* Gets the password of this UserTable.
* @return the password
public String getPassword() {
return this.password;
* Sets the password of this UserTable to the specified value.
* @param password the new password
public void setPassword(String p_password) {
p_password=password;
* Gets the userType of this UserTable.
* @return the userType
public String getUserType() {
return this.userType;
* Sets the userType of this UserTable to the specified value.
* @param userType the new userType
public void setUserType(String userType) {
this.userType = userType;
* Gets the accessLevel of this UserTable.
* @return the accessLevel
public String getAccessLevel() {
return this.accessLevel;
* Sets the accessLevel of this UserTable to the specified value.
* @param accessLevel the new accessLevel
public void setAccessLevel(String accessLevel) {
this.accessLevel = accessLevel;
* Gets the staffId of this UserTable.
* @return the staffId
public Integer getStaffId() {
return this.staffId;
* Sets the staffId of this UserTable to the specified value.
* @param staffId the new staffId
public void setStaffId(Integer staffId) {
this.staffId = staffId;
* Gets the staffType of this UserTable.
* @return the staffType
public String getStaffType() {
return this.staffType;
* Sets the staffType of this UserTable to the specified value.
* @param staffType the new staffType
public void setStaffType(String staffType) {
this.staffType = staffType;
* Gets the timeCreated of this UserTable.
* @return the timeCreated
public String getTimeCreated() {
return this.timeCreated;
* Sets the timeCreated of this UserTable to the specified value.
* @param timeCreated the new timeCreated
public void setTimeCreated(String timeCreated) {
this.timeCreated = timeCreated;
* Gets the timeModified of this UserTable.
* @return the timeModified
public String getTimeModified() {
return this.timeModified;
* Sets the timeModified of this UserTable to the specified value.
* @param timeModified the new timeModified
public void setTimeModified(String timeModified) {
this.timeModified = timeModified;
* Gets the timeLoggedIn of this UserTable.
* @return the timeLoggedIn
public String getTimeLoggedIn() {
return this.timeLoggedIn;
* Sets the timeLoggedIn of this UserTable to the specified value.
* @param timeLoggedIn the new timeLoggedIn
public void setTimeLoggedIn(String timeLoggedIn) {
this.timeLoggedIn = timeLoggedIn;
* Gets the timeLoggedOut of this UserTable.
* @return the timeLoggedOut
public String getTimeLoggedOut() {
return this.timeLoggedOut;
* Sets the timeLoggedOut of this UserTable to the specified value.
* @param timeLoggedOut the new timeLoggedOut
public void setTimeLoggedOut(String timeLoggedOut) {
this.timeLoggedOut = timeLoggedOut;
* Gets the createdBy of this UserTable.
* @return the createdBy
public String getCreatedBy() {
return this.createdBy;
* Sets the createdBy of this UserTable to the specified value.
* @param createdBy the new createdBy
public void setCreatedBy(String createdBy) {
this.createdBy = createdBy;
* Returns a hash code value for the object. This implementation computes
* a hash code value based on the id fields in this object.
* @return a hash code value for this object.
@Override
public int hashCode() {
int hash = 0;
hash += (this.userId != null ? this.userId.hashCode() : 0);
return hash;
* Determines whether another object is equal to this UserTable. The result is
* <code>true</code> if and only if the argument is not null and is a UserTable object that
* has the same id field values as this object.
* @param object the reference object with which to compare
* @return <code>true</code> if this object is the same as the argument;
* <code>false</code> otherwise.
@Override
public boolean equals(Object object) {
// TODO: Warning - this method won't work in the case the id fields are not set
if (!(object instanceof UserTable)) {
return false;
UserTable other = (UserTable)object;
if (this.userId != other.userId && (this.userId == null || !this.userId.equals(other.userId))) return false;
return true;
* Returns a string representation of the object. This implementation constructs
* that representation based on the id fields.
* @return a string representation of the object.
@Override
public String toString() {
return "Entities.UserTable[userId=" + userId + "]";
please what do I do? or is there a better way? seems like my appserver(sun java system app server 9.1)doesnt support dependency injection as
there's always an exception in the server log when i try it.i use the default transaction provider toplink because use of any of the others raises an exception and my application index page never shows. please i need help? I want to be able to succesfully perform this authentication as its the only way i can move to the next level
Ayo.

FORM based authentication

Hi,
I'm using Oracle JDeveloper 9.0.3 with the embedded oc4j. I have configured for simple FORM based authentication by storing username/password in the principals.xml file.
I am presented with the login form correctly when I try to access a protected resource, but my username/password is always rejected (I'm redirected to the error page after trying to log-in). Can someone pls help??
The relevant portions of the contents of the deployment descriptor files that I'm using:
principals.xml
<principals>
<groups>
<group name="securegroup">
<description>secureusers</description>
</group>
</groups>
<users>
<user username="testuser" password="test">
<description>test user </description>
<group-membership group="securegroup" />
</user>
</users>
</principals>
web.xml
<web-app>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>

<url-pattern>*</url-pattern>

</web-resource-collection>
<auth-constraint>

<role-name>role1</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>error.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>role1</role-name>
</security-role>
</web-app>
orion-application.xml
<orion-application>
<security-role-mapping name="role1">
<group name="securegroup" />
</security-role-mapping>
</orion-application>
application.xml (stored in my D:\JDeveloper\jdev\MyProj\MyProject\WEB-INF\src\META-INF folder)
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN" "http://java.sun.com/j2ee/dtds/application_1_2.dtd">
<application>
<security-role-mapping name="role1">
<group name="securegroup" />
</security-role-mapping>
</application>

REPOST
<br><br>
Keywords: form-login, principals.xml, embedded OC4J, authentication
<p>
Please see http://forums.oracle.com/forums/message.jsp?id=1266989
<p>
The provided link does not work.<br><br>
In the application.xml of the OC4j config folder I have comemnted out the: <br> <jazn provider="XML" location="./jazn-data.xml"/>
and added my roles mappings from web.xml :<br>
     <security-role-mapping name="OES_admin">
          <group name="administrators"/>
     </security-role-mapping>
<p>
plus in proncipals.xml have created an entry for my test user:<p>
          <user username="testusr" password="test">
               <description>Just me</description>
               <group-membership group="users" />
               <group-membership group="guests" />
               <group-membership group="administrators" />
          </user>
<p>
And still cannot run Form-authentication from inside jdeveloper .... authentication runs fine when the app is deployed to Tomcat5
<p>
Help Please, I'm using jdev 10.1.2.0
Message was edited by:
omar71

Help is needed on form-based authentication

Hi,
form-based authentication is set up to protect OID/SSO resource. Oracle Portal is registered with OID. A reverse proxy server is in DMZ as front-end to Portal. At the new login page, after typing username/password, hit Login button, get original OID/SSO login page, typing username/password can get to Portal landing page.
The problem is that OID/SSO login page shows up after OID/SSO resource is protected by form-based authentication, it appears form-based authentication doesn't work properly with OID/SSO. At the new login page, if typing a wrong password, the page is flashed, and doesn't go to OID/SSO login page, so it seems user authentication with OAM can work.
The form-based authentication works fine to pretect a non-OSSO page and if using Basic Over LDAP scheme to protect the OID/SSO resource, the login also works fine.
Please help, thanks

It looks like the header variable (XXX_REMOTE_USER or whatever you're using) is not getting passed, so that the SSO login page appears. Given that the Basic over LDAP scheme works (I'm assuming that you simply switch schemes in the OAM Policy Domain to verify this?) the only thing I can think of is that you are setting the header variable in the authentication actions only. If this is the case, please try adding the header variable also to the Authorisation Success actions in the Policy Domain that protects /sso/auth/ and see if that makes a difference.
Regards,
Colin

Form based authentication problem

Hi people, im new here. Im working on a small application and i have decided to work with Form Based authentication. Theres a index page in the root that redirect to welcome page but when i try to Run the first page im getting this exception.
javax.servlet.jsp.JspException: Cannot find FacesContext at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:427) at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java:125) at infrastructure.login._jspService(_login.java:53)
I have been searching for a while in the web but i couldnt find anything that fix the problem. Can anybody give me a hand with this? The version of Jdeveloper is 10.1.3.2. Here are the web.xml file and index.jsp
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee">
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>CpxFileName</param-name>
<param-value>userinterface.DataBindings</param-value>
</context-param>
<filter>
<filter-name>adfFaces</filter-name>
<filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<jsp-config/>
<security-constraint>
<web-resource-collection>
<web-resource-name>todoLider</web-resource-name>
<url-pattern>/faces/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>lider</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>infrastructure/login.jsp</form-login-page>
<form-error-page>infrastructure/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>lider</role-name>
</security-role>
<security-role>
<role-name>auxiliar</role-name>
</security-role>
<security-role>
<role-name>docente</role-name>
</security-role>
<security-role>
<role-name>veedor</role-name>
</security-role>
<security-role>
<role-name>estudiante</role-name>
</security-role>
<ejb-local-ref>
<ejb-ref-name>ejb/local/AsigFacade</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<local>datamodel.model.AsigFacadeLocal</local>
<ejb-link>AsigFacade</ejb-link>
</ejb-local-ref>
</web-app>
index.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%@ page contentType="text/html;charset=windows-1252"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252"/>
<title>index</title>
</head>
<body><%response.sendRedirect("faces/app/welcome.jsp");%></body>
</html>

Servlet mapping for the Faces Servlet is
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
Is the input.jsp run by specifying the url in the browser?
Run input.jsp with right-click>Run
The url should include /faces/

Any one else have problems using 'FORM' based authentication in OC4J?

Since I couldn't find any information on this from Oracle I went with the specifications from Orion.
I am using Oracle Internet Directory Server for authentication of OC4J apps. I followed Orions specs for writing and pluging in your own usermanger to make calls to OID. Everything works fine when I use BASIC authentication but when I use FORM based authentication it fails to send the browser to the original url that was requested.
The browser just displays a blank screen?
You can tell that the client is authenticated because you can just request the URL again and it's displayed without prompting for a username/password.
For the login in screen the only specs Orion gives is that your form has to have an action of 'j_security_check' and pass 'j_username' and 'j_password'.
Does oracle have another way to do this, or has anyone else experienced this and no a way to fix it?

Tom,
Custom user authentication in Oc4J 1.0.2.2 is same in both Oc4J and Orion and we have tested that form based authentication works
fine. In 9iAS Release 2 Oracle has an integerated JAAS implementation with OC4J which you can configure either to authenticate users from a encrypted file or users stored in OID.

Forcing specific clients or groups to use forms based authentication (FBA) instead of windows based authentication (WIA) with ADFS

Hi,
We are have a quite specific issue. The problem is most likely by design in ADFS 3.0 (running on Windows Server 2012 R2) and we are trying to find a "work-around".
Most users in the organization is using their own personal computer and everything is fine and working as expected, single sign-on (WIA) internally to Office 365 and forms based (FBA) externally (using Citrix NetScaler as reverse proxy and load
balancing with the correct rewrites to add client-ip, proxy header and URL-transformation).
The problem occurs for a few (50-100) users where they are sharing the same computer, automatically logged on to the computer using a generic AD-user (same for all of them). This AD-user they are logged on with does not have any access to Office365
and if they try to access SharePoint Online they receive an error that they can't login (from SharePoint Online, not ADFS).
We can't change this, they need to have this generic account logged on to these computers. The issue occurs when a user that has access to SharePoint Online tries to access it when logged on with a generic account.
They are not able to "switch" from the generic account in ADFS / SharePoint Online to their personal account.
The only way I've found that may work is removing IE as a WIA-capable agent and deploy a User-Agent version string specific to most users but not the generic account.
My question to you: Is there another way? Maybe when ADFS sees the generic user, it forces forms based authentication or something like that?
Best regards,
Simon

