Creating an ADF Login Page Without Having Any Java Code Using Login Proxy


There are so many questions in oracle forums asking how to redirect the user to the page he requested before authentication.

The official documentation in the “Create Login Page” section has changed since to always redirect to welcome page since the old way is not recommended anymore (See line 14 & 15 in the java code of the Managed Bean).

In this post I’ll give you an alternative way to authenticate users without using any java code and redirect the user to the requested page after authentication by using additional page called LoginProxy.

In this blog post I use JDeveloper but at the end you can find a version that is compatible with and above.


  1. Create an ADF Fusion Web application
  2. Enable Security normally using with login.html and error.htm
  3. Create 2 Test pages (test1.jsf and test2.jsf)
  4. Create Page Definitions for test1.jsf and test2.jsf
  5. Edit Security to add authenticated-role to test1.jsf and test2.jsf
  6. Create login.jsf page normally and use #{requestScope.username} and #{requestScope.password} for your inputText username and passwords. Also don’t forget to make partial submit as false because in 12c it is true by default.
  7. Create a loginProxy.jsf page like the below screenshot. Notice the javascript function which execute the form action on page load. Also notice the fail safe for users who don’t have javascript to be redirected to the normal login.html page.

    12c example

    12c example

    11R1 Example

    11R1 Example

  8. Change the web.xml security login page to point to /faces/login.jsf instead of login.html
  9. Open faces-config.xml file
  10. Create the below diagram by adding login.jsf and loginProxy.jsf with a navigation rule of login between both.
  11. Run the application and see the magic happens. Try to open test1 first and test2 to see that it is being redirected the right way.

Additional Information

This example has been tested against Chrome, Firefox and IE9 and worked without a problem.

You might argue it’s not very secure since I’m having a page in the middle that expose the username and the password, but then that’s why I have the refresh metatag to prevent it.

Example application

You can download the example application from the following links: