Monday, May 14, 2012

Oracle ADF with SSO – The Definitive Guide

by Fábio Souza & Eduardo Rodrigues


We know. It’s been a looooooong time again. But once you read this post, we are quite sure you’ll be happy we took the time to write it. And it’s also our very first post officially signed by 2 authors. As they say: two heads think better than one.

Recently, we’ve been challenged with the task of setting up an internal “production” environment intended to run and support some internal applications. As part of this challenge, we were required to somehow integrate this environment with our company’s LDAP and SSO solutions. Since this was the first time we were facing those requirements, we started to do a lot of research (googling) on the topics involved. For our great surprise (well... not really), we could not find one single place or document that would give us a birds-eye view in an objective and consolidated form. We did find multiple blogs and documents scattered throughout the Net, each one talking about different pieces. But we had to do all the hard work of filtering, refining and compiling all this data, discarding all wrong/outdated information while keeping only what’s really relevant, correct and up-to-date. And believe me when I say... it’s a lot of information!

That’s the motivation behind this post. Share the final outcome of this research with readers, in the form of a “step-by-step” guide, so that nobody should need to go through all the hassle again.

So, let’s cut to the chase.

Environment Scheme

This diagram tries to give a nice overview of all the pieces involved in this post.

Access Flow with SSO

SSO Configuration

This section describes the steps to integrate the existing environment with the selected SSO Solution. In this example, the SSO solution is based on the following products:
  • Oracle Access Manager (OAM)

    Provides access control services with centralized authentication, policy-based authorizations, and auditing with rich identity administration functionality such as delegated administration and workflows. It protects resources at the point of access, delegating authentication and authorization decisions to a central authority.

  • Oracle Internet Directory (OID)

    This is our Identity Store and plays the role of our LDAP server at the same time. This is where all users are authenticated against and their security profiles are fetched from.

  • Oracle Weblogic Server (WLS) with these security providers

    • Oracle SSO Assertion Provider

      This component does the mapping between the SSO-authenticated user and his/her identity in the identity store (OID in our case)

    • OID Authentication Provider

      This component is responsible for the communication between Weblogic and the OID server. It is able of authenticating users against OID and also of creating its JAAS security context, which will be used by JavaEE applications. Because our objective here is to integrate with SSO, this particular component will not be responsible for authentication but for the creation of security contexts only.

  • Oracle HTTP Server (OHS) with these modules

    • weblogic_module

      This OHS module does the bridge between OHS and Weblogic for specified locations (URIs). It's also capable of mapping multiple Weblogic nodes (cluster) and performing simple but handy Round Robin load balancing.

    • mod_osso

      This module is designed to work with both Oracle SSO and OAM. Based on a configured set of protected locations (URIs) it can identify when a user needs to be authenticated and then redirect the user to the SSO login page and then back to the originally requested URL.
The instructions below have been carefully written in order to isolate each of the components’ configuration. If you have a different environment but some of your components are the same, you can still follow the configuration instructions for matching components. For example, even if you are using Webgate instead of mod_osso, you can still follow the OID instructions.
At the end of this section there is a Weblogic Authentication Provider review. Many errors can be avoided by following the instructions described there. Don't skip that review!

Configuring weblogic_module

This module is usually installed and loaded out-of-the-box with OHS. It can be manually configured in file $ORACLE_INSTANCE/config/$COMPONENT_TYPE/$COMPONENT_NAME/mod_wl_ohs.conf. Bellow is a sample:
LoadModule weblogic_module "${ORACLE_HOME}/ohs/modules/"

# This empty block is needed to save mod_wl related configuration from EM to this file when changes are made at the Base Virtual Host Level
<IfModule weblogic_module=>
     # list all nodes in our Weblogic cluster
     WebLogicCluster mynode1:80,mynode2:80
     # log/debug options
     # Debug ON
     # WLLogFile /tmp/weblogic.log

<Location /myapp>
     SetHandler weblogic-handler

As you can imagine, the setup above will take care of redirecting all requests coming in OHS under /myapp to one of the nodes in our Weblogic cluster.

