Security in ADF Jdeveloper 11.1.2.1.0

Similar Messages

• How to give JASS Security to ADF BC Swing Application.

  Hello Friends,
  ->I read lots of threads about JASS Security in ADF about Web Application.
  ->But i am not getting any solution/Document Which explains, How to Implement JASS Security to ADF BC Swing Apllication.
  -> I Will Explain Which type of application we developed.
  We had developed one Whole ERP Product by using ADF BC [Swing] Technology.We have 480 Forms in our Application.Now i need to give security to my Application.
  ->I Will Explain Structure of Application.
  We have seperate Application Module for each form means i have 480 Application Modules in my application.I create seperate session beans for each Application Module and I deploy it on Standalone OC4J Server
  So please friends help me out to give security to my application.
  Thanks in Advance.

  Hello Franks
  First thanks for your reply.
  --> As you suggested two options for me but i would like to go with second option.
  JAZN with ADF BC.
  ---> As you said i need to do jbo.security.enforce property set to "auth".but currently i made it "Test" to trace login user means to set History Columns.
  --->Frank i am waiting for your documents.If you have documents in the format of how-to-do then Please Forward me.
  Thanks Frank

• What about security in adf faces application ?

  It seem that the documentation has a little bit changed about security for adf faces application.
  SRDemo J2EE sample application only implemented the security at the web container and may be for the session beans (don't remember) by using security-role and security-constraint in web.xml configuration file.
  It seem that the documentation recommand now to implement adf security and didn't find anymore the reference to the standard j2ee security implementation.
  We found also that the security constraints checked by the web container was sometimes ignored and the container didn't ask us to login before displaying a page.
  Is ADF security a clear Oracle recommandation for ADF Faces application ?
  What about j2ee security for this type of application (why it is not recommended to use it) ?

  Hi,
  there is no single recommedation about security because security ideally is applied on several levels to implement security in depth. Container managed security with J2EE is a good option to secure page access and - if using EJB - to propagate the user identity for method level access control.
  Using ADF Security, which is security added to the binding layer based on JAAS, a second layer of the security onion becomes available that allows you to define which user is allowed to perform which operation on an iterator or attribute binding. This goes beyond of what container managed security can do for you.
  The thrid layer is business layer security and eventually database security.
  For Oracle Open World we will have a developmengt track and one of the presentation I am giving with Ric Smith from our team is about end-to-end application security for ADF Faces, ADF, ADF BCor TopLink/EJB and the Oracle database.
  The plan is to also write this up in a paper, but this would come late because of other priorities I have on my plate. So attending OOW probably is the best option for you to get the big picture
  Frank

• Change security of adf application on weblogic

  hi all,
  i am new in weblogic. i set oid in weblogic succesfully. But i couldn't change security of adf application. Is there any documantationof how change security of adf application?

  hi frank,
  i mean that i set oid in myrealm which is my default security realm. I change order of Authentication Providers. all of the users of oid are in myrealm . However my application does not use this ldap configuration. i couldn't change security of application, and i need help. Before i deploy my 10.1.3 adf application to oc4j and during deployment i can set the security of application but i couldnt see anything like oc4j in weblogic
  i configure my oid like below link
  http://www.oracle.com/technology/products/jdev/tips/fnimphius/oidconfig/index.html

• Deploying ADF/JDeveloper portlets in WebSphere Portal

  I'd like to use ADF/JDeveloper to build my application, but my customer is already heavily invested on a WebSphere Portal deployment platform.  The JDeveloper/ADF documentation has extensive information on creating portlets in various ways, but they all seem focused exclusively on deploying in an Oracle platform.  I have tried both the "Standards-Based" as well as the "JSF Portlet Bridge".  I have tried to deploy the portlets in WebSphere Portal using both the generated WAR file, as well as by registering the WSRP producer.  None work.
  With the WAR file, WebSphere Portal seems to import the WAR file just fine, and I can add a portlet to a page, but the portlet always shows as "unavaiable"
  With the WSRP producer, I can get something to show in the page, but the functionality within the portlet doesn't seem to work.
  I've searched extensively, but cannot locate any documentation or use cases for deploying portlets from JDeveloper into WebSphere Portal.  Does anyone have any thoughts?

