3 Replies Latest reply: May 27, 2012 11:29 PM by Chris Muir-Oracle RSS

    GOTCHA's with Setting up ADF Security with JDev 11.1.1.6.0

    809249
      If you're getting into ADF security, you're probably going to want to get rid of that ugly default login.html page. I mean, it gets the job done, but we want something a little better. And if you want something a little better and you're using JDev 11.1.1.6.0, it behooves you to read this post!

      First off, get acquainted with these four posts. All good stuff. They'll walk you through the 1st half of what you need to know. Y'know, the non-Gotcha half.

      http://one-size-doesnt-fit-all.blogspot.com/2010/07/adf-security-revisited-again-again.html
      http://myadfnotebook.blogspot.com/2011/11/adf-security-basics.html
      http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html
      http://java2go.blogspot.com/2010/12/creating-centered-page-layout-using-adf.html

      Are you getting either of the following errors?
      <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
      oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
      Error 500--Internal Server Error
      
      java.lang.RuntimeException: Cannot find FacesContext
      I'll show you where they're coming from. Follow along.

      1) Create a new application.
      2) Create three .jspx pages called login, error, and welcome.
      3) Generate PageDef files for them by right-clicking on the file and selecting "Go To PageDefinition". You'll want these so that you may apply security against them.
      4) Right-Click on your Application and select Secure->Configure ADF Security
      5) ADF Authentication and Authorization -> Form Based Authentication (Use the search symbol to select your created login and error pages. Should be something like "/faces/login.jspx") -> No Automatic Grants -> Finish

      Right-Click your welcome.jspx and select run. You'll get this error before your web page opens up in your browser and then proceeds to wig out.
      <CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: {0}.
      oracle.security.jps.JpsException: java.lang.IllegalArgumentException: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
      That just won't do. Let's fix it, shall we?

      6) Open your newly JDev created jazn-data.xml file. It's located in the Application Resources panel (usually located by Data Controls and your Projects expandable panels)
      7) Resource Grants -> Resource Type (Web Page dropdown) -> error page should have a key symbol by it. Delete the anonymous role in the "Granted To" column. Now click the green button to add an Application Role. Huh, there's TWO of them? How bout that? Looks like we're going to have to delete some XML code!
      8) Click the Source tab on the bottom of the page to open up the XML View. You'll see the following piece of erroneous code. Erroneous, I say!
        <policy-store>
          <applications>
            <application>
              <name>SecurityError</name>
              <app-roles>
                // Hello, I'm the app role that has sucked away two hours of your life that you can never, ever get back
                <app-role>
                  <name>anonymous-role</name>
                  <class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
                  <display-name>anonymous-role</display-name>
                </app-role>
               // Whew, the end of that app role
              </app-roles>
              <jazn-policy>
                <grant>
      9) You're going to want to delete that app role XML
      10) Go back into your jazn-data.xml file and create some users. For example, bob and jane. Create an Enterprise role called "admin". Put bob and jane as members into this Enterprise role. Create an Application role called managers. Map managers to your Enterprise role admin.
      11) Go back to the Resource Grants tab -> Resource Type (Web Page) and delete any "Granted To" authorizations that may assigned to any of the pages. Assigned a "Granted To" application role of "anonymous-role" to the error and login pages. Assign "managers" to welcome.
      12) Run your welcome page. Yay, the error is gone. How sweet it is.

      Now you want to refactor/move your login and error page somewhere else? Great, just right-click and select factor. Refactor to some place like /public_html/jspx/<your login page>.jspx. Re-run your welcome page.
      // You fool!
      Error 404--Not Found
      
      From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
      
      10.4.5 404 Not Found
      That's not so good. Let's fix that.

      1) Open up web.xml. It's located at ViewController/WEB-INF/web.xml.
      2) Click the security tab and you'll see Form-Based Authentication with a login page and error page. Click that Search glass and locate your new file. Do the same for the error page. You should see something like "/jspx/login.jspx" come back.
      3) Re-run your welcome page.
      // Suckered AGAIN!
      Error 500--Internal Server Error
      
      java.lang.RuntimeException: Cannot find FacesContext
      This is a tricky one. The search icon brings back a faulty address. Since we're using a .jspx page, it needs to be "/faces/jspx/login.jspx". Repeat for the error page. Re-run your welcome.jspx.

      Ahh!! Now THAT's how we do it in Kingsport!

      Finally, a custom .jspx login works. Now what are you doing here? Shouldn't you be playing some Diablo 3?

      Will