1 2 Previous Next 26 Replies Latest reply: Sep 16, 2013 5:52 AM by kainattu RSS

    Adf custom authentication

    979970

      Hi,

      I'm trying to do custom authentication in ADF. I have a custom login page and on click of login button the below code is fired which is in a managed-bean.

      The code is :

              FacesContext ctx = FacesContext.getCurrentInstance();

              if(_username.equals("admin") && _password.equals("admin")) {

                  HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();

      //            String forwardUrl = "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId(); //This line redirects to the login page  instead of the requested page

                  String forwardUrl = "/adfAuthentication?success_url=/faces/page.jspx";

                  System.out.println("forwardUrl >> " + forwardUrl);

                  HttpServletResponse response = (HttpServletResponse)ctx.getExternalContext().getResponse();

                  RequestDispatcher rd = request.getRequestDispatcher(forwardUrl);

                  try {

                      rd.forward(request, response);

                  } catch (Exception e) {

                      e.printStackTrace();

                  }

                  ctx.responseComplete();

       

      The problem is it's not redirecting after succesful login and it is not throwing any error either. I'm using Jdev 11.1.1.7.0. Any suggestion??

        • 1. Re: Adf custom authentication
          Timo Hahn

          What are you trying to archive?

          If you call this code as reaction of a button click, wouldn't it be easier to use a normal navigation rule which you add to your adfc-config.xml?

           

          Timo

          • 2. Re: Adf custom authentication
            abhi.p

            to redirect just do:

             

             FacesContext facesContext = FacesContext.getCurrentInstance();
             ExternalContext externalContext = facesContext.getExternalContext();
             externalContext.redirect(forwardUrl );
             
            • 3. Re: Adf custom authentication
              979970

              Hi Timo,

              The code will be fired on click of a button. I can not create navigation rule, because whenever an user requests a secure page, the login page will come and after succesful login only, user will be redirected to the requested page. So I can not hard-code the navigation.

              This line String forwardUrl = "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId(); should return the requested page but it is returning the login page. Can you give any idea how to achieve this?

              Thanks

              • 4. Re: Adf custom authentication
                979970

                I have enabled ADF Security(ADF Authentication) and made a custom login page. Login page is coming when i'm trying to access secure resources. Now I want to authenticate against a custom code and once authenticated, it'll redirect the user to the requested page. This is the requirement. Can anyone help?

                • 5. Re: Adf custom authentication
                  Frank Nimphius-Oracle

                  Hi,

                   

                  please use the code in this doucment:

                   

                   

                  Enabling ADF Security in a Fusion Web Application - 11g Release 2 (11.1.2.3.0)

                   

                   

                  Even if you are not on 11g R2, use this as the code you currently use is error prone (which is why we changed the documentation).

                   

                  "Login page is coming when i'm trying to access secure resources. Now I want to authenticate against a custom code and once authenticated,"


                  This is why you need to redirect. And because you redirect, the authentication servlet cannot take you to the page the users wanted to o. Use a PhaseListener and in the before restore view phase try and get the ID of the requested page. Save it for later when you need to redirect. Its a bit trial-and-error you will need to go here and I am not aware of a sample application to reference you to. However, just spend some time and once you get the target view id you can redirect to it

                   

                  Frank

                   

                  Btw.: How could ctx.getViewRoot().getViewId();  return the requested page when you are on the login page? Does this need explanation?

                  • 6. Re: Adf custom authentication
                    979970

                    Hi Frank,

                    ctx.getViewRoot().getViewId();  This returns the view id of the current page. Actually I was following this link : http://docs.oracle.com/cd/E28271_01/web.1111/e28164/adding_security.htm#BGBCEDDD

                    There I found that they're using the above line to redirect the user to the requested page after authentication. That's why I was not too sure.

                    Anyway I'm reading the link that you've sent. Thanks for your help and support.

