The JavaEE Xperience

While exploring options to develop an upload-to-database feature, I came across repeated suggestions that using Oracle MultiMedia (previously InterMedia) datatypes (OrdDoc, OrdImage, etc.) was the way to go. A few forums started me off in the right direction. This one for e.g. However, it wasn’t as straightforward to get it working especially given that there was no documentation whatsoever around OrdDomain types in the Fusion guides. So these are the steps that need to be done. Read the rest of this entry »

The weblogic server provides a nifty API –  weblogic.servlet.security.ServletAuthentication. This class allows you to invoke authentication services from any controller – Servlets, JSF Managed Beans. This is pretty cool as you can do away with the j_security_check authentication and build your custom logic. Or perform programmatic authentication.

I am currently using this for a WebCenter Portal project where, based on a set of database derived parameters, I have to force the user to perform certain actions after login. My login page currently contains a custom login taskflow that implements the necessary logic for me. Of course, there are other ways to do this, but I needed to use ADF components (including BC) and using a bounded task flow seemed the best bet.

Note:

1) The ServletAuthentication class is present in the file wlserver_10.3\server\lib\weblogic.jar

2) If the logic requires logging the user out while in the taskflow, use ServletAuthentication.logout() instead of ServletAuthentication.invalidateAll(). If invalidateAll() is used, any navigation after this will result in an error.

In the default WebCenter Portal generated by JDeveloper, anonymous-role is granted “view” privilege on the home page. This may not always be desirable. The portal may not have any public content to put on the home page. In my current project, the entire portal has to be secured and available only to authenticated users. You would imagine this is a straight-forward thing to achieve but it’s not.

To turn off access to home page, I edited the page hierarchy and removed the grants assigned to anonymous-role. Now, when the user attempts to access /faces/oracle/webcenter/portalapp/pages/home.jspx, the user gets redirected correctly to the login page. However, if the user were to use the pretty url /pages_home the server throws a 404 error (perhaps an incorrectly flagged 403?) and the user is left with a very unhelpful error page. The trouble with this is that the user may choose to bookmark after his/her initial login and that bookmark will invariably point at the pretty URL.

There is also another side-effect to this. When the user hits logout, webcenter redirects the user to the current page after logout. Given that faces-config.xml contains a “logout_success” navigation case, I imagined that changing this to point at, say, the login page would work. Alas no. The only way to make this work was to change the Logout link to a goLink with the destination set to “adfAuthentication?logout=true&end_url=\faces\oracle\webcenter\portalapp\pages\login.jspx”.

Oh and this is w.r.t WebCenter 11.1.1.5.

Update: Thanks to Andrejus for an excellent workaround. His technique to solve the Session time-out problem can be applied here too.