Configuring mod_osso

You'll need to create an intermediate text file called osso.txt with the properties bellow. All values will have to be obtained from your OAM/SSO administrator, based on the URL being protected:
sso_server_version =
cipher_key =
site_id =
site_token =
login_url =
logout_url =
cancel_url =
sso_timeout_cookie_name =
sso_timeout_cookie_key =

Encrypt (obfuscate) file osso.txt into file osso.conf by running the following command (don’t forget to include “root” at the end):
$ORACLE_HOME/ohs/bin/iasobf osso.txt osso.conf root

In file $ORACLE_INSTANCE/config/$COMPONENT_TYPE/$COMPONENT_NAME/httpd.conf  under the include section there is a commented line including mod_osso.conf. Uncomment this line so that the include takes effect. Here is an example of what that line looks like:
# Include the configuration files needed for mod_osso
include "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/mod_osso.conf"

Go to $ORACLE_INSTANCE/config/$COMPONENT_TYPE/$COMPONENT_NAME and copy file mod_osso.conf from subfolder "disabled" and then edit the file like this:
LoadModule osso_module $ORACLE_HOME/ohs/modules/

<IfModule mod_osso.c>

# In this example we are not using SSL, thats why OssoSecureCookies is off
OssoSecureCookies off
OssoIdleTimeout off

# OssoIpCheck should be set to off when protected resources are accessed via proxies or VPNs
OssoIpCheck on
# make sure file osso.conf is in the same directory as mod_osso.conf
OssoConfigFile osso.conf

# Location is the URI you want to protect.
# /myapp is set here just as an example.
# you must set your own
<Location /myapp>
   Require valid-user
  AuthType Osso


And don't forget to restart OHS! :)
If the mods are messing up the interception of requests, it might be a good idea to have the Include statement for mod_osso.conf come before the one for mod_wl_ohs.conf in httpd.conf so the mods will intercept the requests in the correct order. Unpredictable errors may occur if URLs that must be interpreted by mod_osso are being intercepted by the mod_wl_ohs first.

Creating the SSO Assertion Provider in your Weblogic Domain

  1. Open the Weblogic Console application
  2. Go to Security Realms > myrealm > Providers
  3. Select New under the Authentication Providers table
  4. Give a name for the new provider, select its type, and click OK. For example:
    Name: OSSO Identity Asserter
    Type: OSSOIdentityAsserter
  5. Click OK
  6. Click on the name of the newly added provider
  7. In the Common tab, set the appropriate values for common parameters and set the Control Flag to OPTIONAL and then save the settings

Creating the Oracle Internet Directory Authentication Provider

The OID Authentication Provider creation is pretty simple. You just need to fill up a form with the LDAP server info (there are tons of how-tos in sites and blogs about it). The tricky part is to put it to work with an ADF application when you are not using the default “username attribute”. OK, I will translate that. Imagine that in your company “mail” is the LDAP attribute used to authenticate an user. Normally you would just need to configure the “User Name Attribute” in the OID Authentication Provider configuration screen with value “mail” but that alone won’t be enough for ADF to be aware of this change. To make it work, you must properly configure the file jps-config.xml that’s being used by your Weblogic domain, which will most likely be located in <domain_path>/config/fmwconfig. You’ll need to modify this file with something like:
<serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">
   <property name="idstore.config.provider" value=""/>
   <property name="CONNECTION_POOL_CLASS" value=""/>
   <!-- The lines below define which attribute will be used as username -->
   <property name="username.attr" value="mail"/>
   <property name="user.login.attr" value="mail"/>

This same change must be replicated on each and every node when using a Weblogic cluster.

Since we’re very nice guys and our intention is make readers’ life easier, we’ve created a wlst script that should do most of the work automatically: create the Authentication Provider and configure the jps-config.xml. It can be found here and instructions may be found in comments inside the file.

Reviewing Authentication Providers in Weblogic

  • Oracle SSO Asserter: set as the first one in the providers list and set its Control Flag to "Optional"
  • OID Authentication Provider: set as the second one and set its Control Flag to "Sufficient"
  • Weblogic's DefaultAuthenticator: set as the third one and set its Control Flag set to "Optional"
  • Weblogic's DefaultIdentityAsserter: must be the last one in the providers list

The idea here is to guarantee that Oracle SSO Asserter and OID Authentication providers are triggered in the right order, before any other provider. The User/Role API in ADF is able to query data from only one provider. Oracle Platform Security Services (OPSS) initializes the identity store service with the LDAP authenticator chosen from the list of configured LDAP authenticators according with the following algorithm:
  1. Consider the subset of LDAP authenticators configured. Note that, since the context is assumed to contain at least one LDAP authenticator, this subset won't be empty.
  2. Within this subset, keep only the providers configured with the higher control flag. The flag ordering is: REQUIRED > REQUISITE > SUFFICIENT > OPTIONAL
  3. Within the remaining subset, keep only the first provider configured in the context.
The LDAP authentication provider singled out will be the one chosen to initialize the identity store service.

Configuring the Application to work with SSO

Independently of which products you are using to enable SSO in your environment, you still have to configure your application to use this infrastructure. In our example we are using OAM + mod_osso, but what this section covers can be used in any environment using a Weblogic Server with the following items:
  • Application Development Framework (ADF) Runtime installed (for installation, check this link)
  • Authentication Provider
  • Identity Asserter
In this section we'll cover the scenario in which the authorization is defined by the application itself.

Enabling ADF Security

  1. In JDeveloper, select "Application > Secure > Config ADF Security"
  2. Select "ADF Authentication and Authorization" and click on finish.
You will notice that files jazn-data.xml and jps-config.xml were auto generated for you. It is really important to understand their roles so check this article from our friend, Mr. Andre Correa.

ADF Security uses jazn-data.xml to setup application authorization (or security policies). Follow the guideline below to configure it:
  1. Create Entitlements to define access for a group of resources. For example, "Basic Access" entitlement could include "view" permission on every page/taskflow that regular authenticated users can see.
  2. Create application roles to group users by access level. For example: "Application Users" could group all users that are granted with "Basic Access" entitlement. "Application Administrators" could group only those users granted with "Basic Access" and "Admin Section" entitlements.
  3. Create Enterprise Roles that correspond 1:1 with LDAP groups and then associate them with your application roles. For example: Enterprise Role with name = "VP's Org" could be mapped to application role "Application Users".
It is highly recommended use of wildcards when configuring resources in jazn-data.xml. Unfortunately, this cannot yet be done through the "Overview" tab in JDeveloper. Nevertheless, it is more than worth it to manually change the XML source. For example:
<!-- Using wildcards to configure resources -->
      <display-name>All Pages</display-name>
      <display-name>All Task Flows</display-name>

Using the Weblogic Identity Store

When we started looking for the best approach to use the JavaEE container's Identity Store, we’ve found this example:

private UserProfile findUserProfile(String username) throws Exception {
   JpsContextFactory ctxFactory = JpsContextFactory.getContextFactory();
   JpsContext ctx = ctxFactory.getContext();
   IdentityStoreService idstoreService = ctx.getServiceInstance(IdentityStoreService.class);
   identityStore = idstoreService.getIdmStore();
   UserProfile userProfile = identityStore.searchUser(username).getUserProfile();

Even though this approach works fine, it is completely tied to the underlying security implementation (JPS in our case). Fortunately, we were able to find a more elegant and easy way to achieve the same thing, using only ADF APIs:

private UserProfile findUserProfile(String username) {
   // UserManager is automatically configured to use the container's Identity Provider and it is not thread-safe
   UserManager userManager = new UserManager();
   AttributeFilter[] filter = { new AttributeFilter("USER_ID", username) };
   ArrayList userProfiles = userManager.getUserProfileList(1, filter);
   UserProfile userProfile = (UserProfile)userProfiles.get(0);

   return userProfile;

Configuring Logout

In our environment, using OAM + mod_osso, the application would have to execute a well defined procedure to perform a proper single sign-off. Thankfully, ADF can take care of all logout details by itself. Using ADF this task becomes transparent to the application. There are two ways to implement the logout:
  • Using adfAuthentication servlet
    • Call /adfAuthentication with the following parameters:
      logout: must be "true"
      end_url: URL where the browser will be redirected to after the logout
  • Programatically
    AuthenticationService service = AuthenticationServiceUtil.getAuthenticationService();
    String logoutURL = "/face/home/jspx"; // the end_url
    service.logout(logoutURL, null);

Deploying the SSO-protected Application

When you deploy an application using JDeveloper Application's default settings, many things are done automatically such as database connections deployment and credentials update. This is fine when you are making local tests, but when you want to deploy to production server the situation changes. In our environment we already have a system-level DataSource setup in Weblogic for our application to use. We also have an identity store that contains all users and groups that we need. That said, our deployment is configured as follows:
  • Inside Application Properties, go to Deployment > Weblogic
  • Inside “Security Deployment Options”, select "Update weblogic-application.xml with the following..."
  • Check the box "Application Policies" (this will make all security policies configured in your jazn-data.xml migrates to the application server)
  • Uncheck "Credentials" (this will prevent the copy of your local cwallet.sso to the application server)
  • Uncheck "Users and Groups" (we are using the identity store already configured in WLS, there is no need to upload any local users and groups)
  • Uncheck "Auto Generate and Synchronize WebLogic JDBC Descriptors During Deployment" (the DataSource is already configured in the Weblogic so there is no need to deploy a new one)
Make sure that the right authentication method is configured in your application's web.xml:

When you have a database connection in your project and you deploy your application with box "Auto Generate and Synchronize WebLogic JDBC Descriptors During Deployment" checked, a datasource named “<db_connection_name>DS” will be deployed together with your application.


OAM Home Page
OID Home Page
Application Development Runtime
Article about User/Role API
Article about OPSS Artifacts
OID Configuration WLST Script

Special Thanks

We would like to give special thanks to Mr. Andre Correa for his help during our research and also for kindly reviewing this post.

Wednesday, January 26, 2011

Web 2.0 Solutions with Oracle WebCenter 11g (book review)

by Fábio Souza

Hello People! This was supposed to be a post to celebrate the new year, but, as you all can notice, the things didn't happen the way I was expecting (again haha). Today I will talk about this strategic product and (as promised) I will make my review about the book Web 2.0 Solutions with Oracle WebCenter 11g.

About WebCenter

The Goal
Today we interact with content/information on the internet not just as a spectator, but also as a collaborator: we help on the knowledge construction in a dynamic way. This can be done when you put “Like” in something that your friend is saying on the Facebook, when you write an article on Wikipedia or when you post your comment on your favorite blog. All this meta-information, in some way, helps to spread the knowledge and to make it be easier to be found.
To make this possible in the business world, we need a next-generation enterprise workplace: a portal that leverages Web 2.0 technologies, user-focused and community-centric. The goal is to tie together people, ideas, content, processes, systems, and enterprise applications.
The Product
Oracle WebCenter 11g is Oracle's strategical product to deal with E2.0. It provides services such as: discussion forums, wikis, blogs, and tagging, directly from the context of a portal or an application. It worth to mention that Oracle WebCenter is integrated and certified with Oracle Universal Content Management (UCM), Oracle Identity Management Suite, Oracle SOA Suite, Oracle Enterprise Manager, and Oracle eBusiness Suite, as well as PeopleSoft, Siebel, and JD Edwards enterprise applications.
The Components
Webcenter Architecture
Oracle WebCenter Framework:
It is an ADF extension that, besides including all its functionalities/facilities, contains several components that make possible (and easy) to construct a portal, as if it was a common web application. The framework uses the Oracle Metadata Services (MDS), that offers a layer to store customization data, avoiding a mix between code and metadata (The MDS is widely explored on Oracle Composer).
To put the Webcenter Framework to work, you just have to download the extension on you JDeveloper, it will make all the framework components available to be used on your own applications. Its good to remember that JDeveloper provides an integrated development environment for composite J2EE applications, business processes, BI applications, and enterprise portals.
There is some good information about JDeveloper on my previous post, check it out!
WebCenter Services:
This is the component that give access to the infrastructure that, not only turns your corporate environment into a “social network”, but take it beyond.
  • Social Networking Services - Enables users to maximize productivity through collaboration.
  • People Connection – Enables users to assemble their business networks like linked-in
  • Discussions - Provides the ability to create and participate in threaded discussion. This is an embedded version of Forums provided by Jive Software.
  • Announcements - Enables users to post, personalize, and manage announcements.
  • Instant Messaging and Presence (IMP) - Provides the ability to observe the online presence status of other authenticated users (whether online, offline, busy, or idle) and to contact them.
  • Blog - Enables blogging functionality within the context of an application. This feature comes from an embedded version of open source package jzWiki.
  • Wiki - Self-service, community, oriented-content publishing and sharing. This is an embedded version of open source package jzWiki.
  • Shared Services - Provides features for both social networking and personal productivity.
  • Documents - Provides content management and storage capabilities, including content upload, file and folder creation and management, file check out, versioning, and so on. This functionality requires licensing of a JCR (JSR-170) compliant document repository product.
  • Links - Provides the ability to view, access, and associate related information; for example, you can link to a solution document from a discussion thread.
  • Lists - Enables users to create, publish, and manage lists. (Available only in WebCenter Spaces)
  • Page - Provides the ability to create and manage pages at runtime.
  • Tags - Provides the ability to assign one or more personally relevant keywords to a given page or document. This feature is similar to the website.
  • Events - Provides group calendars, which users can use to schedule meetings, appointments, and any other type of team get-together. This feature requires deployment of a separate calendaring server, which may be Oracle Beehive or Microsoft Exchange. (Available only in WebCenter Spaces)
  • Personal Productivity Services - Focuses on the requirements of an individual, rather than a group.
  • Mail - Provides integration with IMAP and SMTP mail servers to enable users to perform simple mail functions such as viewing, reading, creating, and deleting messages, creating messages with attachments, and replying to or forwarding existing messages.
  • Notes - Provides the ability to "jot down" and retain quick bits of personally relevant information. (Available only in WebCenter Spaces)
  • Recent Activities - Provides a summary view of recent changes to documents, discussions, and announcements.
  • RSS - Provides the ability to publish content from WebCenter Web 2.0 Services as news feeds in RSS 2.0 and Atom 1.0 formats. In addition, the RSS service enables you to publish news feeds from external sources on your application pages.
  • Search - Provides the ability to search tags, services, an application, or an entire site. This makes use of a license limited version of Oracle's search product.
  • Worklist - Provides a personal, at-a-glance view of business processes that require attention. These can include a request for document review and other types of business process that come directly from enterprise applications.
The WebCenter Services benefits can be reaped by the whole Webcenter Suite Portal stack*:
  • Oracle Portal
  • Oracle WebLogic Portal
  • Oracle WebCenter Interaction
* There are some restrictions
Oracle Composer:
Oracle Composer is an innovative component that enables any application or portal to be customized (changes that affects the general visualization) or personalized (changes made by a person that affects the that person's own visualization) after it has been deployed and is in use. The personalizations/customizations are managed by Oracle Metadata Services (MDS). Oracle Composer is designed to be extremely easy to use so that business users and end users can edit any page with a few clicks of the mouse. Oracle Composer runs in all modern browsers and provides a rich, dynamic way to edit JSF application and portal pages.
The developers can use the Webcenter Framework to design portal applications that uses Oracle Composer.
Oracle WebCenter Spaces:
A ready-to-use application that pulls together all the WebCenter features:
  • Webcenter Services
  • Webcenter Composer
  • Oracle MDS
  • Easy to integrate with applications developed with Webcenter Framework
  • Easy to integrate with any other application (actually this can be achieved using the Oracle ADF Model layer)
The focus is to empower teams to quickly and efficiently manage their information, applications, projects, and people. Oracle WebCenter Spaces is prepared to work effectively with project teams and work groups, including teams that span multiple geographies or include external members.
A new release of Oracle Webcenter Suite 11g is already available. This post does not cover the new features/changes.

Web 2.0 Solutions with Oracle WebCenter 11g – Book Review

Web 2.0Oracle Webcenter 11g is a very new product and because of that there are few books talking about it. Web 2.0 Solutions with Oracle WebCenter 11g is a very practical book that presents the main concepts of WebCenter. The book has around 250 pages, 10 chapters and lots of illustrations that make the reading very soft, fast and easy. There is also a source code (for download) that may help to accomplish the exercises that come with the book.

Some concepts (overview) that can be found in the book:
  • Web 2.0
  • Enterprise 2.0
  • Oracle WebCenter Suite
  • ADF Faces
  • ADF Business Components
  • Forum
  • Wiki
  • Blog
  • Search in enterprise applications
  • Organization with Tagging and Linking
  • RSS
The book aims Java/Portal Developers who want to try the very first steps with WebCenter. The book helps to understand how the components work and how the main available tools can be used. It is a great book for those that are starting with ADF and WebCenter. If you already have tried by yourself the development of simple applications with Oracle WebCenter, certainly you will skip some chapters, but, if you have a good experience with the product, the book definitely is not for you.
What caught my attention
  • The book is practical guide to give the first steps in the WebCenter World
  • The “Hello World” application is very “sophisticated”, and its idea is to show a typical enterprise application architecture.
  • The book comes with a good material about Discussions, Wiki, and Blog Services
What I missed the most
  • Although it is not the focus of the book to go into questions of sophisticated software architecture, it could indicate sources to readers who want to take the next steps.
  • The book does not goes inside the ADF Task Flow subject, it only mentions it.
Chapters Overview
Chapter 1, What is Oracle WebCenter?
  • Introduction to Web 2.0, Enterprise 2.0 and Oracle WebCenter Suite
Chapter 2, WebCenter Installation and Configuration
  • Presents the "Webcenter Component Building Blocks"
  • Walkthrough to install the WebCenter Suite in a development environment.
Chapter 3, Setting up the Development Environment
  • Walkthrough to install JDeveloper + WebCenter Plugin + SVN
Chapter 4, Getting Started with WebCenter Development
  • Development of a sophisticated “Hello World” application, composed of a webservice, consumed by a portlet, consumed by a WebCenter application. This application gives a good idea of a real WebCenter application.
Chapter 5, Design and Personalization
  • Presents the ADF Faces Rich Client
  • ADF Faces components overview
  • Presents the ADF Business Components
  • Shows the development of a WebCenter Application:
    • View Layer: Constructed with ADF Faces, it is composed by a template and a JSF page
    • Model Layer: Constructed with ADF Business Components, it uses the schema that comes with the book (can be downloaded at the packt website)
Chapter 6, Portlets
  • Talk about the types of portlets you can build with WebCenter
  • Shows the portlet development with ADF and JSF Bridge
    • View Layer: Constructed with ADF Faces, it is composed by a JSF page, exposed as a portlet –> The page uses ADF Data Visualization Components! Very cool!
    • Model Layer: Constructed with ADF Business Components, it uses the same schema that comes with the book
  • After the portlet creation it is shown how to consume it
Chapter 7, Discussions, Wiki, and Blog Services
  • Presents the concepts about Forum, Wiki and Blog
  • Presents and shows how to use ADF TaskFlows to consume Discussion Services
  • Lists the ways to use Wiki and Blog. There are examples of two of then:
    • Using an IFrame (included in a custom WebCenter application page)
    • Using the Web Clipping portlet.
Chapter 8, Search Service
  • The chapter talks about the following concepts:
    • Searching enterprise applications (in our case WebCenter applications)
    • Organizing information with tagging and linking
    • RSS and its importance
  • There is also examples using WebCenter applications to:
    • Integrate with WebCenter Tags Service (it uses ADF Security for Authentication/Authorization)
    • Integrate with the WebCenter Links Service
    • Integrate with the WebCenter RSS Service
Chapter 9, Personalization with Oracle Composer
  • Presents personalization for two different roles: developers and end users
  • As developers, we prepare a dynamic environment for end users:
    • Lists, explains and uses Composer’s components
  • As end user, we personalize the page
    • Resource Catalog Overview
    • MDS Overview
Chapter 10, Oracle WebCenter Spaces Overview
  • Presents Oracle WebCenter Personal Spaces: Practical guide to page creation
  • Presents Oracle WebCenter Group Spaces: Practical guide to group creation


I took lots of things from those sources, including whole stretches (they were perfect):
Getting Started with Oracle WebCenter 11g
Getting Started with Oracle WebCenter 11g – The Solution
WebCenter Services Capabilities
Web 2.0 Solutions with Oracle WebCenter 11g

Thursday, December 2, 2010

Happy Holidays everyone!

Wednesday, December 1, 2010

Creating a centered page layout using ADF Faces (only)

by Eduardo Rodrigues

It’s been a long time since I last posted here about my old friend: ADF. But now that I’m working in ADF BC’s awesome development team, I was already feeling the self-pressure and urge to go back to this vast subject. Let’s start easy though.

As you all might have noticed, ADF has gone a long way since it’s early days. ADF Faces 11g is quite different from its 10g predecessor. One of the differences, besides all the rich components and built-in AJAX capabilities, is the fact that some of the components that were present in 10g have moved from ADF Faces library to Apache Trinidad (or MyFaces). One of those components was the “rowLayout”. That layout component certainly makes it very easy to center its content in relation to the entire page, both horizontally and vertically. However, using Trinidad components ad tag libraries alongside with ADF Faces, although possible, may not be always desired. So, the question is: how to achieve same layout using only ADF Faces’ layout manager?

If you’re somewhat used to the particularities of ADF Faces’ layout manager, you probably already know that setting up a container that not only stretches 100% of the page’s (or of its parent container’s) height but also centers its content vertically is not as easy and straightforward as one would think.

Thinking fast, the first approach most come up with (including myself) is this:

panelStretchLayout (only center facet enabled) > panelGroupLayout (Layout = horizontal ; Valign = middle) > panelGroupLayout (Layout = vertical ; Halign = center)

Pretty intuitive and simple, right? Yes! But the layout manager doesn’t seem to agree.

The problem with this layout structure is basically the fact that a horizontal panelGroupLayout does not support being stretched inside a panelStretchLayout facet. This is actually clearly documented:

After a lot of trial-and-fail, I eventually found a way (thanks to my good friends and ADF gurus Maiko Rocha and George Maggessy).

The layout structure is this:

panelStretchLayout (top, bottom and center facets enabled; TopHeight = 33% ; BottomHeight = 33%) > panelGroupLayout (Layout = vertical ; Halign = center)

Even if you don’t need any content going in the Top or Bottom facets, it’s important to add at least an empty panelGroupLayout to both of them just to ensure the specified 33% of height will be allocated.

To wrap up, here’s a complete source code example of a page with a page-centered login form:

<?xml version='1.0' encoding='UTF-8'?>
<jsp:root xmlns:jsp="" version="2.1"
  < contentType="text/html;charset=UTF-8"/>
    <af:document id="d1" title="Login Page">
      <af:form id="f1" defaultCommand="#{'pgTplt:cbLogin'}">
            <af:panelStretchLayout id="psl1" startWidth="33%" endWidth="33%"
                                   topHeight="33%" bottomHeight="33%">
              <f:facet name="center">
                <af:panelGroupLayout id="pgl1" layout="vertical"
                  <af:panelFormLayout id="pflLogin" rows="2" maxColumns="1">
                    <af:inputText id="itUsername" label="Username"
                    <af:inputText label="Password" id="itPassword" secret="true"
                    <af:spacer width="10" height="10" id="s1"/>
                    <af:commandButton text="Login" id="cbLogin"
              <f:facet name="bottom">
                <af:panelGroupLayout id="pgl2"/>
              <f:facet name="top">
                <af:panelGroupLayout id="pgl3"/>

And this is how the page above should look like:


Wednesday, November 24, 2010

Our second official book review in on its way...

by Fábio Souza

Hi everyone, are you doing well? I'm fine, thanks for asking.
Well, I was wondering these days : "It would be a good idea to change the topic for a little while and talk about a product". It seems that someone at Packt Publishing heard me, and, to incentive myself, they invited us to write a review of a new book .
The topic is hot: Webcenter 11g. As you all know (I hope :)) this is a strategic product that arose to compete in the Enterprise 2.0 market.

The book is:
Web 2.0 Solutions with Oracle WebCenter 11g

I'm very excited to read the book, but I can already tell you some good things about it:
- Vince Casarez is one of its reviewers
- It covers all the product's main points (installation, environment setup, custom applications, and so on)
- There is a Oracle WebCenter Spaces Overview

I hope to be posting the review soon!

Ahhh! I almost forgot (kidding, I was planning it) to say that our big friend and also architect master, George Maggessy, helped the writers with his WebCenter knowledge.

See you!