7 Replies Latest reply on Jul 14, 2014 8:16 AM by Jani Rautiainen-Oracle

    Redirection is not happening in ADF Secured  application on Oracle Cloud

    KTM

      Hi All,

      We are trying to Deploy secured ADF application to Oracle Cloud.

      I have made the my login.html as default page by adding in welcome-file-list as shown below.

      <login-config>

          <auth-method>FORM</auth-method>

          <form-login-config>

            <!--form-login-page>/faces/com/kbace/hrc/pages/LoginPage.jspx</form-login-page-->

            <form-login-page>/login.html</form-login-page>

            <form-error-page>/error.html</form-error-page>

          </form-login-config>

        </login-config>

        <welcome-file-list>

          <welcome-file>/login.html</welcome-file>

        </welcome-file-list>

       

      and my index.html is as follows.

       

      <html>

        <head>

          <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></meta>

          <meta http-equiv="refresh" content="0;url=/faces/HomePage.jspx">

          <title>index</title>

        </head>

        <body></body>

      </html>

       

      I have a created a test user and assigned required role to the test user  in Cloud identiy console.   The test user is able to login successfully but after authentication redirection to the HomePage is not happening.

      so could any suggest where am doing mistake? I run the application locally and tested with integrated weblogic server the application is working as expected.

      I  am thinking there is no problem with authentication since if i specify wrong credentials, the application taking to error.html as expected.

      I am not getting how to redirect to HomePage after authentication. can some one help me on this?

       

      Thanks

      Kotresh

        • 1. Re: Redirection is not happening in ADF Secured  application on Oracle Cloud
          Jani Rautiainen-Oracle

          Not quite sure what your use case here is, is the goal to automatically redirect the user to your "HomePage.jspx" when they enter a url with the "web context root" (without the path to the page) ? If so the welcome page does work for me, at least with the default authentication. You should not need a index file, instead try changing your configuration in web.xml to:

            <welcome-file-list>

              <welcome-file>faces/HomePage.jspx</welcome-file>

            </welcome-file-list>

           

          --

          Jani Rautiainen

          Fusion Applications Developer Relations

          https://blogs.oracle.com/fadevrel/

          • 2. Re: Redirection is not happening in ADF Secured  application on Oracle Cloud
            KTM

            Hi,

            I need to achieve authorization since My ADF application uses role-based security and my HomePage.jspx is secured by 'AdminEnt' role.

            so user who has AdminEnt role can able to see the HomePage.jspx. But Problem i am facing here is after authentication, the authorized page is not opening.

            This is what i have done.

            I have updated my jazn-data.xml by prefixing my enterprise role with Oracle Cloud IdentityDomainName like as shown below

             

            <app-role>

                                    <name>AdminApp</name>

                                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>

                                    <members>

                                        <member>

                                            <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>

                                            <name>trial56313.AdminEnt</name>

                                        </member>

                                    </members>

                                </app-role>

             

            and I have created AdminEnt role in Oracle Cloud service identity console and assigned the role to user. when i launch the application, my login.html page will open since i mentioned it in under welcome-file-list  in web.xml as expected, but i believe at this moment, only authentication is happening not authorization hence it not redirecting me to my HomePage although the user has AdminEnt role. but if i specify wrong credentials then it shows message "Invalid username and Password" . From the below document

            Securing Applications in Java Cloud Service (Release 13.2)

            i found that no need prefix role with oracle cloud identity domain. But i tried both ways but no luck. could you please point me where i am doing mistake here in order to authorize a resource.

             

             

            Thanks

            Kotresh

            • 3. Re: Redirection is not happening in ADF Secured  application on Oracle Cloud
              Jani Rautiainen-Oracle

              Does you page have a "Page Definition"? If not try creating it; right click your jspx and choose "Go to Page Definition".

              --

              Jani Rautiainen

              Fusion Applications Developer Relations

              https://blogs.oracle.com/fadevrel/

              • 4. Re: Redirection is not happening in ADF Secured  application on Oracle Cloud
                KTM

                Yes I do have Page Definition.

                 

                Thanks

                Kotresh

                • 5. Re: Redirection is not happening in ADF Secured  application on Oracle Cloud
                  Jani Rautiainen-Oracle

                  I am not sure what is wrong in your configuration, I did a quick test and security seems to work fine for me. Steps taken:

