12.12.12

ADF Security - passwords must contain numeric or special characters

JDeveloper lets us add security for our appication really easy. If we want simple security, secured application is just a couple of wizards and a few clicks away. By selecting Application -> Secure -> Configure ADF Security ... we can add security to our application through a very intuitive wizard. The result is creation of jazn-data.xml file which contains all security related information.


The most interesting page in this wizard is the following one, where we need to specify that we want Form-Based Authentication. It is also very convinient to automaticaly generate login and error html pages by selecting Generate Default Pages.


Next thing is to create a user. But if we provide a password containing less that 8 characters, we will be prompted that it is not allowed.


After fixing it, we can go to Resource Grants and allow this user to view specific pages. Now we are set to go, but after running the page and providing the correct credentials, we get HTTP 403 Forbidden.


JDeveloper notifies us in Deployment - Log (during deployment) that passwords need to contain atleast one numeric or special character.


Unfortunately, it is very easy to overlook this tab and think that we did something wrong.