Providing ADF security  to fusion WebAppliaction (ADF 11g)

Similar Messages

• Problem with ADF security and task flow calls

  Hi.
  I am using JDeveloper 11.1.2.0.0.
  I encountered a problem when tried to apply ADF security to my application.
  The way to reproduce the problem:
  1. Create new Fusion Web Application;
  2. Import Business Components from Tables from any existing schema and add at least one table to the ApplicationModule.
  3. Create "welcome page" (for instance, welcome.jsf). Add a button with fixed action outcome "test".
  4. Create test page, for instance, test.jsf. Drag and drop any view object from Data Controls onto the page and create a form with navigation controls. Add a button with fixed action outcome "return".
  5. Create bounded task flow, name it "test", drag and drop our test page on it - the page will be the default activity. Add a task flow return activity. Add a control flow case from the default view activity to the return activity, set From Outcome property to "return". So our return button should cause the task flow to exit.
  6. Open adfc-config.xml in diagram mode and place our welcome page on it. Then drag and drop the test task flow to create a task flow call activity. Add a control flow case from welcome page to task flow call activity, set the From Outcome property to "test". So our test button should call the test task flow.
  7. Configure application to run the unbounded task flow starting with Welcome view activity.
  At this point all works as expected: when application runs, the welcome page is displayed with test button. Pressing the test button results in displaying the test page, return button leads back to the welcome page.
  Now let's configure ADF Security.
  Run the ADF Security configuration wizard, choose ADF Authentication and Authorization.
  On the second page select Form-Based Authentication, check the Generate Default Pages flag.
  On the third page choose No Automatic Grants.
  On the next page keep the Redirect Upon Successful Authentication unchecked. Press Finish.
  Open jazn-data.xml to configure roles, users and resource grants:
  1. Create application role test-role.
  2. Grant the test-role privileges to view the test task flow.
  3. Create user and grant him the test-role.
  Now we have the public available welcome page and the test page with restricted access.
  When application runs, the welcome page is displayed as expected. Pressing the test button redirect us to auto-generated login page. After successful authorization the test page is displayed. But nothing happens if we click now the return button for the first time. When we click the return button once more, the application crushes with Error-500 and message "Target Unreachable, identifier 'bindings' resolved to null". The exact error trace depends on UI control bindings, but looks like this:
  javax.el.PropertyNotFoundException: //C:/Users/DUDKIN/AppData/Roaming/JDeveloper/system11.1.2.0.38.60.17/o.j2ee/drs/Test1/ViewControllerWebApp.war/test.jsf @10,120 value="#{bindings.Id.inputValue}": Target Unreachable, identifier 'bindings' resolved to null
       at com.sun.faces.facelets.el.TagValueExpression.isReadOnly(TagValueExpression.java:122)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer._getUncachedReadOnly(EditableValueRenderer.java:476)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.getReadOnly(EditableValueRenderer.java:390)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.wasSubmitted(EditableValueRenderer.java:345)
       at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.decodeInternal(EditableValueRenderer.java:116)
       at oracle.adfinternal.view.faces.renderkit.rich.LabeledInputRenderer.decodeInternal(LabeledInputRenderer.java:56)
       at oracle.adf.view.rich.render.RichRenderer.decode(RichRenderer.java:342)
       at org.apache.myfaces.trinidad.render.CoreRenderer.decode(CoreRenderer.java:274)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.__rendererDecode(UIXComponentBase.java:1324)
  (the rest of lines skipped).
  Any suggestions?
  Edited by: user13307311 on Apr 16, 2013 11:39 PM

  @Lovin_JV_941794
  The welcome page is public available since it does not have appropriate PageDef file.
  Login page comes not from the welcome page, it comes after attempt to access the test page. So after the login succeeded the test page appears, because redirect to welcome page after successful login is not configured. I do not need to return the welcome page at this moment, I need to go to the test page.
  It seems the task flow call stack to be destroyed after redirect to login page.
  Edited by: user13307311 on Apr 17, 2013 12:45 AM

• ADF security   problem

  hi ,
  I created a page called " main.jspx " and I used the ADF security in jdeveloper 11.1.1.2.0 . I deployed my application to a standalone weblogic . When I typed "http://localhost:7001/test/faces/main.jspx" , it redirected to "http://localhost:7001/test/login.html" . After typing correct "username" and "password" ,it redirected to my "main.jspx" . That is correct . But now I open this application in jdeveloper 11.1.1.3.0 , and redeploy it to a standalone weblogic . When I typed "http://localhost:7001/test/faces/main.jspx" , it directly show the main.jspx page . Why no Authentication ? I "remove ADF Security Configuration" and " reconfigure ADF Security" . It doesn't work . But if I create a new application and use ADF security in jdeveloper 11.1.1.3.0 . The new application works well . I need to work with my old application . Can you give me any advice ? thanks!!

  duplicate
  Frank

• Regarding ADF Security

  hi,
  I have enabled the ADF security from application --> configure ADF Security .
  while configuring ADF Security Wizard,
  1>i have selected the ADF Authentication model/ form Based Authentication .
  2> in the Application roles I have added a role (manager). and added a user in that *(manager1).*
  In my application i have 3 pages*.(home.jspx, search.jspx, setting.jspx)*
  1>in home.jspx i have 2 go links to the search and setting pages i.e. search and setting respectively.
  here my requirement is only the user with role manager should be able to access the setting page. I tried it by using granted to roles in the edit
  authorization of setting.jspx. but it is of no use i.e allows all the users to access the setting page.
  can anybody suggest any idea?....

  hi Frank,
  Thanks for the reply. i just followed what you have told ..i.e
  While configuring adf security i selected adf authentication and authorization with no automatic grants. and after successful log in it should go to the home.jspx.
  in the application role setting ...
  1> i created a role manager.
  2> added a user manager1 to role manager
  3> created a application role appmanager
  4> added manager to appmanager.
  and in the application policy setting
  1> for home page and search page - ( granted to role= anonymous_role)
  2> manager setting(pagdef) - (*granted to role = appmanager*)
  Here the problem is , after giving username and password when i click on submit it is giving an error that Error 500--Internal Server Error how can i solve this?...

• ADF UI Shell + ADF Security - blog post

  For readers of this forum, I've written a blog post on combining the UI Shell + ADF Security:
  New blog post: ADF UI Shell + ADF Security - http://one-size-doesnt-fit-all.blogspot.com/2009/12/adf-ui-shell-adf-security.html
  Regards,
  CM.

  Hi
  How does the SignIn/SignOut link in the UI Shell Global Area Work ?? . When the SignIn link is clicked it takes me to the default login Page and i am able to login . But once logged in , if i select the SignOut link , it doesn't seem to do anything .As per the document it is supposed to clear the User Session and redirect to the Home Page. Any reason why this is not happening ?
  Thanks
  Aditya

• Record Level Authentication in ADF Security 11g

  Is it possible to code my application to support record level authentication by using ADF 11g Security?
  For example the CEO Role can read all orders from a view, but other roles can only read the orders by them self.
  Do I have to control this mannually or the ADF Security can handle this for me? Is there any example about this?
  Thanks in advanced,
  Samson Fu

  I can think of three solutions:
  1) Go with the Oracle database Virtual Private Database (VPD) feature. This is the ideal solution as it codes that security logic in the database, and doesn't rely on your program/middletier getting the security correct.
  2) In ADF BC create the custom framework as recommended in the JDev Fusion Guide and then modify the custom ViewObjectImpl executeQuery() method such that it always adds your required predicate (where clause) to each VO query.
  3) Custom code the Where clause into every ADF BC VO query.
  CM.

• Migrating ADF Security from file-based provider to LDAP provider

  We have deployed a small application using ADF Security with file-based provider in OAS and it works fine.
  Now we want to migrate to ADF Security using LDAP provider.
  In order to make this possible we followed the next steps:
  - Migrate all the roles and policies from the file to OID with JAZNMigrationtool.
  - In OAS we've changed the Application Security Provider to 'Oracle Identity Management'.
  - Reset the OC4J instance.
  But there was no success, the application continues working with the file-based provider.
  What more is necessary to configurate?

  Hi,
  if you use EM make sure you change the setting for the application, not the general OC4J setting.
  You can also deploy the provider settings with the orion-application.xml file added to your project
  Frank

• Best way Of providing user authentication using ADF security...

  Hi,
  I have a web application . I want to implement to ADF security to the application.. What is the best approach of doing this? I have the user information in the database tables along with the roles and other information. I want to these tables for authorization ?
  What is the best approach to do this? It would be great if u could help ..
  I ma using 11g release 2
  Thanks in advance.
  Rakesh

  Hi,
  Thanks for the quick response.
  I have been looking at the post but i found one of the forum post in which the person was saying the SQLAuthentication doesnt work ..
  "Be wary when using ADF Security (OPSS) with a SQLAuthenticator.
  This is feedback I got in SR 3-4124753004 :
  "If the you want to use DB as the identity store, then the supported way is to buy OVD server license and configure DB adapter in OVD and then configure an OVD authenticator in Weblogic. SQLAuthenticator will not be used as identity store. And, we do not recommend to use LibOVD for DB identity store. OVD server is the recommended and supported way."
  related bugs are :
  - bug 13876651, "FMW CONTROL SHOULD NOT ALLOW MANAGING USERS GROUPS FROM SQL AUTHENTICATOR"
  - enhancement request 12864498, "OPSS : ADDMEMBERSTOAPPLICATIONROLE : THE SEARCH FOR ROLE FAILED"
  related forum threads are :
  - "ADF Security : identity store : tables in a SQL database"
  - "OPSS : addMembersToApplicationRole : The search for role failed"
  regards
  Jan Vervecken"
  Is this true?
  Rakesh

• ADF BC 11g, Weblogic 10.3 - Deployment Issue with ADF Security

  Hi all,
  I know there are many many blogs about deployment of an 11g app using ADF Security to a WLS 10.3 server, however, none appear to be working for me.. or I'm not working with them! :P
  I've deployed an .ear file to the WLS 10.3 and this works fine - after following these steps
  http://www.freewebalbum.com/blogs/faces/bjanko/blogs.jsp?blog=bjanko20090127130431
  I then followed Steve's migration technique
  http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html
  That all built correctly.
  I then tried to access the app via browser, entered in the user cred (created under Security Realms in WLS 10.3 admin console - user and groups).
  I attempted to login, and received an "Error 401--Unauthorized" error.
  I'll that I see in the server log is:
  [JpsWlsFilter.doFilter] setContextID to testApp
  I'm totally stuck, so any ideas would be awesome.
  Cheers,
  chris

  Just gave that a shot.. No dice unfortunately.
  Steve Muench wrote:
  You can omit -DdstApp=DEPLOYAPPNAME if the deployed application name is the same as the source application name you supplied in the -DsrcApp=APPNAME argument.I hate massive code dumping... but this is my jazn-data.xml
  <?xml version = '1.0' encoding = 'UTF-8'?>
  <jazn-data>
     <jazn-realm default="jazn.com">
        <realm>
           <name>jazn.com</name>
           <users>
              <user>
                 <name>system</name>
                 <guid>0300AED0A9A411DD8F304FB2D3E85932</guid>
                 <credentials>{903}G5cbldq4HwMVt/gQpv1lXuNdLYbSu20y</credentials>
              </user>
           </users>
           <roles>
              <role>
                 <name>PlusAdmin</name>
                 <guid>0300AED1A9A411DD8F304FB2D3E85932</guid>
                 <members>
                    <member>
                       <type>user</type>
                       <name>system</name>
                    </member>
                 </members>
              </role>
              <role>
                 <name>PlusUser</name>
                 <guid>0300AED2A9A411DD8F304FB2D3E85932</guid>
                 <members>
                    <member>
                       <type>user</type>
                       <name>system</name>
                    </member>
                 </members>
              </role>
           </roles>
        </realm>
     </jazn-realm>
     <policy-store>
        <applications>
           <application>
              <name>TestApp</name>
              <app-roles>
                 <app-role>
                    <name>PlusAdmin</name>
                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                    <members>
                       <member>
                          <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
                          <name>system</name>
                       </member>
                    </members>
                 </app-role>
                 <app-role>
                    <name>PlusUser</name>
                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                    <members>
                       <member>
                          <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
                          <name>system</name>
                       </member>
                    </members>
                 </app-role>
              </app-roles>
              <jazn-policy>
                 <grant>
                    <grantee>
                       <principals>
                          <principal>
                             <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
                             <name>anonymous-role</name>
                          </principal>
                       </principals>
                    </grantee>
                    <permissions>
                       <permission>
                          <class>oracle.adf.share.security.authorization.RegionPermission</class>
                          <name>com.delexian.plus.ui.pageDefs.LogonPageDef</name>
                          <actions>view</actions>
                       </permission>
                       <permission>
                          <class>oracle.adf.share.security.authorization.RegionPermission</class>
                          <name>com.delexian.plus.ui.pageDefs.LogonErrorPageDef</name>
                          <actions>view</actions>
                       </permission>
                    </permissions>
                 </grant>
                 <grant>
                    <grantee>
                       <principals>
                          <principal>
                             <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                             <name>PlusAdmin</name>
                          </principal>
                       </principals>
                    </grantee>
                    <permissions>
                       <permission>
                          <class>oracle.adf.share.security.authorization.RegionPermission</class>
                          <name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
                          <actions>customize,edit,grant,personalize,view</actions>
                       </permission>
                    </permissions>
                 </grant>
                 <grant>
                    <grantee>
                       <principals>
                          <principal>
                             <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                             <name>PlusUser</name>
                          </principal>
                       </principals>
                    </grantee>
                    <permissions>
                       <permission>
                          <class>oracle.adf.share.security.authorization.RegionPermission</class>
                          <name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
                          <actions>customize,edit,grant,personalize,view</actions>
                       </permission>
                    </permissions>
                 </grant>
              </jazn-policy>
           </application>
        </applications>
     </policy-store>
     <jazn-policy/>
  </jazn-data>

• ADF Security unable to run/deploy

  Hi all,
  I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
  What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
  But I failed with the following error messages, can anybody help me?
  Thanks in advanced.
  2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
  資訊: Application ID : wsm-pm
  2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
  資訊: "Metadata Services: Metadata archive (MAR) not found."
  <2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
  <2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
  <2009年11月16日 下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
  2009年11月16日 下午02:13:38 oracle.wsm.audit.Auditor <init>
  資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
  2009年11月16日 下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
  資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
  2009年11月16日 下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
  資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
  <2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  DefaultServer startup time: 53578 ms.
  DefaultServer started.
  [Running application TestLogin on Server Instance DefaultServer...]
  <2009年11月16日 下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
  2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
  資訊: Application ID : TestLogin
  2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
  資訊: "Metadata Services: Metadata archive (MAR) not found."
  2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
  資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
  2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
  資訊: Application policy migration for [TestLogin] is completed successfully.
  2009年11月16日 下午02:13:50 JpsApplicationLifecycleListener Policy Migration
  資訊: Codebase policy migration for [TestLogin] is completed successfully.
  <2009年11月16日 下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
  java.lang.NullPointerException
       at oracle.security.pki.l.c(Unknown Source)
       at oracle.security.pki.l.b(Unknown Source)
       at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
       at oracle.security.pki.OracleSecretStore.load(Unknown Source)
       at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
       Truncated. see log file for complete stacktrace
  java.lang.NullPointerException
       at oracle.security.pki.l.c(Unknown Source)
       at oracle.security.pki.l.b(Unknown Source)
       at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
       at oracle.security.pki.OracleSecretStore.load(Unknown Source)
       at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
       Truncated. see log file for complete stacktrace
  >
  <2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
  <2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
  java.lang.NullPointerException
       at oracle.security.pki.l.c(Unknown Source)
       at oracle.security.pki.l.b(Unknown Source)
       at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
       at oracle.security.pki.OracleSecretStore.load(Unknown Source)
       at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
       Truncated. see log file for complete stacktrace
  java.lang.NullPointerException
       at oracle.security.pki.l.c(Unknown Source)
       at oracle.security.pki.l.b(Unknown Source)
       at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
       at oracle.security.pki.OracleSecretStore.load(Unknown Source)
       at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
       Truncated. see log file for complete stacktrace
  >
  [02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
  [02:13:50 PM] See server logs or server console for more details.
  [02:13:50 PM] #### Deployment incomplete. ####
  oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
  oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
       at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
       at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
       at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
       at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
  Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
       at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
       at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
       ... 11 more
  Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
       at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
       ... 12 more
  #### Cannot run application TestLogin due to error deploying to DefaultServer.
  [Application TestLogin stopped and undeployed from Server Instance DefaultServer]
  Samson Fu

  I found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
  Regards,
  Samson Fu

• How to integrate a SSO based in cookie with ADF Security

  At work they asked me to integrate a existing SSO based in cookie with the new ADF + Jdeveloper 11g + WLS. After google for days and read a lot of blogs and official documentation I've made a custom LoginModule. I made it very simple, it's just an "if" inside the login() function with the username, if the username is "john" I put to the Subject some Principals. My steps are:
  1- Create a new app based on "Fusion application" template.
  2- Make a new ADF Taskflow with only one view inside (the entry point of the taskflow). The jspx only contains a welcome message.
  3- Run the ADF Security wizard, all the steps with the default option, I don't change anything.
  4- Put some users and some roles in jazn-data.xml, and maping them to an application role. Then I grant permissions to the application role to view the previous task flow.
  At this point everything is ok. I run the taskflow and a basic login popup prompts me to write my username and password. Now I try to remove everything useless for me, like idstore, credentials, anonymous, etc. I only want a LoginModule that get the HttpRequest and passes it to an already done class that returns a true/false depending if the cookie is correct or not but, as I said before, my LoginModule is so simple now and even didn't try to do something more complicated than an if. The steps I try are:
  in jps-config.xml
  5- Remove idstore.xml and credentials.
  6- (loginmodule tab) Make a new login module, and put here my class. The class is in the ViewController project and JDeveloper find it navigating through the heriarchy, so I have visibility. I put REQUIRE flag, add all roles and debug mode.
  7- In the security context unmark the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
  All that I got until now is a 500 error (Internal server error - Authorization Exception). Sometimes (the close i've ever been to do something correct) the browser ask me for user/password but then only recognizes the users that already are in WLS (idstore from previous tests), but NOT the "john" user that is inside my custom LoginModule. Even more, if I run the WLS from JDeveloper 11g in debug mode, the runtime never stops at breakpoints inside my custom login module. It seems that my LoginModule isn't deployed or I made some error maping the roles.
  So, my questions are:
  - I'm in the good way? If I want an authentication based in cookie/httprequest I have to do a custom LoginModule? My goal is to do a re-usable code, and re-use the code that my co-workers have done. They have a class that with only the HttpRequest determines if a user is logged or not.
  - If I'm in the good way... how can I put my custom LoginModule in the WLS? I tried to search something in the Administration Panel (localhost:7101/console) but I did'nt find nothing.
  - In case I'd got the custom LoginModule working fine in WLS... how can I get a HttpRequest from a LoginModule and avoid the username/password dialog? I've to make a filter and pass it to the my LoginModule? If it's correct... how?
  I don't post my code because is so simple, it's based on DBTableLoginModule but without all the database access code.
  Thanks to all!
  P.D.: If this message isn't in the correct forum, I'm sorry. Feel free to move it.
  P.D.2: Sorry about my english, I'm spanish. I know i've to practise a lot :)

  Hi Frank,
  Thanks a lot for your answer. Just one more easy question: what I need to do is a custom Authentication Module (which will read the cookie)? If only you can point me to the correct chapter of the WLS documentation I'll be very pleased.
  In future releases of JDeveloper will be easier to do this kind of things related to security?
  Riveck

• Fusion Applications 11.1.7: Deploy a custom ADF page to Fusion Applications

  Hi,
  I am trying to create and deploy a custom ADF page in Fusion Applications(in premise) which will allow search, create and update operations on a custom table. I have been going through a pile of documents and this forum but I still have the following questions.
  I have a PageA based on the UIShell. This page is linked to the taskflow TaskFlowA which provides the search functionality. TaskFlowA calls TaskFlowB and TaskFlowC which provide the create and edit functionalities.
  I have enabled security from Jdeveloper (Application>Secure>Configure ADF Security)
  Question#1: Is this step required?
  To deploy it I will generate the ADF Library JAR for the Model and ViewController. The ADF Library JAR for the model will be placed into the <ExplodedEarDirectory>/APP-INF/lib directory of an existing application(say HCM). The ADF Library JAR for the UI will be placed in the <ExploadedWarDirectory>/WEB-INF/lib directory.
  Question#2: Are any other steps required for deployment.
  I will then add permissions for the page by following the steps in How To Configure Security For Custom Pages/Taskflows Added To Fusion Applications(Doc ID 1486524.1). This document lists the steps for configuring authorization policies using APM.
  Question#3: While specifying the resource type in APM, I will select RegionResouceType and set the Name to PageA. I understand that I need to provide the full path of PageA in the form xx.xxx.xx. But how do I get the full path?
  Finally I will add a new menu entry in the Navigator menu using the setup task “Manage Menu Customizations” by adding a new item.
  Question#4: What will be the value of Focus View Id for the new Item? Will it be the Focus View Id that I provided while creating the menu file in JDeveloper?
  Question#5: What will be the value of Secured Resource Name? Will it be the same as what I provided in Question#3 above?
  Thanks,
  Sujoy

  Question#1: Is this step required?
  Yes if you want to test the security in the integrated WLS .
  Question#2: Are any other steps required for deployment.
  Yes. Please follow up our earlier post ADF How-To #12: Deploying Customizations to Standalone WLS
  For question #3, #4 & #5 please first review our other post ADF How-To #10: Replacing A Bounded Task Flow  This won't answer completely what you asked but would definitely be a step in that direction.
  I would also recommend you to go through other posts starting with title ADF How-To #.
  Hope this helps
  Vik
  http://blogs.oracle.com/fadevrel

• ADF Security : identity store : tables in a SQL database

  hi
  The documentation says "ADF Security is built on top of the Oracle Platform Security Services (OPSS) architecture, which itself is well-integrated with Oracle WebLogic Server. ".
  As such, ADF Security provides abstractions, also abstraction from an identity store (the repository of user identities and login credentials).
  If my identity store is a set of custom tables in a SQL database, what are the Oracle supported options to use that identity store for an ADF application using ADF Security?
  (Please refer to related documentation if possible.)
  many thanks
  Jan Vervecken

  Thanks for your reply John.
  John Stegeman wrote:
  ... To your questions to Frank - I'd answer "yes." ...Thanks for the confirmation.
  ... The specific points of the documentation that I found helpful were [url http://download.oracle.com/docs/cd/E21764_01/core.1111/e10043/underjps.htm#BABHCGGG]this picture and the discussion on identity management [url http://download.oracle.com/docs/cd/E21764_01/core.1111/e10043/addlsecfea.htm#CFHGBDEG]here. ...
  The "Identity Management" section you refer to says ...
  "... The domain administrator must configure the domain authenticator (with the Administration Console), update identities (enterprise users and groups) in the environment, as appropriate, and map application roles to enterprise users and groups (with Fusion Middleware Control). ..."
  ... which brings us to the context for the "general" question I asked in this thread:
  I am trying to understand the "... This is not a supported usecase (use enterprise role from the DB, and add the enterprise role to approle). ..." feedback that I got in the context of my question in forum thread
  "OPSS : addMembersToApplicationRole : The search for role failed"
  at OPSS : addMembersToApplicationRole : The search for role failed
  (Please post in that thread if you want to give feedback on that "use-case".)
  regards
  Jan

• About login authentication in ADF Security

  I have applied ADF Security in application which I learned from the Cue Cards example and I did it successfully but I wanted to change the login page.
  So I created a PopUp which I learned from "Oracle JDeveloper 11g Handbook A Guide to Oracle Fusion Web Development" and instead of the Menu Button, I used a Go Link Button as I had done in the Cue Cards example.
  But the problem is how to manage the login/logout authentication. As in the book I created a managed bean to handle login and the code is :
  package inventory.controller;
  import java.io.IOException;
  import javax.faces.application.FacesMessage;
  import javax.faces.context.FacesContext;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.login.FailedLoginException;
  import javax.security.auth.login.LoginException;
  import javax.servlet.RequestDispatcher;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import weblogic.security.SimpleCallbackHandler;
  import weblogic.security.services.Authentication;
  import weblogic.servlet.security.ServletAuthentication;
  public class LoginHandler {
  private String _username;
  private String _password;
  public LoginHandler() {
  super();
  public String performLogin() {
  byte[] pw = _password.getBytes();
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  CallbackHandler handler = new SimpleCallbackHandler(_username, pw);
  try {
  Subject mySubject = Authentication.login(handler);
  ServletAuthentication.runAs(mySubject, request);
  String loginUrl =
  "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId();
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  sendForward(request, response, loginUrl);
  } catch (FailedLoginException fle) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
  "An incorrect Username or Password" +
  " was specified");
  ctx.addMessage(null, msg);
  } catch (LoginException le) {
  reportUnexpectedLoginError("LoginException", le);
  return null;
  private void sendForward(HttpServletRequest request,
  HttpServletResponse response, String loginUrl) {
  FacesContext ctx = FacesContext.getCurrentInstance();
  RequestDispatcher dispatcher = request.getRequestDispatcher(loginUrl);
  try {
  dispatcher.forward(request, response);
  } catch (ServletException se) {
  reportUnexpectedLoginError("ServletException", se);
  } catch (IOException ie) {
  reportUnexpectedLoginError("IOException", ie);
  ctx.responseComplete();
  private void reportUnexpectedLoginError(String errType, Exception e) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected Error During Login",
  "Unexpected Error during Login (" + errType +
  "), please consult logs for detail");
  FacesContext.getCurrentInstance().addMessage(null, msg);
  e.printStackTrace();
  public String performLogout() {
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  String logoutUrl =
  "/adfAuthentication?logout=true&end_url=/faces/home";
  sendForward(request, response, logoutUrl);
  return null;
  public void setUsername(String _username) {
  this._username = _username;
  public String getUsername() {
  return _username;
  public void setPassword(String _password) {
  this._password = _password;
  public String getPassword() {
  return _password;
  But as I run the page and click the login link, it displays the PopUp box but I think it can't get the username and password from the field inserted and displays the error message specified in the above code(ie in try/catch) when I enter the required username and password and click the login button. So is there something in the code, I ran the application TUHRA which I downloaded, which was an example in the book I specified. and it went well and the login popup worked well.
  And I want to know that how to work the button by just pressing Enter key without clicking the button ? And also is there procedural change in the ADF configuration in jDev 11.1.1.1.0 and jDev 11.1.1.5.0 as I have jDev 11.1.1.5.0 installed and there was something different in following the steps specified in the book but I managed it by looking at the cure cards example. So is this the steps problem or something else?
  Thanks in advance.

  I didn't design the login page but I just created a PopUp window and in the popup window I inserted two Input text fields for username and password.
  And i set the 'value' of the username field as "#{login.username}" and the 'value' of the password field as "#{login.password}"
  Also in the login button the "action" set to #{login.performLogin}.
  And the button which I use to display the popup is a Go Link button, the "Destination" is set to "#{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/home.jspx" : "/adfAuthentication?success_url=/faces/home.jspx"} ".
  I inserted the popup inside the Go Button in the structure window.
  And Added the managed bean in the adfc config.xml with the following properties:
  Name as “login”
  Class as “inventory.controller.LoginHandler”
  Scope as “request”
  If I don't use the popup and login with the default generated login form , the login is successful
  And also when i removed the ADF security configuration, the meta data didn't go away and when i reconfigured the security some error is diplayed in the log details as cannot create or something like rewrite the users.
  Please help I don't have much time to complete my project. its an emergency.
  Edited by: SudeepShakya on Nov 4, 2011 10:06 AM

• Use Adf Security In jspx page

  Hi guys,
  Currently I am using default adf security.is there any way to use same security on my login jspx page.
  Thanks,
  Raul

  hi user,
  i hope that you are looking for
  http://www.fireboxtraining.com/blog/2012/02/09/oracle-adf-11g-authentication-using-custom-adf-login-form/
  http://docs.oracle.com/cd/E26098_01/web.1112/e16182/adding_security.htm
  please see the if you want custom login.
  Figure 35-3 Using the Configure ADF Security Wizard to Generate a Simple Login Page
  there is lot of youtube videos. just google it out.
  this is to timo:
  What do you mean by  '...I am using default adf security...'
  if i am understood correctly. while creating new fusion web apps while configuring adf-security HTTP Basic Authentication is comes as default option. he mentioning in that way.
  do You want to secure the login page itself? This doesn't make sense as you need to login to get to the login page.
  i hope he is not asking like as you mentioned.
  from my experience i will interpret like this
  "Currently I am using default adf security".
  he is currently using default adf security(HTTP Basic Authentication).
  is there any way to use same security on my login jspx page.
  he need use the same adf-security concept on custom login page.
  Thanks