Show images without login in ADF security

Similar Messages

• Process of login with ADF security

  Hi,
  I was looking at how to implement the process of Login with the ADF security using JDev 11g and I feel very good...
  My question is if it is possible to use this tool in case of use a container as Tomcat 6.x or JBoss. If it is possible to use ADF security for these containers, what should be configured to work?

  Hi,
  ok, I'd like to use authorization with ADF security, but as you say it is not possible in Tomcat. well, but could implement it, if there must be 3 users with different roles of the little system that I want to develop. Any idea?. There maybe a small example with user roles to use without authorization of ADF security?.

• ADF 11g:Error When running login page: ADF security

  I am using Jdeveloper 11.1.1.2.0.Based on the following post
  http://blogs.oracle.com/fusionmiddlewarereallife/adf11gsecurity.html when I am running the application I am getting following error in web browser:-
  Error 403--Forbidden
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  +10.4.4 403 Forbidden+
  The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
  Steps to reproduce the error:-
  1) Unzip the lession6.zip file (http://blogs.oracle.com/fusionmiddlewarereallife/Lesson6.zip)
  2) Open application in your Jdeveloper and run the login.html page.
  3) In the login page,give user id as "James" and password as "welcome1"
  4) You will see above error.
  I have tested the above in Firefox 3.6.3 and IE7.*Please note that when you run the PublicPage.jspx, application works fine*. Its not working in the case when you are running the application using login.html
  I have checked the Adnrejus post on this error(http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html), but weblogic.xml is generated with required entries.
  Can anyone help me in this please:-
  Thanks,
  Vikram

  Me too have tested the application by running the public page. Its working fine.
  But my hole point here is, why application is not moving to the PrivatePage.jspx from login page. Means why can't we directly run the login page and access the PrivatePage. Even when success_url is configured in web.xml
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/PrivatePage.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  Thanks again,
  Vikram

• Configuring roles and users (adf security) application context wise.

  Dear All,
  I referred this tutorial (http://biemond.blogspot.com/2008/12/using-database-tables-as-authentication.html) which shows how to hook up adf security with database schema but at domain level which will be common to all applications in that domain. I want to make it different to each application. (i.e each application will use differene database schema for storing user credientials i.e enterprise roles,application roles and users.)
  Can any one please point me to proper way..
  Regards,
  Santosh
  jdev 11.1.1.2.0

  Dear Frank,
  <i>
  Instead you have a single identity management system and have the application policies being different for the applications.Using ADF Security, users and groups can have different privileges in different applications
  </i>
  suppose i have 3 applications that use adf security, the users will be common to all applications. right..?Roles and group can be different for applications.
  application polices means roles and group..?
  So how it(application polices) can be made different for applications? is it inbuilt or some configurations needed ?. Can you point me to some blogs or tutorials for more reference.
  Bet: Incase i hook up adf security with database schema.
  Regards,
  Santosh.

• Jdev 10.1.3.1 "ADF Security": Application without a custom login page?

  Hi,
  We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
  After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
  Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
  Thanks,
  Annie

  Brenden,
  Thank you so much for the reply. This is our code in the web.xml:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
  If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
  regards,
  Annie

• Error While Login ADF Security Sample Application

  Hi All,
  Jdevloper Version : 11.1.1.5.0
  we are Creating ADF Login Application contains login.jspx and main.jspx pages.
  we define ADF Security on this Sample Application.
  when we provide valid credentials to login(username and password) it shows Error:
  Error 404--Not Found
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.5 404 Not Found
  The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
  If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead.
  The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism,
  that an old resource is permanently unavailable and has no forwarding address. 
  ManagedBean(BackingbeanScope) doLogin():
           public String doLogin() {
          String un = _userName;
          byte[] pw = _password.getBytes();
          FacesContext ctx = FacesContext.getCurrentInstance();
          HttpServletRequest request =(HttpServletRequest)ctx.getExternalContext().getRequest();
          try {
              Subject subject =Authentication.login(new URLCallbackHandler(un, pw));
              weblogic.servlet.security.ServletAuthentication.runAs(subject,request);
              String loginUrl = "/adfAuthentication?success_url=/faces/main.jspx";
              HttpServletResponse response =(HttpServletResponse)ctx.getExternalContext().getResponse();
              RequestDispatcher dispatcher =request.getRequestDispatcher(loginUrl);
       ctx.responseComplete();
      catch (FailedLoginException fle)
                  FacesMessage msg =new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password", "An incorrect Username or Password was specified");
                  ctx.addMessage(null, msg);
          return null;
  In ADF Security We Define :
  User : admin1
  Enterprise Role  : ManagerGroup(added user admin1 to this EnterpriseRole)
  Application Role : Manager
  Resource Grants  : Resource Type : Web Page
                             login page
                            main  page -  Granted Role(Manager)
  jazn-data.xml file
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
    <jazn-realm default="jazn.com">
      <realm>
        <name>jazn.com</name>
        <users>
          <user>
            <name>admmin1</name>
            <display-name>admmin1</display-name>
            <credentials>{903}y2I4TDwMavn90VxJJfPfgxtBsRnF0qiaMoxzP93XF74=</credentials>
          </user>
        </users>
        <roles>
          <role>
            <name>ManagerGroup</name>
            <display-name>ManagerGroup</display-name>
            <members>
              <member>
                <type>user</type>
                <name>admmin1</name>
              </member>
            </members>
          </role>
        </roles>
      </realm>
    </jazn-realm>
    <policy-store>
      <applications>
        <application>
          <name>ADFLogin</name>
          <app-roles>
            <app-role>
              <name>Manager</name>
              <class>oracle.security.jps.service.policystore.ApplicationRole</class>
              <display-name>Manager</display-name>
              <members>
                <member>
                  <name>ManagerGroup</name>
                  <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
                </member>
              </members>
            </app-role>
          </app-roles>
          <jazn-policy>
            <grant>
              <grantee>
                <principals>
                  <principal>
                    <name>Manager</name>
                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                  </principal>
                </principals>
              </grantee>
              <permissions>
                <permission>
                  <class>oracle.adf.share.security.authorization.RegionPermission</class>
                  <name>multiofonds.adf.common.view.pageDefs.mainPageDef</name>
                  <actions>view</actions>
                </permission>
              </permissions>
            </grant>
          </jazn-policy>
        </application>
      </applications>
    </policy-store>
  </jazn-data>
  Please help us how to resolve it.
  Thanks,
  kumar

  A best practice in this situation is to check on a running sample e.g. Oracle ADF: Security for Everyone
  I guess your resource grants are not set correctly.
  Timo

• About login authentication in ADF Security

  I have applied ADF Security in application which I learned from the Cue Cards example and I did it successfully but I wanted to change the login page.
  So I created a PopUp which I learned from "Oracle JDeveloper 11g Handbook A Guide to Oracle Fusion Web Development" and instead of the Menu Button, I used a Go Link Button as I had done in the Cue Cards example.
  But the problem is how to manage the login/logout authentication. As in the book I created a managed bean to handle login and the code is :
  package inventory.controller;
  import java.io.IOException;
  import javax.faces.application.FacesMessage;
  import javax.faces.context.FacesContext;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.login.FailedLoginException;
  import javax.security.auth.login.LoginException;
  import javax.servlet.RequestDispatcher;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import weblogic.security.SimpleCallbackHandler;
  import weblogic.security.services.Authentication;
  import weblogic.servlet.security.ServletAuthentication;
  public class LoginHandler {
  private String _username;
  private String _password;
  public LoginHandler() {
  super();
  public String performLogin() {
  byte[] pw = _password.getBytes();
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  CallbackHandler handler = new SimpleCallbackHandler(_username, pw);
  try {
  Subject mySubject = Authentication.login(handler);
  ServletAuthentication.runAs(mySubject, request);
  String loginUrl =
  "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId();
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  sendForward(request, response, loginUrl);
  } catch (FailedLoginException fle) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Incorrect Username or Password",
  "An incorrect Username or Password" +
  " was specified");
  ctx.addMessage(null, msg);
  } catch (LoginException le) {
  reportUnexpectedLoginError("LoginException", le);
  return null;
  private void sendForward(HttpServletRequest request,
  HttpServletResponse response, String loginUrl) {
  FacesContext ctx = FacesContext.getCurrentInstance();
  RequestDispatcher dispatcher = request.getRequestDispatcher(loginUrl);
  try {
  dispatcher.forward(request, response);
  } catch (ServletException se) {
  reportUnexpectedLoginError("ServletException", se);
  } catch (IOException ie) {
  reportUnexpectedLoginError("IOException", ie);
  ctx.responseComplete();
  private void reportUnexpectedLoginError(String errType, Exception e) {
  FacesMessage msg =
  new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected Error During Login",
  "Unexpected Error during Login (" + errType +
  "), please consult logs for detail");
  FacesContext.getCurrentInstance().addMessage(null, msg);
  e.printStackTrace();
  public String performLogout() {
  FacesContext ctx = FacesContext.getCurrentInstance();
  HttpServletRequest request =
  (HttpServletRequest)ctx.getExternalContext().getRequest();
  HttpServletResponse response =
  (HttpServletResponse)ctx.getExternalContext().getResponse();
  String logoutUrl =
  "/adfAuthentication?logout=true&end_url=/faces/home";
  sendForward(request, response, logoutUrl);
  return null;
  public void setUsername(String _username) {
  this._username = _username;
  public String getUsername() {
  return _username;
  public void setPassword(String _password) {
  this._password = _password;
  public String getPassword() {
  return _password;
  But as I run the page and click the login link, it displays the PopUp box but I think it can't get the username and password from the field inserted and displays the error message specified in the above code(ie in try/catch) when I enter the required username and password and click the login button. So is there something in the code, I ran the application TUHRA which I downloaded, which was an example in the book I specified. and it went well and the login popup worked well.
  And I want to know that how to work the button by just pressing Enter key without clicking the button ? And also is there procedural change in the ADF configuration in jDev 11.1.1.1.0 and jDev 11.1.1.5.0 as I have jDev 11.1.1.5.0 installed and there was something different in following the steps specified in the book but I managed it by looking at the cure cards example. So is this the steps problem or something else?
  Thanks in advance.

  I didn't design the login page but I just created a PopUp window and in the popup window I inserted two Input text fields for username and password.
  And i set the 'value' of the username field as "#{login.username}" and the 'value' of the password field as "#{login.password}"
  Also in the login button the "action" set to #{login.performLogin}.
  And the button which I use to display the popup is a Go Link button, the "Destination" is set to "#{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/home.jspx" : "/adfAuthentication?success_url=/faces/home.jspx"} ".
  I inserted the popup inside the Go Button in the structure window.
  And Added the managed bean in the adfc config.xml with the following properties:
  Name as “login”
  Class as “inventory.controller.LoginHandler”
  Scope as “request”
  If I don't use the popup and login with the default generated login form , the login is successful
  And also when i removed the ADF security configuration, the meta data didn't go away and when i reconfigured the security some error is diplayed in the log details as cannot create or something like rewrite the users.
  Please help I don't have much time to complete my project. its an emergency.
  Edited by: SudeepShakya on Nov 4, 2011 10:06 AM

• How to show pages based on user logged in adf security ?

  Hi All,
  JDev ver : 11.1.1.4.0
  I have three Roles MANAGERS, ADMIN, ANALYST with users in each role.
  And i used form based authentication. There are seperate screens for each user, i want to show according to the user entered with Roles.
  How to Configure these roles in Resource Grants and what should be done in login action..
  For me the page now going forward, it remains in the login page itself
  How to do that ?
  thanks,
  Gopinath

  Hi..
  try out following sample
  http://andrejusb.blogspot.com/2011/05/oracle-webcenter-11g-ps3-adf-security.htmlalso check this >http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html

• How to show image in oracle adf if i have data in byte[] ?

  For first time I am using <af:inputFile> to get file of image type from any location on my system and convert the data in "byte[]" and store it in database...
  When i visit page again i need to show uploaded file which is coming to me "byte[ ] ".
  To show image i am using <af:image> component.
  Help will be appreciated.

  Check this blog post: http://tompeez.wordpress.com/2011/12/16/jdev11-1-2-1-0-handling-imagesfiles-in-adf-part-3/
  Dario

• I have connected my macbook pro to my tv via MDP to HDMI port cable, all that is showing up is the basic desktop image without any icons, what do i do to correct this

  i have connected my macbook pro to my tv via MDP to HDMI port cable, all that is showing up is the basic desktop image without any icons, what do i do to correct this

  Your MBP is running in "extended desktop" mode, where the two screens together make one larger area to display windows. You can drag one or more windows from the primary (internal) screen to the secondary (TV) screen. By default, the secondary screen is off to the right of the primary screen.
  If you would prefer the two screens show the same image, you want to switch to "mirroring" mode. You will have to pick a single resolution for both screens, which may look poor on one or the other.
  Both the relative positions of the two screens in extended desktop mode and the switch to mirroring mode can be set in System Preferences > Displays > Arrangement.

• Login.jspx page refreshing in infinite loop in adf security

  HI,
  I have applied adf security to my application. If i create page def for login.jspx page it is refreshing in infinite loop.
  Thanks,
  Nitesh

  troubleshoot this issue as described in the post
  Thanks
  KT

• Web Center app with ADF Security - login problem

  I have a custome Oracle Web Center app.
  I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
  P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
  Edited by: new_to_webcenter on 18-Jan-2011 05:25

  Thanks for your response Frank.
  The web.xml has
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.html</form-error-page>
  </form-login-config>
  </login-config>
  When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
  "/faces/postLogin.jspx"
  this then adds into web.xml
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/postLogin.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  So the sequence which works is:
  Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
  I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
  So should the form be posting to j_security_check directly or to the adfAuthentication ?

• Web Center app ADF Security - login problem

  I'm making an Oracle Web Center app.
  I have an app page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.

  Ah so when you try to access a JSPX page it works but when you try to access an HTML page it does not work?
  I can't see what the problem could be if it works for a JSPX but not for an HTML. Perhaps something with the filters in the web.xml
  Maybe you should ask this at the ADF forum: JDeveloper and ADF
  The guys there have way more understanding about this stuff than here.

• Oracle ADF Security Login page

  hi.
  I am using oracle ADF 11.1.2.2.0 (oracle Jdevelopr 11g release 2) in my job environment. There are 3000 users working as client level in our company. They have separated user Id and roles. They can change their passwords. There are expiration period for passwords which is handle by in database level. when the employees are going to terminate or retirement , we can control their login status. that mean we change their Active status as a Inactive status. some times we recruit number of emplooyes for cover our business targets. Their User Id also in database table level.
  My main problem is how we can handle number of employees using Oracle ADF security configuration.
  second one is how user can change their passwords.
  Third is how number of employees going to terminate ,handle their Active/Inactive State.
  Fourth one is If we use this Oracle Security system ,project managers or project cordinator or Adminstrator level authenticator must need to deploy time to time war file, because of adding removing users in jazn-data.xml.
  hoping help from you.Thanking for all.

  So, you can define SQLAuthenticator/SQLReadOnlyAuthenticator on Weblogic which will retrieve users from your db table(instead of jazn-data file) to application server.
  Then, in your application you can enable ADF Security and this will generate login page.
  And, this is it :)
  If you need some custom processing before users login to your app, then you can create custom login page and do whatever you want in Java code:
  http://docs.oracle.com/cd/E16162_01/web.1112/e16182/adding_security.htm#BABDEICH
  >
  But 11g has Database connection in Application Resource. Using that connection I need to log to the system using user's User iD and Password
  >
  This connection is valid only in design time. When you deploy your application to application server, then you can include this connection in .ear file, or you can define Data Source on Weblogic(which is better approach).
  To programmatically retreive db connection, you can create utility method in your Application Module.
  Dario

• Image not showing on task flows in ADF Library

  I have a application which uses carousel showing images from blob column. I am using imageservet to show images in carousel component.
  I deployed this app as ADF Library jar and reference that task flow in other application as region.
  All components are working fine except the images on carousel.
  Any ideas ?

  web.xml
    <servlet-mapping>
      <servlet-name>ImageServlet</servlet-name>
      <url-pattern>/imageservlet</url-pattern>
    </servlet-mapping>
    Carousel
  <af:showDetailItem text="Pictures" id="sdi1"
             stretchChildren="first">
  <af:carousel currentItemKey="#{bindings.AgbGrowerImagesVO1.treeModel.rootCurrencyRowKey}"
            value="#{bindings.AgbGrowerImagesVO1.treeModel}"
            var="item" id="c30"
            partialTriggers="::pc1:t1">
    <f:facet name="nodeStamp">
      <af:carouselItem id="ci1">
        <af:image source="/imageservlet?growerimageid=#{item.bindings.GrowerImageId.inputValue}"
            shortDesc="Image" id="i1"/>
      </af:carouselItem>
    </f:facet>
  </af:carousel>
  </af:showDetailItem>Images are showing when I run the page in its original application. Its not showing when I use it in consumer application as adf library.