Regarding ADF Security

hi,
I have enabled the ADF security from application --> configure ADF Security .
while configuring ADF Security Wizard,
1>i have selected the ADF Authentication model/ form Based Authentication .
2> in the Application roles I have added a role (manager). and added a user in that *(manager1).*
In my application i have 3 pages*.(home.jspx, search.jspx, setting.jspx)*
1>in home.jspx i have 2 go links to the search and setting pages i.e. search and setting respectively.
here my requirement is only the user with role manager should be able to access the setting page. I tried it by using granted to roles in the edit
authorization of setting.jspx. but it is of no use i.e allows all the users to access the setting page.
can anybody suggest any idea?....

hi Frank,
Thanks for the reply. i just followed what you have told ..i.e
While configuring adf security i selected adf authentication and authorization with no automatic grants. and after successful log in it should go to the home.jspx.
in the application role setting ...
1> i created a role manager.
2> added a user manager1 to role manager
3> created a application role appmanager
4> added manager to appmanager.
and in the application policy setting
1> for home page and search page - ( granted to role= anonymous_role)
2> manager setting(pagdef) - (*granted to role = appmanager*)
Here the problem is , after giving username and password when i click on submit it is giving an error that Error 500--Internal Server Error how can i solve this?...

Similar Messages

Migrating ADF Security to WLS using OID

I have seen a number of posts on this forum regarding deploying an application which has ADF Security enabled to a stand-alone WebLogic server, but none of them seem to address the following.
I have an application in JDeveloper which uses an XML-based identity store and policy store. I have a stand-alone WLS which is connected to OID. I am trying to migrate the credential store and policy store to the OID configured for my stand-alone WLS. The various blogs and OTN articles mentioned frequently in this forum regarding ADF Security address configuring OID in WLS, as well as how to migrate security to XML-based providers on WLS. However, I have not seen any information on how to migrate security to OID in WLS. I have a few questions in particular:
1) JDeveloper online help has limited information for modifying the jps-config.xml to have a destination context, service instance, and service provider for LDAP (OID). It has configuration parameters for “JpsFarmName” and “JpsRootNodeName”. What are these used for, and what should the values be?
2) Does the jps-config.xml file need to be modified in WLS (i.e. <Domain>/config/oracle/jps-config.xml)? Is this file even used at runtime by WLS?
3) How does WLS know to use OID for obtaining credential, identity, and policy information instead of system-jazn-data?
Any information on this topic would be very appreciated!
Thanks,
Erick

Hi,
I am using migrateSecurityStore for policy migration from xml to OID.
migrateSecurityStore(type="policyStore",configFile="t2p-policies.xml",src="XMLsourceContext",dst="LDAPdestinationContext")
when I run above command I am getting following error.
Jul 9, 2009 11:00:08 AM oracle.security.jps.internal.config.util.BootstrapConfig
urationUtil getCredentialFromBootstrapWallet
SEVERE: Cannot get credential. Reason java.security.PrivilegedActionException: o
racle.security.jps.service.credstore.CredStoreException.
COMMAND FAILED due to an unknown reason, Check the stack trace for details
Traceback (innermost last):
File "<console>", line 1, in ?
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 780, in migrateSec
urityStore
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 752, in migrateSec
urityStoreImpl
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(
LdapPolicyStore.java:230)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:108)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:55)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServ
iceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.DelegatingContextFactoryImp
l.findServiceInstance(DelegatingContextFactoryImpl.java:61)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:206)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getCo
ntextFromConfig(JpsContextFactoryImpl.java:171)
at oracle.security.jps.internal.tools.utility.util.JpsHelper.getContextF
romConfigObj(JpsHelper.java:115)
at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.g
etPolicyStoreForDestination(JpsPolicyAPIManager.java:157)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDs
tPolicy.<init>(JpsDstPolicy.java:186)
at oracle.security.jps.internal.tools.utility.destination.JpsInitializer
Dst.getDestinations(JpsInitializerDst.java:82)
at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtili
ty.java:63)
at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl
.migrateAllPolicyData(JpsUtilMigrationPolicyImpl.java:234)
at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand
(JpsUtilMigrationTool.java:167)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsRuntimeException
: Cannot read the default policy store.
thanks and regards
KishoreM

Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

Hi,
We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
Regards,
Joonas

Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

ADF Security unable to run/deploy

Hi all,
I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
But I failed with the following error messages, can anybody help me?
Thanks in advanced.
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : wsm-pm
2009年11月16日下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<2009年11月16日下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
2009年11月16日下午02:13:38 oracle.wsm.audit.Auditor <init>
資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
2009年11月16日下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
2009年11月16日下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<2009年11月16日下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
DefaultServer startup time: 53578 ms.
DefaultServer started.
[Running application TestLogin on Server Instance DefaultServer...]
<2009年11月16日下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : TestLogin
2009年11月16日下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
2009年11月16日下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application policy migration for [TestLogin] is completed successfully.
2009年11月16日下午02:13:50 JpsApplicationLifecycleListener Policy Migration
資訊: Codebase policy migration for [TestLogin] is completed successfully.
<2009年11月16日下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
<2009年11月16日下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
java.lang.NullPointerException
     at oracle.security.pki.l.c(Unknown Source)
     at oracle.security.pki.l.b(Unknown Source)
     at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
     at oracle.security.pki.OracleSecretStore.load(Unknown Source)
     at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
     Truncated. see log file for complete stacktrace
>
[02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
[02:13:50 PM] See server logs or server console for more details.
[02:13:50 PM] #### Deployment incomplete. ####
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
     at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
     at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
     at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
     at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
     at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
     ... 11 more
Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
     at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
     ... 12 more
#### Cannot run application TestLogin due to error deploying to DefaultServer.
[Application TestLogin stopped and undeployed from Server Instance DefaultServer]
Samson Fu

I found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
Regards,
Samson Fu

Jdev 10.1.3.1 "ADF Security": Application without a custom login page?

Hi,
We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
Thanks,
Annie

Brenden,
Thank you so much for the reply. This is our code in the web.xml:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
regards,
Annie

Adf security with upper case user results in 500-internal server error

Hello
JDev 11.1.1.0.2, Integrated WLS
I'v set up ADF security as explained in the documentation.
The only difference being that the role test-all has been removed.
I have one user 'paul' with a password of 'password'
I have one application role 'myrole'
'paul' is a member of 'myrole'
I have one unbounded task flow with one view (view1).
Via the janz-data.xml 'View1' has been granted to 'myrole' (view action)
When running View1 I get the login.html page which is correct.
The fun starts when playing around with the user/password.
If I login with 'paul' and 'password' view1 is display, this is correct
If I login with an unknown user or an incorrect password Windows Explorer 7 shows a generic HTTP 403 error page and not the error.html
If I login with 'PAUL' and 'password' (or Paul, or any mixed cased version of Paul with the correct password) I get the following stack trace :
oracle.adf.controller.security.AuthorizationException: ADFC-0619: Echec de la vérification des autorisations : '/view1.jspx' 'VIEW'.
     at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:145)
     at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:124)
     at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:639)
     at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:449)
     at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:44)
     at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:529)
     at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:118)
     at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:166)
     at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:122)
     at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:68)
     at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:51)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:354)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:175)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:181)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:279)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._invokeDoFilter(TrinidadFilterImpl.java:239)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:196)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:139)
     at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:85)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:257)
     at oracle.security.jps.wls.JpsWlsSubjectResolver.runJaasMode(JpsWlsSubjectResolver.java:250)
     at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:100)
     at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:65)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
The questions are :
- Why do I get the generic HTTP 403 error instead of the error.html (its not the end of the world but I would like to understand) ?
- Why do I get the error 500 if the case of the username is incorrect but the password is correct ?
Best Regards
Paul

Nope nothing in there that looks out of place...
Here's the contents of the web.xml file ..
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>addAllRoles</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jaas.mode</param-name>
<param-value>doasprivileged</param-value>
</init-param>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
Regards
Paul

Web Center app with ADF Security - login problem

I have a custome Oracle Web Center app.
I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
and i get
Error 403--Forbidden
I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
This works fine if i use a Login link with
destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
Edited by: new_to_webcenter on 18-Jan-2011 05:25

Thanks for your response Frank.
The web.xml has
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
"/faces/postLogin.jspx"
this then adds into web.xml
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/postLogin.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
So the sequence which works is:
Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
So should the form be posting to j_security_check directly or to the adfAuthentication ?