                    • 7. Re: Adf custom authentication
                      979970

                      Frank another thing. I have enabled ADF Authentication using Application -> Secure -> Configure ADF Security.. and then selected ADF Authentication and then form-based authentication. Did i make any mistakes? Redirect is not working here. Is this the reason it's not working? ADF Authnetication servlet is redirecting to the login page when I'm trying to run this line-externalContext.redirect(forwardUrl). Shall I disable ADF Security? Then how can I get the behaviour that comes if we use ADF Security? I mean do I have implement J2EE container-managed authentication to achieve the behaviour? Please let me know

                      • 8. Re: Adf custom authentication
                        979970

                        I'm using only authentication, authorization is not implemented.

                        • 9. Re: Adf custom authentication
                          abhi.p

                          Please implement simple authorization like (authenticated vs anonymous) unless you provide rules to the container - it will not know what urls are protected. Also check https://forums.oracle.com/thread/2333554

                          • 10. Re: Adf custom authentication
                            979970

                            Actually authorization is not required in my case. Only authentication is required and that would be against a custom logic.

                            • 11. Re: Adf custom authentication
                              kainattu

                              Hi

                              Palanivel

                              • 12. Re: Adf custom authentication
                                979970

                                Hi,

                                I don't want implement role-based authentication and authorization. I have enable ADF Authentication and login and error page. But after login instead of displaying the welcome page it redirects again to the login page. I want to do simple authentication with ADF Authentication servlet. Is it possible? By simple authentication, I meant user will give login id and password and the credentials will be checked in a java code and upon success user will be redirected to the welcome page. In this scenario can I use ADF Authentication by anyway? I just want to take advantages provided by authentication servlet that comes with ADF...

                                • 13. Re: Adf custom authentication
                                  abhi.p

                                  As I understand you should have the following lines in your web.xml

                                   

                                   <login-config>
                                      <auth-method>FORM</auth-method>
                                      <form-login-config>
                                        <form-login-page>/login.html</form-login-page>
                                        <form-error-page>/error.html</form-error-page>
                                      </form-login-config>
                                    </login-config>
                                  

                                   

                                  and your login.hml should be like this

                                   

                                   <form method="POST" action="j_security_check">
                                        <table cellspacing="2" cellpadding="3">
                                          <tr>
                                            <th>Username:</th>
                                            <td>
                                              <input type="text" name="j_username"
                                                     />
                                            </td>
                                          </tr>
                                           
                                          <tr>
                                            <th>Password:</th>
                                            <td>
                                              <input type="password" name="j_password" value="Insight-2013"/>
                                            </td>
                                          </tr>
                                        </table>
                                        <p>
                                          <input type="submit" name="submit" value="Submit"/>
                                        </p>
                                      </form>
                                  

                                   

                                  When you do a POST it goes to j_security_check ( container based authentication ) when success it would redirect you to the home page (or default_selection), if you want it to redirect to some other page then create a PhaseListener and check in beforePhase if the user is authenticated and redirect him to your specified page instead of home page.

                                   

                                  Key is phase listener.

                                   

                                  Thanks,

                                  Abhi

                                  • 14. Re: Adf custom authentication
                                    979970

                                    I have made a custom login page and there, on click of submit button I'm pointing to a method in managed bean. Here's the code I've used:

                                    FacesContext ctx = FacesContext.getCurrentInstance(); 

                                            if(_username.equals("admin") && _password.equals("admin")) {

                                                HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();

                                    //            String forwardUrl = "/adfAuthentication?success_url=/faces" + ctx.getViewRoot().getViewId(); //This line redirects to the login page  instead of the requested page

                                                String forwardUrl = "/adfAuthentication?success_url=/faces/page.jspx";

                                               

                                    FacesContext facesContext = FacesContext.getCurrentInstance();  

                                    ExternalContext externalContext = facesContext.getExternalContext();  

                                    externalContext.redirect(forwardUrl );  

                                     

                                    But it's not redirecting to page.jspx instead the login page is coming again. Can you tell me the reason?

                                    1 2 Previous Next