This discussion is archived
1 2 Previous Next 15 Replies Latest reply: Mar 11, 2013 2:11 PM by 694143 RSS

Error 403--Forbidden after login

694143 Newbie
Currently Being Moderated
I am using Jdeveloper 11g R2 to create a simple ADF application:
- New -> Fusion Web Application (ADF) and follow through the process to create the model/view projects
- Application --> Secure --> Configure ADF Security --> ADF Authentication
- select auto-gen login. error and welcome pages
- deploy the ADF application as EAR

The deployement was successful and was able to get the login page. If inputting wrong password, I got back the error page. However, if I input correct id/pwd, I got "Error 403--Forbidden":

Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

I did not change even a single line after all these files generation. I tihink it should work but it didn't.

Anyone got any clue?
  • 1. Re: Error 403--Forbidden after login
    Sudipto Desmukh Expert
    Currently Being Moderated
    See if this helps
    http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html
  • 2. Re: Error 403--Forbidden after login
    694143 Newbie
    Currently Being Moderated
    I have already looked at that site before my post and the problen there was kind of different. In my case, I saw the weblogic.xml file was generated perfectly fine:

    <?xml version = '1.0' encoding = 'windows-1252'?>
    <weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.1/weblogic-web-app.xsd"
    xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app">
    <security-role-assignment>
    <role-name>valid-users</role-name>
    <principal-name>users</principal-name>
    </security-role-assignment>
    </weblogic-web-app>

    Can you follow my steps to generate such simple project to see if you will get the same problem? It just takes you about 5 mins.

    Thanks!
  • 4. Re: Error 403--Forbidden after login
    694143 Newbie
    Currently Being Moderated
    Hi Suresh,

    yes, I did give authentication via:
    - Application --> Secure --> Configure ADF Security --> ADF Authentication
    - select auto-gen login. error and welcome pages

    I am new to ADF and wanna create a simple ADF project just involves pages for login, error and welcome using only "ADF Authentication"

    Can you kindly tell me what else I am missing?

    Thanks!
  • 5. Re: Error 403--Forbidden after login
    Timo Hahn Oracle ACE
    Currently Being Moderated
    User, you might have seen this Oracle Magazin article (http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html) about security which provides a walk through on how to setup security.

    Timo
  • 6. Re: Error 403--Forbidden after login
    694143 Newbie
    Currently Being Moderated
    Thanks Timo.

    I went thr the doc but it uses "ADF Authentication and Authorization" as security. In my case, I just need "ADF Authentication" only. I think jdev auto-generated all the stuffs I need, so not sure what else I've to add.
  • 7. Re: Error 403--Forbidden after login
    Arunkumar Ramamoorthy Guru
    Currently Being Moderated
    Hi,

    Have you tried removing the applied ADF Security (In the Configure ADF Security dialog, select the option Remove ADF Security Configuration option), and then re-apply the security to see if the issue is resolved?

    -Arun
  • 8. Re: Error 403--Forbidden after login
    694143 Newbie
    Currently Being Moderated
    Hi Arunkumar,

    yes, I tried that already (remove and then apply again) but the issue remains. Still trying and researching...

    Thanks!
  • 9. Re: Error 403--Forbidden after login
    Arunkumar Ramamoorthy Guru
    Currently Being Moderated
    Hi,

    Can you also make sure you have a security constraint added to allow valid users to access all the pages?

    See if you have a similar entry in your web.xml
     <security-constraint>
        <web-resource-collection>
          <web-resource-name>allPages</web-resource-name>
          <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>valid-users</role-name>
        </auth-constraint>
      </security-constraint>
    -Arun
  • 10. Re: Error 403--Forbidden after login
    694143 Newbie
    Currently Being Moderated
    Hi Arun,

    yes, jdev auto-generated the security constraint.

    Here are the complete files:

    web.xml
    ----------------
    <?xml version = '1.0' encoding = 'windows-1252'?>
    <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    version="2.5">
    <context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>client</param-value>
    </context-param>
    <context-param>
    <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
    <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
    <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
    <param-name>oracle.adf.view.rich.security.FRAME_BUSTING</param-name>
    <param-value>differentDomain</param-value>
    </context-param>
    <filter>
    <filter-name>JpsFilter</filter-name>
    <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
    <init-param>
    <param-name>enable.anonymous</param-name>
    <param-value>true</param-value>
    </init-param>
    <init-param>
    <param-name>remove.anonymous.role</param-name>
    <param-value>false</param-value>
    </init-param>
    </filter>
    <filter>
    <filter-name>trinidad</filter-name>
    <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
    </filter>
    <filter>
    <filter-name>ServletADFFilter</filter-name>
    <filter-class>oracle.adf.share.http.ServletADFFilter</filter-class>
    </filter>
    <filter>
    <filter-name>adfBindings</filter-name>
    <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>JpsFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>trinidad</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>ServletADFFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfBindings</filter-name>
    <servlet-name>adfAuthentication</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
    <servlet-name>resources</servlet-name>
    <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>MapProxyServlet</servlet-name>
    <servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <init-param>
    <param-name>success_url</param-name>
    <param-value>welcome.jspx</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/adf/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/afr/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <url-pattern>/servlet/GraphServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <url-pattern>/servlet/GaugeServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>MapProxyServlet</servlet-name>
    <url-pattern>/mapproxy/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/bi/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </servlet-mapping>
    <mime-mapping>
    <extension>swf</extension>
    <mime-type>application/x-shockwave-flash</mime-type>
    </mime-mapping>
    <mime-mapping>
    <extension>amf</extension>
    <mime-type>application/x-amf</mime-type>
    </mime-mapping>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>allPages</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>valid-users</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>adfAuthentication</web-resource-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>valid-users</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/login.html</form-login-page>
    <form-error-page>/error.html</form-error-page>
    </form-login-config>
    </login-config>
    <security-role>
    <role-name>valid-users</role-name>
    </security-role>
    </web-app>

    ----------------
    weblogic.xml:
    <?xml version = '1.0' encoding = 'windows-1252'?>
    <weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.1/weblogic-web-app.xsd"
    xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app">
    <security-role-assignment>
    <role-name>valid-users</role-name>
    <principal-name>users</principal-name>
    </security-role-assignment>
    </weblogic-web-app>
  • 11. Re: Error 403--Forbidden after login
    jiangtiaofa4 Newbie
    Currently Being Moderated
    Hi

    I have the same problem now. have you resolved the problem?
  • 12. Re: Error 403--Forbidden after login
    694143 Newbie
    Currently Being Moderated
    Found a workaround (kind of)...
    1) create a brand new ADF project
    2) create a dummy ADF page
    3) add Authentication stuffs

    Somehow you need to create a ADF page before adding any other things/config.

    But again the behavior is not "stable" enough - it works in Jdev integrated WLS but not always work in a standalone WLS.

    Good luck!
  • 13. Re: Error 403--Forbidden after login
    jiangtiaofa4 Newbie
    Currently Being Moderated
    thanks for your reply.
    I maybe found the solution that redirect to the welcome page without no 403 error.

    web.xml
    --------------------------------------------------------------------------
    default the configuration about the authentication servlet

    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </servlet-mapping>

    --------------------------------------------------------------------------
    URL like the http://localhost:7001/SecurityDemo/ after login successfully.
    As a result to solve the problem, modify the web.xml as following.
    default the configuration about the authentication servlet

    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/</url-pattern>
    </servlet-mapping>

    --------------------------------------------------------------------------

    the 403 error can be solved, but Is it possible that any problem happan?
  • 14. Re: Error 403--Forbidden after login
    Nilum Explorer
    Currently Being Moderated
    Hi!

    Hope you select the form base authentication.
    --> 'welcome' page should be your page(You can set the path to your page in wizard).

    In your application find the jazn-data.xml file(Application Resource panel-->META-INF).
    In the user section add user name and password.
    Add sample enterprise role like 'ADMIN' and same section add member(user name)
    Create application role. E.g: 'INDEX_PAGE'. In the mapping section add Enterprise Role --> ADMIN
    In the resource grant section select resource type as 'task flow' and you can see your task flow. Then add application role to 'Granted to' section as INDEX_PAGE.
    Then select resource type 'Web Page' from resource grant section and add same application role.

    Now use jazn-data.xml defined user name to access the page.

    Nilum.
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points