  Dvohra21, again, I apreciate the effort, but I think you're missing the fundamental question.
  You've given me two types of articles/links.  Some are generic WebSphere Portal documentation about deploying a portlet from a WAR file.  Others are Oracle articles about who to generate portlets in JDeveloper, with examples deploying in Oracle/WebLogic servers.   Unfortunately I don't have a problem with either of those.
  I CAN deploy a portlet WAR file in WebSphere Portal, and sucessfully add it to a Portal page.  I have done that with multiple WAR files generated from Rational Application Developer.
  I CAN produce a WAR file from JDeveloper, following the instructions in the same resources you included, plus a few others.
  The problem is, the WAR file from JDeveloper, does not successfully run on WebSphere Portal.  I create a simple Hello World portlet in JDeveloper, and I can generate a WAR file from it, and seemingly deploy to WebSphere Portal.   However when I add it to a Portal page, it always displays only a blank box with the text "This portlet is unavailable".  This is in the same exact portal page, where the portlet created with Rational Application Developer shows up just fine right along side it.
  Bottomline is, although there is a great deal of information an demos about generating portlets from JDeveloper within an Oracle environment, I could not find a SINGLE ONE, that goes through an end to end scenario where it is deployed in WebSphere Portal.  Nothing in this forum, nothing in Oracle docs, and nothing I can find on a Google search.

• How to custom SQL in ADF JDeveloper 10.1.3.3

  How to custom SQL in ADF JDeveloper 10.1.3.3 as follows,
  SELECT A.attribute1,
  A.attribute2,
  B.attribute1,
  B.attribute2,
  FROM table1 A,
  table2 B
  WHERE A.id = B.id
  Thanks
  sumury

  Hi,
  this isn't really a question as it is not obvious where you want to customize it. My initial idea was to suggest SQL Worksheet to you, but then this most likely isn't what you are looking for.
  http://blogs.oracle.com/shay/2007/03/02
  Frank

• Oracle ADF & Jdeveloper.

  Any one have an idea that which institute other than oracle school, give training for Oracle ADF & Jdeveloper in Dubai, United ARab Emirates.
  I am using Forms10g and would like to upgrade to Jdeveloper.I have no experience in Java.

  I've also written a book, and given I come from a Forms background, it should address many of the issues those coming from a Forms background hit when learning ADF. The book itself is aimed at getting developers up to speed as quickly as possible,
  Quick Start Guide to Fusion Development: JDeveloper and Oracle ADF is now published. See http://www.mhprofessional.com/product.php?isbn=0071744282
  See also http://www.oracle.com/technetwork/developer-tools/jdev/formsdesignerj2ee-092778.html which is a page specifically for Forms developers who are picking up JDeveloper and Oracle ADF.
  Regards
  Grant

• Does current Oracle Maven Repo supports 11.1.1.7 ADF JDeveloper ?

  Hi All
  Does current Oracle Maven Repo (OMP) supports 11.1.1.7 ADF JDeveloper ?
  What's the minimum JDeveloper version that OMP currently support ?
  Thanks

  Right now, the Oracle Maven Repository only contains artifacts to support ADF 12.1.3.  We will be adding newer versions as they become available but there are currently no plans to add support for 11g-based releases.

