I created a very simple ADF 220.127.116.11 application (just a single EO, VO, and AM). I created the service definition using JHeadstart 18.104.22.168.
I configured ADF Security with ADF Authentication and Authorisation, Form-based authentication (generating the defualt forms), no automatic grants, and no redirect.
Configured security in JHeadstart. In the application definition, set Authentication Type and Authorisation Type to ADF/JAAS. Unchecked Secure All Pages and Authorise Using Group Permissions. The Administrator Role and User Role defaulted to ADMIN and USER respectively. In the service definition, for the only group, set Authorised Roles/Permissions to ADMIN. Generated using the JAG and saved all changes.
Checked ADF Security and noticed that the login (/faces/security/pages/Login.jspx) and error (/loginErrorServlet) pages had been changed by JHS as had the redirect - to /faces/Home. When trying to leave the authentication type page a dialog states "Error URL does not exist. Continue?", which I did. When leaving the authenticated welcome page a dialog states "URL does not exist. Continue?" at which point I cancelled out and left the settings as specified.
In jazn-data.xml the two seeded users (AHUNOLD and SKING) had been created as had the application roles ADMIN and USER, with grants for SKING and AHUNOLD respectively.
I had to grant the View action to the ADMIN role for the groups task flow (I thought perhaps setting Authorised Roles/Permissions to ADMIN that the JAG might have done this?). The four other JHS task flows had no resource grants. Saved, rebuilt everything, and ran against the Integrated Weblogic Server. When prompted, set the Run Configuration to the Home view activity.
When I click on the Service tab I receive the error java.lang.NullPointerException, ADF_FACES-60097:For more information, please see the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #1. The log shows <ImmutableGroupNode> <getRefNode> GroupNode TRSService refers to no valid node. The tab remains blank.
I can log in successfully as SKING (using the Login link) but when I click on the Service tab I receive the error ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@1bb4831' 'VIEW'. ADF_FACES-60097:For more information, please see the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #2. The log shows oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@1bb4831' 'VIEW'. The tab is blank.
If I log off and log in successfully as AHUNOLD when I click on the Service tab I receive the error java.lang.NullPointerException. ADF_FACES-60097:For more information, please see the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #3.
All works as expected before securing the application, i.e. the page fragment appears on the tab, I can query, add, and delete records.
I searched the forum and found a similar issue (an outstanding bug) but I'm not using JHS tables for security or menus. I'm not really sure what I could be doing that is any simpler so I'm surprised to see any issues. I've read the chapters on security in the ADF 11g Fusion Developer's Guide and the JHS 11.1.1 Developer's Guide and I think I'm following the instructions correctly. Any idea why I'm receiving the groupnode and authorisation errors?
Thanks for the testcase.
The error <ImmutableGroupNode> <getRefNode> GroupNode refers to no valid node is thrown when you click on TRSService while not logged on.
This is because the XML Menu model tries to find an item in the menu that is accessible. Because the only item in the menu is not accessible, the NPE is thrown.
So, as long as you are not logged on, you should hide the TRSService menu option.
Once you are logged on, you get the authentication failure exception because you have missing resource grants on UIShell page and jhs-fragment-taskflow-template. I you grant access to ADMIN role for these two resources it works fine.
I granted the View privilege on the UIShell page and jhs-fragment-taskflow-template to the ADMIN role as you suggested. I no longer see the errors. Perhaps this part needs to be included in the JHS developer's guide.
For the service I set the Authorized Roles/Permissions to ADMIN. The tab does not appear until I log in as an ADMIN user. So everything is now working as anticipated.
Thanks for all your help,