My Oracle Support Banner

Deployment of ADF Application With Security into WLS (Doc ID 1146494.1)

Last updated on NOVEMBER 02, 2017

Applies to:

Oracle JDeveloper - Version and later
Information in this document applies to any platform.
***Checked for relevance on 08-Jul-2014***


In a web application built with basic authentication, some roles and users have been defined using JDeveloper security tool.
In the WebLogic server, equivalent roles are defined to match the application roles defined in JDeveloper.
Application is compiled and deployed into this server with no problems.
If deployment is done directly using JDeveloper, the following message appears in WLS console screen:

<Warning> <Security> <BEA-090668> <Ignored deployment of role "valid-users" for resource "type=<url>, application=myApp, contextPath=/myApp, uri=/"

When the application is executed, user credentials are requested. After that, a forbidden access error is issued:

"ERROR 403--Forbidden"

The URL displayed points to an ADF servlet: /adfAuthentication, and operation is stopped.

Nevertheless, if the URL is manually modified in the browser after authentication, replacing it with what is configured in the application (web.xml file, <welcome-page-list> tag), the execution continues normally.

In the web.xml file a <security-constraint> tag gets created that references a "valid-users" role, associated to resource "adfAuthentication". It seems like the server does not include the user in the valid-users role. If the tag is removed, an error gets produced in the deployment:

<Error> <HTTP> <BEA-101168> <The security-role-assignement references an invalid security-role: valid-users.>


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.