oracle.security.jps.service.credstore.CredentialAccessPermission

This post explains the steps to fix the error,

SEVERE:java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=OAMAgent,keyName=SDKAgent11g read

The complete error message is given below, 

oracle.security.am.asdk.impl.Configuration setEncryptedPassword
SEVERE:
java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=OAMAgent,keyName=SDKAgent11g read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:549)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:463)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:523)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:549)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:684)
at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:562)
at oracle.security.am.asdk.impl.Configuration$1.run(Configuration.java:234)
at oracle.security.am.asdk.impl.Configuration.readAgentKey(Configuration.java:231)
at oracle.security.am.asdk.impl.Configuration.decrypt(Configuration.java:1612)
at oracle.security.am.asdk.impl.Configuration.setEncryptedPassword(Configuration.java:411)
at oracle.security.am.asdk.impl.ConfigXMLHandler.processConfig(ConfigXMLHandler.java:591)
at oracle.security.am.asdk.impl.ConfigXMLHandler.readConfigurationFromFile(ConfigXMLHandler.java:138)
at oracle.security.am.asdk.AccessClient.initialize(AccessClient.java:1352)
at oracle.security.am.asdk.AccessClient.(AccessClient.java:929)
at oracle.security.am.asdk.AccessClient.createDefaultInstance(AccessClient.java:349)
at com.fatwire.wem.sso.oam.token.TokenAuthority.getAccessClient(TokenAuthority.java:188)
at com.fatwire.wem.sso.oam.token.TokenAuthority.requestTicket(TokenAuthority.java:372)
at com.fatwire.wem.sso.oam.token.TokenAuthority.doPost(TokenAuthority.java:325)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Reason

This issue is related to Bug 16942273 ASDK WITH 11G WEBGATE INSTALLER AND 11G WEBGATE CONFIGURATION DENIES ACCESS

Solution

To fix this issue , in non- JRF environments , update the weblgic.policy(WL_HOME/server/lib) file to grant permission

grant codeBase “file:/u01/oracle/Middleware/user_projects/domains/SSO_domain/servers/-”
{
permission
oracle.security.jps.service.credstore.CredentialAccessPermission “context=SYSTEM,mapName=OAMAgent,keyName=*”, “read”;
};

Restart the weblogic server

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>