This article describes how to make a login feature for your application, which uses database tables for authentication and authorization.
I have made this loginmodule from examples of the AMIS adf training and i have made use of the DBLoginModule class which Frank Nimphius and Duncan Mills build.
First thing we need to build is the tables in the database.
Tables
The loginmodule uses three tables.
1 table for users: which we call AMIS_STAFF
1 table for roles: which we call ROLES
1 table for association between the AMIS_STAFF and the ROLES tables
So make the tables in your database. The picture bellow shows how you could make it.
Authorization
Before we configure the authorization of your webapplication we need to make a new application.
So build a new application.
– Call the new application: SecureWebApp
– Directory name: c:\projects\SecureWebApp
– Application Package Prefix: nl.amis.als.secureWebApp
– Application Template: Web Application[JSF, ADF BC]
(these are just my settings, change them if you like)
– ok now we have an application
– make a new jsp page and call it: login.jsp
– save the page in …..\public_html\security\pages
– the source of the page look like this:
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN” “http://www.w3.org/TR/html4/loose.dtd”>
<%@ page contentType=”text/html;charset=UTF-8″%>
<html>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″/>
<title>Login</title>
</head>
<body style=”font-family:sans-serif; background-color:rgb(214,231,255); color:rgb(0,0,255);”>
<form action=”j_security_check” method=”post”>
<table cellspacing=”3″ cellpadding=”2″ border=”0″ width=”100%”>
<tr>
<td width=”120″>
<b style=”whitespace:nowrap”>Username</b>
</td>
<td>
<input type=”text” name=”j_username”/>
</td>
</tr>
<tr>
<td width=”120″>
<b>Password</b>
</td>
<td>
<input type=”password” name=”j_password”/>
</td>
</tr>
<tr>
<td></td>
<td>
<input type=”submit” name=”logon” value=”Sign On”/>
</td>
</tr>
</table>
</form>
<p>
(c) AMIS – (2002-2006) – <a href=”http://www.amis.nl”>http://www.amis.nl</a>
</p>
</body>
</html>
Now we have a login page. The next thing is to make the correct settings to use the page, the proper constraints and the roles.
Roles
Select the web.xml of your project and click rightmousebutton, select properties.
Select the Security Roles, add several roles, for example MANAGER, USER.
An important note is that the entered roles in your security roles, has to be exact the same as in the ROLES table we’ve made in the database.
Constraints
Select the web.xml of your project and click rightmousebutton, select properties.
Select Security Contraints, make a new constraint.
Select the new made constraint and add an Url Pattern. An example: /faces/pages/*.
The constraint is made, now we need to add roles to the constraint.
Select the Auhtorization tab and select the roles which use the constraint.
Login configuration
Select the web.xml of your project and click rightmousebutton, select properties.
Select the Login Configuration: Form-Based Authentication
Enter the next settings:
Login page: /faces/security/pages/login.jsp
Error page: /faces/security/pages/login.jsp
Authentication
Install jar file
We need to download a loginmodule, which we add a java class.
The file is available at a blog about a login configuration with an pl/sql procedure: https://technology.amis.nl/blog/?p=1462 or direct from: https://technology.amis.nl/wp-content/uploads/images/JaasSecureWebApp.zip
The file we needed is: jaasdatabaseloginmodule.zip
Download the file
Unzip the file and run the project, the project should look like this:
Ok now we are making a new java class in: oracle.sample.dbloginmodule.DBTableLM
The name of the file is: ALSDBTableLoginModule
The result should look like this:
Now we open the DBTableLoginModule.java file and copy paste all code into: ALS DBTableLoginModule.
The code we just pasted into our new class will be adjusted to our preferences.
First the need to adjust the class name: public class DBTableLoginModule implements DBLoginModule into: public class ALSDBTableLoginModule implements DBLoginModule.
The file should be correct at this point (so no file errors should occur if you run the file).
The performDbAuthentication is the only thing we adjust in the java class, the code of the method is as follow:
protected boolean performDbAuthentication(String username, char[] password)
{
boolean success = false;
Connection conn = null;
Statement stmt = null;
ResultSet rset = null;
ArrayList _dbauth = new ArrayList();
String _sqlStatement = “select roles.ROLENAME, amis_staff.USERNAME FROM roles LEFT JOIN userrole ON roles.ID = userrole.ROLE LEFT JOIN amis_staff ON userrole.EMPLOYEE = amis_staff.ID WHERE amis_staff.USERNAME = ‘” + username + “‘ AND amis_staff.PASSWORD = ‘” + new String(password) + “‘”;
try
{
try
{
//database connection from the data-sources.xml file
Context ic;
try
{
ic = new InitialContext();
DataSource dataSource = (DataSource) ic.lookup(_data_source_name);
conn = dataSource.getConnection();
}
catch (NamingException e)
{
System.err.println(e.getMessage());
}
stmt = conn.createStatement();
rset = stmt.executeQuery(_sqlStatement);
while (rset.next())
{
success = true;
String rolename = rset.getString(1);
String user = rset.getString(2);
_dbauth.add(new DBRolePrincipal(rolename));
_dbauth.add(new DBUserPrincipal(user));
_authPrincipals=(Principal[]) _dbauth.toArray(new Principal[_dbauth.size()]);
}
rset = stmt.executeQuery(_sqlStatement);
if(!rset.next())
{
FacesContext facesContext = FacesContext.getCurrentInstance();
FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_ERROR,”Your username and/or password is incorrect! “,null);
facesContext.addMessage(“messages”,message);
}
}
catch (SQLException e)
{
System.err.println(e.getMessage());
}
finally
{
rset.close();
stmt.close();
conn.close();
}
}
catch (SQLException e)
{
System.err.println(e.getMessage());
}
return success;
}
Compile the project
Select DBLoginModule.deploy, rightmousebutton and click deploy to JAR file.
The jar has to be used in the library of the project.
Copy the jar file to the jdev\lib map of your jdeveloper installation. For example: C:\Program Files\jdevstudiobase10133\jdev\lib.
The jar file is ready to use, only we have to make is available in the OC4J container.
So open the application.xml file, located in JDEV_HOME\jdev\system\oracle.j2ee.10.1.3.41.57 \embedded-oc4j\config map.
Replace: <jazn provider=”XML”/> by:
<jazn provider=”XML”>
<property name=”custom.loginmodule.provider” value=”true”/>
<property name=”role.mapping.dynamic” value=”true”/>
</jazn>
And add: <library path=”C:\Program Files\jdevstudiobase10133\jdev\lib\DBLoginModule.jar”/>
Configure system-jazn-data.xml
Let’s open the system-jazn-data.xml file in an editor. The file is located in the JDEV_HOME\jdev\system\oracle.j2ee.10.1.3.41.57 \embedded-oc4j\config map.
In the file we add the next lines:
<application>
<name>current-workspace-app</name>
<login-modules>
<login-module>
<class>oracle.sample.dbloginmodule.DBTableLM.ALSDBTableLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>addAllRoles</name>
<value>true</value>
</option>
<option>
<name>debug</name>
<value>true</value>
</option>
<option>
<name>data_source_name</name>
<value>jdbc/OracleDSSecurity</value>
</option>
<option>
<name>log_level</name>
<value>ALL</value>
</option>
</options>
</login-module>
</login-modules>
</application>
These settings we use to make the ALSDBTableLoginModule class available to the application.
Configure data-source.xml
Let’s open the data-source.xml file in an editor. The file is located in the JDEV_HOME\jdev\system\oracle.j2ee.10.1.3.41.57 \embedded-oc4j\config map.
In the file we add the next lines:
<managed-data-source name=”OracleDSSecurity” connection-pool-name=”Security Pool” jndi-name=”jdbc/OracleDSSecurity”/>
<connection-pool name=”Security Pool”>
<connection-factory factory-class=”oracle.jdbc.pool.OracleDataSource” user=”als” password=”als” url=”jdbc:oracle:thin:@localhost:1521:xe”/>
</connection-pool>
User is the database user, and the password is the user’s password.
The url is the url of the database.
These settings we’ve made, are necessary to make a database connection.
We are now able to login.
![Designer TAPI triggers fail on SQL MERGE operations]({"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"http:\/\/seattletimes.nwsource.com\/ABPub\/2012\/08\/02\/2018836700.jpg","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"} "Designer TAPI triggers fail on SQL MERGE operations")
I found these errors when i change the performDbAuthentication function ..
Error(673,59): cannot find variable _data_source_name
Error(698,13): cannot find class FacesContext
Error(698,41): cannot find variable FacesContext
Error(699,13): cannot find class FacesMessage
Error(699,40): cannot find class FacesMessage
Error(699,53): cannot find variable FacesMessage
Error(60,31): package javax.faces.application does not exist
Error(61,27): package javax.faces.context does not exist
and have problem in import.
Please tell us what changes needs to be done while using jdeveloper 11.1.x i.e 11g.
i need it urgently.
Thanks a ton.
It good to know you managed to make it work in 11g Subrata. I am also trying to authenticate against a DB using ADF security in Weblogic. It appears a lot has changed since 10g. Where did you go to find a solution? Any advice would be greatly appreciated.
Anyway I forgot to put my point here, as I have successfuly done with Authentication against DB using ADF security in weblogic as well as Tomcat. Yes I was able to do it with 11.1.1.1.0 version. It’s pretty simple here. Anybody till fighting to achieve it, welcome with their query how to achieve it.
Very nice document, But the main challange when we go to customise the same on 11G. It’s seems to be there is lots of changes compare with the version you have done. Even some of those described configuration file also not available(I am not talking about the location, Some at all not present)
I tried a lot with this but in vein. Did you happen to look into 11G? or do you have any example like this for 11G? Advance thanks for your positive answer.
This example works fine. Is there an example available for using 11G and weblogic security? I have the same issue as reply 5. I would using a simple database query involving three tables – would use something like the tables used in the example.
Thanks so much for the information. This is exactly what I’m trying to do. I’m having some difficulty getting this example to work on my end. I’m new to all of this so I’m following this article pretty closely. I run my .jsp page and it redirects the page to my Login.jsp page. I put in username/password that I added to my database and it redirects me to my Logout.jsp page which is my error-page I added to my web.xml page.
In my Login.jsp page the form action is j_security_check. Where is this getting set? Or how is my ALSDBTableLoginModule getting called? I have added some printlns in my ALSDBTableLoginModule.login method and redeployed….nothing is showing up in my Embedded OC4J Server – Log console. Does this mean it’s not getting called or am I not looking in the right place for the println stmts. I also noticed that in my system-jazn-data.xml page I have an option name addAllRoles with value true and there isn’t an addAllRoles in my ALSDBTableLoginModule. Is there suppose to be?
Thanks for all of your help!
Im looking for solution to implement authentication by using database tables for ADF & Tomcat application server too!!!
Hi,
I use this example to login action, it works fine, but I can not perform logout action by session.invalidate(), when I call it by button action performDbAuthentication() is called twice so user is logged again.
Regards
Andrew
Hi I am trying to implement what you have been doing above. But for me it is not working . I have created the following steps but am seeing this in my log.
08/09/30 10:30:27 [DBTableLoginModule] option debug = true
08/09/30 10:30:27 [DBTableLoginModule] option jdbc Url =
08/09/30 10:30:27 [DBTableLoginModule] option jdbc Class = oracle.jdbc.driver.OracleDriver
08/09/30 10:30:27 [DBTableLoginModule] option log level = log all
08/09/30 10:30:27 [DBTableLoginModule] option logger class = null
08/09/30 10:30:27 [DBTableLoginModule] option db schema = null
08/09/30 10:30:27 [DBTableLoginModule] option user table = null
08/09/30 10:30:27 [DBTableLoginModule] option roles table = null
08/09/30 10:30:27 [DBTableLoginModule] option username column = null
08/09/30 10:30:27 [DBTableLoginModule] option password column = null
08/09/30 10:30:27 [DBTableLoginModule] option roles column = null
08/09/30 10:30:27 [DBTableLoginModule] option user pk column = null
08/09/30 10:30:27 [DBTableLoginModule] option roles fk column = null
08/09/30 10:30:27 [DBTableLoginModule] option password encoding class = null
08/09/30 10:30:27 [DBTableLoginModule] option realm_column = null
08/09/30 10:30:27 [DBTableLoginModule] option application_realm = null
08/09/30 10:30:27 [DBTableLoginModule] login called on DBTableLoginModule
08/09/30 10:30:27 [DBTableLoginModule] Calling callbackhandler …
08/09/30 10:30:27 [DBTableLoginModule] Username returned by callback = eilynn
08/09/30 10:30:27 jdev-connection-managed-rpt2 not found
08/09/30 10:30:27 [DBTableLoginModule] Abort called on LoginModule
Sep 30, 2008 10:30:27 AM oracle.security.jazn.oc4j.OC4JUtil doJAASLogin
WARNING: java.lang.NullPointerException
at oracle.sample.dbloginmodule.DBTableLM.SpoonDBTableModuleLogin.performDbAuthentication(SpoonDBTableModuleLogin.java:715)
at oracle.sample.dbloginmodule.DBTableLM.SpoonDBTableModuleLogin.login(SpoonDBTableModuleLogin.java:298)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
at oracle.security.jazn.oc4j.RealmUserAdaptor$1.run(JAZNUserManager.java:1395)
at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
at oracle.security.jazn.oc4j.RealmUserAdaptor.authenticate(JAZNUserManager.java:1390)
at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletRequest.java:3673)
at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipal(EvermindHttpServletRequest.java:3614)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:384)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
javax.security.auth.login.LoginException: java.lang.NullPointerException
at oracle.sample.dbloginmodule.DBTableLM.SpoonDBTableModuleLogin.performDbAuthentication(SpoonDBTableModuleLogin.java:715)
at oracle.sample.dbloginmodule.DBTableLM.SpoonDBTableModuleLogin.login(SpoonDBTableModuleLogin.java:298)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
at oracle.security.jazn.oc4j.RealmUserAdaptor$1.run(JAZNUserManager.java:1395)
at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
at oracle.security.jazn.oc4j.RealmUserAdaptor.authenticate(JAZNUserManager.java:1390)
at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletRequest.java:3673)
at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipal(EvermindHttpServletRequest.java:3614)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:384)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
at oracle.security.jazn.oc4j.RealmUserAdaptor$1.run(JAZNUserManager.java:1395)
at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
at oracle.security.jazn.oc4j.RealmUserAdaptor.authenticate(JAZNUserManager.java:1390)
at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletRequest.java:3673)
at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipal(EvermindHttpServletRequest.java:3614)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:384)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
Sep 30, 2008 10:30:27 AM oracle.adf.view.faces.webapp.AdfFacesFilterHelper verifyFilterIsInstalled
WARNING: The AdfFacesFilter has not been installed. ADF Faces requires this filter for proper execution.
Process exited.
Can anyone help me please ..
Where did I go wrong?
Please help me.
Regards
Lutchumaya
Hi, Nice articel. if I try to login I get the following error:
javax.faces.el.EvaluationException: oracle.classloader.util.AnnotatedNoClassDefFoundError:
Fehlende Klasse: javax.faces.context.FacesContext
Abhängige Klasse: demo.view.menu.CrmGui
Loader: default.root:0.0.0
Code-Source: /C:/Dokumente und Einstellungen/boutsoudine/Eigene Dateien/jdev/jdev/lib/DBLoginModule.jar
Konfiguration: in /C:/Dokumente und Einstellungen/boutsoudine/Eigene Dateien/jdev/jdev/system/oracle.j2ee.10.1.3.41.57/embedded-oc4j/config/application.xml
Die fehlende Klasse ist in den folgenden Speicherorten verfügbar:
1. Code-Source: /C:/Dokumente und Einstellungen/boutsoudine/Eigene Dateien/JavaDemoSimple/HussCRM/P260808/ViewController/public_html/WEB-INF/lib/jsf-api.jar (from WEB-INF/lib/ directory in C:\Dokumente und Einstellungen\boutsoudine\Eigene Dateien\JavaDemoSimple\HussCRM\P260808\ViewController\public_html\WEB-INF\lib)
Diese Code-Source ist im Loader current-workspace-app.web.KundeAdresse-ViewController-webapp:0.0.0 verfügbar. Dies ist ein untergeordnetes Objekt des abhängigen Loaders default.root:0.0.0.
at com.sun.faces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:190)
The jar file jsf-api.jar is in my WEB-INF\lib
please any idea what is wrong thanks
Very good article. Have you yet experimented with 11g? The jazn architecture seems to have changed pretty significantly, i cannot make the ends meet. If you by any chance have a tutorial like that available for 11g, i would definitely like to check it out. My authentication goes against ActiveDirectory, but the basic premise is the same.
Im looking for solution to implement authentication by using database tables for ADF & Tomcat application server, can anyone give me advise? Can i use this login module?
To herman: Indeed you are wright, i will review my written code. The code will be reviewed by a colleague of mine somewhere in march. So look in this blog for any changes of the code.
To Mike: thanx for you’re suggestion
Nice article. Not sure you were aware there is some similar built in functionality in the container proper in OAS 10.1.3 (formalizing a feature that was in previous releases but not formally supported). See here: http://download.oracle.com/docs/cd/B31017_01/web.1013/b28957/loginmod.htm#BABCDDAI .
Mike.
hmm,
SQL als String opbouwen lijkt me tamelijk onveilig, waarom geen preparedstatement?
SQL wordt ook 2x uitgevoerd
Foutafhandeling is gebrekkig: bij nullpointerexcepties wordt de connectie niet afgesloten
Aanroepende programma krijgt alleen true of false terug, en mag verder raden naar wat er is misgegaan?
groeten,
Herman Scheltinga