Unable to migrate ADF security policy updates to Weblogic production server
Hi all,
I am using JDeveloper 11.1.1.2.0. I can successfully deploy & run the application on my Integrated & Standalone WLS 10.3.2.
If I make changes to the security policy, I can see the change reflecting in the next run, after being deployed on the Integrated & Standalone server.
However, making changes to the security policy & deploying it on the production UNIX WLS server (10.3.2) does not reflect the changes. In fact I do not see the changes on System-jazn-data.xml on the server.
I will appreciate any help on this issue.
Thank you,
Hi again
for a work around we tried deploying the .ear with a different name. Every thing is now working.
The problem is not completely resolved as this should not be an idle way to deploy.
The System-jazn-data.xml on the Unix server still shows the old deployed file name along with the new (with correct policies).
Thanks,
Similar Messages
-
Migrating ADF Security Policies to Active Directory
Hi,
Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
Thanks.Hi,
Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
Thanks. -
Migrating ADF Security to WLS using OID
I have seen a number of posts on this forum regarding deploying an application which has ADF Security enabled to a stand-alone WebLogic server, but none of them seem to address the following.
I have an application in JDeveloper which uses an XML-based identity store and policy store. I have a stand-alone WLS which is connected to OID. I am trying to migrate the credential store and policy store to the OID configured for my stand-alone WLS. The various blogs and OTN articles mentioned frequently in this forum regarding ADF Security address configuring OID in WLS, as well as how to migrate security to XML-based providers on WLS. However, I have not seen any information on how to migrate security to OID in WLS. I have a few questions in particular:
1) JDeveloper online help has limited information for modifying the jps-config.xml to have a destination context, service instance, and service provider for LDAP (OID). It has configuration parameters for “JpsFarmName” and “JpsRootNodeName”. What are these used for, and what should the values be?
2) Does the jps-config.xml file need to be modified in WLS (i.e. <Domain>/config/oracle/jps-config.xml)? Is this file even used at runtime by WLS?
3) How does WLS know to use OID for obtaining credential, identity, and policy information instead of system-jazn-data?
Any information on this topic would be very appreciated!
Thanks,
ErickHi,
I am using migrateSecurityStore for policy migration from xml to OID.
migrateSecurityStore(type="policyStore",configFile="t2p-policies.xml",src="XMLsourceContext",dst="LDAPdestinationContext")
when I run above command I am getting following error.
Jul 9, 2009 11:00:08 AM oracle.security.jps.internal.config.util.BootstrapConfig
urationUtil getCredentialFromBootstrapWallet
SEVERE: Cannot get credential. Reason java.security.PrivilegedActionException: o
racle.security.jps.service.credstore.CredStoreException.
COMMAND FAILED due to an unknown reason, Check the stack trace for details
Traceback (innermost last):
File "<console>", line 1, in ?
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 780, in migrateSec
urityStore
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 752, in migrateSec
urityStoreImpl
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(
LdapPolicyStore.java:230)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:108)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:55)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServ
iceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.DelegatingContextFactoryImp
l.findServiceInstance(DelegatingContextFactoryImpl.java:61)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:206)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getCo
ntextFromConfig(JpsContextFactoryImpl.java:171)
at oracle.security.jps.internal.tools.utility.util.JpsHelper.getContextF
romConfigObj(JpsHelper.java:115)
at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.g
etPolicyStoreForDestination(JpsPolicyAPIManager.java:157)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDs
tPolicy.<init>(JpsDstPolicy.java:186)
at oracle.security.jps.internal.tools.utility.destination.JpsInitializer
Dst.getDestinations(JpsInitializerDst.java:82)
at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtili
ty.java:63)
at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl
.migrateAllPolicyData(JpsUtilMigrationPolicyImpl.java:234)
at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand
(JpsUtilMigrationTool.java:167)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsRuntimeException
: Cannot read the default policy store.
thanks and regards
KishoreM -
Migrating ADF Security from file-based provider to LDAP provider
We have deployed a small application using ADF Security with file-based provider in OAS and it works fine.
Now we want to migrate to ADF Security using LDAP provider.
In order to make this possible we followed the next steps:
- Migrate all the roles and policies from the file to OID with JAZNMigrationtool.
- In OAS we've changed the Application Security Provider to 'Oracle Identity Management'.
- Reset the OC4J instance.
But there was no success, the application continues working with the file-based provider.
What more is necessary to configurate?Hi,
if you use EM make sure you change the setting for the application, not the general OC4J setting.
You can also deploy the provider settings with the orion-application.xml file added to your project
Frank -
NAC appliance(security policy/update-files)
Does anyone know something concerning to the following issues?
Please teach me what I can refer to on the WEB,if possible.
1. Is there any way to apply the policy(checking OS/AV) to the kind of client devices which CAA hadn't been installed such like guest user?
2. Is it possible that NAC appliance does clients only "port-scanning" (not checking OS/AV)?
3. If user-company already has their own "Anti-Virus Server" or "Windows-update Server", can CAM refer to their servers(not Cisco's policy-update-server) to get current update files?
4. How long does it take the update-files become available via Cisco's policy-update-server after each OS/AV-vender had released them?
RegardsNo, we should install Cisco Trust agent S/W in order to collect the information about the OS versions, AV versions etc to the Policy server. And based on the security policy of the organisation, we can communicate with the AV vendors like symmntac, Mcafee servers directly for the latest patches and updates.
-
Security.policy issue when running javarmi server.
hi guys,
i am trying to run a sample javarmi applications.
the code as follows:
file name : myRMIInterface.java
//package my_rmi_classes;
public interface myRMIInterface extends java.rmi.Remote {
public java.util.Date getDate() throws java.rmi.RemoteException;
//implementation program
// package my_rmi_classes;
import java.rmi.*;
import java.rmi.server.UnicastRemoteObject;
public class myRMIImpl extends UnicastRemoteObject implements myRMIInterface
public myRMIImpl(String name) throws RemoteException
super();
try
Naming.rebind(name,this);
catch(Exception e)
System.out.println("Exception occured:"+e);
public java.util.Date getDate()
return new java.util.Date();
application : myRMIServer.java
//package my_rmi_classes;
import java.rmi.*;
import java.rmi.server.UnicastRemoteObject;
public class myRMIServer {
* @param args the command line arguments
public static void main(String[] argv)
// TODO code application logic here
System.setSecurityManager(new RMISecurityManager());
try
myRMIImpl implementation = new myRMIImpl("myRMIimplInstance");
catch(Exception e)
System.out.println("satish exception occured :" +e);
steps which i follow to run this applicatons:
step 1: complie all the applications.
step 2: create myRMIImpl_Stub.class file by running RMIC
step 3: start rmiregistry
step 4: i download a policy file from sun website and i place that file in my source code folder.
i use 3 types of policy files which are as follows,,,
type 1:
grant{
permission java.net.SocketPermission "localhost:1099", "connect, resolve";
permission java.net.SocketPermission "localhost:1024-", "connect, resolve";
permission java.net.SocketPermission "localhost:1024-", "accept, resolve";
type 2:
grant codeBase "C:/week_project/rmi server files/" {
permission java.security.AllPermission;
note: all my java files(source code) files are in the folder (rmi server files). i copy all policy files in the same folder.
type 3:
grant {
// Allow everything for now
permission java.security.AllPermission;
step 5:
a:) C:\week_project\rmi server files\java -Djava.security.policy=(policy name).policy myRMIServer
b:) C:\week_project\rmi server files\java -Djava.security.policy=C:\........\(policy name).policy myRMIServer
when i work with type-1 policy file i got error message as follows
ERROR:
Exception occured:java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
type -2 policy file
ERROR
java.security.policy: error adding Entry:
java.net.MalformedURLException.AccessControlException : access denied(java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
type-3 policy file
ERROR
exception occured; java.rmi.connectexception : connection refused to host :127.0.0.1; nested exception is :
java.net.connectexception : connection refused : connect
i am trying to solve this from last week but i can't
so, please help me
with regards
satishwhat ever it is
hi guys,
i am trying to run a sample javarmi applications.
the code as follows:
file name : myRMIInterface.java
//package my_rmi_classes;
public interface myRMIInterface extends java.rmi.Remote {
public java.util.Date getDate() throws java.rmi.RemoteException;
}//implementation program
// package my_rmi_classes;
import java.rmi.*;
import java.rmi.server.UnicastRemoteObject;
public class myRMIImpl extends UnicastRemoteObject implements myRMIInterface
public myRMIImpl(String name) throws RemoteException
super();
try
Naming.rebind(name,this);
catch(Exception e)
System.out.println("Exception occured:"+e);
public java.util.Date getDate()
return new java.util.Date();
}application : myRMIServer.java
//package my_rmi_classes;
import java.rmi.*;
import java.rmi.server.UnicastRemoteObject;
public class myRMIServer {
* @param args the command line arguments
public static void main(String[] argv)
// TODO code application logic here
System.setSecurityManager(new RMISecurityManager());
try
myRMIImpl implementation = new myRMIImpl("myRMIimplInstance");
catch(Exception e)
System.out.println("satish exception occured :" +e);
}steps which i follow to run this applicatons:
step 1: complie all the applications.
step 2: create myRMIImpl_Stub.class file by running RMIC
step 3: start rmiregistry
step 4: i download a policy file from sun website and i place that file in my source code folder.
i use 3 types of policy files which are as follows,,,
type 1:
grant{
permission java.net.SocketPermission "localhost:1099", "connect, resolve";
permission java.net.SocketPermission "localhost:1024-", "connect, resolve";
permission java.net.SocketPermission "localhost:1024-", "accept, resolve";
type 2:
grant codeBase "C:/week_project/rmi server files/" {
permission java.security.AllPermission;
note: all my java files(source code) files are in the folder (rmi server files). i copy all policy files in the same folder.
type 3:
grant {
// Allow everything for now
permission java.security.AllPermission;
step 5:
a:) C:\week_project\rmi server files\java -Djava.security.policy=(policy name).policy myRMIServer
b:) C:\week_project\rmi server files\java -Djava.security.policy=C:\........\(policy name).policy myRMIServer
when i work with type-1 policy file i got error message as follows
ERROR:
Exception occured:java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
type -2 policy file
ERROR
java.security.policy: error adding Entry:
java.net.MalformedURLException.AccessControlException : access denied(java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
type-3 policy file
ERROR
exception occured; java.rmi.connectexception : connection refused to host :127.0.0.1; nested exception is :
java.net.connectexception : connection refused : connect
i am trying to solve this from last week but i can't
so, please help me
with regards
satish -
Migrate ADF application from OC4J to weblogic
Hi Experts,
we are trying to migrate ADF toystore demo(Version 10.1.2.46 (Built on 9-May-2005) from an IAS10.1.3 OC4J server to a fmw11g weblogic server,
We used the existing .ear from the old IAS server, and tried to deploy it though EM. Firstly we got below message:
[Wed Oct 21 22:21:44 PDT 2009] [Deployer:149191]Operation 'deploy' on application 'ADFToyStore' is initializing on 'fusion_demo'
[Wed Oct 21 22:21:44 PDT 2009] [Deployer:149192]Operation 'deploy' on application 'ADFToyStore' is in progress on 'fusion_demo'
[Wed Oct 21 22:21:44 PDT 2009] [Deployer:149193]Operation 'deploy' on application 'ADFToyStore' has failed on 'fusion_demo'
[Wed Oct 21 22:21:44 PDT 2009] java.lang.ClassNotFoundException: oracle.adf.model.servlet.ADFBindingFilter
[Wed Oct 21 22:21:44 PDT 2009] oracle.adf.model.servlet.ADFBindingFilter
[Wed Oct 21 22:21:45 PDT 2009] Deploy operation failed.
After installing adfmweb.jar as a library in target server, we tried again, but the error was just the same.
Can anyone give us a clue?
Thanks a lot,
ToddThat won't work. ADF 10g doesn't run on WLS. You need to upgrade to ADF 11g through JDeveloper.
