Saturday, August 10, 2019

ADF Security Login Logout -example

ADF Security Login Logout -example

This ADF Security Login Logout  sample application enable security to the view project and  requires authentication to see any of the resource like JSF, image etc inside the application. A logout URL is provided in one of the page which clears the session, logs out the user and redirect to the login screen.In this section, The following section are detailed in this section
1. Create a Login page using ADF Faces
2. Create a Home Page; User requires authentication to see this page
3. Insert LogOut URL in the Home page;
4. Enable ADF Security, add a username and password to test  the app.
Download project: ADF Security Login Logout

Create ADF Web Application and Login/Logout pages

1. Create an ADF Fusion Web Application: Click File, New, Application, ADF Fusion Web Application, enter application name and click Finish
2. Create a JSF page in the view project under WebContent directory, Name it as ‘Login.jsf’. Add two input text field for username & password and add a button component for form submission. The secret property should be true for the password field. Bind each component to a bean property as shown below. We will create the bean class shortly. As shown below, those components are wrapped inside the PanelBox component

3. Create a JSF page under WebContent directory, Name it as Home.jsf. tThis is a secure page and requires authentication. Add the content as shown below. This page contains the user name who logged in to the application and a logout link which   logs out the user and redirect to the login page when it got clicked.


4. Create an empty page definition file for the Home.JSF file by right click on the JSF page and select ‘Go to Page Definitiio’. ADFSecurity  requires a page-definition file for resource grants
090516_2216_1 ADF Security Login Logout
5. Create a black JSF page for error page . Name it as Error.JSF.

Create Bean Class to handle login

We need to add weblogic.jar in the view project to support weblogic authentication class used in the Bean class. Right click on the View Controllert, Select Libraries, and Classpath, Click Add Library, Add library ‘WebLogic Remote Client.’
090516_2216_2 ADF Security Login Logout
Create a java class; Name it as LoginHandler.java. It has String  property of username and Password field which binds to the Login.jsf page username and password inputText field. A doLogin() method is for login authentication.More information about this class will be found in Oracle documentation
The doLogin method will check the authentication, if passed then create a session; if the username and password is incorrect then it displayes error message.

LoginHandler.java


package view;

import java.io.IOException;

import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import weblogic.security.URLCallbackHandler;
import weblogic.security.services.Authentication;

import weblogic.servlet.security.ServletAuthentication;

public class LoginHandler {
    private String _username;
    private String _password;


    public void setUsername(String _username) {
        this._username = _username;
    }

    public String getUsername() {
        return _username;
    }

    public void setPassword(String _password) {
        this._password = _password;
    }

    public String getPassword() {
        return _password;
    }
    
    public void doLogin(ActionEvent event) {
    FacesContext ctx = FacesContext.getCurrentInstance();
    HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
    CallbackHandler handler = new URLCallbackHandler(_username, _password);
    try{
    Subject mySubject = Authentication.login(handler);
    ServletAuthentication.runAs(mySubject, request);
    ServletAuthentication.generateNewSessionID(request);
    String loginUrl = "/adfAuthentication?success_url=/faces" + 
    ctx.getViewRoot().getViewId();
        System.out.println();
    HttpServletResponse response = 
               (HttpServletResponse)ctx.getExternalContext().getResponse();
        sendForward(request, response, loginUrl);
    }catch(FailedLoginException e){
        FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR,
                                                "Incorrect Username or Password",
                                                "An incorrect Username or Password" +
                                                " was specified");
             ctx.addMessage(null, msg);
    }catch(LoginException e){
        reportUnexpectedLoginError("LoginException", e);
    }
    }
    
    private void sendForward(HttpServletRequest request, 
                              HttpServletResponse response,
                              String forwardUrl){
       FacesContext ctx = FacesContext.getCurrentInstance();
       RequestDispatcher dispatcher = request.getRequestDispatcher(forwardUrl);
       try {
         dispatcher.forward(request, response);
       } catch (ServletException se) {
         reportUnexpectedLoginError("ServletException", se);
       } catch (IOException ie) {
         reportUnexpectedLoginError("IOException", ie);
       }
       ctx.responseComplete();
     }
    
    private void reportUnexpectedLoginError(String errType, Exception e){
      FacesMessage msg =
        new FacesMessage(FacesMessage.SEVERITY_ERROR, "Unexpected error                                                        during login",
                         "Unexpected error during login (" + errType + 
                         "), please consult logs for detail");
      FacesContext.getCurrentInstance().addMessage(null, msg);
      e.printStackTrace();
    }

}

Register this Java bean class in adf-config.xml file for JSF page to use. Open the adf-config.xml file under Web Content, Web-Inf directory,
Click on the Overview tab, Click Managed Beans, Click the GreenPlus icon to add the managed bean
090516_2216_3 ADF Security Login Logout

Enable ADF Security for the application

Click on the Application, Secure, Configure ADF Security
090516_2216_4 ADF Security Login Logout
Click ADF Authentication and Authorization
090516_2216_5 ADF Security Login Logout
Here, Select Form Based Authentication, choose  Login.jsf and  Error.jsf
090516_2216_6 ADF Security Login Logout
Select No Automatic Grants and click Finish
090516_2216_7 ADF Security Login Logout
Now the security is enabled for all the resources in the application, now none of the ADF resource like JSF page, Image can be accessible without username and password. Next we will create a  test username and password, grant this user to home page.
Expand the Application Resources, Description, META-INF, open the jazn-data.xml. Click ‘Test Users & Role’, Add a user called admin
090516_2216_8 ADF Security Login Logout
Now grant the user to see the Home page.Click on the tab ‘Resource Grants’, Select Home, Add the ‘admin’ in Granted To.
090516_2216_9 ADF Security Login Logout
The full application structure will be like below
090516_2216_10 ADF Security Login Logout

ADF Login and ADF Logout – Testing


Right-lick on the Home.jsf page and run. The application will get deployed in WebLogic and it won’t show the home page. Instead, it will redirect to Login screen and ask for authentication. Input the created user admin and its password.
090516_2216_11 ADF Security Login Logout

It will display the home page; Click on the URL LogOut will logs out the user and redirect to login screen
090516_2216_12 ADF Security Login Logout

Find the below link, if you are looking to deploy in a standalone WebLogic server.

No comments:

Post a Comment