Deployment of ADF Application With Security into WLS (Doc ID 1146494.1)

Last updated on AUGUST 01, 2017

Applies to:

Oracle JDeveloper - Version 11.1.1.0.0 and later
Information in this document applies to any platform.
***Checked for relevance on 08-Jul-2014***

Symptoms

In a web application built with basic authentication, some roles and users have been defined using JDeveloper security tool.
In the WebLogic server, equivalent roles are defined to match the application roles defined in JDeveloper.
Application is compiled and deployed into this server with no problems.
If deployment is done directly using JDeveloper, the following message appears in WLS console screen:

<Warning> <Security> <BEA-090668> <Ignored deployment of role "valid-users" for resource "type=<url>, application=myApp, contextPath=/myApp, uri=/"


When the application is executed, user credentials are requested. After that, a forbidden access error is issued:

"ERROR 403--Forbidden"


The URL displayed points to an ADF servlet: /adfAuthentication, and operation is stopped.

Nevertheless, if the URL is manually modified in the browser after authentication, replacing it with what is configured in the application (web.xml file, <welcome-page-list> tag), the execution continues normally.

In the web.xml file a <security-constraint> tag gets created that references a "valid-users" role, associated to resource "adfAuthentication". It seems like the server does not include the user in the valid-users role. If the tag is removed, an error gets produced in the deployment:

<Error> <HTTP> <BEA-101168> <The security-role-assignement references an invalid security-role: valid-users.>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms