Wednesday, 1 June 2016

Weblogic Admin server fails to start Reason:java.security.AccessControlException: access denied (oracle.security.jps.JpsPermission idstore.config)

========================================================================
Applies To:
WLS - 10.3.6.0.11
OSB - 11.1.1.7.4
========================================================================
Problem:
We are unable to start weblogic admin server becuase of weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception.

Error:
####<May 30, 2016 6:25:36 AM CDT> <Critical> <WebLogicServer> <purushottam> <poc_osb_dit_admin> <Main Thread> <<WLS Kernel>> <> <> <1464607536237> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-03027: PDPService service instance failed during initialization due to lack of grant. If you are seeing this error after a new installation, make sure you have updated weblogic.policy as installation step suggested
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-03027: PDPService service instance failed during initialization due to lack of grant. If you are seeing this error after a new installation, make sure you have updated weblogic.policy as installation step suggested
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: oracle.security.jps.JpsRuntimeException: JPS-03027: PDPService service instance failed during initialization due to lack of grant. If you are seeing this error after a new installation, make sure you have updated weblogic.policy as installation step suggested
        at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2978)
        at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3226)
        at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
        at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:383)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:357)
        at java.lang.Class.newInstance(Class.java:310)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: java.security.AccessControlException: access denied (oracle.security.jps.JpsPermission idstore.config)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
        at java.security.AccessController.checkPermission(AccessController.java:549)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:463)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:523)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:549)
        at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.checkPermission(IdentityStoreConfigurationUtil.java:548)
        at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.getIgfLdapSpecifiedProperties(IdentityStoreConfigurationUtil.java:378)
        at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.getLibOvdLdapPushData(IdentityStoreConfigurationUtil.java:526)
        at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:232)
        at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:229)
        at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider.getConfigData(OvdIGFServiceProvider.java:228)
        at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider.prepareDataPush2libOvd(OvdIGFServiceProvider.java:365)
        at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider$NoLibOvd.getInstance(LdapIdentityStoreProvider.java:339)
        at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:118)
        at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:74)
        at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
        at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
        at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
        at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
        at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
        at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2957)
        at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2950)
        at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2950)
        at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3228)
        at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
        at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:383)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:357)
        at java.lang.Class.newInstance(Class.java:310)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1024)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:894)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
####<May 30, 2016 6:25:36 AM CDT> <Notice> <WebLogicServer> <purushottam> <poc_osb_dit_admin> <Main Thread> <<WLS Kernel>> <> <> <1464607536482> <BEA-000365> <Server state changed to FAILED>
####<May 30, 2016 6:25:36 AM CDT> <Error> <WebLogicServer> <purushottam> <poc_osb_dit_admin> <Main Thread> <<WLS Kernel>> <> <> <1464607536482> <BEA-000383> <A critical service failed. The server will shut itself down>
####<May 30, 2016 6:25:36 AM CDT> <Notice> <WebLogicServer> <purushottam> <poc_osb_dit_admin> <Main Thread> <<WLS Kernel>> <> <> <1464607536498> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

========================================================================
Cause:
Weblogic Admin server file $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml wasn't having execute permissions.
-rw-rw-r--  1 oracle oracle        132K May 30  2016 system-jazn-data.xml

========================================================================
Resolution:
Kindly provide 775 permissions to $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml and restart the server.
Posted by at

2 comments:

  1. Randy Turner10 October 2024 at 02:03

    This is such an inspiring read! Your insights really resonate and make me think differently. Thank you for sharing!

    ReplyDelete
  2. Jacob22 December 2024 at 22:45

    This comment has been removed by the author.

    ReplyDelete

Subscribe to: Post Comments (Atom)