Wednesday, July 14, 2010

Error 403--Forbidden when calling Bounded Task flow


When invoking bounded task flow and your method activity is the default activity in that flow as shown in the slide (JDeveloper 11g PS2) the parameter "URL Invoke" under visibility section in your Task flow you have to keep in mind to avoid HTTP 403 exception.

The parameter URL Invoke has 3 choices which defaults to calculated
  1. select url-invoke-allowed from the dropdown list if you want to allow a URL to invoke the bounded task flow. 
  2. Select url-invoke-disallowed if you do not want to allow a URL to invoke the bounded task flow. Selecting this value returns a HTTP 403 status code if a URL attempts to invoke the bounded task flow. 
  3. The default value (calculated) allows a URL to invoke the bounded task flow if the bounded task flow does not specify an initializer and it has a view activity as its default activity. If the bounded task flow does not meet these conditions, a HTTP 403 status code is returned. Selecting url-invoke-allowed or url-invoke-disallowed overrides the default behavior.

Simple set the value of URL Invoke according to your use case

Download the sample workspace 

Happy JDeveloping,


  1. Hi,
    I have an application that has authentication. On my develpoment enviroment(Windows, Mysql, Weblogic the authentication works. When i deploy it on production(Redhat Linux, Mysql Weblogic i get after login http 403.
    The sql authentication provider works since I am able to change password for a user from weblogic console. And the password it is changed in mysql database. Password is encrypted SHA-1.

    I can't see other errors except the one from browser(HTTP 403 forbiden). Do you know what the problem can be?
    Regards Corneliu

  2. Hi sorry for late response. I was in travel didn't had enough time to response comments :)

    Please check the log files and make sure both have same patch sets installed.

  3. Hi,
    Thanks for your answer.
    The problem was that on the WLS from linux I forgot to put the default Provider to Sufficient. So the user that I used to login was only in my SQL Provider, but it was expected to be in DefaultProvider also. After setting it to SUFFICIENT everything works.

  4. Hi,

    I am facing same error HTTP 403 forbiden. I have configured SQL Authetication for mySQL database on WLS 10.3.3 on windows.
    Even I have set flag as SUFFICIENT for DefaultAuthenticatorProvider and REQUIRED for SQL Provider but same output.
    I can add user using configured SQL Authetication, not sure why I am getting HTTP 403 forbiden.

  5. Hi ppzen,

    What is the order of providers in your security realm?

    Authentication required means that user must pass trough with this security for a successful session.