Web Center app ADF Security - login problem

I'm making an Oracle Web Center app.
I have an app page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the http://127.0.0.1:7101/MyApp-ViewController-context-root/
and i get
Error 403--Forbidden
I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the entries are there.
This works fine if i use a Login link with
destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.

Ah so when you try to access a JSPX page it works but when you try to access an HTML page it does not work?
I can't see what the problem could be if it works for a JSPX but not for an HTML. Perhaps something with the filters in the web.xml
Maybe you should ask this at the ADF forum: JDeveloper and ADF
The guys there have way more understanding about this stuff than here.

Oracle ADF Security

Dear All,
we have created some good number of Custom ResourcePermissions in our Oracle ADF 11g Application. we are trying to refer the permissions with wildcard character in jazn-data.xml. The same worked well for taskflows.
Is there anyway that we can implement wildcard character in custom resource Permissions ?
we are calling hasPermission() API to check whether permission exists or not. Currently this method returns false when we configured the resource name in wildcard character.
For example, actual key - a.b.c.menu
wild card character we are referring for this key is a.*.*.menu . The hasPermission() returns false for this case.
Regards
Deivee

Hi,
more an OPSS question than ADF Security. Anyway, the answer is
"No wildcard use is supported in a resource permission."
See: The OPSS Policy Model - 11g Release 1 (11.1.1)
Frank

Bug concerning ADF security

Just wanted to make a thread about this strange behavior when working with ADF security. Discovered it was a bug (i think).
I have just enabled ADF security in my project after reading chapter 28 of the developers manual and watching Franks tutorials on the Code Core center. I was having trouble implementing it and thought I was just doing it wrong. It seemed so simple in the manual. The trouble I was having was that if I granted some access to a task flow or a web page to a application role or to the anonymous role it wouldn't become active. No changes made in the jazn-data.xml would make any different. Next day when I started up again it all worked. But making further changes would also not become active. I looked ad the logs and noticed the following error in the deploy process:
+[Running application Health_Project1 on Server Instance DefaultServer...]+
Uploading jazn-data identities.
Uploading jazn-data policies.
oracle.security.jps.JpsException: Destination context default missing in the specified jps-config.xml.
+     at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.getPolicyStoreForDestination(JpsPolicyAPIManager.java:165)+
+     at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.<init>(JpsDstPolicy.java:150)+
+     at oracle.security.jps.internal.tools.utility.destination.JpsInitializerDst.getDestinations(JpsInitializerDst.java:82)+
+     at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtility.java:63)+
+     at oracle.security.jps.internal.tools.utility.JpsUtilDeploymentImpl.migrateAppPolicyToFarmLevelPolicyStore(JpsUtilDeploymentImpl.java:81)+
+     at oracle.security.jps.internal.tools.utility.JpsUtilDeploymentImpl.migrateAppPolicyToFarmLevelPolicyStore(JpsUtilDeploymentImpl.java:103)+
+     at oracle.jdevimpl.adrs.weblogic.JaznDataUploader.uploadPolicies(JaznDataUploader.java:610)+
+     at oracle.jdevimpl.adrs.weblogic.JaznDataUploader.uploadJaznData(JaznDataUploader.java:212)+
+     at oracle.jdevimpl.runner.adrs.AdrsStarter.uploadJaznData(AdrsStarter.java:1703)+
+     at oracle.jdevimpl.runner.adrs.AdrsStarter.mav$uploadJaznData(AdrsStarter.java:116)+
+     at oracle.jdevimpl.runner.adrs.AdrsStarter$5.run(AdrsStarter.java:1344)+
+     at java.lang.Thread.run(Thread.java:619)+
Uploading credentials.
After some digging I found that this was a bug related to the application path. The application was located in "My Documents" with the path c:\Documents and Settings\.......
It is no good to have space in the application path. After I moved the application to a more simple like path c:\dev\sb\mywork the ADF security worked fine. Changes in policies would become affective immediately. Later I ran into the same problem but this time the application path was simple but the application name had an underscore in it "my_project". By removing the underscore and making the application name MyProject along with changing all the properties, xml and connection files the ADF security worked like it should.
So in short:
** Don't have a space in the path where the application is stored.*
** Don't have a underscore in the application name.*
Please comment if I'm wrong. This post is just for information if other users are running into similar problems.
Best regards,
Sturla Thor

hi,
if you delete this line
<property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>
in the jsp-config.xml you can at least use your application with authentication but authorization doesn't work b/c the subject does not contain the principals:
ADFContext.getCurrent().getSecurityContext().getUserRoles();
returns an empty String[].
Is there a workaround?
Cheers Andy

ADF Security : identity store : tables in a SQL database

hi
The documentation says "ADF Security is built on top of the Oracle Platform Security Services (OPSS) architecture, which itself is well-integrated with Oracle WebLogic Server. ".
As such, ADF Security provides abstractions, also abstraction from an identity store (the repository of user identities and login credentials).
If my identity store is a set of custom tables in a SQL database, what are the Oracle supported options to use that identity store for an ADF application using ADF Security?
(Please refer to related documentation if possible.)
many thanks
Jan Vervecken

Thanks for your reply John.
John Stegeman wrote:
... To your questions to Frank - I'd answer "yes." ...Thanks for the confirmation.
... The specific points of the documentation that I found helpful were [url http://download.oracle.com/docs/cd/E21764_01/core.1111/e10043/underjps.htm#BABHCGGG]this picture and the discussion on identity management [url http://download.oracle.com/docs/cd/E21764_01/core.1111/e10043/addlsecfea.htm#CFHGBDEG]here. ...
The "Identity Management" section you refer to says ...
"... The domain administrator must configure the domain authenticator (with the Administration Console), update identities (enterprise users and groups) in the environment, as appropriate, and map application roles to enterprise users and groups (with Fusion Middleware Control). ..."
... which brings us to the context for the "general" question I asked in this thread:
I am trying to understand the "... This is not a supported usecase (use enterprise role from the DB, and add the enterprise role to approle). ..." feedback that I got in the context of my question in forum thread
"OPSS : addMembersToApplicationRole : The search for role failed"
at OPSS : addMembersToApplicationRole : The search for role failed
(Please post in that thread if you want to give feedback on that "use-case".)
regards
Jan

ADF Security

Dear All;
I am new to ADF security, my target is to create a web application, with authentication through a login page, and session tracking through out the users session, i used to do this all in code, the JSP way, where i check the session in every page, to check that there is a logged in user, i read the forum based authentication, and i thought it could make things faster, and more secure for me, i did a login page and an error page where the username and password are validated against a table called user and added refrence to these pages to the web.xml properties, and then from adf security of the main menu page i selected to enforce authentication and gave it the URL for the login, and error page, only when i run this page, i am getting a can not find faces config file, i am sure something is missing, the tutorial i have discusses validation through the ADF administration page, i want to validate throught the database,
Links for tutorials, or any information would be highly appreciated
thank you all in advance
regards
Halim

Did you put something like
     <application>
          <name>current-workspace-app</name>
          <login-modules>
               <login-module>
                    <class>YOUR_CLASS</class>
                    <control-flag>required</control-flag>
                    <options>
                         <option>
                              <name>data_source_name</name>
                              <value>YOUR_DS_NAME</value>
                         </option>
                         <option>
                              <name>roles_fk_column</name>
                              <value>VALUE</value>
                         </option>
                         <option>
                              <name>user_pk_column</name>
                              <value>VALUE</value>
                         </option>
                         <option>
                              <name>user_table</name>
                              <value>VALUE</value>
                         </option>
                         <option>
                              <name>roles_column</name>
                              <value>VALUE</value>
                         </option>
                         <option>
                              <name>roles_table</name>
                              <value>VALUE</value>
                         </option>
                         <option>
                              <name>username_column</name>
                              <value>VALUE</value>
                         </option>
                         <option>
                              <name>password_column</name>
                              <value>VALUE</value>
                         </option>
                    </options>
               </login-module>
          </login-modules>
     </application>
to the <jazn-loginconfig> part in system-jazn-data.xml file in your JDEVHOME/jdev\system\oracle.j2ee.10.1.3.41.57\embedded-oc4j\config\ folder. Plus, you should check if your encoding the passwords, ...
As I said, we're using custom loginModule, I'm not sure for DBTableOraDataSourceLoginModule. Verify you've done everything from the tutorial.
BB

Error in page when ADF Security enabled

Hi,
I have created a sample JSF page having only a 'Hello World!' output text.
When I run the page without enabling ADF Security, it runs fine.
I have enabled ADF Security as per "29.3 Enabling Oracle ADF Security" in Dev Guide for ADF.
Now when I run the page, it shows default login page. I enter username and password there and 'Submit'.
After that it shows an error page with following error:
Error 500--Internal Server Error
java.lang.RuntimeException: Cannot find FacesContext
     at javax.faces.webapp.UIComponentClassicTagBase.getFacesContext(UIComponentClassicTagBase.java:1855)
     at javax.faces.webapp.UIComponentClassicTagBase.setJspId(UIComponentClassicTagBase.java:1672)
     at jsp_servlet.__testpage1_jspx._jspService(__testpage1_jspx.java:85)
     at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:408)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:318)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Any suggestion/help in this regard is appreciated.
Thanks

Please find below the web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/TestPage2.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
I have uploaded Application zip file on gmail docs:
https://docs.google.com/leaf?id=0B6W2rsWyyNGMNTk1NjQ5NTYtMGVlOS00OWYxLThkY2UtNGMzOTJkZGFiZTE5&hl=en
Please check if you can access it.
Thanks

Implementing authorization using Oralce ADF security

Hi,
We have successfully deployed a Jdev (10.1.3) ADFBC application to IAS with the authentication and part of the authorization.
Now we want to use another level of granularity to allow object instance access control based on Java Permissins using JAAS. Like "binding container", "iterator binding", "attribute binding" and "methodAction binding".
We tried to follow the "Oracle Application Development Framework Developer's Guide", chapter 30. Everything went well until we got to 30.7.2--Setting authorization on ADF binding Containers, list 3. "The Authorization Editor shows the pre-defined permissions for the binding container, along with the principles (roles and users) as defined by your resource provider". The roles and users we defined in our web.xml or jaza-data.xml do not show up in the authorization editor.
The SRDemoADFBC does not use this technique. Anybody has any idea how to do this?
Remember Frank said he was working on an end-to-end ADF security application and it could be ready by the end of this year. Is it ready yet?
Thank you,
Annie

Hi Vinod,
In my post, I present it as a best practice to have a one to one mapping of application roles and enterprise roles though it is not required. If you have 10 application roles you should create 10 enterprise roles, but again this is not required. For testing, you could create only one enterprise role, then make that role as member to all your application roles.
To simplify the case you can do the following STEPS:
In jazn.xml:
1) Let say in jazn.xml you have the following 5 application roles:
<li>ApplicationRole1
<li>ApplicationRole2
<li>ApplicationRole3
<li>ApplicationRole4
<li>ApplicationRole5
2) Still in jazn.xml, create one Enterprise Role "EnterpriseAdmin".
3) Make the"EnterpriseAdmin" as member of the 5 application roles above.
In weblogic console:
4) Go to the User and Groups page of myrealm (Home >Summary of Security Realms >myrealm >Users and Groups).
5) Create a new group named "EnterpriseAdmin" and instead of the Default Authenticator, set the authenticator to the name of SQLAuthenticator that you have created.
6) Create a user in the SQLAuthenticator and make it a member of the "EnterpriseAdmin".
7) Run your secured application in JDeveloper and login with the user credentials that you created in step#6.
Regards,
Pino

ADF security wizard not creating files?

Hi,
I'm trying to configure my web project to use ADF security. When I run ADF security wizard, changes are made only to web.xml, other files (as stated in chapter 29.3.2):
- /.adf/META-INF/adf-config.xml: neither file of folder exist
- /src/META-INF/jsp-config.xml: neither file of folder exist (there is a folder /adfmsrc/META-INF, but there's only adfm.xml file)
- orion-application.xml: same as above
- jazn-data.xml: same as above
Is this a bug or am I doing something wrong?
Regards
Jernej

Do you see these files in Application Resources ( -> Descriptors) under Application Navigator?

Regarding ADF Security

Similar Messages

Maybe you are looking for