While developing new prototype application, it happened to me to get Error 403--Forbidden, while trying to login into application protected by ADF Security:
Error itself is logical, but in my case I was providing correct username/password, security permissions were defined correctly as well. I did a bit of research and found that weblogic.xml file was generated incorrectly. This file is accessible through JDeveloper 11g Application Navigator:
I saw that weblogic.xml was generated without required entries:
So, I added required security role assignment manually:
Now my application opens correctly:
If you will encounter same problem, make sure your weblogic.xml file is valid. Download working sample application - ADFSecurityValidUsers.zip.