See the Upgrade Guide: http://download.oracle.com/docs/cd/E12839_01/upgrade.1111/e10127/toc.htm
--olaf -
Problems with assembly update in Biztalk production server
Hi.
I'm facing a problem I cannot solve about an update in one of the resources of an application in Biztalk production server.
Suddenly a bug in an application that receives messages through an external web service appeared. To find out where the bug was occurring, the orchestration was filled with many EventLogs and some other things to test. After the bug was tracked and corrected,
it was added an update in resource with the original code of orchestration, that way the EventLogs were no more logged in Event Viewer and the other things wouldn't exists in production.
Occurrs that the EventLogs are still being logged in Event Viewer. Even after the resource was added many times in server and after many resets in the host instances.
The problem aren't the logged events, are the other things that we must remove from production to avoid headaches.
There is a way to fix this? Or some better way to search a resolution for that?
I'm thinking remove the resource, reset the hosts instances, then add the resource and reset again, but for me this is very hardcore, even more in the production Server.
Usually, the deployment in production Server is made based in the import of msi files and execution of this files. The "Add -> Biztalk Assemblies" method was used this time only because was an emergency. I don't know if makes sense.
Thank you for reading, please if you have any answer or material to solve this, reply this question. If you don't understand something because of the English I'm very sorry, I'm still learning the language (and yes I use Google Translate).Rafael,
Enabling the options for GAC as you did, should GAC the components.
BizTalk uses
C:\Windows\assembly folder for assemblies. So when you import the msi with GACing options enables, ensure the assemblies are gaced in C:\Windows\assembly folder.
Otherwise, just drag and drop the assemblies from your folder to this folder. Or using command prompt
cd to c:\windows\assembly\gac_msil and copy the assembly from your folder.
Ensure you have GACed the assemblies in all the BizTalk processing machines when you more than one BizTalk machines.
Also ensure you’re restarting the correct host instances. If the artefact under the isolated host instance, ensure Application pool /IIS is restarted.
If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply. -
ADF Security + Policy definition repository
Hello,
As mentioned in the adf_security document, we are using the fusion middleware control to manage the security for deployed application.The policy store shows the principal,permission class details.
With this information it is very hard for user(administrators) to manage the security. With current information display, i think administrator also should be aware of the technical terms used in the application for particular resource or particular task flow name resource/region name.,
e.g in fusionmiddleware control
Permission Class oracle.adf.controller.security.TaskFlowPermission
Resource Name /WEB-INF/flows/sampleTF.xml#sampleTF
Permission Actions view
Is there way to provide some descriptive name for resource name , so that end user can understand what is task flow or resource is??
Any idea??Hi,
no, not that I am aware of. Looking at the jazn-data.xml XSD
<permission>
Child elements: <class>, <name>, <actions>There is no metadata available for a descriptive name of the permission class of the target name. OPSS would need to change their XML to allow descriptive names.
Frank -
How to manually create security policy in integrated web logic server
Hi,
I am trying to run a webcenter portal app that uses web services and has security enabled thru policies. I am no expert in terms of web service security and I am encountering this error.
The password credentials cannot be obtained from the Credential Store Framework (CSF). Unable to retrive the csfKey "BASIC_KEY". The csf map "oracle.wsm.security" found in the credential store is being used and the following keys are found in this map...I know this is related to security but how do I define or create this in my integrated weblogic server? The web service I think use the oracle/wss_http_token_client_policy
Thanks
JDEV 11G PS5Hi,
Found this link http://portal.intelitur.com/webcenterhelp/faces/helppages/main.jspx;jsessionid=GH3XQt2ZfTpLMRXQNytrrmLyfBh9DZR0nhjvwWgw8knck3FvjQ0J!1175791655!1369545269?locale=es-ES&vtTopicFile=wcadm%2Fwcadm_security_wss004.htm&config=OHW+Servlet&_adf.ctrl-state=17i2c8oad3_4
although I am unsuccessful
createCred(map="oracle.wsm.security", key="BASIC_KEY", user="user", password="user1", desc="Keystore key")when I execute this code using WLST, I am encountering below error
Traceback (innermost la
File "<console>", lin
NameError: createCred..what could be the cause? -
Unable to access URL for a webservice in weblogic integration server
Hi
I have an application in which i deployed a webservice , however when i am trying to access it , it throws the exception weblogic.webservice.tools.wsdlp.WSDLParseException . "failed to retrieve WSDL from URL"Hi
The error you typed is not enough. Can you please give us more information about error in log. (wls and application log) -
Adf security misbehaving in production environment
Hi all,
I am using jdev 11.1.2.2 and weblogic 10.3.6
I have implemented adf security from based authentication in my web application and i have used sql authenticator for authentication.
In my integrated WLS everything works fine . but in the production WLS what is happening is when the user access a Protected Page without login it navigates to the protected page instead of navigating him to the login page. In the integrated WLS this happens normally .
Has anyone faced this issue before ? What can be wrong ?
I have added my web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
<param-value>false</param-value>
</context-param>
<session-config>
<session-timeout>5</session-timeout>
</session-config>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>oracle.adf.view.rich.SUPPRESS_IDS</param-name>
<param-value>auto</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
<param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
<param-value>differentOrigin</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_VIEW_MAPPINGS</param-name>
<param-value>*.jsf;*.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_XML_INSTRUCTIONS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_DECORATORS</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfTagDecorator</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_RESOURCE_RESOLVER</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfFaceletsResourceResolver</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>ADFLibraryFilter</filter-name>
<filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>ADFLibraryFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>adfAuthentication</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGAUGESERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>MapProxyServlet</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adflibResources</servlet-name>
<servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGAUGESERVLET</servlet-name>
<url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MapProxyServlet</servlet-name>
<url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/bi/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adflibResources</servlet-name>
<url-pattern>/adflib/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>swf</extension>
<mime-type>application/x-shockwave-flash</mime-type>
</mime-mapping>
<mime-mapping>
<extension>amf</extension>
<mime-type>application/x-amf</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Allowed ADF Resources</web-resource-name>
<url-pattern>/adf/*</url-pattern>
<url-pattern>/afr/*</url-pattern>
<url-pattern>/bi/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/faces/login</form-login-page>
<form-error-page>/faces/login</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>Thanks,
RakeshHi Rakesh,
Make sure you have migrated the policy store to the production server. When Weblogic Server is running in production mode, automatic credential overwrite is not allowed. From the developer's guide:
When the target server is configured for production mode, you typically handle the migration task outside of JDeveloper using tools like Oracle Enterprise Manager. For details about using tools outside of JDeveloper to migrate the policy store to the domain-level in a production environment, see the Oracle Containers for J2EE Security Guide. Note that Oracle WebLogic Server running in production mode does not support the overwriting of system credentials under any circumstances.http://docs.oracle.com/cd/E26098_01/web.1112/e16182/adding_security.htm#CDDGFDFH
HTH,
Joonas -
ADF BC 11g, Weblogic 10.3 - Deployment Issue with ADF Security
Hi all,
I know there are many many blogs about deployment of an 11g app using ADF Security to a WLS 10.3 server, however, none appear to be working for me.. or I'm not working with them! :P
I've deployed an .ear file to the WLS 10.3 and this works fine - after following these steps
http://www.freewebalbum.com/blogs/faces/bjanko/blogs.jsp?blog=bjanko20090127130431
I then followed Steve's migration technique
http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html
That all built correctly.
I then tried to access the app via browser, entered in the user cred (created under Security Realms in WLS 10.3 admin console - user and groups).
I attempted to login, and received an "Error 401--Unauthorized" error.
I'll that I see in the server log is:
[JpsWlsFilter.doFilter] setContextID to testApp
I'm totally stuck, so any ideas would be awesome.
Cheers,
chrisJust gave that a shot.. No dice unfortunately.
Steve Muench wrote:
You can omit -DdstApp=DEPLOYAPPNAME if the deployed application name is the same as the source application name you supplied in the -DsrcApp=APPNAME argument.I hate massive code dumping... but this is my jazn-data.xml
<?xml version = '1.0' encoding = 'UTF-8'?>
<jazn-data>
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
<users>
<user>
<name>system</name>
<guid>0300AED0A9A411DD8F304FB2D3E85932</guid>
<credentials>{903}G5cbldq4HwMVt/gQpv1lXuNdLYbSu20y</credentials>
</user>
</users>
<roles>
<role>
<name>PlusAdmin</name>
<guid>0300AED1A9A411DD8F304FB2D3E85932</guid>
<members>
<member>
<type>user</type>
<name>system</name>
</member>
</members>
</role>
<role>
<name>PlusUser</name>
<guid>0300AED2A9A411DD8F304FB2D3E85932</guid>
<members>
<member>
<type>user</type>
<name>system</name>
</member>
</members>
</role>
</roles>
</realm>
</jazn-realm>
<policy-store>
<applications>
<application>
<name>TestApp</name>
<app-roles>
<app-role>
<name>PlusAdmin</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<members>
<member>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
<name>system</name>
</member>
</members>
</app-role>
<app-role>
<name>PlusUser</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<members>
<member>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
<name>system</name>
</member>
</members>
</app-role>
</app-roles>
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
<name>anonymous-role</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.LogonPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.LogonErrorPageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<name>PlusAdmin</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
<actions>customize,edit,grant,personalize,view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<name>PlusUser</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>com.delexian.plus.ui.pageDefs.HomePageDef</name>
<actions>customize,edit,grant,personalize,view</actions>
</permission>
</permissions>
</grant>
</jazn-policy>
</application>
</applications>
</policy-store>
<jazn-policy/>
</jazn-data> -
Unable to Extend the Tablespace in BW Production Server
Hello Gurus,
I am unable to extend the tablespace - PSAPODSD in our BW production server.
While extending it throws this error
BR1052E File odsd.data53 is already used by the database - this can cause problems in backups
I am attaching the log for your reference
Options for extension of tablespace PSAPODSD (1. file)
1 * Last added file name (lastfile) ....... [/oracle/PBW/sapdata3/odsd_52/odsd.data52]
2 * Last added file size in MB (lastsize) . [2000]
3 - New file to be added (file) ........... [/oracle/PBW/sapdata2/odsd_53/odsd.data53]
4 ~ Raw disk / link target (rawlink) ...... []
5 - Size of the new file in MB (size) ..... [2000]
6 - File autoextend mode (autoextend) ..... [no]
7 # Maximum file size in MB (maxsize) ..... []
8 # File increment size in MB (incrsize) .. []
9 - SQL command (command) ................. [alter tablespace PSAPODSD add datafile '/oracle/PBW/sapdata2/odsd_53/odsd.data53' size 2000M autoextend off]
Standard keys: c - cont, b - back, s - stop, r - refr, h - help
BR0662I Enter your choice:
BR0280I BRSPACE time stamp: 2009-05-04 07.32.04
BR0663I Your choice: 'c'
BR0259I Program execution will be continued...
BR1052E File odsd.data53 is already used by the database - this can cause problems in backups
BR0669I Cannot continue due to previous warnings or errors - you can go back to repeat the last action
BR0280I BRSPACE time stamp: 2009-05-04 07.32.04
BR0671I Enter 'b[ack]' to go back, 's[top]' to abort:
BR0280I BRSPACE time stamp: 2009-05-04 07.32.10
BR0257I Your reply: 'b'
BR0673I Going back to the previous menu...
Please guide us to resolve this issue .
Imp - backup is completed successfully, I checked through sqlplus V$backup there is no active files
Thanks & Regards
ShishirHi,
login as ora<SID> and run this
sqlplus "/as sysdba"
sql> select FILE_NAME from dba_data_files where TABLESPACE_NAME='PSAPODSD';
This will show the list of the files located at os level and check whether the "odsd.data53" is present in which sapdata*. If this exist then add a new datafile.
Thanks
Arun -
ADF Security unable to run/deploy
Hi all,
I want to use ADF Security in my new project, so I created an simple test application in my JDeveloper 11g R1.
What I have done is simple, I created a new application using Fusion Web Application Template, and then I run the Config ADF Security Wizard from Application->Secure menu. In the wizard, I selected generate default login page, and welcome page. Then I try to run the login.html.
But I failed with the following error messages, can anybody help me?
Thanks in advanced.
2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : wsm-pm
2009年11月16日 下午02:13:17 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
<2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<2009年11月16日 下午02時13分37秒 CST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00001. Log messages will continue to be logged in C:\Documents and Settings\itssdu10\Application Data\JDeveloper\system11.1.1.1.33.54.07\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<2009年11月16日 下午02時13分37秒 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
2009年11月16日 下午02:13:38 oracle.wsm.audit.Auditor <init>
資訊: Created J2EE application auditor for componentType=oracle.security.jps.internal.audit.AuditServiceImpl$Auditor@95c8c2
2009年11月16日 下午02:13:38 oracle.adf.share.config.ADFConfigFactory getInstance
資訊: ADF Config instance implementation in use is : oracle.adf.share.config.MDSConfigFactory
2009年11月16日 下午02:13:41 oracle.adf.share.config.ADFMDSConfig parseADFConfiguration
資訊: Configuration file:/META-INF/adf-config.xmlcannot not be read by MDS. Reading directly from the classpath
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.16.127.167:7101 for protocols iiop, t3, ldap, snmp, http.>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<2009年11月16日 下午02時13分42秒 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
DefaultServer startup time: 53578 ms.
DefaultServer started.
[Running application TestLogin on Server Instance DefaultServer...]
<2009年11月16日 下午02時13分49秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application TestLogin is not versioned.>
2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: Application ID : TestLogin
2009年11月16日 下午02:13:49 oracle.mds.internal.lcm.logging.MDSLCMLogger info
資訊: "Metadata Services: Metadata archive (MAR) not found."
2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application [TestLogin] is being deployed, start policy migration with jps.policystore.migration set to OVERWRITE.
2009年11月16日 下午02:13:49 JpsApplicationLifecycleListener Policy Migration
資訊: Application policy migration for [TestLogin] is completed successfully.
2009年11月16日 下午02:13:50 JpsApplicationLifecycleListener Policy Migration
資訊: Codebase policy migration for [TestLogin] is completed successfully.
<2009年11月16日 下午02時13分50秒 CST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1258352028648' for task '0'. Error is: 'java.lang.NullPointerException'
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
>
<2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'TestLogin'.>
<2009年11月16日 下午02時13分50秒 CST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
>
[02:13:50 PM] Weblogic Server Exception: weblogic.application.WrappedDeploymentException
[02:13:50 PM] See server logs or server console for more details.
[02:13:50 PM] #### Deployment incomplete. ####
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:483)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:332)
... 11 more
Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.deployApplication(Jsr88DeploymentHelper.java:465)
... 12 more
#### Cannot run application TestLogin due to error deploying to DefaultServer.
[Application TestLogin stopped and undeployed from Server Instance DefaultServer]
Samson FuI found the deployment was failed inside JDeveloper from the error message, so the application is not able to run from JDeveloper. I don't understand why JDeveloper unable to run the application that generate by the build-in wizard. I've tried to reinstall my JDeveloper 11g, but still cannot have it work.
Regards,
Samson Fu
Maybe you are looking for
-
trying to remove an old version of I tunes, but keep getting the message 'The folder path I Tunes contains an invalid character' It won't let me go any further, have tried deleting/repairing but get the same message and am blocked from continuing?
-
Having trouble with my print operating system. It will not hold presets. If I upgrade to Lion, will Lion replace Leopard's print operating system?
-
My iCal is running slow and is empty.
I have my gmail linked to my iPhone and my Mac. However, lately it has been running slow and shows that I have no events at all, not even in the past years. My iPhone, however, shows that there are events. It shows that it the account is on there (Th
-
I thought i could figure this one out by myself but so far no success. I have a track with 38 short movies and using story markers so i can have the option of playing all or just single movies. My problem is 2 of the movies do not play through the st
-
Need to change my Apple ID to a gmail address in preparation for a move outside the US. When I did this, it did not change in iCloud and I have not been able to determine how to change this ID in iCloud for either my Mac or iPad? I had to revert to