• Implementing Security For ADF Pages when integrated with Oracle APPS

  Hi,
  Can anyone please let me know the solution to the below problem ?
  I have an ADF application that is deployed on a weblogic server. An URL is generated to access the ADF Pages.
  I have created one more simple jsp (Launch.jsp) which redirects to this URL on page load.
  I am using Oracle APPS where:
  ->I registered a form function referring to Launch.jsp
  ->I am referring form function in a responsibility , attaching that to a menu
  ->When the valid oracle user logs in, I am sending all oracle apps environment variables (User id , Responsibility id, application id ) for that session
  What my issue is :
  ->The URL along with the parameters that I am sending from the Launch.jsp to the ADF Page is visible to the user. So, even if the Oracle APPS user has not logged in, anybody who knows the URL can access the ADF Pages.
  ->So, Is there any way to implement the security so as, even if anyone knows the URL of the ADF Page cannot access the ADF Pages without the valid user being logged-in through the Oracle APPS.
  I am using Jdeveloper 11g.
  Please let me know if you need anymore details.
  Thanks in advance,
  Kavitha

  Please help me out if anyone has a solution to this problem.
  Thanks,
  Kavitha

• How to get multiple out parameters from a pl/sql stored procedure in ADF Jdeveloper 11g release2

  I´m trying to call from AppModuleImpl a stored procedure from my oracle DB which receives one input parameter and returns 5 out parameters. 
  I´m using jdeveloper 11g release2  ADF and I have created a java bean "ProRecallPlatesBean " with the atributes and accesors and I serialize it. just like in this article http://docs.oracle.com/cd/E24382_01/web.1112/e16182/bcadvgen.htm#sm0297
  This is my code so far:
  public ProRecallPlatesBean getCallProRecallPlates(String numPlates) {
  CallableStatement st = null;
  try {
            // 1. Define the PL/SQL block for the statement to invoke
            String stmt = "begin CTS.Pk_PreIn.proRecallPlates(?,?,?,?,?,?); end;";
            // 2. Create the CallableStatement for the PL/SQL block
            st = getDBTransaction().createCallableStatement(stmt,0);
            // 3. Register the positions and types of the OUT parameters
            st.registerOutParameter(2,Types.VARCHAR);
  st.registerOutParameter(3,Types.VARCHAR);
  st.registerOutParameter(4,Types.VARCHAR);
  st.registerOutParameter(5,Types.VARCHAR);
  st.registerOutParameter(6,Types.VARCHAR);
  // 4. Set the bind values of the IN parameters
  st.setString(1,numPlates);
  // 5. Execute the statement
  st.executeUpdate();
  // 6. Create a bean to hold the multiple return values
  ProRecallPlatesBean result = new ProRecallPlatesBean();
  // 7. Set values of properties using OUT params
  result.setSpfVal(st.getString(2));
  result.setTransportTypeVal(st.getString(3));
  result.setTransportCompanyVal(st.getString(4));
  result.setCompanyDescrVal(st.getString(5));
  result.setDGAPrint(st.getString(6));
  // 8. Return the result
  return result;
  } catch (SQLException e) {
  throw new JboException(e);
  } finally {
  if (st != null) {
  try {
  // 9. Close the JDBC CallableStatement
  st.close();
  catch (SQLException e) {}
  In Jdeveloper I went into AppModule.xml JAVA>Client Interface section and expose "getCallProRecallPlates" Then I can see "getCallProRecallPlates" in Data Controls, I drag and drop it to a JSF page, an input text component and a button are generated in order to put in there the procedure input parameter (numPlates).
  I don't know if I'm on the right track.
  When I click the button, the "result" variable is supposed to be filled with data from the stored procedure. I want each of those values to be displayed in Output text or input text adf components but I dont know how. Thank you very much in advance I´m a newbie and i'll appreciate your help!

  What version are you on?
  Works fine for me on my 11g:
  SQL> create or replace procedure testxml (clob_out out clob)
    2  is
    3     l_clob   clob;
    4     l_ctx    dbms_xmlquery.ctxhandle;
    5  begin
    6     l_ctx := dbms_xmlquery.newcontext ('select * from dual');
    7     l_clob := dbms_xmlquery.getxml (l_ctx);
    8     clob_out := l_clob;
    9     dbms_xmlquery.closecontext (l_ctx);
  10  end testxml;
  11  /
  Procedure created.
  SQL>
  SQL> variable vout clob;
  SQL>
  SQL> exec testxml (:vout)
  PL/SQL procedure successfully completed.
  SQL>
  SQL> print vout
  VOUT
  <?xml version = '1.0'?>
  <ROWSET>
     <ROW num="1">
        <DUMMY>X</DUMMY>
     </ROW>
  </ROWSET>But definitely you can optimize your proc a bit: Try
  create or replace procedure testxml (clob_out in out nocopy clob)
  is
     l_ctx    dbms_xmlquery.ctxhandle;
  begin
     l_ctx := dbms_xmlquery.newcontext ('select * from dual');
     clob_out := dbms_xmlquery.getxml (l_ctx);
     dbms_xmlquery.closecontext (l_ctx);
  end testxml;
  /

• How can i implement "my own" security in ADF 11g

  Hi everybody,
  I have a problem and hope anyone could help me...
  Currently i am developing a ADF application, and i want to implement the security... the problem i have (and i read a lot of posts in the forum and other blogs and i don't found anything that help me) is that the "validation" of the user of password is with a webservice..... and the "roles" of the application are given to me with another web service.
  I read a lot and in the Fusion's Developer Guide in chapter 30 (Enabling ADF Security in a Fusion Web Application) explains very good how to implement the security in the application, but, that example really doesn't work for my problem.
  I wan't to know any way to in the "doLogin" action of my "Login button in my login page" to implement my own logic.
  public String doLogin() {
  2 String un = _username;
  3 byte[] pw = _password.getBytes();
  4 FacesContext ctx = FacesContext.getCurrentInstance();
  5 HttpServletRequest request =
  6 (HttpServletRequest)ctx.getExternalContext().getRequest();
  7 CallbackHandler handler = new SimpleCallbackHandler(un, pw);
  8 try {
  9 Subject mySubject = Authentication.login(handler); <<----------------------------- Here i wan't to invoke the WS that validate the user and pwd.
  10 ServletAuthentication.runAs(mySubject, request);
  11 String loginUrl = "/adfAuthentication?success_url=/faces" +
  12 ctx.getViewRoot().getViewId();
  13 HttpServletResponse response =
  14 (HttpServletResponse)ctx.getExternalContext().getResponse();
  15 sendForward(request, response, loginUrl);
  16 } catch (FailedLoginException fle) {
  17 FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR,
  18 "Incorrect Username or Password",
  19 "An incorrect Username or Password" +
  20 " was specified");
  21 ctx.addMessage(null, msg);
  22 } catch (LoginException le) {
  23 reportUnexpectedLoginError("LoginException", le);
  24 }
  25 return null;
  26 }
  And i wan't to know if i can save some other user information in some kind of session (like company, mail and other stuff).....
  And when i can login validating usr and pwd from the WS... how could i manage my roles ?
  Welll i hope anyone can help me.
  Regards from Mexico.

  Hi,
  to do this, you create a JAAS Login Module to authenticate against the Web Service. This then you wrap in an authentication provider that you configure with WLS. ADF Security does not perform any authentication itself and instead leaves it for the container.
  http://download.oracle.com/docs/cd/E17904_01/web.1111/e13718/atn.htm#i1154044
  Frank

• How to work with Bangla in ADF (Jdeveloper 11g Release 2)

  Hi
  I am Jahid From Bangladesh. Recently I am working with ADF (Oracle Jdeveloper 11g). I am working with a project like newsroom service. I need to extract bangla and other language text from other site. So i need to work with Multiple language in ADF specially with Bangla. Can anybody help me specifically step by step. I am new in ADF just beginner.
  Thanks in advance.
  Jahid
  Analyst Programmer
  IBCS-PRIMAX (Bangladesh) Ltd.

  You application character set should be unicode
  this can help http://download.oracle.com/docs/cd/E12839_01/web.1111/b31973/af_global.htm#CHDGCAFI

• ADF / Jdeveloper DVT - java.lang.NoClassDefFoundError: oracle/dss/util/tran

  Hi there,
  I have deployed an application to a weblogic server and one of my pages contains a DVT graph. The application works fine until I attempt to navigate to this page, and incur the following error:
  Deploying from JDdev 1.1.14 to WLS 10.3.4
  java.lang.NoClassDefFoundError: oracle/dss/util/transform/total/TotalData
       at java.lang.ClassLoader.defineClass1(Native Method)
       at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632)
       at java.lang.ClassLoader.defineClass(ClassLoader.java:616)
       at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
       at weblogic.utils.classloaders.GenericClassLoader.defineClass(GenericClassLoader.java:343)
       at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:302)
       at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:270)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
       at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:179)
       at java.lang.ClassLoader.defineClass1(Native Method)
  ... etc.
  I have reviewed the following article which contains the exact issue:
  http://cn.forums.oracle.com/forums/thread.jspa?threadID=1129729&tstart=59
  however, do not know if what I have done is correct.
  I right click on the view controller > Deployments > Edit > Web Inf / Lib and have ensured that ADF Faces Runtime 11 and ADF DVT Faces Runtime are ticked (these weren't initially). ADF DVT Faces Databinding Runtime was already ticked by default.
  I have also attempted this through the EAR via Application > Application Properties, but when I include these in the EAR I receive a deployment error.
  Any help with directions or more specific instructions would be much appreciated.
  S
  Also -
  THe deployment in this instance completes sucessfully, and takes a little longer to deploy, so I do know that something is happenning. However, I still experience the same issue. Is there something that I need to do on the remote server?

  Can I also add, that when I check the WAR file in my deployments folder, I can see the appropriate java classes.
  They are not however included in the EAR.
  Do they need to be in the EAR as well?
  Again, to reiterate, when I try doing this, the deployment fails.
  Simo

• [Security]   Row-level security in ADF

  Hi all,
  I want to implement row-level security in my application, the scenario is like this:
  There are several users that connect to the application
  These users are authenticated in some way (XML file, OID, DB)
  When each user wants to access (Select, Update, Delete) an ADF Table, either updatable or read-only, a predefined 'where condition' based on that table and the operation the user wants to do, must be concatenated to his DML, transparent from the user.
  So if for example a user queries the Emp Salary table only records with salary < 10K/Month will be fetched from the underlying table. This should be done automatically and not hard-coded in the application.
  I have tried VPD and it has some useful features but my problems are:
  1) Where and how to define the 'where conditions'?
  2) How to attach the 'where conditions' to the executing DML?
  3) What is the best way to make DB know which user is really executing DMLs? (Not a single Application Server admin user)
  4) What is the best authentication approach?
  Any helps will be really appreciated.
  S/\EE|)

  Hi,
  yes you can. Database proxy user is setup in the prepare session method as well and EUS can be configured to take the J2EE username to then re-connect the app to teh database schema
      public void prepareSession(SessionData SessionData)
         super.prepareSession(SessionData);
         oconn = ((PrxyTransactionImpl)this.getDBTransaction()).getPrxyConnection();
         // Specify the user that connects through the proxy user and its roles
         Properties prop = new Properties();
         prop.put(OracleConnection.PROXY_USER_NAME,"hr");
         //prop.put(OracleConnection.PROXY_ROLES, roles);
         String appContext = "Begin ctxhrpckg.set_userinfo('"+getApplicationUserName()+"'); END;";
         java.sql.CallableStatement st= null;
        // Open the proxy session (DB-authenticated users)
        try
          oconn.openProxySession(OracleConnection.PROXYTYPE_USER_NAME, prop);
          st = getDBTransaction().createCallableStatement(appContext,0);
          st.execute();
        catch (SQLException e)
          e.printStackTrace();
  package oracle.sample.dbprxy.adfbc;
  import oracle.jbo.server.DBTransactionImpl2;
  import oracle.jbo.server.DatabaseTransactionFactory;
  * TransactionFactory that returns PrxTransactionImpl, which is a subclass of
  * DBTransactionImpl2
  * @author Frank Nimphius
  public class PrxyDatabaseTransactionFactory extends DatabaseTransactionFactory
    public PrxyDatabaseTransactionFactory()
      super();
     * Override the create method to return an instance of PrxyTransactionImpl instead
     * of DBTransactionImpl2
     * @return PrxyTransactionImpl
    public DBTransactionImpl2 create()
      return new PrxyTransactionImpl();
  package oracle.sample.dbprxy.adfbc;
  import oracle.jbo.server.DBTransactionImpl2;
  import oracle.jdbc.OracleConnection;
  public class PrxyTransactionImpl
    extends DBTransactionImpl2
    public PrxyTransactionImpl()
      super();
     * The DBTransactionImpl2 does not expose the connection in a public
     * method. This class is a wrapper to expose the connection to the
     * BC app, so it can be accessed in the ApplicationModuleImpl class
     * @return OracleConnection - SQL Connection
    public OracleConnection getPrxyConnection()
      return (OracleConnection) this.getJdbcConnection();
  }Note that for EUS ApplicationModule pooling should be disabled
  Frank

• What is the role of PrepareForDML() in ADF JDEVELOPER

  Hi All,
  i am using Jdeveloper 11g ver-11.1.1.5.0
  I want to know that what action we can perform with PrepareForDML() in ADF ? Please tell me the answer thank you.

  Hi,
  If you want to assign programmatic defaults for entity object attribute values before a row is saved, override the prepareForDML() method and call the appropriate attribute setter methods to populate the derived attribute values. To perform the assignment only during INSERT, UPDATE, or DELETE, you can compare the value of the operation parameter passed to this method against the integer constants DML_INSERT, DML_UPDATE, DML_DELETE respectively.
  shows an overridden prepareForDML() method that assigns derived values.
  Assigning Derived Values Before Saving Using PrepareForDML
  protected void prepareForDML(int operation, TransactionEvent e) {
  super.prepareForDML(operation, e);
  //Populate GL Date
  if (operation == DML_INSERT) {
  if (this.getGlDate() == null) {
  String glDateDefaultOption =
  (String)this.getInvoiceOption().getAttribute("DefaultGlDateBasis");
  if ("I".equals(glDateDefaultOption)) {
  setAttribute(GLDATE, this.getInvoiceDate());
  } else {
  setAttribute(GLDATE, this.getCurrentDBDate());
  //Populate Exchange Rate and Base Amount if null
  if ((operation == DML_INSERT) || (operation == DML_UPDATE)) {
  BigDecimal defaultExchangeRate = new BigDecimal(1.5);
  if ("Y".equals(this.getInvoiceOption().getAttribute("UseForeignCurTrx"))) {
  if (!(this.getInvoiceCurrencyCode().equals(
  this.getLedger().getAttribute("CurrencyCode")))) {
  if (this.getExchangeDate() == null) {
  setAttribute(EXCHANGEDATE, this.getInvoiceDate());
  if (this.getExchangeRateType() == null) {
  String defaultConvRateType =
  (String)this.getInvoiceOption().getAttribute("DefaultConvRateType");
  if (defaultConvRateType != null) {
  setAttribute(EXCHANGERATETYPE, defaultConvRateType);
  } else {
  setAttribute(EXCHANGERATETYPE, "User");
  if (this.getExchangeRate() == null) {
  setAttribute(EXCHANGERATE, defaultExchangeRate);
  if ((this.getExchangeRate() != null) &&
  (this.getInvoiceAmount() != null)) {
  setAttribute(INVAMOUNTFUNCCURR,
  (this.getExchangeRate().multiply(this.getInvoiceAmount())));
  } else {
  setAttribute(EXCHANGEDATE, null);
  setAttribute(EXCHANGERATETYPE, null);
  setAttribute(EXCHANGERATE, null);
  setAttribute(INVAMOUNTFUNCCURR, null);
  parames