Thursday Mar 01, 2012

Solving JDeveloper 11gR2 issue with ADF Faces login page in IE8

Using Microsoft IE8, forms based authentication in which the login form is built with ADF Faces doesn't load and instead the browser console report complains about invalid or undefined ADF Faces JavaScript objects. The problem that has been reported for JDeveloper 11g R2 using ADF Faces with Facelets seems to occur only for applications using the ADF Security "ADF Authentication" configuration option in combination with an ADF Faces based login form.

Using the ADF Security "ADF Authentication" option configures the web.xml descriptor to protect the application Java EE context root from unauthenticated access.

 
<security-constraint>
 <web-resource-collection>    
   <web-resource-name>allPages</web-resource-name>    
   <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>     
   <role-name>valid-users</role-name>
 </auth-constraint>
</security-constraint>

The valid user role name is mapped in the weblogic.xml file and references the WLS users group that all authenticated users are an implicit member of.

<security-role-assignment>   
  <role-name>valid-users</role-name>    
  <principal-name>users</principal-name>
</security-role-assignment>

Protecting the application Java EE root path from unauthenticated access however also means that web resources like pictures or styles sheets, or deferred loaded JavaScript libraries, are blocked until the user has authenticated. For the same reason customers often report missing images on their web login pages.

In the case of an ADF Faces login form, deferred resource loading becomes an issue because subsequent JavaScript requests are all blocked by the security constraint defined in the web.xml file. Surprisingly, this is only a problem in Microsoft IE8 and not with other browsers, which may indicate differences in the handling of login forms and their resource loading. To this time I am not able to say whether IE is doing it right or wrong. Fact however is that the problem only shows on this browser type and that it needs to be handled without opening a security hole, which you would do if you changed the security url-pattern to /faces/* in which case only JSF page requests would require authentication.

Investigating the problem, the following solution has been found by the ADF Faces team: ADF Faces UIs require additional resources that are loaded through the Trinidad resource loader servlet configured in web.xml file.

To allow resources to be loaded when using login forms built with ADF Faces ( in which case the JSF page contains a HTML login form) you need to add another security constraint definition to the web.xml file:

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Allowed ADF Resources</web-resource-name>
    <url-pattern>/adf/*</url-pattern>
    <url-pattern>/afr/*</url-pattern>
    <url-pattern>/bi/*</url-pattern>
  </web-resource-collection>
</security-constraint> 

The above security constraint should do for most of the login pages you would build with ADF Faces. However, if the login screen is more complex and e.g contains DVT graphs or maps, you may have to add more url-patterns for public (anonymous access), like

<url-pattern>/servlet/GraphServlet/*</url-pattern>
<url-pattern>/servlet/GaugeServlet/*</url-pattern>
<url-pattern>/mapproxy/*</url-pattern>
<url-pattern>/adflib/</url-pattern>

In my JDeveloper 11g R2 test-case project, I ended up with three security-constraint definitions added to the web.xml file: "Allowed ADF Resources", "allPages" and "AdfAuthentication".

Always place the "Allowed ADF Resources" security constraint definition first in the web.xml file so it is looked at before all the others are so it takes precedence.

Note that both, the web.xml file and the weblogic.xml file open a visual configuration editor when you double click onto the respective file shown in the JDeveloper Application Navigator (Web Content à WEB-INF folder in the ViewController project.

Wednesday Feb 29, 2012

How-to learn ADF Skinning

Recently I observed an increase of questions on OTN and Oracle internal that aim for applying CSS on the generated HTML output of an ADF Faces application. Surely, skinning in ADF is not the same as using CSS in tools like Dreamweaver, but it is the proper way of applying custom images and colors to ADF Faces applications. The biggest risk in styling the generated ADF Faces HTML output with CSS is change in the renderer classes. Oracle constantly works on improving its ADF Faces components, for example using HTML 5 to replace Flash and DHTML on some of the ADF Faces components. If you skinned applications on the generated output, then with each of the changes Oracle applies, your custom styles will break.