I'd go with your original workaround using the user-agent and publishing a GPO for your normal users that elects to use a user-agent string associated with Integrated Windows Auth.. for the generic accounts, I'd look at using a loopback policy that overwrites
that user agent setting, so that forms logon is preferred for that subset of users. I don't think the Netscaler here is useful in this capacity as it's a front-end proxy and you need to evaluate the AuthZ rules on the AD FS server after the request has been
proxied. The error pages in Windows Server 2012 R2 are canned as the previous poster mentioned and difficult to customize (Javascript only)...
http://blog.auth360.net

Issue with form based Authentication in three tier sharepoint 2013 environment.

Hi,
We are facing issue with form based Authentication in three tier environment.
We are able to add users to the database and in SharePoint.
But we are not able to login with created users.
In single tier everything working fine
Please help , Its urgent ... Thanks in advance.
Regards,
Hari
Regards, Hari

if the environments match, then it sounds like a kerberos double-hop issue
Scott Brickey
MCTS, MCPD, MCITP
www.sbrickey.com
Strategic Data Systems - for all your SharePoint needs

Error re-logging in after session timeout using form-based authentication

Hello,
We have a web app configured for form-based authentication. When the session times out, we're redirected to our login page as expected. However, after re-logging in, we are not redirected to the desired page (e.g., /faces/OurMainPage.jspx) but to /afr/page_lev_idle.gif.
Do we have to do anything special for session timeouts?
Thanks,
Rico

Some extra information that might help:
After re-logging in and we're in /afr/page_lev_idle.gif, we hit the browser Back button (showing the login page again) and then hit the browser Refresh/Reload button and voila we're at the page we expect to be.
Rico

How to redirect to j_security_check without the form based authentication

Hi,
I am trying to integrate my application authentication to a backend system with the ibm websphere form based authentication. Below is the scenario:
1. when the user clicks on a protected url, the container will redirect the user to the login page.
2. instead of displaying the login page, i would like to automatically redirect the user to j_security_check action. which means that instead of displaying the login.jsp page, the user will automatically be redirected to j_security_check to perform some user authentication, and if successful, the application pages will be displayed.
The reason i want to auto redirect the user to j_security_check is because i am implementing some integration work with a backend system. the user will key in the username/password from another system. once the user is authenticated, the user information will be passed to my system. The login page of my system will not be displayed again, and by using the username value, my system will assume that the user has successfully been authenticated (authentication done by the backend system), and therefore automatically gain authorization to login into my application.
i hope that clarifies my problem.
anyone out there has any solution to my problem?
thanks a lot in advance.

Hi Darren,
Let me explain the whole authentication environment.
There are actually 2 systems in this environment. Let;s call it system A and system B.
System B is actually using the authentication mechanism that i described in my previous message.
A login page will be presented to the user (within system A). User credential is collected and passed to system A to be authenticated. System A will use its own mechanism to authenticate the user.
Once the user is authenticated, system A will pass the user ID to system B. At this point, system B will assume that the user is authenticated and grant authorization to access the application. (system B global security is enabled and implements the form based authentication mechanism) Therefore, at this point, the redirect page (so called login page) will not be displayed to the user, instead it will be automatically redirected to the j_security_check action to execute the customer Ldap Registry class. (ps : eventhough authentication is no longer needed, the flow will still go to Ldap Registry class. A check is done in the Ldap Registry class to skip the authentication, if it is not boot strap login. Only first and only time authentication is done for boot strap login).
In the case a protected url is clicked or invoked by the user directly, the application will redirect the user to the initial login of system A. Otherwise (the url link originates from system A, during the passing of user token to system B), system B will redirect to j_security_check and execute the customer Ldap Registry class.
Based on the above explained scenario, in your opinion, is there any security loopholes? consider that system B no longer perform authentication but only to grant authorization to the user.
Appreciate your advice. Thanks in advance
Anyway, i am using the ibm websphere server. :)

