My Oracle Support Banner

How to modify Policies after migrating the Policy Store?, How to Grant Access to the bpm-services.jar, after policy store migration ? (Doc ID 1374460.1)

Last updated on OCTOBER 18, 2016

Applies to:

Oracle Platform Security for Java - Version and later
Information in this document applies to any platform.


Basically the goal of the note is provide an alternative way to modify policies if a migration took place

By default Oracle Platform Security Services (OPSS) uses an xml file to store policies, this file is system-jazn-data.xml and is located under the folder:


Some documents recommend to modify this file directly to fix some issues.

For example:
Granting Access to the bpm-services.jar File for Oracle WebCenter Portal
Both Oracle WebCenter Portal and Oracle SOA Suite install a file called oracle.soa.workflow.jar, which contain a reference to bpm-services.jar in the respective product Oracle home directory. When Oracle WebCenter Portal is installed after Oracle SOA Suite, the existing oracle.soa.workflow.jar file from the Oracle SOA Suite installation is not modified, meaning that the reference to bpm-services.jar is not updated to use the Oracle WebCenter Portal Oracle home directory.
To fix this, you must edit the system-jazn-data.xml file and change the path of bpm-services.jar to point to the Oracle WebCenter Portal Oracle home, rather than the Oracle SOA Suite Oracle home.

Incomplete Policy Migration After Failed Restart of SOA Server
Problem: The SOA server fails to start through the administration console before setting the Node Manager property startScriptEnabled=true. The server does not come up after the property is set either. The SOA Server output log reports the following
Solution: Incomplete policy migration results from an unsuccessful start of the first SOA server in a cluster. To enable full migration, edit the <jazn-policy> element the system-jazn-data.xml file to grant permission to bpm-services.jar

But you can perform a migration of the policy store, from xml file based to LDAP store or Database Store.

Reassociating the OPSS Security Store
Reassociating the OPSS security store consists in relocating the policy, credential, and key stores from one repository to another one. The source can be file-, LDAP-, or DB-based; the target can be LDAP- or DB-based. The only type of LDAP target supported is Oracle Internet Directory; the only type of DB target supported is DB_ORACLE.


How to modify Policies after migrating the Policy Store?
How to Grant Access to the bpm-services.jar, after policy store migration ?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.