6 Replies Latest reply on Jun 4, 2013 3:13 PM by 1012386

    Not able to render the jsf page after redirecting from a servlet

      Hi All,

      Here is my problem....

      I have created a servletFilter which will redirect to one external application, that will authenticate the user and should redirect to a *.jspx page created in my local jDeveloper.

      After authentication, the request is redirecting to the "Welcome.jspx" (i am able to see that in the url), but the adf components in the page are not displaying.. i.e., i am getting a blank page..!!

      To my surprise, there were no errors in the console also..!!

      I have configured the servlet, in the web.xml like this:

      <servlet-name>Faces Servlet</servlet-name>

      Still the page is not able to initiate the faces context.
      Please help me in this issue..

      Thanks in Advance,

      Will be waiting....
        • 1. Re: Not able to render the jsf page after redirecting from a servlet
          Jani Rautiainen-Oracle
          What exactly does the "external application" do and where is it deployed? How are you propagating the identity back to the "ADF Application" ? Are you trying to configure SSO on your local development environment or?
          Blank page could simply mean e.g. that the application contains a secured TF that the user has no access to.
          In order to debug what the ADF application does for security you can set the following properties:
          <li>[url http://docs.oracle.com/cd/E17904_01/core.1111/e10043/aptrouble.htm#CHDBIBGI]jps.auth.debug
          <li>[url http://docs.oracle.com/cd/E17904_01/core.1111/e10043/aptrouble.htm#CHDEHIGG]jps.auth.debug.verbose

          Jani Rautiainen
          Fusion Applications Developer Relations
          • 2. Re: Not able to render the jsf page after redirecting from a servlet
            The External application is an AT&T Authorised server, where i will give my ATT credentials. For this "https://... " , URL, I am tring to append my local "Welcome.jspx file" , which contains just a text box and a button.

            After hitting the main ATT page, (yea its like SSO), the page is going to the local jspx, but showing empty one..!
            • 3. Re: Not able to render the jsf page after redirecting from a servlet
              Jani Rautiainen-Oracle
              I am still unclear of what you are trying to achieve, please provide detailed flow of the application and what is the expected behavior on each step.
              I.e. how is the identity established by the ATT expected to be propagated to your ADF application? The ADF application presumably works on top of OPSS so you would need to have some sort of identity assertion / propagation. I guess you could implement a [url http://docs.oracle.com/cd/E12839_01/core.1111/e10043/devauthn.htm]custom login module, however generally you would want to avoid that..
              Jani Rautiainen
              Fusion Applications Developer Relations
              • 4. Re: Not able to render the jsf page after redirecting from a servlet
                Hi Sir,

                Coming to my problem.. here is my code for ATT global login.
                You will come to know what iam doing here by this code. Please correct me if i am doing wrong anywhere.

                Used servlet filter. First it should take us to the url "https://www.e-access.att.com/empsvcs/hrpinmgt/pagLogin/" and after authentication, it should lead to the local url "http://att.com:7101/TestCSP-ViewController-context-root/faces/Welcome.jspx".

                The authentication is happening and after that, a blank Welcome.jspx is coming up.

                package filters;

                import esGateKeeper.esGateKeeper;

                import java.io.IOException;

                import java.net.InetAddress;
                import java.net.URLDecoder;
                import java.net.UnknownHostException;

                import java.util.Locale;

                import javax.faces.context.FacesContext;

                import javax.servlet.Filter;
                import javax.servlet.FilterChain;
                import javax.servlet.FilterConfig;
                import javax.servlet.ServletException;
                import javax.servlet.ServletRequest;
                import javax.servlet.ServletResponse;
                import javax.servlet.http.Cookie;
                import javax.servlet.http.HttpServletRequest;
                import javax.servlet.http.HttpServletResponse;
                import javax.servlet.http.HttpSession;

                import oracle.adf.share.ADFContext;

                import oracle.adf.share.ADFContextManager;
                import oracle.adf.view.rich.context.AdfFacesContext;

                import org.springframework.web.servlet.DispatcherServlet;

                public class LoginFilter implements Filter {
                private FilterConfig _filterConfig = null;

                private static final String PARAM_RET_URL = "retURL";
                private static final String PARAM_SYS_NAME = "sysname";
                private static final String COOKIE_NAME = "attESSec";
                private static final String HR_COOKIE_NAME = "attESHr";
                private static final String SYS_NAME = "CSP";
                private static final String LOGIN_DOMAIN_SUFFIX = ".mt.att.com";
                private static final String LOGIN_VALIDATION_ENV = "PROD";
                String attuid=null;
                int count=1;

                public void init(FilterConfig filterConfig) throws ServletException {
                _filterConfig = filterConfig;

                public void destroy() {
                _filterConfig = null;

                * @param req
                * @param resp
                * @param chain
                * @throws IOException
                * @throws ServletException

                public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
                HttpServletRequest request = (HttpServletRequest) req;
                HttpServletResponse response = (HttpServletResponse) resp;
                //HttpSession session = request.getSession();
                FacesContext context = FacesContext.getCurrentInstance();

                System.out.println("inside do filter");
                String pageRequested = request.getRequestURI().toString();
                System.out.println("request.getRequestURI "+pageRequested);

                if( ! Utility.isNull(request.getParameter("key")).equalsIgnoreCase("")
                || request.getRequestURL().toString().contains("images")
                ){System.out.println("inside if condition of do filter");
                                    chain.doFilter(req, resp);

                //Fetch OLD session first
                HttpSession session = request.getSession(false);

                //If No Session. Creating a new session and redirect to login.
                if(session == null){
                session = request.getSession(true);
                Locale browserLocale = FacesContext.getCurrentInstance().getExternalContext().getRequestLocale();
                System.out.println("Test locale::"+browserLocale);

                System.out.println("inside else condition of do filter");
                //After login in the session should be old session with new cookie.

                //If OLD Session, Now check if secure cookie is valid.

                String secCookie = getCookie(request, COOKIE_NAME);
                String decryptedSecCookie = null;

                if (secCookie != null) {
                System.out.println("encrypted cookie "+secCookie);
                System.out.println("decryption "+esGateKeeper.esGateKeeper(secCookie, "CSP", "PROD"));
                System.out.println("inside decrypting cookie");

                decryptedSecCookie = esGateKeeper.esGateKeeper(secCookie, SYS_NAME, LOGIN_VALIDATION_ENV);
                System.out.println("decrypted cookie "+decryptedSecCookie.isEmpty());

                catch(Exception e ){

                if (decryptedSecCookie == null || decryptedSecCookie.equals(" ")) {
                //Create a new session and redirect user to global login page.
                session = request.getSession(true);
                //req.getRequestDispatcher(getUrl(request)).forward(request, response);

                } else { //valid decrypted cookie and old session.

                // Check for userLogin in Session
                if(session.getAttribute("user") == null || ((LoginUserInfo)session.getAttribute("user")).getAttuid() == null){
                LoginUserInfo userLogin = getUserInfo(request, decryptedSecCookie);
                attuid = userLogin.getAttuid();
                request.getSession().setAttribute("attuid", attuid);
                //System.out.println("ADF Session in decryptedSecCookie not null fn:::"+ ADFContext.getCurrent().getSessionScope().get("attid"));
                session.setAttribute("user", userLogin);
                System.out.println("attuid in decryptedSecCookie not null fn "+attuid);
                System.out.println("username "+session.getAttribute("user"));
                //req.getRequestDispatcher(getUrl(request)).forward(request, response);
                chain.doFilter(req, resp);
                System.out.println("after do filter");
                private String getUrl(HttpServletRequest req)throws UnknownHostException {

                req.getSession().setAttribute("attuid", attuid);
                //System.out.println("ADF Session:::"+ ADFContext.getCurrent().getSessionScope().get("attid"));
                System.out.println("ATTID from the session::"+req.getSession().getAttribute("attuid"));

                return "https://www.e-access.att.com/empsvcs/hrpinmgt/pagLogin/"
                + "?"+ PARAM_RET_URL +"=http://att.com:7101/TestCSP-ViewController-context-root/faces/Welcome.jspx";


                private String getProtocol(HttpServletRequest req) {
                String protocol = req.getProtocol();
                if (protocol.startsWith("HTTP/"))
                protocol = "http://";
                if (protocol.startsWith("HTTPS/"))
                protocol = "https://";
                return protocol;

                private String getServer(HttpServletRequest req) throws UnknownHostException {
                String server = InetAddress.getLocalHost().getCanonicalHostName();
                if (!server.matches("[^\\.]+(\\.[^\\.]+)+")) {
                server = req.getServerName();
                return server;

                * Get the cookies for the given request
                public String getCookie(HttpServletRequest req, String cookieName) {
                String cookie = null;
                Cookie[] cookies = req.getCookies();
                for (int i=0; cookies != null && i < cookies.length; i++){
                Cookie c = cookies;
                if (c.getName().trim().equals(cookieName)) {
                cookie = c.getValue();
                return cookie;

                * Use the secure cookie attESSecCookie to get the Logged in UserId(SBCID) and the HRID.
                * Use the nonsecurecookie attHrCookie to get the userinformation like
                * Name,email,Telephone Number...
                private LoginUserInfo getUserInfo(HttpServletRequest req, String attESSecDecrypted) {
                String name="";
                String firstName="";
                String lastName="";
                String altUserId="";
                String userId="";
                String email="";
                String phone="";

                String attHrCookie = getCookie(req, HR_COOKIE_NAME);
                String hrCookie = null;
                if (attHrCookie != null) {
                hrCookie = URLDecoder.decode(attHrCookie);

                String [] secCookieFields = attESSecDecrypted.split("\\|", -1);
                String [] hrCookieFields = hrCookie.split("\\|", -1);
                altUserId = secCookieFields[0];
                userId = secCookieFields[5];
                if (hrCookie != null) {
                name = hrCookieFields[0] + " " + hrCookieFields[1];
                firstName = hrCookieFields[0];
                lastName = hrCookieFields[1];
                email = hrCookieFields[2];
                phone = hrCookieFields[3];
                return new LoginUserInfo(userId, name, firstName,lastName, altUserId, email, phone);

                • 5. Re: Not able to render the jsf page after redirecting from a servlet
                  Jani Rautiainen-Oracle
                  Sorry, but in order to comment on technical implementation I need to understand your use case and I am still unclear what you are trying to achieve. Based on the posts you have an ADF application and a servlet filter redirecting to authentication using ATT authentication, however it is unclear how you intend to use the "ATT identity". Are you trying to use the [url http://docs.oracle.com/cd/E14571_01/web.1111/b31974/adding_security.htm]ADF security or is the ADF page unsecured ? If secured how do you expect the "ATT identity" to be reflected on the page ?
                  Jani Rautiainen
                  Fusion Applications Developer Relations
                  • 6. Re: Not able to render the jsf page after redirecting from a servlet
                    Hi Sir,

                    Sorry for my unclear explanation. I got the solution. Actually, i was trying to hit two different URLs at a time and expecting the data stored in a session of one application, to be carry forward to another. There i was wrong..!

                    Thanks for trying to solve my issue. It was a internal redirect issue..!