ADF sinning applies style sheet definitions to style classes at runtime. In contrast to direct output styling, the style classes are dynamically created and derived from the ADF Faces skin selectors. The component developer ensures that the style classes are always set to the correct location in the generated component output, ensuring that changes last across Oracle JDeveloper versions and component changes. Though I can't save you from learning, I can help you with pointers to sources you want to be aware of:

ADF skinning is documented in the Oracle® Fusion Middleware Web User Interface Developer's Guide for Oracle Application Development Framework

http://docs.oracle.com/cd/E21764_01/web.1111/b31973/af_skin.htm#BAJFEFCJ

An ADF insider recording exists that explains skinning in a 40 minute video. Though this recording doesn't show the new skin editor, you learn a about how skinning works, how you dynamically detect skins at runtime and how you debug skins using FireBug in FireFox.

http://download.oracle.com/otn_hosted_doc/jdeveloper/11gdemos/adf-insider-skinning/adf-insider-skinning.html

As mentioned, a visual skin editor exists that you can use in its stand-alone edition for JDeveloper 11g R1 (11.1.1.4, 11.1.1.5) applications and integrated in JDeveloper 11g R2. An article that explains working with the skin editor and a recommend workflow is published here

http://www.oracle.com/technetwork/issue-archive/2011/11-nov/o61adf-512006.html

To download the stand alone skin editor (JDeveloper 11g R2 has it integrated and no extra download is required), use the link below

http://www.oracle.com/technetwork/developer-tools/adf/downloads/index.html

To learn about the stand alone and the integrate skin editor, refer to the Oracle® Fusion Middleware Skin Editor User's Guide for Oracle Application Development Framework, which you can access online from

http://docs.oracle.com/cd/E16162_01/user.1112/e17456/toc.htm

To try the skin editor on a JDeveloper 11g R2 sample, you can run through the hands-on exercise exposed as part of the Oracle learning library.

http://docs.oracle.com/cd/E18941_01/tutorials/jdtut_11r2_83/jdtut_11r2_83.html

A video recording of how to use the skin editor can be found here

https://blogs.oracle.com/shay/entry/adf_faces_skin_editor_how

 And finally, a list of all skin selectors and ADF Faces components can be read up in the Oracle Fusion Middleware Tag Reference for Oracle ADF Faces Skin Selectors

http://docs.oracle.com/cd/E21764_01/apirefs.1111/e15862/toc.htm

This document is a well written by the ADF Faces component developers and provides information that you don't find in other documentation. If you worked through all of this, Skinning should no longer be a problem for you.

Wednesday Jan 18, 2012

How-to determine the ADF tree node type using EL

Creating an ADF tree in ADF produces an entry similar to this in the PageDef file of the view.
<tree IterBinding="AllCountriesIterator" id="AllCountries">
   <nodeDefinition 
        DefName="oracle.summit.model.views.CountryVO" Name="AllCountries0">
     <AttrNames>
       <Item Value="Country"/>
     </AttrNames>
     <Accessors>
       <Item Value="CustomerVO"/>
     </Accessors>
   </nodeDefinition>
   <nodeDefinition 
      DefName="oracle.summit.model.views.CustomerVO" Name="AllCountries1"
      TargetIterator="${bindings.AllCustomersIterator}">
      <AttrNames>
        <Item Value="Id"/>
        <Item Value="Name"/>
     </AttrNames>
   </nodeDefinition>
</tree>

Notice the DefName attribute on each node containing a reference to the actual View Object instance used to render a specific node.

With this information you can now use EL to render the tree nodes differently. For example, the page source below renders the node as a command link if the node presents a customer. For Countries, the node is simply rendered as an output text.
<af:tree value="#{bindings.AllCountries.treeModel}" var="node" ...>
  <f:facet name="nodeStamp">
    <af:group id="g1">
      <af:commandLink id="cl4" text="#{node}"                                                                             
                      rendered="#{node.hierTypeBinding.viewDefName ==  
                                       'oracle.summit.model.views.CustomerVO'}"
      .../>
      
      <af:outputText id="ot4" value="#{node}"                                                                               
               rendered="#{node.hierTypeBinding.viewDefName == 
                                     'oracle.summit.model.views.CountryVO'}"/>
    </af:group>
  </f:facet>
</af:tree>       
The EL expression  #{node.hierTypeBinding.viewDefName} returns the name of the node type, which in ADF is the absolute name of the collection instance rendering the node.

Saturday Jan 15, 2011

About Entitlement Grants in ADF Security of JDeveloper 11.1.1.4

[Read More]
About

The Oracle JDeveloper forum ranks in the Top 5 of the most active forums on the Oracle Technology Network (OTN).



The OTN Harvest blog is a summary of selected topics posted on the OTN Oracle JDeveloper forum.



It is an effort to turn knowledge exchange into an interesting read for developers who enjoy little nuggets of wisdom





Frank Nimphius

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today