Sunday, May 22, 2011

Oracle WebCenter 11g PS3 ADF Security Login Bean

When you generate new WebCenter 11g PS3 Portal Framework application in JDeveloper 11g, it creates login/logout pages and configures ADF Security. However, it generates basic login page, this can be improved by using new WebCenter 11g PS3 security login bean. With WebCenter 11g PS3, we have out of the box bean (o_w_s_l_LoginBackingBean), which can handle login/logout functionality without writing any custom code.

Download sample application - EnterprisePortalApp_v2.zip. Here you can see basic auto-generated login page structure for WebCenter 11g PS3 Portal Framework application:


I will reuse the same template for login page, but will change content structure. Will be using ADF Panel Form layout, username and password fields mapped with WebCenter login security bean, as well as ADF action button calling WebCenter login bean method for authentication:


Username field is mapped with o_w_s_l_LoginBackingBean userName property:


Password field is mapped with o_w_s_l_LoginBackingBean password property:


Action method for Login button is pointing to doLogin() method from o_w_s_l_LoginBackingBean:


Run portal application, will be redirected to Login page, login as redsam/welcome1 - o_w_s_l_LoginBackingBean will handle authentication process for you:


Authentication is successful - we are inside portal space:


If authentication process fails (wrong username/password, etc.), o_w_s_l_LoginBackingBean returns error message:


You may have valid question, how we could call required custom functionality, before o_w_s_l_LoginBackingBean login authentication method is invoked. Because login authentication is done by calling Action method, this means we could process before login logic from Action Listener method - let's create Action Listener method for the same Login button:


Inside Action Listener method, we can access both username and password values from o_w_s_l_LoginBackingBean, perform required actions and update (if needed) username and password values:


As you can see, for test purposes I'm changing username to scott. With current test case, when user provides username, for example - redsam:

Username will be changed to scott automatically, this user exists in ADF Security store as well:


12 comments:

Sudipto said...

Hi Andrejus,

Thank you for the posts as being a noob in Oracle Webcenter Portal Application and ADF, I am facing a real hard time in understanding ADF and a WC Portal App.

To be true, I am completely new to both the technology.

If you could point to some documents on Webcenter application and adf either than that of Oracle itself, it would be of a great help to me.

Anonymous said...

Hi, Andrejus. Great blog - I have learned a lot from you!

I have an interesting dilemma that I hope you might have a minute to point me in the right direction.

I have a public 'home' page. On it, I have a login box (username, password, login button) that calls the doLogin action as you described. (Actually, using my own bean, since my app is just ADF, not a WC Portal app.)

It successfully logs the user in, but doesn't seem to follow the "action" and navigate to another page - it instead leaves the user on the public 'home' page.

Here's the source for the "login" button:
<af:commandButton text="Log In" id="cbLogin" action="page2" actionListener="#{loginBackingBean.doLogin}">

It calls loginBackingBean.doLogin and logs the user in, but doesn't then navigate to the "page2" action defined in my task flow.

Any pointers would be greatly appreciated!

Thanks,
Karl

Andrej Baranovskij said...

Hi Karl,

I guess this post should help - http://andrejusb.blogspot.com/2010/11/things-you-must-know-about-adf-faces.html

Regards,
Andrejus

Anonymous said...

Hi Andrejus,
This post was very helpful. I need one help from you though. My requirement is, that a user should be able to register at the portal and at the end of the registration the user is automatically logged in to the application with the user name password. The users are getting created but not getting logged in automatically. The page goes back to the unathenticated home page.
When I login manually everything works fine. We are using the same o_w_s_l_LoginBackingBean to do this work.
Can you think of any reason why this may not be working?
Regards,
Mukund

Unknown said...

Hi Andrejus,

Your posts have been very helpful.

If you may guide me out in this matter regarding the o_w_s_l_LoginBackingBean.. I have a client that needs user lockout after 3 wrong attempts that my team have successfully set. Prob is that, the message provided by o_w_s_l_LoginBackingBean during login is same whether the user is locked or entered the wrong credential.. client is asking to output different message for user lockout..

Is there anyway to set this in o_w_s_l_LoginBackingBean.. or any other workaround for this?

Best Regards & Thanks

Thiago V Palmeir said...

Hi Andrejus, I stayed with a question, I might create in WebCenter beans because it has an example that shows no bean treatment at the system login. The example that follows was this: http://docs.oracle.com/cd/E23943_01/webcenter.1111/e10273/createapp.htm#CCHEGDIC

How WebCenter process the parameters (Login and Password) in the application?

Have any filter or file who makes some is called?

Phuu Tek said...

Hi Andrejus,

Just a curious question, please.
Suppose you have deployed your webcenter portal solution and gave it to the customer, can they still customize the loginpage and error page on their own?

[pre]

FORM

/login/login.html
/login/error.html


[/pre]

As I know, portal in JDEV11G PS5 uses form login.

Any thoughts.

Andrej Baranovskij said...

Hi,

I dont think it will work.

Andrejus

Phuu Tek said...

Hi Andrejus,

Thanks for your response but I just would like to ask for more info if you may...

So if I have packaged my portal project in an ear and I have already set my login/error page in the ear file and then the customer deployed it in their weblogic environment, there is no other way for the customer to customize the login/error page anymore?

Thanks

Andrej Baranovskij said...

Hi,

No - you cant customize it. Redeployment is needed. Unless you have enabled WebCenter Composer for these pages, I hope you didnt (it will slow down these pages).

Andrejus

agtl said...

Hi Andrejus,

I am testing a WC Portal deployed in a Clustered environment. Following documentation I should run my application with the following Java argument:

-Dorg.apache.myfaces.trinidad.CHECK_STATE_SERIALIZATION=session,tree

It works fine. However when I add the "beans" option to the argument (session,tree,bean) then I get the error I stated in the following post:

https://community.oracle.com/thread/3522519

Have you seen something like this before?

Anonymous said...

Hi Andrejus ,

I have a question here.
If we are authenticating against Microsoft AD , then does the bean return proper error messages or code for different error scenarios
actual error string returned to the binding process

525​ user not found ​
52e​ invalid credentials ​
530​ not permitted to logon at this time​
531​ not permitted to logon at this workstation​
532​ password expired ​
533​ account disabled ​
701​ account expired ​
773​ user must reset password ​
775​ user account locked​


How can I get the required error code from doLogin method?