OES11g - Unable start OES Client Managed Server getting AccessControlException access denied

(Doc ID 1596880.1)

Last updated on DECEMBER 14, 2016

Applies to:

Oracle Entitlements Server - Version 11.1.1.5.1 and later
Information in this document applies to any platform.

Symptoms

In OES 11gr2ps1 (11.1.2.1.0) Following the doc

9.6.2.8 Configuring Oracle Entitlements Server WebLogic Security Module High Availability

Unable to start the server on HOST2. Seeing following exceptions  while server starts

<WebLogicServer> <oes11g.us.oracle.com> <wsonwls_server2> <main> <> <> <> <1383273196913> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
    at weblogic.security.SecurityService.start(SecurityService.java:141)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: java.lang.RuntimeException: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
    at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:84)
    at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.initCipherService(UpdatePolicySet.java:227)
    at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.<init>(UpdatePolicySet.java:159)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeControlledPD(PDPServiceImpl.java:380)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initial(PDPServiceImpl.java:464)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.<init>(PDPServiceImpl.java:352)
    at oracle.security.jps.az.internal.runtime.provider.PDPServiceProvider.getInstance(PDPServiceProvider.java:89)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
    at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2979)
    at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2973)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2973)
    at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3249)
    at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:169)
    at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:375)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
    at java.lang.Class.newInstance0(Class.java:372)
    at java.lang.Class.newInstance(Class.java:325)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
    at weblogic.security.SecurityService.start(SecurityService.java:141)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
    at java.security.AccessController.checkPermission(AccessController.java:555)
    at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
    at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
    at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
    at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:643)
    at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:430)
    at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl$1.run(AESCipherImpl.java:279)
    at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl$1.run(AESCipherImpl.java:276)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.getKeyFromCredentialStore(AESCipherImpl.java:276)
    at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.getKeyFromCredentialStore(AESCipherImpl.java:321)
    at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.retrieveRawKey(AESCipherImpl.java:295)
    at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.getKey(AESCipherImpl.java:493)
    at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.<init>(AESCipherImpl.java:190)
    at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:82)
    at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.initCipherService(UpdatePolicySet.java:227)
    at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.<init>(UpdatePolicySet.java:159)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeControlledPD(PDPServiceImpl.java:380)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initial(PDPServiceImpl.java:464)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.<init>(PDPServiceImpl.java:352)
    at oracle.security.jps.az.internal.runtime.provider.PDPServiceProvider.getInstance(PDPServiceProvider.java:89)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
    at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2979)
    at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2973)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2973)
    at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3249)
    at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:169)
    at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:375)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
    at java.lang.Class.newInstance0(Class.java:372)
    at java.lang.Class.newInstance(Class.java:325)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
    at weblogic.security.SecurityService.start(SecurityService.java:141)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>





Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms