I'm working with JDev 184.108.40.206 and installed correctly the ADF-ebs integration with fndext.jar. I've implemented a new responsibility in eBS, assigned a UMX role to it in eBS. Create the enterprise role in my ADF application provided grants to my jspx page. This all is working.
I've 2 questions:
1) If I start my responsibility my jspx page on an external weblogic 10.3.5 server starts BUT it still asks for credentials. If I enter my eBS user credentials the application opens. How can I get rid of the need to enter a password. I enabled ADF security with http authentication. I think I've to create a small langing page before my actual application which checks the user session with eBS. Is that correct? Than I can remove the http authentication from my actual application jspx. Can someone confirm this?
2) How can I access the icx session information like user_id, resp_id etc from my ADF application. Tried by using the AppsRequestWrapper, Session and CookieStatus classes from the fndext.jar but was not able to make it work correctly. Any code examples for this?
We're just getting started on the doc for using session management with ADF specifically (as opposed to straight Java EE). Stay tuned to the ADF blog at blogs.oracle.com/jruiz.
Meanwhile, are you using JAAS (ADF native security, enterprise roles, etc.) or session management (EBiz object, etc.)? Generally you use one or the other (you need AppsDataSource with either).
If you are trying to do anything that requires the ICX session cookie, use session management. With session management, EBS then takes over the authentication part, and you don't do it in your pages directly. You'll need to override the beforePhase and afterPhase lifecycle methods on your page to use the SDK APIs to establish a joint session with EBS.
Thanks for your reply. Currently I did the enterprise role part AND try to use the session cookie because I need info from eBS like which org_id etc to render the ADF application correctly with the required data. Also, a user must be able to start the application only when logged in in E-Business Suite R12.1.3 and when using special org assigned responsibility (by using global security profiles in eBS).
Currenly I defined a new responsibility for each org, and assigned a special UMX| role to it through eBS User Management - and defined the same UMX role in ADF and provided pagedef grants to that role - that works and users can use their username from eBS for staring the app.
I did look at the Java EE example as described in the document which comes with the fndext jar ebs patch where a kind of landing page principle is used to transfer the user to the actual adf application when the icx session cookie is active (and derive the properties like username etc from it) or redirect to the eBS login page of the current agent when the cookie is invalid. That principle I need to use also for my final release.
Can you already share something with me regarding the use of session management and using the defined API's and classes in the SDK? I already built the complete ADF application but need to take care on the security part right now. So please share any concept post you already have about using the SDK. I wonder by the way as Oracle is delivering this SDK with the possibilities of using Session management that more real life code examples are there? I need them ;-)
Thanks Sara! You can also email me at email@example.com if you want to send me your examples. Already had some contact with Juan through Twitter :-) Building a nice ADF application on top of Project Resource Management! I like ADF and the functionality.
Keep in mind that you need to adapt the code shown on the MyOracle Support note for Java EE session management to ADF. The basic work you need to do in order to share the session information between ADF and E-Business suite is creating your own PhaseListener. Use this sample to get started: http://www.baigzeeshan.com/2011/05/how-to-run-java-code-on-every-page-load.html
The methods tha tyou need to override are beforePhase and afterPhase for establishing the session. In those methods you would use the EBiz object.
Keep in mind the following aspects about the described implementation:
- It doesn't use ADF Security: meaning that all security is handle on the E-Business side. So, in order to use you ADF application you need to invoke the jspx page from EBS.
- Mixing ADF Security with session management is what we are testing at the moment so for now, both approaches are separate one from another. However, both use the AppsDataSource underneath.
Sara and I are preparing for OOW and it might take us longer at this point to provide you with the sample code but we could continue following up through this thread so other people working on the same topic can benefit from the conversation.
Thanlks for the info. Yes I know adf security is not needed when using session management. So what I did now is to use indeed the beforephase listener in my jspx. Written a security class for that which is called in the phaselisteners. I finalized the class and testing it currently. It seems to work ;-)
Yes, created the function in ebs to call the adf page, and set the profile for the context root of the external wls server.
I'm checking in my class if the user is granted access by using the correct responsibility with still the umx role attached. (No need anymore to set this umx role in the adf application). Furthermore I'm building my page up based on another active resp of the user in ebs and settings from the global security profile in Human Resources and project org authority in Projects.
Oh and yes I use the AppsDataSource in wls defined with the fnd user with the apps schema connect role - connection is made succesfully.
You shouldn't need the JAAS part. If you are using the session management APIs, that will take care of the login as well (you create a function for your page, put it on the EBS menu, and launch it from the EBS home page).
A couple of teams in EBS have started using it. It's going to take a while (several weeks) to sort out and document what they did (once we have a chance to really work on it), so please be patient.
Managed to get steps further into this however I run into a problem.
Whenever I check wether I'm authenticated to eBS in my phaselistener my call to Session session = wrappedRequest.getAppsSession(true); is retrieving the guest user session. It is not picking up the session (id) after a succesfull login in eBS.
When validating the icx cookie it returns a cookie status of GUEST_VALID. Therefore it redirects me everytime to the login page of eBS because I'm checking on a VALID cookie status for a normal fnd_user.
I see it's returning the guest session id if I look in my ICX_SESSIONS table while it should take the session from the FND_USER which is also there I see. Anyone having an idea what's causing the behaviour? I expect it this caused by the getAppsSession call where I pass the boolean true (as described in the documentation) which creates a guest session if no ICX cookie can be found already. But I'm logged in in eBS and a VALID FND User should be retrieved when calling getAppsSession - after some further debugging I thought it was caused maybe by the dbc file used to create the datasource. But after testing I'm able to connect with the database using the FND_USER with apps schema connect role in the datasource AND using a dbc file with an appl server id which was creates while registering the external wls server in eBS. I'm using the same appl id while creating the eBIZ(Util) objects....
Will debug further but if anyone has some clue than let me be the first to know.
Can you share the code that you are using? where are you creating the session at? is at the phase listener? is it at Application Module level? Are you using the EBiz API?
As mentioned before, we are working together with the E-Business Suite team on putting together documentation and hopefully sample code that can cover the implementation. It is not trivial nor impossible, but it does require knowledge on ADF life cycle, writing things at the application module level and understanding of the APIs that are provided by the SDK for Java - and time to seat down and write how to do it I ask you to be patience as we are preparing for Oracle Open World and this consumes most of our time this time of the year.
In the meantime let us continue feeding this thread with the steps that you are following.
I wonder what should be at the appmodule level. See no reason for that. Furthermore i removed the ebs security realm withthe extauthentication provider (as this is applicable to jaas). So at the oment I only have the Appsdatasource (with the schema connect role user) and my app.
I se the profile for adf application context root and thefnction which calls the adf app. I'm using the adf function type. I'm currently fiddling around with a filter to initiate the appswrapper and the phaselistener. I feel i can remove the filter and do everything in a beforephase listener.
Session is created in the phaselistener ut as it is not finding an icx cookie it's creating a guest cookie...i think :-d
Did you make any progress on your side? Which parts are you using where? Appmodule, phaselistener and filter?
First of all thanks for your idea because I think i'm on the good way to implement the "session management" between EBS and ADF.
Today, i can retrieve successfully the ICX session cookie from EBS.
Steps to implement :
Create a listener with a beforephase as mentionned in one of the reply.
In this event, i add a popup windows to show the cookie (NULL if not connected, VALID if connected before to EBS)
I post the code of the beforephase event in this reply.
I have to finalize to redirect on EBS login page if cookie is not VALID and retrieve responsibility from the user. I will try to do this next week. I will be at OpenWorld this year so Juan if you want i can help you to create your tutorial and perhaps meet you in the conference.
It's great to see so many of you eager to implement ADF-EBS integration!
For those of you who will be at Oracle OpenWorld 2012 (in just a couple weeks!), Juan Camilo Ruiz and I are jointly doing a session on the Oracle E-Business Suite SDK for Java, along with Siva Puthurkattil from Lake County, Illinois:
CON3429 - Using Oracle ADF with Oracle E-Business Suite: The Full Integration View
Siva Puthurkattil, Lake County; Juan Camilo Ruiz, Sara Woodhull, Oracle
Thursday, Oct 4, 11:15 AM - 12:15 PM - Moscone West 3003
For those of you who will not be at Oracle OpenWorld, fear not--we are already planning to do it again as a webcast after OpenWorld, tentatively scheduled for Nov. 1, 2012. It will probably be slightly expanded from the OpenWorld version, since we can have more time on the webcast. Please watch the blogs for more information: The Oracle E-Business Suite Technology Stack Blog at blogs.oracle.com/stevenChan, as well as the ADF Adventures Blog at blogs.oracle.com/jruiz.
About sample code for use with ADF: I know it's frustrating, but please be patient. We will provide that as soon as we can manage, but it's going to be sometime AFTER OpenWorld. And no, the presentation itself will not have sample code--it won't show up on the conference room screens properly anyhow.
By the way, regarding putting code in the application module (*AMImpl.java): In EBS, we use BC4J (ADFbc) in all our OA Framework-based pages, and we have a standard that all business logic goes in the BC4J/ADFbc layer so it can be most easily reused and maintained. Also, when we want to call EBS PL/SQL APIs, we want to do it from that BC4J/ADFbc layer as well.
So, we put most of the session management-related code in the AMImpl, and we call it from the UI layer as needed. In this case, in the custom PagePhaseListener code we get the AM, and then we call the session management code to check if the session is valid, and so on.