Logout Functionality in Form Based Authentication Not Working Properly

Hi All,
I am using Form Based Authentication in ADF. In this I followed the following steps:-
1.Login On Page.
2.In successful login page ,copy the url
3.Click on "Logout"
4.Paste the url in login page and click enter
5.System taking me back to that page where I can perform all the actions.
But the Login operation should not happen just by entering the url. Please provide any help how to stop redirecting to my authenticated page just by typing the url. This is a big security constraint.Any Assistance to this is highly appreciated.
Thanks & Regards
Lovenish Garg

Hi BaiG,
For Login I am using the form based authentication and for logout here is my code:-
public void logout() {
ExternalContext ectx =
FacesContext.getCurrentInstance().getExternalContext();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpSession session = (HttpSession)ectx.getSession(false);
session.invalidate();
response.setHeader("Cache-Control", "no-cache");
response.setHeader("expires", "0");
response.setHeader("Pragma", "no-cache");
try {
response.sendRedirect("AdminLogin.html");
} catch (IOException e) {
logger.severe(e.getMessage());
//Inform JSF to not take the response in hands
FacesContext.getCurrentInstance().responseComplete();
logger.info("session invalidated");
Thanks,
Lovenish Garg

Faces context not found (Form based authentication)

<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/jsp/WorkingZone.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/Login/login.jsp</form-login-page>
<form-error-page>/Login/error.jsp</form-error-page>
</form-login-config>
</login-config>
when i tried to login with valid user the the url shows
http://localhost:8080/FormAuth/jsp/WorkingZone.jsp
how to append faces context automatically.
I am not finding for this faces context.
Plz suggest me a solution soon.
Thanks
Raghavendra Pattar

The FacesContext is created by FacesServlet which is
definied in the web.xml with an url-pattern.
If you just follow the url-pattern of this
FacesServlet, usually /faces/ or *.faces, or *.jsf,
then the FacesContext will be created.Hi balu,
this is the web.xml that i am using
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>server</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.CONFIG_FILES</param-name>
    <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.validateXml</param-name>
    <param-value>true</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.verifyObjects</param-name>
    <param-value>false</param-value>
</context-param>
<filter>
    <filter-name>UploadFilter</filter-name>
    <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
    <init-param>
      <description>
          The maximum allowed upload size in bytes. If this is set
          to a negative value, there is no maximum. The default
          value is 1000000.
        </description>
      <param-name>maxSize</param-name>
      <param-value>1000000</param-value>
    </init-param>
    <init-param>
      <description>
          The size (in bytes) of an uploaded file which, if it is
          exceeded, will cause the file to be written directly to
          disk instead of stored in memory. Files smaller than or
          equal to this size will be stored in memory. The default
          value is 4096.
        </description>
      <param-name>sizeThreshold</param-name>
      <param-value>4096</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>UploadFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet>
    <servlet-name>ThemeServlet</servlet-name>
    <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>ThemeServlet</servlet-name>
    <url-pattern>/theme/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file></welcome-file>
     </welcome-file-list>
<jsp-config>
    <jsp-property-group>
      <url-pattern>*.jspf</url-pattern>
      <is-xml>true</is-xml>
    </jsp-property-group>
</jsp-config>
<security-constraint>
    <display-name>Example Security Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <url-pattern>/secure/*</url-pattern>
        <http-method>GET</http-method>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>manager</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Example Form-Based Authentication Area</realm-name>
    <form-login-config>
      <form-login-page>/Login/login.jsp</form-login-page>
      <form-error-page>/Login/error.jsp</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>manager</role-name>
</security-role>
</web-app>1)My requirement is Login page should be the first page
If enter the valid user and password
then i will get directory structure
when i click the secured JSF page inside secure
i got this URL
http://localhost/secure/WorkingZone.jsp
obiviously /faces is missing
and i am getting faces context not found.
If u need further clarification i will send u..
Plz reply me...

Oracle form based authentication

Similar Messages

Maybe you are looking for