1 2 Previous Next 15 Replies Latest reply: Mar 11, 2013 4:11 PM by 694143 RSS

    Error 403--Forbidden after login

    694143
      I am using Jdeveloper 11g R2 to create a simple ADF application:
      - New -> Fusion Web Application (ADF) and follow through the process to create the model/view projects
      - Application --> Secure --> Configure ADF Security --> ADF Authentication
      - select auto-gen login. error and welcome pages
      - deploy the ADF application as EAR

      The deployement was successful and was able to get the login page. If inputting wrong password, I got back the error page. However, if I input correct id/pwd, I got "Error 403--Forbidden":

      Error 403--Forbidden
      From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
      10.4.4 403 Forbidden

      The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

      I did not change even a single line after all these files generation. I tihink it should work but it didn't.

      Anyone got any clue?
        • 1. Re: Error 403--Forbidden after login
          Sudipto Desmukh
          See if this helps
          http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html
          • 2. Re: Error 403--Forbidden after login
            694143
            I have already looked at that site before my post and the problen there was kind of different. In my case, I saw the weblogic.xml file was generated perfectly fine:

            <?xml version = '1.0' encoding = 'windows-1252'?>
            <weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.1/weblogic-web-app.xsd"
            xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app">
            <security-role-assignment>
            <role-name>valid-users</role-name>
            <principal-name>users</principal-name>
            </security-role-assignment>
            </weblogic-web-app>

            Can you follow my steps to generate such simple project to see if you will get the same problem? It just takes you about 5 mins.

            Thanks!
            • 4. Re: Error 403--Forbidden after login
              694143
              Hi Suresh,

              yes, I did give authentication via:
              - Application --> Secure --> Configure ADF Security --> ADF Authentication
              - select auto-gen login. error and welcome pages

              I am new to ADF and wanna create a simple ADF project just involves pages for login, error and welcome using only "ADF Authentication"

              Can you kindly tell me what else I am missing?

              Thanks!
              • 5. Re: Error 403--Forbidden after login
                Timo Hahn
                User, you might have seen this Oracle Magazin article (http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html) about security which provides a walk through on how to setup security.

                Timo
                • 6. Re: Error 403--Forbidden after login
                  694143
                  Thanks Timo.

                  I went thr the doc but it uses "ADF Authentication and Authorization" as security. In my case, I just need "ADF Authentication" only. I think jdev auto-generated all the stuffs I need, so not sure what else I've to add.
                  • 7. Re: Error 403--Forbidden after login
                    Arunkumar Ramamoorthy-Oracle
                    Hi,

                    Have you tried removing the applied ADF Security (In the Configure ADF Security dialog, select the option Remove ADF Security Configuration option), and then re-apply the security to see if the issue is resolved?

                    -Arun
                    • 8. Re: Error 403--Forbidden after login
                      694143
                      Hi Arunkumar,

                      yes, I tried that already (remove and then apply again) but the issue remains. Still trying and researching...

                      Thanks!
                      • 9. Re: Error 403--Forbidden after login
                        Arunkumar Ramamoorthy-Oracle
                        Hi,

                        Can you also make sure you have a security constraint added to allow valid users to access all the pages?

                        See if you have a similar entry in your web.xml
                         <security-constraint>
                            <web-resource-collection>
                              <web-resource-name>allPages</web-resource-name>
                              <url-pattern>/*</url-pattern>
                            </web-resource-collection>
                            <auth-constraint>
                              <role-name>valid-users</role-name>
                            </auth-constraint>
                          </security-constraint>
                        -Arun
                        • 10. Re: Error 403--Forbidden after login
                          694143
                          Hi Arun,

                          yes, jdev auto-generated the security constraint.

                          Here are the complete files:

                          web.xml
                          ----------------
                          <?xml version = '1.0' encoding = 'windows-1252'?>
                          <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
                          version="2.5">
                          <context-param>
                          <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
                          <param-value>client</param-value>
                          </context-param>
                          <context-param>
                          <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
                          <param-value>false</param-value>
                          </context-param>
                          <context-param>
                          <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
                          <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
                          <param-value>false</param-value>
                          </context-param>
                          <context-param>
                          <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
                          <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
                          <param-value>false</param-value>
                          </context-param>
                          <context-param>
                          <description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
                          <param-name>oracle.adf.view.rich.security.FRAME_BUSTING</param-name>
                          <param-value>differentDomain</param-value>
                          </context-param>
                          <filter>
                          <filter-name>JpsFilter</filter-name>
                          <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
                          <init-param>
                          <param-name>enable.anonymous</param-name>
                          <param-value>true</param-value>
                          </init-param>
                          <init-param>
                          <param-name>remove.anonymous.role</param-name>
                          <param-value>false</param-value>
                          </init-param>
                          </filter>
                          <filter>
                          <filter-name>trinidad</filter-name>
                          <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
                          </filter>
                          <filter>
                          <filter-name>ServletADFFilter</filter-name>
                          <filter-class>oracle.adf.share.http.ServletADFFilter</filter-class>
                          </filter>
                          <filter>
                          <filter-name>adfBindings</filter-name>
                          <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
                          </filter>
                          <filter-mapping>
                          <filter-name>JpsFilter</filter-name>
                          <url-pattern>/*</url-pattern>
                          <dispatcher>FORWARD</dispatcher>
                          <dispatcher>REQUEST</dispatcher>
                          <dispatcher>INCLUDE</dispatcher>
                          </filter-mapping>
                          <filter-mapping>
                          <filter-name>trinidad</filter-name>
                          <servlet-name>Faces Servlet</servlet-name>
                          <dispatcher>FORWARD</dispatcher>
                          <dispatcher>REQUEST</dispatcher>
                          <dispatcher>ERROR</dispatcher>
                          </filter-mapping>
                          <filter-mapping>
                          <filter-name>ServletADFFilter</filter-name>
                          <servlet-name>Faces Servlet</servlet-name>
                          <dispatcher>FORWARD</dispatcher>
                          <dispatcher>REQUEST</dispatcher>
                          </filter-mapping>
                          <filter-mapping>
                          <filter-name>adfBindings</filter-name>
                          <servlet-name>adfAuthentication</servlet-name>
                          <dispatcher>FORWARD</dispatcher>
                          <dispatcher>REQUEST</dispatcher>
                          </filter-mapping>
                          <servlet>
                          <servlet-name>Faces Servlet</servlet-name>
                          <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
                          <load-on-startup>1</load-on-startup>
                          </servlet>
                          <servlet>
                          <servlet-name>resources</servlet-name>
                          <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
                          </servlet>
                          <servlet>
                          <servlet-name>BIGRAPHSERVLET</servlet-name>
                          <servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
                          </servlet>
                          <servlet>
                          <servlet-name>BIGAUGESERVLET</servlet-name>
                          <servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
                          </servlet>
                          <servlet>
                          <servlet-name>MapProxyServlet</servlet-name>
                          <servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
                          </servlet>
                          <servlet>
                          <servlet-name>adfAuthentication</servlet-name>
                          <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
                          <init-param>
                          <param-name>success_url</param-name>
                          <param-value>welcome.jspx</param-value>
                          </init-param>
                          <load-on-startup>1</load-on-startup>
                          </servlet>
                          <servlet-mapping>
                          <servlet-name>Faces Servlet</servlet-name>
                          <url-pattern>/faces/*</url-pattern>
                          </servlet-mapping>
                          <servlet-mapping>
                          <servlet-name>resources</servlet-name>
                          <url-pattern>/adf/*</url-pattern>
                          </servlet-mapping>
                          <servlet-mapping>
                          <servlet-name>resources</servlet-name>
                          <url-pattern>/afr/*</url-pattern>
                          </servlet-mapping>
                          <servlet-mapping>
                          <servlet-name>BIGRAPHSERVLET</servlet-name>
                          <url-pattern>/servlet/GraphServlet/*</url-pattern>
                          </servlet-mapping>
                          <servlet-mapping>
                          <servlet-name>BIGAUGESERVLET</servlet-name>
                          <url-pattern>/servlet/GaugeServlet/*</url-pattern>
                          </servlet-mapping>
                          <servlet-mapping>
                          <servlet-name>MapProxyServlet</servlet-name>
                          <url-pattern>/mapproxy/*</url-pattern>
                          </servlet-mapping>
                          <servlet-mapping>
                          <servlet-name>resources</servlet-name>
                          <url-pattern>/bi/*</url-pattern>
                          </servlet-mapping>
                          <servlet-mapping>
                          <servlet-name>adfAuthentication</servlet-name>
                          <url-pattern>/adfAuthentication</url-pattern>
                          </servlet-mapping>
                          <mime-mapping>
                          <extension>swf</extension>
                          <mime-type>application/x-shockwave-flash</mime-type>
                          </mime-mapping>
                          <mime-mapping>
                          <extension>amf</extension>
                          <mime-type>application/x-amf</mime-type>
                          </mime-mapping>
                          <security-constraint>
                          <web-resource-collection>
                          <web-resource-name>allPages</web-resource-name>
                          <url-pattern>/*</url-pattern>
                          </web-resource-collection>
                          <auth-constraint>
                          <role-name>valid-users</role-name>
                          </auth-constraint>
                          </security-constraint>
                          <security-constraint>
                          <web-resource-collection>
                          <web-resource-name>adfAuthentication</web-resource-name>
                          <url-pattern>/adfAuthentication</url-pattern>
                          </web-resource-collection>
                          <auth-constraint>
                          <role-name>valid-users</role-name>
                          </auth-constraint>
                          </security-constraint>
                          <login-config>
                          <auth-method>FORM</auth-method>
                          <form-login-config>
                          <form-login-page>/login.html</form-login-page>
                          <form-error-page>/error.html</form-error-page>
                          </form-login-config>
                          </login-config>
                          <security-role>
                          <role-name>valid-users</role-name>
                          </security-role>
                          </web-app>

                          ----------------
                          weblogic.xml:
                          <?xml version = '1.0' encoding = 'windows-1252'?>
                          <weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                          xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.1/weblogic-web-app.xsd"
                          xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app">
                          <security-role-assignment>
                          <role-name>valid-users</role-name>
                          <principal-name>users</principal-name>
                          </security-role-assignment>
                          </weblogic-web-app>
                          • 11. Re: Error 403--Forbidden after login
                            jiangtiaofa4
                            Hi

                            I have the same problem now. have you resolved the problem?
                            • 12. Re: Error 403--Forbidden after login
                              694143
                              Found a workaround (kind of)...
                              1) create a brand new ADF project
                              2) create a dummy ADF page
                              3) add Authentication stuffs

                              Somehow you need to create a ADF page before adding any other things/config.

                              But again the behavior is not "stable" enough - it works in Jdev integrated WLS but not always work in a standalone WLS.

                              Good luck!
                              • 13. Re: Error 403--Forbidden after login
                                jiangtiaofa4
                                thanks for your reply.
                                I maybe found the solution that redirect to the welcome page without no 403 error.

                                web.xml
                                --------------------------------------------------------------------------
                                default the configuration about the authentication servlet

                                <servlet-mapping>
                                <servlet-name>adfAuthentication</servlet-name>
                                <url-pattern>/adfAuthentication</url-pattern>
                                </servlet-mapping>

                                --------------------------------------------------------------------------
                                URL like the http://localhost:7001/SecurityDemo/ after login successfully.
                                As a result to solve the problem, modify the web.xml as following.
                                default the configuration about the authentication servlet

                                <servlet-mapping>
                                <servlet-name>adfAuthentication</servlet-name>
                                <url-pattern>/</url-pattern>
                                </servlet-mapping>

                                --------------------------------------------------------------------------

                                the 403 error can be solved, but Is it possible that any problem happan?
                                • 14. Re: Error 403--Forbidden after login
                                  Nilum
                                  Hi!

                                  Hope you select the form base authentication.
                                  --> 'welcome' page should be your page(You can set the path to your page in wizard).

                                  In your application find the jazn-data.xml file(Application Resource panel-->META-INF).
                                  In the user section add user name and password.
                                  Add sample enterprise role like 'ADMIN' and same section add member(user name)
                                  Create application role. E.g: 'INDEX_PAGE'. In the mapping section add Enterprise Role --> ADMIN
                                  In the resource grant section select resource type as 'task flow' and you can see your task flow. Then add application role to 'Granted to' section as INDEX_PAGE.
                                  Then select resource type 'Web Page' from resource grant section and add same application role.

                                  Now use jazn-data.xml defined user name to access the page.

                                  Nilum.
                                  1 2 Previous Next