0 Replies Latest reply on Oct 4, 2018 10:55 AM by Gytis

    Error 401--Unauthorized

    Gytis

      Hi,

       

      I've got Weblogic 10.3.6 running on OL 6.9 and EE 12.2 database. There is a ADF application being developed for some years and everything works fine. Thing is users for the application were defined locally with the password in the database so I decided to introduce Active Directory. Everything seems to be fine as our new AD users are able to login to the database or Weblogic console, but when we try to login to the application we get this:

       

      Error 401--Unauthorized

      From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

      10.4.2 401 Unauthorized

      The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.

       

      Now the AdminServer log shows this:

       

      ####<Oct 4, 2018 12:30:35 PM EEST> <Error> <dk.tia.application.adf.security.controller.jsf.bean.PageErrorHandler> <tiavn.tiaad.local> <adf-tia> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <TIA321> <> <512296334743a9b6:420204e:16639127d87:-8000-00000000000007dd> <1538645435827> <BEA-000000> <oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'dk.tia.application.adf.uicommons.view.pageDefs.TIACommons_UIShellPageDef' 'VIEW'.>

      ####<Oct 4, 2018 12:30:35 PM EEST> <Error> <oracle.adfinternal.controller.application.AdfcExceptionHandler> <tiavn.tiaad.local> <adf-tia> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <TIA321> <> <512296334743a9b6:420204e:16639127d87:-8000-00000000000007dd> <1538645435829> <ADFC-50016> <ADFc: While handling an exception the application's exception handler threw a new exception.

       

      "ADFC-0619: Authorization check failed" brings me to "Unable To Access ADF Application (Doc ID 2434155.1)" that says that error is caused due to missing permission in system-jazn-data.xml file. But when I check for 'dk.tia.application.adf.uicommons.view.pageDefs.TIACommons_UIShellPageDef' in system-jazn-data.xml I see that permission is in place:

       

      <permission>

           <class>oracle.adf.share.security.authorization.RegionPermission</class>

           <name>dk.tia.*</name>

           <actions>view</actions>

      </permission>

       

      So does anyone have any other ideas for this?