1 2 Previous Next 17 Replies Latest reply: Mar 14, 2013 10:00 AM by Jan Vervecken RSS

    login after logout not possible using af:commandButton

    Jan Vervecken
      hi

      Please consider the scenario (sc1) shown in the screencast at http://screencast.com/t/J2np670hVZ5E
      using the example application created using JDeveloper 11.1.1.4.0
      at http://www.consideringred.com/files/oracle/2011/LoginAfterLogoutIssueApp-v0.01.zip

      It uses an af:commandButton to navigate to a protected page.
      The first time this behaves as expected, asking the user to login.
      The second time, after logout, there is no navigation, no login page, but the index page is shown again.
      Also note, that a direct link (af:goLink) to protectedPage.jspx does behave as expected, asking the user to login.

      The unbounded task-flow has this control-flow-case configured ...
      <adfc-config xmlns="http://xmlns.oracle.com/adf/controller" version="1.2">
        <view id="index">
          <page>/index.jspx</page>
        </view>
        <view id="protectedPage">
          <page>/protectedPage.jspx</page>
        </view>
        <control-flow-rule id="__1">
          <from-activity-id id="__2">index</from-activity-id>
          <control-flow-case id="__3">
            <from-outcome id="__5">goProtectedPage</from-outcome>
            <to-activity-id id="__4">protectedPage</to-activity-id>
          </control-flow-case>
        </control-flow-rule>
      <!-- ... -->
      </adfc-config>
      ... and the index page has this link and button ...
      <af:goLink text="af:goLink /faces/protectedPage.jspx" id="gl1"
                 destination="/faces/protectedPage.jspx"/>
      <af:commandButton text="af:commandButton do goProtectedPage" id="cb1"
                        action="goProtectedPage"/>
      question:
      - (q1) Why is login after logout, using af:commandButton, not possible in scenario (sc1)?

      many thanks
      Jan Vervecken
        • 1. Re: login after logout not possible using af:commandButton
          Duncan Mills-Oracle
          Jan - can you send me the sample App?
          • 2. Re: login after logout not possible using af:commandButton
            Jan Vervecken
            Thanks for your reply Duncan.
            Jan - can you send me the sample App?
            Just now, I have sent you an e-mail with the example application "LoginAfterLogoutIssueApp-v0.01.zip" attached.
            This should also be downloadable (see also my initial post)
            from http://www.consideringred.com/files/oracle/2011/LoginAfterLogoutIssueApp-v0.01.zip

            regards
            Jan
            • 3. Re: login after logout not possible using af:commandButton
              Jan Vervecken
              fyi

              The example application has been modified
              at http://www.consideringred.com/files/oracle/2011/LoginAfterLogoutIssueApp-v0.02.zip
              now using adflibMyADFSecurityDeclComp-v0.01.jar, see also forum thread "declarative components to review ADF Security "
              at declarative components to review ADF Security

              Currently (q1) still remains, as shown in scenario (sc2), which is similar to (sc1),
              in the screencast at http://screencast.com/t/Dp2FNZWMILO

              regards
              Jan
              • 4. Re: login after logout not possible using af:commandButton
                Jan Vervecken
                fyi

                In the context of service request 3-3844944721 bug 12733808, "LOGIN AFTER LOGOUT NOT POSSIBLE USING AF:COMMANDBUTTON", has been created for this.

                Note that in the "Diagnostic Analysis " in the published bug some text lines are missing, also because
                "Unfortunately, any line including the keyword "login" is automatically hidden by My Oracle Support, for security reasons.".

                regards
                Jan
                • 5. Re: login after logout not possible using af:commandButton
                  Jan Vervecken
                  fyi

                  Bug 12733808 now has "Status 32 - Not a Bug. To Filer".
                  In service request 3-3844944721 I got this feedback (based on feedback in bug 12733808 ):
                  ---SNIP---
                  The reason it's failing is this:
                  on logout, the authentication filter does a redirect to the specified end_url: end_url=/faces/index.jspx then, when you click on the button, the navigation handler is unable to find a control flow rule from 'index.jspx' to anything. So it just stays on the same page. Obviously the goLink doesn't have that problem and works as you'd expect.

                  There's two ways to fix this
                  1) add a wildcard control flow rule to goProtectedPage. or better
                  2) don't redirect to index.jspx, put the end_url as /faces/index so we recognise it as an adfc activity.

                  When you run the app by right-clicking on the jspx,the url that is actually opened is without the jspx suffix - it's just the activity name http://whatever.com/myapp/faces/index

                  and that's why we find the navigation rule first time.

                  ---SNIP--
                  Indeed, redirecting to "/faces/index" instead of "/faces/index.jspx" seems to improve the behaviour,
                  see scenario (sc3) in the screencast at http://screencast.com/t/oRgtNbyVM
                  using the modified example application
                  at http://www.consideringred.com/files/oracle/2011/LoginAfterLogoutIssueApp-v0.03.zip

                  Please note that documentation section "30.7.3.2 Adding Login and Logout Links "
                  at http://download.oracle.com/docs/cd/E21764_01/web.1111/b31974/adding_security.htm#ADFFD2031
                  refers to example "Example 30-13 ADF Faces Components and EL Expressions to Render Login/Logout Link "
                  which suggests to redirect to "/faces/welcome.jspx".
                  Also note documentation section "30.7.4 How to Redirect a User After Authentication "
                  at http://download.oracle.com/docs/cd/E21764_01/web.1111/b31974/adding_security.htm#ADFFD19911
                  refers to example "xample 30-14 Explicit Login Link with success_url in a Web Page "
                  which suggests to redirect to "/faces/pagename.jspx".

                  - (q2) Is the documentation about login and logout links incorrect or incomplete, when suggesting to redirect to "JSPX page URLs" instead of "controller view URLs"?

                  regards
                  Jan Vervecken
                  • 6. Re: login after logout not possible using af:commandButton
                    John Stegeman
                    Hi Jan,

                    I agree that the documentation could probably be a bit more explicit in telling you to redirect to a task flow URL instead of a direct page URL, especially given that it's very common for people new to ADF (and indeed people not-so-new-to-ADF like me) to run their app via a page instead of the task flow and then wonder why it doesn't work :) However, that nugget of information is documented elsewhere in the documentation, and if it were repeated everywhere it makes sense, the documentation would probably double in size. I would suggest, however, that Oracle should at least update the example to use a task flow URL instead of a page URL, given that in most cases, that would be what a developer would/should be doing.

                    John
                    • 7. Re: login after logout not possible using af:commandButton
                      Jan Vervecken
                      Thanks for your reply John.
                      John Stegeman wrote:
                      ... especially given that it's very common for people new to ADF (and indeed people not-so-new-to-ADF like me) to run their app via a page instead of the task flow and then wonder why it doesn't work :) ...
                      Although I know, it got me confused (and it also got Oracle support confused, as they did file a bug for this behaviour, which now turns out not to be a bug).
                      ... I would suggest, however, that Oracle should at least update the example to use a task flow URL instead of a page URL, given that in most cases, that would be what a developer would/should be doing.
                      Thank you for confirming that the relevant documentation could be improved.

                      regards
                      Jan
                      • 8. Re: login after logout not possible using af:commandButton
                        Jan Vervecken
                        hi

                        The feedback in SR 3-3844944721 (via bug 12733808 ) says
                        ... the navigation handler is unable to find a control flow rule from 'index.jspx' to anything ...
                        The behaviour shown in scenario (sc2) in the screencast
                        at http://screencast.com/t/Dp2FNZWMILO
                        does not show any messages about a "navigation handler" issue.

                        What should I have done (configuration or logging related) to be able to determine myself that there is a "navigation handler" issue?

                        - (q3) How does the framework notify the user/developer of such "navigation handler" issue as in scenario (sc2)?

                        Currently questions (q2) and (q3) remain.

                        regards
                        Jan
                        • 9. Re: login after logout not possible using af:commandButton
                          John Stegeman
                          Hi Jan,
                          What should I have done (configuration or logging related) to be able to determine myself that there is a "navigation handler" issue?
                          This got me interested :)

                          I configured the logging level for the "oracle" logger to finest for the integrated server (finest was probably too high of a level, but I wanted to ensure I got everything) - do this by view->application server navigator, right-click the integrated server and choose "configure logging (not exact name, but you'll see it)"

                          Then, in the log, among lots of other detrius, I found:
                          <NavigationHandlerImpl> <handleNavigation> ADFc: Navigation handler entered, [action, outcome] = [foo, foo]
                          
                          <ControlFlowEngine> <performControlFlow> ADFc: Performing control flow routing [outcome, fromAction, startingActivity] = [foo,foo,untitled1.jsf]
                          
                          <ControlFlowEngine> <getNextActivityId> ADFc: Control flow rule and case is not found, [fromActivity, action, outcome] = ['untitled1.jsf', 'foo', 'foo'].
                          
                          <ControlFlowEngine> <performControlFlow> ADFc: Control flow routing complete, result =false
                          This was in a case where I had a "foo" control flow case, but I ran the .jsf (I was using facelets, so same case applies to .jspx) instead of the task flow.

                          John
                          • 10. Re: login after logout not possible using af:commandButton
                            Jan Vervecken
                            Thanks for your reply John.
                            John Stegeman wrote:
                            I configured the logging level for the "oracle" logger to finest for the integrated server ...
                            Such "brute force logging" can give some information once you know what you are looking for.
                            But for a scenario like (sc2) that does not even give a hint about what is going wrong, all that logging will also provide lots of useless information.

                            The configuration "<logger name='oracle' level='FINEST'/>" for scenario (sc2) allows me to find "Control flow rule and case is not found" (when explicitly searching for it).
                            <NavigationHandlerImpl> <handleNavigation> ADFc: Navigation handler entered, [action, outcome] = [goProtectedPage, goProtectedPage]
                            <ControlFlowEngine> <performControlFlow> ADFc: Performing control flow routing [outcome, fromAction, startingActivity] = [goProtectedPage,goProtectedPage,index.jspx]
                            <ControlFlowEngine> <getNextActivityId> ADFc: Control flow rule and case is not found, [fromActivity, action, outcome] = ['index.jspx', 'goProtectedPage', 'goProtectedPage'].
                            <ControlFlowEngine> <performControlFlow> ADFc: Control flow routing complete, result =false
                            <NavigationHandlerImpl> <handleNavigation> ADFc: Navigation hanlder complete, navigationHandled=false
                            Although this logging answers my question (q3), it does not answer my "what should I have done " question.

                            - (q4) Can the framework (be configured to) be more explicit about "navigation handler" issues as in scenario (sc2), maybe notifying the user/developer with some kind of (log) message?
                            - (q5) Which is the most specific logger configuration to get the "Control flow rule and case is not found" messages (without lots of other "log messages clutter")?

                            regards
                            Jan
                            • 11. Re: login after logout not possible using af:commandButton
                              John Stegeman
                              Jan,

                              I don't know of any way to notify the user other than possibly writing your own navigation handler (perhaps by decorating Oracle's).

                              As far as I know, the most specific logging configuration would be to set the oracle.adfinternal.controller.application.NavigationHandlerImpl logger.

                              John
                              • 12. Re: login after logout not possible using af:commandButton
                                Jan Vervecken
                                Thanks for your reply John.
                                John Stegeman wrote:
                                ... possibly writing your own navigation handler (perhaps by decorating Oracle's).
                                Maybe rather drastic for when one might have "a hunch" that some behaviour might be a "navigation handler" issue.
                                To me it seems fair to expect the framework to be somewhat more explicit about "navigation handler" issues, hence question (q4).
                                As far as I know, the most specific logging configuration would be to set the oracle.adfinternal.controller.application.NavigationHandlerImpl logger.
                                Configuring "<logger name='oracle.adfinternal.controller.application.NavigationHandlerImpl' level='FINEST'/>" seems to allow to see "navigationHandled=false" messages
                                <NavigationHandlerImpl> <handleNavigation> ADFc: Navigation hanlder complete, navigationHandled=false
                                Configuring "<logger name='oracle.adfinternal.controller.engine.ControlFlowEngine' level='FINEST'/>" seems to allow to see "Control flow rule and case is not found " messages
                                <ControlFlowEngine> <getNextActivityId> ADFc: Control flow rule and case is not found, [fromActivity, action, outcome] = ['index.jspx', 'goProtectedPage', 'goProtectedPage'].
                                This anwers question (q5).

                                So, questions (q2) and (q4) remain.

                                regards
                                Jan
                                • 13. Re: login after logout not possible using af:commandButton
                                  John Stegeman
                                  Hi Jan,

                                  For (q4) - I had a look at the ControlFlowEngine and its supporting classes - there isn't anything in there that would do anything with respect to notifying the user.

                                  John
                                  • 14. Re: login after logout not possible using af:commandButton
                                    Jan Vervecken
                                    Thanks for your reply John.
                                    John Stegeman wrote:
                                    For (q4) - I had a look at the ControlFlowEngine and its supporting classes - there isn't anything in there that would do anything with respect to notifying the user.
                                    Thanks for looking. I had some trouble using "adf_111150_6013_source.zip" today which made me think that classes NavigationHandlerImpl and ControlFlowEngine were not part of this source bundle (but it has now been resolved, don't know how/why). Reviewing method getNextActivityId() in ControlFlowEngine.java indeed suggests only a "LOG.fine()" statement for when "No control flow rule was found.".

                                    regards
                                    Jan
                                    1 2 Previous Next