Oracle ADF 11g Developer Guide is primary source of information for every Oracle Fusion 11g developer. About security implementation, you can read from chapter 30.7 Creating a Login Page. What is the difference between smart and regular developer? Smart developer is proactive and always knows more than it is described in developer guide :) I will present today few aspects of ADF Login Page implementation you should keep in mind, when working with ADF Security.
I will use typical ADF Faces page to implement login screen - /faces/login.jspx:
I was using ADF Security wizard to define login page, just following documentation steps and I got strange behavior. When I'm running application, it redirects to login page - opening it, but just hangs and never brings login screen:
There are no errors or warnings in the log:
However, you should know - when ADF Faces page is defined as login page, even there is no page definition defined - it will be generated automatically:
When there is page definition, page will be automatically protected by ADF Security. Because there are no any grants by default for login page, it will be not accessible:
At the same time this page is defined as login page - framework is trying to load it, but fails because no permission defined. Its why application simply hangs.
In order to make it work, you need to specify anonymous role for login page - this will allow to render login screen:
When we are implementing ADF Faces login page, we can process username and password data, before doing authentication. We can set username to lower case, some LDAP systems are case sensitive - this will allow user to login, even he will type username in upper case:
If you are already working with new JDeveloper 11g PS3 beta release, probably you have noticed that SimpleCallbackHandler class is deprecated:
Documentation still references deprecated SimpleCallbackHandler class for login action. Probably it will be update later with URLCallbackHandler class. Sample application for this post is using that class:
In order to test login functionality, I'm using mix of upper and lower case for username:
Login action is performed successfully with URLCallbackHandler class, username is converted to lower case:
Download sample application for this post - SecurityFormLogin.zip