Oracle ADF 11g Security – Custom ADF Login Form



Creating a Login Page

Oracle ADF Security allows for implicit and explicit authentication:

  • In an implicit authentication scenario, if a user who is not yet authenticated tries to access a web page associated with ADF security-aware resources that are not granted to anonymous-role, then authentication is triggered dynamically. After the user successfully logs in, another check will be done to verify whether the authenticated user has view access granted on the requested page’s ADF security-aware resource.
  • In an explicit authentication scenario, your application has a public page that displays a login link, which, when clicked, triggers an authentication challenge to log in the user. The login link may optionally specify some other target page that should be displayed (assuming the authenticated user has access) after the successful authentication.

The implicit authentication scenario is handled for you by default when you run the Configure ADF Security wizard, as described in Section 30.3.5, “What You May Need to Know About ADF Authentication.”

To handle the explicit authentication scenario you need to replace the allPages security constraint added to the web.xml file by the Configure ADF Security wizard and trigger an authentication challenge using the security constraint defined for the ADF authentication servlet.

To explicitly handle user authentication:

  1. Create a login link component and add it to the public home web page for your application.
  2. Create managed bean to handle the login attempts by the user.
  3. Create the login page using ADF Faces components.
  4. Configure the container-managed deployment descriptor (web.xml file) to use the ADF Faces login page.

One thought on “Oracle ADF 11g Security – Custom ADF Login Form

  • April 30, 2015 at 9:52 am
    Permalink

    Your code will break when deployed to a stand alone server check the stack trace below

    Servlet failed with Exception
    java.lang.IllegalStateException: Cannot forward a response that is already commi
    tted
    at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispat
    cherImpl.java:122)
    at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImp
    l.java:546)
    at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWr
    apper.java:93)
    at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWr
    apper.java:93)
    at oracle.adfinternal.view.faces.config.rich.RecordRequestAttributesDuri
    ngDispatch.dispatch(RecordRequestAttributesDuringDispatch.java:44)
    at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWr
    apper.java:93)
    at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWr
    apper.java:93)
    at javax.faces.context.ExternalContextWrapper.dispatch(ExternalContextWr
    apper.java:93)
    at org.apache.myfaces.trinidadinternal.context.FacesContextFactoryImpl$O
    verrideDispatch.dispatch(FacesContextFactoryImpl.java:167)
    at com.sun.faces.application.view.JspViewHandlingStrategy.executePageToB
    uildView(JspViewHandlingStrategy.java:363)
    at com.sun.faces.application.view.JspViewHandlingStrategy.buildView(JspV
    iewHandlingStrategy.java:154)
    at org.apache.myfaces.trinidadinternal.application.ViewDeclarationLangua
    geFactoryImpl$ChangeApplyingVDLWrapper.buildView(ViewDeclarationLanguageFactoryI
    mpl.java:341)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse
    (LifecycleImpl.java:990)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(L
    ifecycleImpl.java:342)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(Lifecycl
    eImpl.java:236)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:509)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
    (StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
    tyHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
    a:301)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
    va:56)
    at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.j
    ava:173)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
    va:56)
    at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter
    (RegistrationFilter.java:125)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterL
    istChain.doFilter(TrinidadFilterImpl.java:468)
    at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter
    .java:60)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterL
    istChain.doFilter(TrinidadFilterImpl.java:468)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilt
    erImpl(TrinidadFilterImpl.java:293)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilte
    r(TrinidadFilterImpl.java:199)
    at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFi
    lter.java:92)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
    va:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)

    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:31
    5)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUt
    il.java:442)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.jav
    a:103)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:1
    71)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
    va:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:13
    9)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
    va:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsF
    ilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
    va:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
    n.wrapRun(WebAppServletContext.java:3730)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
    n.run(WebAppServletContext.java:3696)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
    dSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
    120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
    ervletContext.java:2273)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
    ontext.java:2179)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
    ava:1490)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *