This discussion is archived
5 Replies Latest reply: Jan 30, 2013 12:50 PM by Sudipto Desmukh RSS

ADF security - login page

985680 Newbie
Currently Being Moderated
Hello ,
I am using JDeveloper 11.1.2.3.0 and I had implemented ADF security into my application. When I am trying to run login.jspx I got this error :

ava.lang.NullPointerException
     at javax.faces.webapp.UIComponentClassicTagBase.setJspId(UIComponentClassicTagBase.java:1858)
     at jsp_servlet.__login_jspx._jspx___tag0(__login_jspx.java:90)
     at jsp_servlet.__login_jspx._jspService(__login_jspx.java:65)
     at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
     at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:326)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
     at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
     at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
     at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
     at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)


please any help??
  • 1. Re: ADF security - login page
    Blueberry Coder Journeyer
    Currently Being Moderated
    Hi.

    First, ensure the base structure of your page follows this one.
    <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1" xmlns:f="http://java.sun.com/jsf/core"
              xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
        <jsp:directive.page contentType="text/html;charset=UTF-8"/>
        <f:view>
            <af:document title="untitled1.jspx" id="d1">
                <af:form id="f1">
                    <!-- your content here -->
                </af:form>
            </af:document>
        </f:view>
    </jsp:root>
    After that, you need to invoke your page this way (I suppose the application runs on your workstation):
    http://127.0.0.1/<context-name-for-your-app>/faces/login.jspx
    Since you are using the 11.1.2.x series, I would recommend you to use Facelets pages instead of JSP XML ones. You can make that choice in the <tt>New Page</tt> dialog.

    Best Regards,

    Frédéric.
  • 2. Re: ADF security - login page
    985680 Newbie
    Currently Being Moderated
    Hi Frederic ,

    First of All thank you for your reply ,
    the structure of my page , follow your recommended structure and I am invoking my page also in the way you recommended. So the problem is not either in the structure form nor in the invoke type.


    Any suggestions ?


    Regards,
  • 3. Re: ADF security - login page
    Blueberry Coder Journeyer
    Currently Being Moderated
    Do you have the following entries in your web.xml?
      <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
      </servlet>
      <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
      </servlet-mapping>
    Frédéric.
  • 4. Re: ADF security - login page
    985680 Newbie
    Currently Being Moderated
    Yes , and that is my web.xml

    <?xml version = '1.0' encoding = 'windows-1252'?>
    <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    version="2.5">
    <context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>client</param-value>
    </context-param>
    <context-param>
    <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
    <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
    <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
    <param-value>false</param-value>
    </context-param>
    <context-param>
    <description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
    <param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
    <param-value>differentOrigin</param-value>
    </context-param>
    <filter>
    <filter-name>JpsFilter</filter-name>
    <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
    <init-param>
    <param-name>enable.anonymous</param-name>
    <param-value>true</param-value>
    </init-param>
    <init-param>
    <param-name>remove.anonymous.role</param-name>
    <param-value>false</param-value>
    </init-param>
    </filter>
    <filter>
    <filter-name>trinidad</filter-name>
    <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
    </filter>
    <filter>
    <filter-name>adfBindings</filter-name>
    <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
    </filter>

    <filter-mapping>
    <filter-name>JpsFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>trinidad</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfBindings</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfBindings</filter-name>
    <servlet-name>adfAuthentication</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <listener>
    <listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>
    </listener>
    <listener>
    <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
    </listener>
    <listener>
    <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
    </listener>
    <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
    <servlet-name>resources</servlet-name>
    <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>MapProxyServlet</servlet-name>
    <servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>UploadServlet</servlet-name>
    <servlet-class>view.backing.UploadServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <init-param>
    <param-name>success_url</param-name>
    <param-value>/faces/home.jspx</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/adf/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/afr/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <url-pattern>/servlet/GraphServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <url-pattern>/servlet/GaugeServlet/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>MapProxyServlet</servlet-name>
    <url-pattern>/mapproxy/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/bi/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>UploadServlet</servlet-name>
    <url-pattern>/uploadservlet</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </servlet-mapping>
    <mime-mapping>
    <extension>swf</extension>
    <mime-type>application/x-shockwave-flash</mime-type>
    </mime-mapping>
    <mime-mapping>
    <extension>amf</extension>
    <mime-type>application/x-amf</mime-type>
    </mime-mapping>
    <jsp-config>
    <jsp-property-group>
    <url-pattern>*.jsff</url-pattern>
    <is-xml>true</is-xml>
    </jsp-property-group>
    </jsp-config>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>allPages</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>valid-users</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/login.jspx</form-login-page>
    <form-error-page>/error.jspx</form-error-page>
    </form-login-config>
    </login-config>
    <security-role>
    <role-name>valid-users</role-name>
    </security-role>
    </web-app>
  • 5. Re: ADF security - login page
    Sudipto Desmukh Expert
    Currently Being Moderated

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points