5 Replies Latest reply: Jan 30, 2013 2:50 PM by Sudipto Desmukh RSS

    ADF security - login page

    985680
      Hello ,
      I am using JDeveloper 11.1.2.3.0 and I had implemented ADF security into my application. When I am trying to run login.jspx I got this error :

      ava.lang.NullPointerException
           at javax.faces.webapp.UIComponentClassicTagBase.setJspId(UIComponentClassicTagBase.java:1858)
           at jsp_servlet.__login_jspx._jspx___tag0(__login_jspx.java:90)
           at jsp_servlet.__login_jspx._jspService(__login_jspx.java:65)
           at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
           at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
           at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
           at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
           at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
           at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:326)
           at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
           at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
           at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
           at java.security.AccessController.doPrivileged(Native Method)
           at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
           at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
           at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
           at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
           at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
           at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
           at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
           at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
           at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
           at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
           at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
           at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
           at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
           at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
           at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
           at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
           at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)


      please any help??
        • 1. Re: ADF security - login page
          Blueberry Coder
          Hi.

          First, ensure the base structure of your page follows this one.
          <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1" xmlns:f="http://java.sun.com/jsf/core"
                    xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
              <jsp:directive.page contentType="text/html;charset=UTF-8"/>
              <f:view>
                  <af:document title="untitled1.jspx" id="d1">
                      <af:form id="f1">
                          <!-- your content here -->
                      </af:form>
                  </af:document>
              </f:view>
          </jsp:root>
          After that, you need to invoke your page this way (I suppose the application runs on your workstation):
          http://127.0.0.1/<context-name-for-your-app>/faces/login.jspx
          Since you are using the 11.1.2.x series, I would recommend you to use Facelets pages instead of JSP XML ones. You can make that choice in the <tt>New Page</tt> dialog.

          Best Regards,

          Frédéric.
          • 2. Re: ADF security - login page
            985680
            Hi Frederic ,

            First of All thank you for your reply ,
            the structure of my page , follow your recommended structure and I am invoking my page also in the way you recommended. So the problem is not either in the structure form nor in the invoke type.


            Any suggestions ?


            Regards,
            • 3. Re: ADF security - login page
              Blueberry Coder
              Do you have the following entries in your web.xml?
                <servlet>
                  <servlet-name>Faces Servlet</servlet-name>
                  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
                  <load-on-startup>1</load-on-startup>
                </servlet>
                <servlet-mapping>
                  <servlet-name>Faces Servlet</servlet-name>
                  <url-pattern>/faces/*</url-pattern>
                </servlet-mapping>
              Frédéric.
              • 4. Re: ADF security - login page
                985680
                Yes , and that is my web.xml

                <?xml version = '1.0' encoding = 'windows-1252'?>
                <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
                version="2.5">
                <context-param>
                <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
                <param-value>client</param-value>
                </context-param>
                <context-param>
                <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
                <param-value>false</param-value>
                </context-param>
                <context-param>
                <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
                <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
                <param-value>false</param-value>
                </context-param>
                <context-param>
                <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
                <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
                <param-value>false</param-value>
                </context-param>
                <context-param>
                <description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
                <param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
                <param-value>differentOrigin</param-value>
                </context-param>
                <filter>
                <filter-name>JpsFilter</filter-name>
                <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
                <init-param>
                <param-name>enable.anonymous</param-name>
                <param-value>true</param-value>
                </init-param>
                <init-param>
                <param-name>remove.anonymous.role</param-name>
                <param-value>false</param-value>
                </init-param>
                </filter>
                <filter>
                <filter-name>trinidad</filter-name>
                <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
                </filter>
                <filter>
                <filter-name>adfBindings</filter-name>
                <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
                </filter>

                <filter-mapping>
                <filter-name>JpsFilter</filter-name>
                <url-pattern>/*</url-pattern>
                <dispatcher>FORWARD</dispatcher>
                <dispatcher>REQUEST</dispatcher>
                <dispatcher>INCLUDE</dispatcher>
                </filter-mapping>
                <filter-mapping>
                <filter-name>trinidad</filter-name>
                <servlet-name>Faces Servlet</servlet-name>
                <dispatcher>FORWARD</dispatcher>
                <dispatcher>REQUEST</dispatcher>
                <dispatcher>ERROR</dispatcher>
                </filter-mapping>
                <filter-mapping>
                <filter-name>adfBindings</filter-name>
                <servlet-name>Faces Servlet</servlet-name>
                <dispatcher>FORWARD</dispatcher>
                <dispatcher>REQUEST</dispatcher>
                </filter-mapping>
                <filter-mapping>
                <filter-name>adfBindings</filter-name>
                <servlet-name>adfAuthentication</servlet-name>
                <dispatcher>FORWARD</dispatcher>
                <dispatcher>REQUEST</dispatcher>
                </filter-mapping>
                <listener>
                <listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>
                </listener>
                <listener>
                <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
                </listener>
                <listener>
                <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
                </listener>
                <servlet>
                <servlet-name>Faces Servlet</servlet-name>
                <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
                <load-on-startup>1</load-on-startup>
                </servlet>
                <servlet>
                <servlet-name>resources</servlet-name>
                <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
                </servlet>
                <servlet>
                <servlet-name>BIGRAPHSERVLET</servlet-name>
                <servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
                </servlet>
                <servlet>
                <servlet-name>BIGAUGESERVLET</servlet-name>
                <servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
                </servlet>
                <servlet>
                <servlet-name>MapProxyServlet</servlet-name>
                <servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
                </servlet>
                <servlet>
                <servlet-name>UploadServlet</servlet-name>
                <servlet-class>view.backing.UploadServlet</servlet-class>
                </servlet>
                <servlet>
                <servlet-name>adfAuthentication</servlet-name>
                <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
                <init-param>
                <param-name>success_url</param-name>
                <param-value>/faces/home.jspx</param-value>
                </init-param>
                <load-on-startup>1</load-on-startup>
                </servlet>
                <servlet-mapping>
                <servlet-name>Faces Servlet</servlet-name>
                <url-pattern>/faces/*</url-pattern>
                </servlet-mapping>
                <servlet-mapping>
                <servlet-name>resources</servlet-name>
                <url-pattern>/adf/*</url-pattern>
                </servlet-mapping>
                <servlet-mapping>
                <servlet-name>resources</servlet-name>
                <url-pattern>/afr/*</url-pattern>
                </servlet-mapping>
                <servlet-mapping>
                <servlet-name>BIGRAPHSERVLET</servlet-name>
                <url-pattern>/servlet/GraphServlet/*</url-pattern>
                </servlet-mapping>
                <servlet-mapping>
                <servlet-name>BIGAUGESERVLET</servlet-name>
                <url-pattern>/servlet/GaugeServlet/*</url-pattern>
                </servlet-mapping>
                <servlet-mapping>
                <servlet-name>MapProxyServlet</servlet-name>
                <url-pattern>/mapproxy/*</url-pattern>
                </servlet-mapping>
                <servlet-mapping>
                <servlet-name>resources</servlet-name>
                <url-pattern>/bi/*</url-pattern>
                </servlet-mapping>
                <servlet-mapping>
                <servlet-name>UploadServlet</servlet-name>
                <url-pattern>/uploadservlet</url-pattern>
                </servlet-mapping>
                <servlet-mapping>
                <servlet-name>adfAuthentication</servlet-name>
                <url-pattern>/adfAuthentication</url-pattern>
                </servlet-mapping>
                <mime-mapping>
                <extension>swf</extension>
                <mime-type>application/x-shockwave-flash</mime-type>
                </mime-mapping>
                <mime-mapping>
                <extension>amf</extension>
                <mime-type>application/x-amf</mime-type>
                </mime-mapping>
                <jsp-config>
                <jsp-property-group>
                <url-pattern>*.jsff</url-pattern>
                <is-xml>true</is-xml>
                </jsp-property-group>
                </jsp-config>
                <security-constraint>
                <web-resource-collection>
                <web-resource-name>allPages</web-resource-name>
                <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                <role-name>valid-users</role-name>
                </auth-constraint>
                </security-constraint>
                <login-config>
                <auth-method>FORM</auth-method>
                <form-login-config>
                <form-login-page>/login.jspx</form-login-page>
                <form-error-page>/error.jspx</form-error-page>
                </form-login-config>
                </login-config>
                <security-role>
                <role-name>valid-users</role-name>
                </security-role>
                </web-app>