                  • In JCS identity console
                    • create users test1 and test2
                    • create roles test1Role and test2Role
                  • Create "Fusion Web Application"
                  • Create simple jspx page with nothing but a output label on it, navigate to the page definition for the page to create the PageDef file
                  • Generate security configuration by navigating "Application->Secure->Configure ADF Security"
                    • ADF security: choose "ADF Authentication and Authorization"
                    • Authentication Type: "HTTPS Client Authentication (Public Key Certificate)" this will rely on the JCS authentication mechanism
                    • Automatic Policy Grants: "No Automatic Grants"
                    • Authenticated Welcome: accept defaults
                  • Navigate to the web.xml
                    • remove the existing constraint and add a new constaint with "/*" pattern
                    • Add a "welcome file" to automatically navigate to the page when the web context root is accessed
                  • Navigate to the jazn-data.xml
                    • Create application role "test1Role"
                    • Create user "test1" and assign the "test1Role" to it
                    • Grant the page resource to the "test1Role" application role
                  • Deploy to JCS

                  With this configuration the page can be accessed with user "test1" but when trying to access with "test2" get:

                  Error 401--Unauthorized

                   

                  So seems its working fine. Not sure what the issue with your configuration is. For reference the key parts in my web.xml contains:

                    <welcome-file-list>

                      <welcome-file>faces/SecurityTest.jspx</welcome-file>

                    </welcome-file-list>

                    <security-constraint>

                      <web-resource-collection>

                        <web-resource-name>TestConstraint</web-resource-name>

                        <url-pattern>/*</url-pattern>

                      </web-resource-collection>

                    </security-constraint>

                    <login-config>

                      <auth-method>CLIENT-CERT</auth-method>

                    </login-config>

                  and in jazn-data.xml:

                    <jazn-realm default="jazn.com">

                      <realm>

                        <name>jazn.com</name>

                        <users>

                          <user>

                            <name>test1</name>

                            <display-name>test1</display-name>

                            <credentials>{903}CBA09WxYMg7guOpQEGHoMOVyjeKUh7Vu0e4I0Qs6elY=</credentials>

                          </user>

                        </users>

                      </realm>

                    </jazn-realm>

                    <policy-store>

                      <applications>

                        <application>

                          <name>SecurityTest2</name>

                          <app-roles>

                            <app-role>

                              <name>test1Role</name>

                              <class>oracle.security.jps.service.policystore.ApplicationRole</class>

                              <display-name>test1Role</display-name>

                              <description>test1Role</description>

                              <members>

                                <member>

                                  <name>test1</name>

                                  <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>

                                </member>

                              </members>

                            </app-role>

                          </app-roles>

                          <jazn-policy>

                            <grant>

                              <grantee>

                                <principals>

                                  <principal>

                                    <name>test1Role</name>

                                    <class>oracle.security.jps.service.policystore.ApplicationRole</class>

                                  </principal>

                                </principals>

                              </grantee>

                              <permissions>

                                <permission>

                                  <class>oracle.adf.share.security.authorization.RegionPermission</class>

                                  <name>view.pageDefs.SecurityTestPageDef</name>

                                  <actions>view</actions>

                                </permission>

                              </permissions>

                            </grant>

                          </jazn-policy>

                        </application>

                      </applications>

                    </policy-store>

                  --

                  Jani Rautiainen

                  Fusion Applications Developer Relations

                  https://blogs.oracle.com/fadevrel/

                  • 6. Re: Redirection is not happening in ADF Secured  application on Oracle Cloud
                    oladslw

                    It seems JCS does not really support FORM based authentication. As per Jani Rautiainen's solution which leverages on the single signon feature of JCS as opposed to custom login FORMs.

                     

                    not quite impressed with JCS so far!

                    • 7. Re: Redirection is not happening in ADF Secured  application on Oracle Cloud
                      Jani Rautiainen-Oracle

                      Please start a new thread instead of opening old ones to keep the threads concise and clean.

                      JCS does support FORM based authentication, refer to documentation:

                       

                      I created simple test and confirmed that simple FORM based authentication does work. The only difference to the steps described in the blog post were on the "Enable security for the application" where instead of "Authentication Type: HTTPS Client Authentication (Public Key Certificate)" I chose "Form-Based authentication" and opted to generate the login / error pages by choosing the "Generate Default Pages". With these the configuration in web.xml is

                        <login-config>

                          <auth-method>FORM</auth-method>

                          <form-login-config>

                            <form-login-page>/login.html</form-login-page>

                            <form-error-page>/error.html</form-error-page>

                          </form-login-config>

                        </login-config>

                       

                      and when accessing the application I get prompted for FORM based login. So the FORM based login does work and the login / error pages can be configured. The exception that you see is related to restrictions on the APIs that can be used, see Unsupported Features and APIs (Release 13.2) where "Unsupported WebLogic Server Capability" list contains:

                       

                      Unsupported WebLogic Server CapabilityDescription/Rationale

                      weblogic.security.*

                      All security is handled at the Oracle Cloud identity management level. No custom security provider or model is supported. However authenticated user's principles can be read.

                       

                      --

                      Jani Rautiainen

                      Fusion Applications Developer Relations

                      https://blogs.oracle.com/fadevrel/