How to Programatically Authenticate in ADF ? Integrating ADF with Oracle EBS

This blog explains about authenticating user programatically

Scenario : Integrating ADF Application with Oracle Apps (EBS) forms. User logged into Oracle Apps EBS , Providing a link in EBS forms to access to ADF Application. When user clicks on a link , Redirect to ADF application and use EBS Authentication login credentials to programatically authenticate ADF application, So that user will not be prompted for Login page again for ADF application.

- Crate Custom Filter (AuthFilter), Override doFilter() method as shown in below. This method will be invoked every time before screen loaded. We can customize this method not to perform the way how ever we want.

       
import java.io.IOException;

import java.util.HashSet;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import weblogic.security.URLCallbackHandler;
import weblogic.security.services.Authentication;
  /**
     * Override doFilter()
     * Retrieve UserID and Password from Session
     *  Authenticate the user and return credentials using the default realm.
     * Sets Current Thread Identity & Session Identity
     * @param request
     * @param response
     * @param chain
     * @throws IOException
     * @throws ServletException
     */
    public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )

        throws IOException, ServletException
    {
        if ( request instanceof HttpServletRequest )
        {
            HttpServletRequest httpRequest = ( HttpServletRequest )request;
            HttpSession session = httpRequest.getSession();
            //Assume you get userName & Password from HttpSession object.
            String username = ( String )session.getAttribute( SESSION_ATTR_USER );
            String password = ( String )session.getAttribute( SESSION_ATTR_PASSWORD );
            if (username != null && password != null)
            {
                byte[] pw = password.getBytes();
                Subject subject = null;
                try
                { 
                    // Prepare Security Context
                    subject = Authentication.login(new URLCallbackHandler(username, pw));
                    weblogic.servlet.security.ServletAuthentication.runAs(subject, httpRequest);
                } catch ( LoginException e )
                {
                    e.printStackTrace();
                }
            }
        }
        chain.doFilter( request, response );
    }
       
 

- Configure Above AuthFilter in web.xml as shown below

- Below Jspx (index.jspx) is not secured, By launching this page application will not perform for any login credentials.

- Below Jspx (DashBoard.jspx) is secured, By clicking on 'Go to Secure Page' hyper link on above page, I am programatically populating userName & password to HttpSession object & Authenticating in doFilter() method as shown below, This is going to skip the 'Login Page' and directly goes to secured page.