Extending from weblogic security roles (groups) to jazn-"Data.xml" using SQLAuth...
Helloas the title suggests is that I want to do...
The problem I encounter is that I can't map my Weblogic roles at a level of demand - roles.
I do not see my weblogic on jazn-"Data.xml" roles and I can't create groups to the application level because
everything works as SQLAuthenticator on Weblogic...
I can get the role of user with EL as #{securityContext.userInRole ['ROLE']} but it cannot apply to jazn-"Data.xml".
Hope that if anyone can help...
Thank you
Renan.
PS: Jdev Studio Edition Version 11.1.1.1.0
JPA/EJB/ADF app
Published by: RenanMC on 12/09/2009 09:13
Hello
you create groups of jazn-"Data.xml" and then use the weblogic.xml file to map these business groups for groups returned by the SQLAuthenticator
Frank
Tags: Java
Similar Questions
-
When the redeployment, jazn-"Data.xml" crushes users the App provides on Weblogic
Hello world
I use
-JDeveloper 11.1.2.1.0
-Weblogic 10.3.5
I found that when I transferred a request, it seemed that whatever the roles that I have setup in the Console of Administration WebLogic for users who are not defined in the jazn of application data, gets crushed by the data from jazn-Application data
for example
I have an application with jazn-"Data.xml", defined as follows:
-Creation of 4 users
-Created the company 3 roles (role of customer, NormalRole, ReadOnlyRole)
-Assigned 4 users to roles of business as a result
-Given the workflow, Web Page and ADF entity as a result object
If I configure the 5th, 6th, 7th and so on users through the Console of Administration WebLogic and grant them a role (i.e. NormalRole). As soon as I redeploy the application, all users (except 4 which are defined in the jazn-data application) seem to lose the delivered business role that I gave earlier in the Console of Administration WebLogic.
It's not ideal because we always maintain user through the Console of Administration WebLogic (so we can add / remove / update user information at any time, rather than having to do it by changing jazn-Application data and do a redeployment). Is that what I was wrong? I tried excluding the jazn-"Data.xml" during deployment, but the application does not work. What should I do to prevent this?
Thanks for any information.
Kind regards
AndiYou are aware of the request-> Application-> deployment 'Deployment of Security Options' properties, particularly checkboxes to crush the security on the deployment objects?
CM.
-
ADFC-0619: failed the authorization check but system-jazn-"Data.xml" entry
Hello
I have an urgent problem with permission on production area.
I set the permission for my App. create custom pages so login and custom to redirect, the Spanish developer Login bean works fine, but on prodocution I got an exception:
WatchRule: (SEVERITY = "Error") AND ((MSGID = ' WL-101020') OR (MSGID = "WL-101017'") OR (MSGID = "WL-000802'") OR (MSGID = "BEA-101020'") OR (MSGID = "BEA-101017'") OR (MSGID = "BEA-000802'"))
[WatchData: DATE = July 7, 2014 11:05:33 AM EDT SERVER = AdminServer MESSAGE = [path of the module: app_name_test ServletContext@304698745[app:AppName: / app_name_test spec-version: 2.5]] Servlet failed with Exception
oracle.adf.controller.security.AuthorizationException: ADFC-0619: authorization check failed: 'viewcontroller.pageDefs.homePageDef', 'VIEW '.
at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:182)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:162)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:116)
at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:663)
at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:700)
at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:473)
at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:59)
to oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$ PagePhaseListenerWrapper.afterPhase (ADFLifecycleImpl.java:530)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
to oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$ PhaseInvokerImpl.dispatchAfterPagePhaseEvent (ADFPhaseListener.java:131)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:74)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:447)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:202)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:508)
to weblogic.servlet.internal.StubSecurityHelper$ ServletServiceAction.run (StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
JPS - config.Xml
<? XML version = "1.0" encoding = "UTF - 8"? >
" < jpsConfig xmlns =" http://xmlns.Oracle.com/OracleAS/schema/11/JPs-config-11_1.xsd "" xmlns: xsi = " http://www.w3.org/2001/XMLSchema-instance " xsi: schemaLocation = " http://xmlns.Oracle.com/OracleAS/Schema/11/JPS-config-11_1.xsd HSD-config - 11_1.xsd" >
< = name="oracle.security.jps.jaas.mode"/ 'doasprivileged' property value >
< serviceProviders >
"< class ="oracle.security.jps.internal.idstore.xml.XmlIdentityStoreProvider serviceProvider"name =" idstore.xml.provider "type ="IDENTITY_STORE">
< description > XML-based IdStore provider < / description >
< / serviceProvider >
"< class ="oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider serviceProvider"name =" policystore.xml.provider "type ="POLICY_STORE">
< description > XML-based PolicyStore provider < / description >
< / serviceProvider >
"< class ="oracle.security.jps.internal.anonymous.idm.IdmAnonymousServiceProvider serviceProvider"name =" anonymous.provider "type 'ANONYMOUS' = >
< description > anonymous access provider < / description >
< / serviceProvider >
"< class ="oracle.security.jps.internal.login.jaas.JaasLoginServiceProvider serviceProvider"name =" jaas.login.provider "type ="LOGIN">
< description > Service Provider for the connection Module < / description >
< / serviceProvider >
< / serviceProviders >
< serviceInstances >
< provider = "idstore.xml.provider serviceInstance" name ="idstore.xml" > "
"< value="./jazn-data.xml property "name ="location"/ >
< property value = 'OBFUSCATE' name="jps.xml.idstore.pwd.encoding"/ >
< value property = "jazn.com" name = "subscriber.name" / > "
< / serviceInstance >
< provider = "policystore.xml.provider serviceInstance" name ="policystore.xml" > "
"< value="./jazn-data.xml property "name ="location"/ >
< = 'false' name="oracle.security.jps.policy.principal.cache.key"/ property value >
< / serviceInstance >
< provider = "anonymous.provider serviceInstance" name = "anonymous" / > "
< provider = "jaas.login.provider serviceInstance" name ="anonymous.loginmodule" > "
< value = "oracle.security.jps.internal.jaas.module.anonymous.AnonymousLoginModule property" name = "loginModuleClassName" / > "
< property value = "REQUIRED" name="jaas.login.controlFlag"/ >
< property value = "true" name = "debug" / >
< property value = "true" name = "addAllRoles" / >
< / serviceInstance >
< provider = "jaas.login.provider serviceInstance" name ="idstore.loginmodule" > "
< value = "oracle.security.jps.internal.jaas.module.idstore.IdStoreLoginModule property" name = "loginModuleClassName" / > "
< property value = "REQUIRED" name="jaas.login.controlFlag"/ >
< property value = "true" name = "debug" / >
< property value = "true" name = "addAllRoles" / >
< = 'false' name="remove.anonymous.role"/ property value >
< / serviceInstance >
< / serviceInstances >
< jpsContexts default 'anonymous' = >
< name jpsContext 'anonymous' = >
< serviceInstanceRef ref = 'anonymous' / >
< serviceInstanceRef ref = "anonymous.loginmodule" / >
< / jpsContext >
< / jpsContexts >
< / jpsConfig >
Web.Xml
<? XML version = "1.0" encoding = "UTF - 8"? >
" < web - app xmlns =" http://Java.Sun.com/XML/NS/JavaEE "" xmlns: xsi = " " http://www.w3.org/2001/XMLSchema-instance "
" xsi: schemaLocation =" http://Java.Sun.com/XML/NS/JavaEE http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"" "" "
version "2.5" = >
< context-param >
javax.faces.STATE_SAVING_METHOD < param-name > < / param-name >
customer of < param-value > < / param-value >
< / context-param >
< context-param >
javax.faces.PARTIAL_STATE_SAVING < param-name > < / param-name >
< param-value > false < / param-value >
< / context-param >
< context-param >
< description > if this parameter is set to true, there will be an automatic check of the date of the change of your JSP pages and saved state will be scrapped when JSP change. It will also automatically check if your css skinning files have changed without requiring you to restart the server. This facilitates the development, but adds above. For this reason, this parameter must be set to false when your application is deployed. < / description >
org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION < param-name > < / param-name >
< param-value > false < / param-value >
< / context-param >
< context-param >
< description > if the comment "generated by...» "down in pages ADF Faces HTML should contain version number information. < / description >
oracle.adf.view.rich.versionString.HIDDEN < param-name > < / param-name >
< param-value > false < / param-value >
< / context-param >
< context-param >
Oracle.ADF.jsp.provider.0 < param-name > < / param-name >
oracle.mds.jsp.MDSJSPProviderHelper < param-value > < / param-value >
< / context-param >
< context-param >
< description > File Upload < / description >
org.apache.myfaces.trinidad.UPLOAD_MAX_DISK_SPACE < param-name > < / param-name >
< param-value > 10485760 < / param-value >
< / context-param >
< context-param >
< description > the safety precautions to prevent clickjacking: bust of executives if the area of window ancestor (Protocol, host and port) and the framework are different. Other options for this setting are always and never. < / description >
org.apache.myfaces.trinidad.security.FRAME_BUSTING < param-name > < / param-name >
differentOrigin < param-value > < / param-value >
< / context-param >
< context-param >
javax.faces.FACELETS_SKIP_XML_INSTRUCTIONS < param-name > < / param-name >
< param-value > true < / param-value >
< / context-param >
< context-param >
javax.faces.FACELETS_SKIP_COMMENTS < param-name > < / param-name >
< param-value > true < / param-value >
< / context-param >
< context-param >
javax.faces.FACELETS_DECORATORS < param-name > < / param-name >
oracle.adfinternal.view.faces.facelets.rich.AdfTagDecorator < param-value > < / param-value >
< / context-param >
< context-param >
javax.faces.FACELETS_RESOURCE_RESOLVER < param-name > < / param-name >
oracle.adfinternal.view.faces.facelets.rich.AdfFaceletsResourceResolver < param-value > < / param-value >
< / context-param >
< filter >
< filter-name > JpsFilter < / filter-name >
> class filter < oracle.security.jps.ee.http.JpsFilter < / class filter >
< init-param >
enable.anonymous < param-name > < / param-name >
< param-value > true < / param-value >
< / init-param >
< init-param >
Remove.anonymous.role < param-name > < / param-name >
< param-value > false < / param-value >
< / init-param >
< / filter >
< filter >
< name of filter > Trinidad < / filter-name >
> class filter < org.apache.myfaces.trinidad.webapp.TrinidadFilter < / class filter >
< / filter >
< filter >
< filter-name > adfBindings < / filter-name >
> class filter < oracle.adf.model.servlet.ADFBindingFilter < / class filter >
< / filter >
< filter >
< filter-name > ADFLibraryFilter < / filter-name >
> class filter < oracle.adf.library.webapp.LibraryFilter < / class filter >
< / filter >
< filter mapping >
< filter-name > JpsFilter < / filter-name >
< url-pattern > / * < / url-pattern >
< distributor > BEFORE < / dispatcher >
< distributor > APPLICATION < / dispatcher >
< distributor > INCLUDE < / dispatcher >
< / filter-mapping >
< filter mapping >
< name of filter > Trinidad < / filter-name >
< name servlet - > Faces Servlet < / servlet-name >
< distributor > BEFORE < / dispatcher >
< distributor > APPLICATION < / dispatcher >
< distributor > ERROR < / dispatcher >
< / filter-mapping >
< filter mapping >
< filter-name > adfBindings < / filter-name >
< name servlet - > Faces Servlet < / servlet-name >
< distributor > BEFORE < / dispatcher >
< distributor > APPLICATION < / dispatcher >
< / filter-mapping >
< filter mapping >
< filter-name > ADFLibraryFilter < / filter-name >
< url-pattern > / * < / url-pattern >
< distributor > BEFORE < / dispatcher >
< distributor > APPLICATION < / dispatcher >
< / filter-mapping >
< filter mapping >
< filter-name > adfBindings < / filter-name >
< name servlet - > adfAuthentication < / servlet-name >
< distributor > BEFORE < / dispatcher >
< distributor > APPLICATION < / dispatcher >
< / filter-mapping >
<>earpiece
oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack <-listener class > < / listener class >
< / earphone >
<>earpiece
oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack <-listener class > < / listener class >
< / earphone >
<>earpiece
Oracle.BC4J.MBean.BC4JConfigLifeCycleCallBack <-listener class > < / listener class >
< / earphone >
< servlet >
< name servlet - > Faces Servlet < / servlet-name >
> the servlet class < javax.faces.webapp.FacesServlet < / servlet-class >
< load-on-startup > 1 < / load-on-startup >
< / servlet >
< servlet >
resources < name of the servlet > - < / servlet-name >
> the servlet class < org.apache.myfaces.trinidad.webapp.ResourceServlet < / servlet-class >
< / servlet >
< servlet >
< name servlet - > BIGRAPHSERVLET < / servlet-name >
> the servlet class < oracle.adf.view.faces.bi.webapp.GraphServlet < / servlet-class >
< / servlet >
< servlet >
< name servlet - > BIGAUGESERVLET < / servlet-name >
> the servlet class < oracle.adf.view.faces.bi.webapp.GaugeServlet < / servlet-class >
< / servlet >
< servlet >
< name servlet - > MapProxyServlet < / servlet-name >
> the servlet class < oracle.adf.view.faces.bi.webapp.MapProxyServlet < / servlet-class >
< / servlet >
< servlet >
< name servlet - > GatewayServlet < / servlet-name >
> the servlet class < oracle.adfinternal.view.faces.bi.renderkit.graph.FlashBridgeServlet < / servlet-class >
< / servlet >
< servlet >
< name servlet - > adflibResources < / servlet-name >
> the servlet class < oracle.adf.library.webapp.ResourceServlet < / servlet-class >
< / servlet >
< servlet >
< name servlet - > adfAuthentication < / servlet-name >
> the servlet class < oracle.adf.share.security.authentication.AuthenticationServlet < / servlet-class >
< init-param >
success_url < param-name > < / param-name >
/faces/home.jspx < param-value > < / param-value >
< / init-param >
< load-on-startup > 1 < / load-on-startup >
< / servlet >
< servlet-mapping >
< name servlet - > Faces Servlet < / servlet-name >
< url-pattern > /visages / * < / url-pattern >
< / servlet-mapping >
< servlet-mapping >
resources < name of the servlet > - < / servlet-name >
< url-pattern > /adf / * < / url-pattern >
< / servlet-mapping >
< servlet-mapping >
resources < name of the servlet > - < / servlet-name >
< url-pattern > /afr / * < / url-pattern >
< / servlet-mapping >
< servlet-mapping >
< name servlet - > BIGRAPHSERVLET < / servlet-name >
< url-pattern >/servlet/GraphServlet / * < / url-pattern >
< / servlet-mapping >
< servlet-mapping >
< name servlet - > BIGAUGESERVLET < / servlet-name >
< url-pattern >/servlet/GaugeServlet / * < / url-pattern >
< / servlet-mapping >
< servlet-mapping >
< name servlet - > MapProxyServlet < / servlet-name >
< url-pattern > /mapproxy / * < / url-pattern >
< / servlet-mapping >
< servlet-mapping >
resources < name of the servlet > - < / servlet-name >
< url-pattern > /bi / * < / url-pattern >
< / servlet-mapping >
< servlet-mapping >
< name servlet - > GatewayServlet < / servlet-name >
< url-pattern > /flashbridge / * < / url-pattern >
< / servlet-mapping >
< servlet-mapping >
< name servlet - > adflibResources < / servlet-name >
< url-pattern > /adflib / * < / url-pattern >
< / servlet-mapping >
< servlet-mapping >
< name servlet - > adfAuthentication < / servlet-name >
<>url-pattern / adfAuthentication < / url-pattern >
< / servlet-mapping >
< mapping mime - >
SWF < extension > < / extension >
mime-type application/x-shockwave-flash <>< / mime-type >
< / mime map >
< mapping mime - >
AMF < extension > < / extension >
<>mime-type application/x-amf < / mime-type >
< / mime map >
< jsp-config >
< jsp-property-group >
*.jsff < url-pattern > < / url-pattern >
true < East - xml > < / xml is >
< / jsp-property-group >
< / jsp-config >
< security constraint >
< web-resource-collection >
< web-resource-name > adfAuthentication < / web-resource-name >
<>url-pattern / adfAuthentication < / url-pattern >
< / web-resource-collection >
<>auth-constraint
valid users - < role name > < / role name >
< / auth-constraint >
< / security constraint >
<>login-config
FORM < auth-method > < / auth-method >
< form-login-config >
/faces/login.jspx < form-login-page > < / form-login-page >
/faces/login.jspx < form-error-page > < / form-error-page >
< / form-login-config >
< / login-config >
<-security role >
valid users - < role name > < / role name >
< / security role >
< / web - app >
jazn-"Data.xml"
<? XML version = "1.0" encoding = "UTF - 8" standalone = 'Yes'? "" >
" < jazn-data xmlns: xsi =" http://www.w3.org/2001/XMLSchema-instance "
" xsi: noNamespaceSchemaLocation = ' http://xmlns.Oracle.com/OracleAS/schema/jazn-data.xsd "> "
< default = "jazn.com Kingdom-jazn" >
< domain >
< name > jazn.com < / name >
< / domain >
< / Kingdom-jazn >
< policy store >
applications <>
< application >
< name > AppName < / name >
< jazn > political
<>grant
< dealer >
< directors >
< principal >
< name > authenticated role < / name >
oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl < class > < / class >
< / main >
< / directors >
< / dealer >
<>permissions
< permission >
oracle.adf.share.security.authorization.RegionPermission < class > < / class >
< name > viewcontroller.pageDefs.homePageDef < / name >
Display < share > < / actions >
< / authorization >
< / authorization >
< / grant >
< / jazn-policy >
< / application >
< / applications >
< / policy-store >
< / jazn-data >
My fragment of connection method:
HttpServletRequest request = (HttpServletRequest) () .getRequest () ctx.getExternalContext; try {} Topic topic = Authentication.login (new URLCallbackHandler (UN, pw)); weblogic.servlet.security.ServletAuthentication.runAs (object, request); HttpServletResponse response = (HttpServletResponse) ctx.getExternalContext (m:System.NET.FtpWebRequest.GetResponse ()); sendForward (request, response, LOGIN_URL); } catch (FailedLoginException fle) {} LOG.severe (fle); String errorText = rsBundle.getString ("ERROR_LOGIN"); FacesMessage msg = new FacesMessage (FacesMessage.SEVERITY_ERROR, errorText, errorText); ctx.addMessage (null, msg); } I use Jdev 11.1.2.4
Any help why this configuration works on production envirement?
My system-jazn-"Data.xml" has entered correct...
Finally, I found... Administrator develop new envirement and they use java 1.8 (WTF). Have to kill them immediately after to write this post...
I found that the search to setDomainEnv.sh
Changed start at 1.6 and all works like magic... IM really surprised that start weblogic with java 8 and generate strange symtomps with authentication...
I thank all of you for the help
-
Merge two files of system-jazn-"Data.xml"
Hello
I have a system-jazn-"Data.xml" from Apps BI 7.9.6.4 sized * 1291 KB * (having financial, HR, EAM Analytics) Note: a new installation and no changes have been made in safety.
Now for EAM Analytics, there is a bug and all application roles are not present in the policy store and apply a patch Patch 16321623 which just States copy the new file system-jazn-"Data.xml" to the location of fmwconfig (see ) doc 1548988.1 )
Problem is that the size of the system-jazn-"Data.xml" is * 342 kb.*
Looks like both of these system-jazn-"Data.xml" should be merged. (don't know, maybe this 342KO file contains all application roles)
Need advice here... as for what I'd do here. ?
Thank you
AshishSee that there is no problem if you replace, just take the backup or rename the existing _old and copy a new. Even when I installed the OBIA on windows machine on top of some OBIEE dummy to generate the folders (biapps) of informatica, dac, RPD, catalogue files metadata then afterwards I got the file from the file 800ko and according to the guidelines of the oracle, I need to replace the one that is generated with OLIVIER on top on OBIEE which is only 320 kb file I simply replaced it na not thorw errors/problems until now. So I m confident enough to replace the file.
See this link http://docs.oracle.com/cd/E20490_01/bia.7963/e19038/windows_ic.htm#BABDCEGC paragraph 4.17 applying the security policy of the Oracle BI Applications to the BI domain
If your BI EE deployed with the Oracle's Applications of BI system is different from the BI EE system used to install some Applications of BI from Oracle, you must apply to the security policy of the domain of BI on BI EE system deployed by following the steps below.
If your BI EE deployed with the Oracle's Applications of BI system is the same as the BI EE system used to install some Applications of BI of Oracle, then the installer of Oracle's Applications of BI performs this configuration automatically.
To apply the security policy of the Oracle BI Applications to the BI domain:
Note: Machine is the machine system. B is the deployment machine.
Stop all processes in the system of BI EE. More precisely:
the Administration Server
+ (if there is a cluster) all managed servers in the cluster bi_cluster +.
all processes managed opmn
On computer B, save and rename the existing DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml.
For example, if the root folder of BI EE is named OracleBIEE11g, then the folder location of the field (on Windows) can be C:\OracleBIEE11g\user_projects\domains\bifoundation_domain\config\fmwconfig.
Copy the jazn file Applications of BI of Oracle machine machine B to DOMAIN_HOME/config/fmwconfig A ORACLE_HOME/biapps/admin/provisioning/system-jazn-data.xml.
Start all processes in the BI EE system for security of Oracle's Applications of BI policy take effect. More precisely:
the Administration Server
+ (if there is a cluster) all managed servers in the cluster bi_cluster +.
all processes managed opmn
It may be useful
-
Add a user in the system-jazn-"Data.xml" file
I have an ADf application (developed in JDeveloper 10.1.3.3).
It implements security using xml. (jazn.xml points to the system-jazn-"Data.xml")
In the system-jazn-"Data.xml", I have entries like -
-< user >
< name > DataBase_User_OfYmnJXIxCAH90iuGKMkBoZmd5Sfm44M < / name >
< guid > AA61EF7072F211DD8F62B3BA7CB157C2 < / guid >
< powers {903} OfYmnJXIxCAH90iuGKMkBoZmd5Sfm44M > < / qualifications >
< / user >
no idea what are these entries and why they are here.Hello
as it appears, it comes to forwarding password for a data source. In order to avoid the definitions of data source by clear text password, the defined data sources use an entry in the system-jazn-"Data.xml" where they are encrypted.
Frank
-
System-jazn-"Data.xml" not updated after deployment
Hi all
When I deploy my application of Portal WebCenter system jazn-"Data.xml" is not updated with the changing demand of jazn in my.
any idea?
It's ok now,
in fact, my jazn-"Data.xml" located in my WebCenter application was corrupt.
I generate a new and it wrks now.
Thank you
-
I installed Oracle database on Linux 6.6, Virtualbox 11.2.0.1.0.
I used ASM for database storage.
When I want to perform a backup in offline mode. I stop the database data files and copy to the filesystem as follows (for example).
ASMCMD [+] > cp +DATA/ora11g/datafile/system.270.883592533/u01/app/oracle
The files copied with success and also any other data files, logs and controlfiles files. Then, I also rename all the files in editing mode.
After that, I used the backup files to start the oracle of backup (storage non - ASM with new pfile edited)
Open successfully from a backup database.
But when I want to use old spfile to open the database for the storage of the DSO again, a few errors have occurred as no data files in ASM storage.
I check the contents of the ASM storage with ASMCMD commands. And realize that there only spfile and controlfile located ASM storage and other files: data files and online redo logfiles automatically deleted.
Why the data files and log files deleted ASM storage? Is this normal? I have no delete all files of the DSO.
It is actually deleted from the use of the cp command?
Exactly what we say. Data in ASM files are OMF (Oracle managed files). The RENAME translates the DSO by deleting the original file.
Hemant K Collette
-
Weblogic portal WebCenter group and application role mappings goes after each deployment
Hello
I use jdev 11.1.1.6.0 version.
I created the Group of weblogic server and assigned to users to that group.
and created the same role used in jazn-"Data.xml".
I traced RoleManager Taskflow using weblogic with the application role group
but after each deployment this mapping is removed and manually I have to create mapping once more.
For example.
I created user1, user2 in weblogic security realarm and assigns them to the 'employee' group
Jazn-"Data.xml" I created the role of 'employee' in the Application roles
and pages.xml this application role to ensure safety to the pages.
RoleManager Taskflow using
Employee weblogic group added to the employee of application role.
This mapping is removed after each deployment.
Help me...
You must disable the security properties of the Application deployment options > deployment... Follow the link and uncheck the boxes as required.
-
issue by creating roles according to the jazn-data
jdev 11.1.1.7
In my application, I create roles in the jazn data files. When I run the application, the roles defined in the jazn file are not automatically created in the integrated weblogic.
Considering that I have different applications in the same workspace, when I run it, the roles defined in their jazn is created in the weblogic. I can see a "deployment" tab, which is created in the jdev console and can see the continuation of console.
[09: 42:07] download jazn-data users.
[09: 42:07] update user 'john '.
[09: 42:07] update user 'susan '.
[09: 42:07] update user "steve".
[09: 42:07] roles jazn-data download.
[09: 42:07] remove the group existing 'Wendy '.
[09: 42:07] group was created for the role of "Wendy".
[09: 42:07] adding 'susan' to the group 'Wendy '.
So what's the problem with my app that I am not able to see the roles are created in weblogic?
Hi Fabrice,.
Go to Applications - > Secure-> configure secure deployment
Make sure that the following is checked.
Redeploy your application using JDeveloper.
-
migration of system-jazn problem-"Data.xml"
Hello! I use 10.3.5 WebLogic and JDeveloper 11.1.1.5.
We have created the "ADF_server" on stand-alone WebLogic managed server and now we are trying to secure deployment ADF application to it.
After deploying secure ADF application (secured by the safety of the ADF) AdminServer on stand-alone WebLogic, System-jazn-"Data.xml" is properly set up. It inserts the tag application with all users, roles of application and the company and its mappings. But when I deploy to managed 'ADF_server' no companies role configurations, application or user of the application are inserted into the system-jazn-"Data.xml".
Everybody recognizes the problem and especially the sollution? That has something to do with permissions? I also tried to give permissions of reading / writing to system-jazn-"Data.xml" at all, but it does not help.
Thanks for any helpful info.In a production environment allowing political security to be overwritten when deploying on a managed server is a security hole. That's why he behaves like that.
Use EM or migrateSecurityStore script to migrate policies.Read the guide to FM security.
http://download.Oracle.com/docs/CD/E17904_01/core.1111/e10043/devmancfg.htm#BCGDADGF
http://download.Oracle.com/docs/CD/E12839_01/core.1111/e10043/cfgauthr.htm#BGBDDDBE -
WebLogic security groups problem
Hello
Here's the thing. I am the security configuration of a portal application that I created on JDev. First, I created a group on Weblogic, namely "SecureGroup" (duh), as well as a few users to test, "user1" and "User2" and affected users as members of the "SecureGroup".
On JDev, I created a business role, "SecureGroup" and it is mapped to an application role, also newly created, called "SecureGroupAR". It is now time to assign resources.
I created a simple workflow with a view (*.jsff) just to display a text label. This taskflow was granted the application, "SecureGroupAR" role. When I ran the taskflow application of portal was not found. As I begin troubleshooting, I checked first to the Weblogic console by going to the home page >summary of the areas of security >myrealm >users and groups >user1 > and checked the group including user1 belongs to. strangely, there was no group assigned to this user!
Knowing that I saved my changes, and when the 'Activate changes' button in the upper left pane on the console of WL (view changes and restarts), I also clicked it to save any changes, if they have not already been registered. Problem is, the group shuttle keeps emptying on each others times I restart my app portal.
Can someone tell me what is happening?
Happy and grateful.
JDeveloper 11.1.1.7
WebLogic 10.3
Problem solved. In other words:
1. on your app, whether an ADF or a portal application, you create an application role and grant the necessary resources for this role (or roles, if you have several roles/groups)
2. this application role is mapped to a business role, which is in fact the group you created on WLS.
3. of JDev, you can choose to use policies, groups, users, etc., that you have created within JDev, or to use those already defined in WLS, simply by application--> the properties of the application-->, and then choose security options NOT TO migrate groups and users of JDEV, but instead, take those that are defined on a WLS.
I hope it helps someone as beginning in the ADF security!
See you soon,.
-
Security roles and workflow management groups
People,
There is a section on Workflow management groups and security roles in vCloud Request Manager Installation and Configuration Guide - Guide of Directors Chapter 5 and 6. I have difficulty working on the relationship between the two settings.
My first question is around the goal of the WM default checkbox that the specific guide is used to set the default user workflow management group.
What would a never used default WM? I mean, what would he ever substitute the other workflow management groups that you define.
In addition, in the guide, it say cloud Blueprint Admin and Asset Manager security role is a combination of the Admin of Blueprint of cloud and the Asset Manager. Is cloud Blueprint Admin & Asset Manager being the two groups of workflow management, reasonable to assume that a security role is composed of workflow management groups?
And when I select agent, I do not see a cloud Blueprint Admin and Asset Manager security role listed?
Finally, is there a way to determine the exact permissions that contains a workflow management group/security role?
Thank you
Cormac
The Group Management (WM) default workflow is largely an artifact of vSM based vRM.
VSM, a group of WM is a collection of agents used to apply security and route of tasks, among other responsibilities. (For the purpose of vRM, an agent can defined as users who have access to the vRM admin interface).
vRM mainly use WM groups as a way to deliver relevant communications to users based on their responsibilities for example vCD Admins, Asset Managers etc. vRM does not require other functions related to WM groups.
For functional reasons, vSM requires that each officer with access to the capabilities of WM belong at least a WM group. In addition, at least one of these groups must be designated the default WM for this officer group. These functional reasons are not immediately relevant to the specific use of vRM rest however case the constraint. Suffice to say for vRM, every WM user must have a WM group by default even if this information must never be used.
Roles and groups are separate entities. A role defines a set of privileges to access a particular functional area of the admin interface for example a role WM sets permissions to interact with the workflow. of the roles of management (CM) configuration sets permissions to review and modify records in the repository of vRM.
A special role of WM can be associated with one or more groups WM. When this WM role is assigned to a user, that user inherits groups associated with this role, WM allowing to simplify the administration of groups. An individual user can also have other WM assigned groups to them directly, complementary to those inherited from their role of WM.
At an abstract level, vRM defines three types of users of the admin interface:
1 vCD Admins
2. plan Admins
3. managers
However, the security of MSM model requires that each individual user must be implemented with several components. By default, vRM sets a "Asset Managers" WM Group of what assets all managers must belong. However, WM groups cannot be used to give access to the features as well, so a separate from the "Asset Managers" WM role is obliged to grant access to these features asset managers. By default, the role of "Asset Manager" WM is associated with the "Asset Managers" group such that any user who is assigned the role automatically belongs to the Group also. There is also a separate 'Asset Managers' CM role that gives asset managers they need to the repository vRM for example the possibility to add new licenses for software products.
This model of definitions is repeated for 3 personas above with a group and several roles defined for each. When an administrator assigns a user to one of these characters they should assign the groups and roles appropriate according to the documentation. They should not need to be concerned by the distinctions between each component.
The role of the "Plan Director Admin and Asset Manager" reflects that a user may need to be asset manager and a Director of Blueprint. Because a user can have a role to the maximum by functional area, vRM provides a compound that provides two sets of permissions. However, a user can belong to several groups WM, so it is never necessary to provide a composite group.
The role of composite is there; just maybe not where you expect to find. Blueprint Admins do not need to access WM, so there is not a 'Blueprint' Admin or a composite WM role. Blueprint Admins do need access to configuration management so it's an "Admin blueprint" and a role of CM composite.
The details of the user screen provides:
a summary of all groups to which a user belongs
provides a 'Détails' button to drill down on each role assigned to the user to inspect the permissions granted by this particular role
You must be a vCD Admin to see areas of the screen.
-
Deploying ADF application to a managed server in weblogic - security ADF error
Hello
Our group wrote an ADF web application, we are trying to deploy on a weblogic managed server. So far, we have succumbed. The application deploys successfully to the AdminServer. Our facility:
WebLogic version is 10.3.0. Domain name is adf_domain. We installed the ADF (ADF version is 11.1.1.0.0), JSTL (1.2.0.1), and the JSF (1.2.7.1) runtime libraries and they are addressing both the server administrator AND managed server called CollabServer. This server communicates with node Manager and you will be able to be started and the console of administration successfully. The AdminServer is on 7101 port, and the CollabServer is on port 7104. We do not use SSL.
application.XML:
<? XML version = "1.0" encoding = "windows-1252"? >
< application xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance".
xsi: schemaLocation = "http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd".
version = '5' xmlns = "http://java.sun.com/xml/ns/javaee" >
< display name > OracleRetailCollaboration < / display-name >
<>module
< web >
< web - uri > orc.war < / web - uri >
ORC < context root > < / root context >
< / web >
< / module >
< / application >
WebLogic - application.XML (as taken from the ear file):
<? XML version = "1.0" encoding = "windows-1252"? >
< application weblogic xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi: schemaLocation = "http://www.bea.com/ns/weblogic/weblogic-application.xsd" xmln
s = "http://www.bea.com/ns/weblogic/weblogic-application" >
<>earpiece
oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener <-listener class > < / listener class >
< / earphone >
< library-ref >
< name of the library - > adf.oracle.domain < / library name >
< / library-ref >
< / weblogic application >
WebLogic.XML (as taken from the file. War):
<? XML version = "1.0" encoding = "UTF - 8"? >
< weblogic-web-app xmlns = "http://www.bea.com/ns/weblogic/weblogic-web-app" xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi: schemaLocation = "work".
w.bea.com/NS/WebLogic/WebLogic-Web-App http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd ' > '.
<>container-descriptor
< prefer-web-inf-classes > true < / prefer-web-inf-classes >
< / container-descriptor >
< security-role-assignment >
valid users - < role name > < / role name >
users of < SPN > < / main-name >
< / security role assignment >
< library-ref >
< name of the library - > jstl < / library name >
specification of the < version > 1.2 < / specification-version >
< / library-ref >
< library-ref >
JSF < library name > - < / library name >
specification of the < version > 1.2 < / specification-version >
< / library-ref >
< / weblogic-web-app >
As I said, there is no deployment errors when deploying on the management server. However, we still see the following errors when deploying to the managed server:
java.lang.ClassNotFoundException: oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener
etc.
This error occurs when the deployment using the < wldeploy > Ant task included with weblogic and the deployment of the application manually using the administration console.
So I removed this WebLogic - application.xml:
<>earpiece
oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener <-listener class > < / listener class >
< / earphone >
Who decided the initial error (I guess that there is some sort of bug that causes of workaround is necessary). The following error is the following:
java.lang.ClassNotFoundException: oracle.adf.share.security.authentication.AuthenticationServlet
Yet once, we do not get this error when deploying to the AdminServer - ONLY the managed server CollabServer.
Web.XML:
...
< servlet >
< name servlet - > adfAuthentication < / servlet-name >
> the servlet class < oracle.adf.share.security.authentication.AuthenticationServlet < / servlet-class >
< load-on-startup > 1 < / load-on-startup >
< / servlet >
...
< servlet-mapping >
< name servlet - > adfAuthentication < / servlet-name >
< url-pattern > /adfAuthentication / * < / url-pattern >
< / servlet-mapping >
...
I then added some jars of adf the ear file, finally get this error message:
java.lang.ClassNotFoundException: oracle.adf.share.jsp.ADFLibUtils
Any ideas on how to solve this problem? Thank you.
Published by: user10451099 on April 15, 2009 12:10Dan,
Thanks for remind me :-)Here are the steps we had to take to get a WLS managed to run an adf application without copying any jar in the field/lib directory:
1. you should always install the adf runtime to any server you want the adf application to deploy on
2. open the administration console, select the managed server and select the "start server" tab in the settings of trial.
3. Add
/u01/bea/patch_wls1030/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/bea/patch_jdev1111/profiles/default/sys_manifest_classpath/weblogic_patch.jar: /u01/bea/patch_cie660/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/bea/jrockit_160_05/lib/tools.jar:/u01/bea/wlserver_103/server/lib/weblogic_sp.jar: /u01/bea/wlserver_103/server/lib/weblogic.jar:/u01/bea/modules/features/weblogic.server.modules_10.3.0.0.jar:/u01/bea/wlserver_103/server/lib/webservices.jar: /u01/bea/modules/org.apache.ant_1.6.5/lib/ant-all.jar:/u01/bea/modules/net.sf.antcontrib_1.0.0.0_1-0b2/lib/ant-contrib.jar:/u01/bea/jdeveloper/modules/features/adf.share_11.1.1.jar: /u01/bea/wlserver_103/common/eval/pointbase/lib/pbclient57.jar:/u01/bea/wlserver_103/server/lib/xqrl.jar: /u01/bea/patch_wls1030/profiles/default/sysext_manifest_classpath/weblogic_ext_patch.jarthe classpath box, you need to change ' / u01/bea /' with your bea home. The classpath must be on a single line without CR/LF, I put in to make it readable.
4. Add
-Xms256m -Xmx512m -da -Dplatform.home=/u01/bea/wlserver_103 -Dwls.home=/u01/bea/wlserver_103/server -Dweblogic.home=/u01/bea/wlserver_103/server -Ddomain.home=/u01/bea/user_projects/domains/naa_qs -Doracle.home=/u01/bea/jdeveloper -Doracle.security.jps.config=/u01/bea/user_projects/domains/naa_qs/config/oracle/jps-config.xml -Doracle.dms.context=OFF -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.management.discover=false -Dweblogic.management.server=http://localhost:7001 -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/u01/bea/patch_wls1030/profiles/default/sysext_manifest_classpath:/u01/bea/patch_jdev1111/profiles/default/sysext_manifest_classpath:/u01/bea/patch_cie660/profiles/default/sysext_manifest_classpath -Dweblogic.management.username=weblogic -Dweblogic.management.password=******** -Dweblogic.Name=GESTIS_QS -Djava.security.policy=/u01/bea/wlserver_103/server/lib/weblogic.policyediting area of the "Arguments". As with the change of calsspath ' / u01/bea ' your home BEA and change the domain name (in our case "naa_qs") to your domain name. change the managementuser and the password to your needs. As whith the classpath I put a CR/LF in the section of code to make it readable.
5. save the changes and restart the server
Essentially, all that we have copied the arguments of the admin server start script and more to add the path of the class.
Timo
-
During the installation of Application Framework via./install.sh script, then that account activity held an entry for "WebLogic Admin User ID system" we face as "' java.lang.ClassNotFoundException: weblogic.security.Encrypt" emits messages. "
Please, help us to solve this problem as soon as POSSIBLE.
Details of the environment:
Operating system: 64-bit 5U8 OEL.
Follow-up document:
PSRM - sector Public Revenue Management Oracle Installation Documentation (Doc ID 2067339.1)-PSRM_Installation_Guide_v2_4_0_0_0
Error message:
Enter the value to be encrypted: 160122:164014 < criteria > error occurred running /usr/java/jdk1.6.0_45/bin/java-Dweblogic.RootDirectory=/ebiz/app/ouaf/Release-FW-
V4.2.0.0.0/FW. V4.2.0.0.0/data/product/WLS.splapp weblogic.security.Encrypt:
Output is Exception in thread "main" java.lang.NoClassDefFoundError: weblogic/security/encryption
Caused by: java.lang.ClassNotFoundException: weblogic.security.Encrypt
in java.net.URLClassLoader$ 1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged (Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
to Sun.misc.Launcher$appclassloader$ AppClassLoader.loadClass (Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
The main class is not found: weblogic.security.Encrypt. Program ends.
End of output
The program finished in line 118 of the data/bin/perllib/SPL/splLog.pm.
Error: install.plx has not completed successfully. On the way out.
From now on, we have completed the slot status of activities for your reference.
Sl.No
Name of the activity
Status
1
Create users and groups
Completed
2
Install prerequisite software
Completed
3
Oracle 11.2.0.3 database
Completed
4
Java 6
Completed
5
Oracle WebLogic 10.3.6
Completed
6
Hibernation 4.1.0
Completed
7
Micro Focus Server 5.1 WrapPack 8
Completed
8
Install Oracle Utilities application.
Here issue facing 9
Install Oracle Utilities Application Framework Service Pack 1.
Pending
10
Install Oracle Public Revenue Management sector
Pending
11
Deploy Oracle sector Public Revenue Management application
Pending
Concerning
Knani G
Hello
During the installation, we have wrongly given Home Directory Web Application Server like/Ebiz/app/woof/Middleware
So we changed the Homepage Directory Web Application Server as /ebiz/app/ouaf/Middleware/wlserver_10.3
then the problem is resolved.
Thanks for the support.
Concerning
Villi Kumar
-
no more WiFi which extends from the airport express and Time capsule
I have no more WiFi which extends from the express airport and Time capsule.
and once it worked...
airportconfiguration-app also works, but the graphic display allows to have a straight white line. now, it's one interrupted...
Your unbroken lines in airport show connections ethernet utility... broken lines show the wireless connections.
So it depends on the extend method you used.
I think at this moment, things are configured wrongly... for some strange reason things happens and elements on a stand-alone basis, return to a default mode.
The best way to manage it is full factory reset on everything... and repeat the installation.
I have no more WiFi which extends from the express airport and Time capsule.
It seems to me that you extend a NON-APPLE router... in this case, your Apple routers must connect by ethernet and create a wireless network. Routers Apple cannot extend the NON-APPLE router wired.
The express could extend the TC or visa versa... by wireless...
Then I suggest say us what is the main router in the network?
You have connected by ethernet to the TC or Express or both?
If so please reset completely the two elements and try again. Make sure they are in bridge mode... It's the network tab. Router Mode is turned off.
And your wireless tab is configured to create a wireless network...
Use the same name (SSID) and even the security setting and the password as the main router to network roaming (extend wireless ethernet).
If the Express and transport CANADA are the same, both will have this configuration... If the express extends to wireless then it should NOT be connected to all the way to ethernet... (sequel to wan side at least) and it will be set to expand wireless on the wireless tab.
Maybe you are looking for
-
fact transparent hp printed office 2540
fact transparent hp printed office 2540 Which is the cheapest printer for printing transpariencies
-
Satellite L655-1EL impossible implementation using the battery
Nice day! I have a problem with my Toshiba Satellite L655-1EL computer laptop, I can't turn it - on the use of its battery, but when I plug it using the AC adapter the battery light indicator shows white and when I check it after I turn it on with AC
-
I get the message when I DPLAY.dll not installed when I try to play a newly downloaded game.
original title: DPLAY.dll Hello I get the message when I DPLAY.dll not installed when I try to play a newly downloaded game. I downloaded DirectX and nothing helped. Any help would be great! Thank you
-
How can I get MS Office Outlook to automatically start when my computer is turned on? I have Vista.
How can I get MS Office Outlook to automatically start when my computer is turned on? I have Vista. Your help will be greatly appreciated.
-
Blurry display - PC does not start
Hello I have a friend who was using his PC (a Pavilion a1000 XP3 running) when he suddenly gave the BSoD. It last restarted, now it gives a blurry view and does not start after the HP logo screen. I can't get into the setup of the BIOS or safe mode.