During webCenter Upgrade from 11.1.1.6 To 11.1.1.7, the "6.8.3.5 Verifying SSOFilter Grant" Succeed But AccessControlException Raised In The Logs. (Doc ID 1597720.1)

Last updated on NOVEMBER 22, 2016

Applies to:

Oracle WebCenter Portal - Version 11.1.1.7.1 and later
Information in this document applies to any platform.

Symptoms

During the webCenter upgrade from 11.1.1.6 to 11.1.1.7.1, the post step below required when Oracle Access Manager is used as Single Sign On solution, does not succeed:
The listpermissions shows existing permissions but not the one described in the documentation:

wls:/wcm_domain/serverConfig>listCodeSourcePermissions(codeBaseURL="file:${common.components.home}/modules/oracle.ssofilter_11.1.1/ssofilter.jar")
Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help(domainRuntime)

[Permission Clz Name : java.util.PropertyPermission, Target : sso.filter.*, Actions : read ]
[Permission Clz Name : java.lang.RuntimePermission, Target : getenv.* ]
[Permission Clz Name : java.util.logging.LoggingPermission, Target : control ]

The grant permissions succeed:

wls:/wcm_domain/serverConfig> grantPermission(codeBaseURL='file:$common.components.home/modules/oracle.ssofilter_11.1.1/ssofilter.jar',permClass='oracle.security.jps.service.attribute.AttributeAccessPermission',permTarget='*', permActions='get,set,remove')


But after this post upgrade step, the following error raised many times per seconds:

java.security.AccessControlException: access denied (oracle.security.jps.service.attribute.AttributeAccessPermission QsyYS4TLm1jT4PJvpP8tmnxByJyyyRB5YLd7qfbPT36p5QJ9KyZL!37544000!-694998850!1383650155636 remove)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:549)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:463)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:523)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:549)
Truncated. see log file for complete stacktrace

Changes

The Fusion Middleware environment has been upgraded from 11.1.1.6 to 11.1.1.7, following this documentation:

Oracle® Fusion Middleware Patching Guide 11g Release 1 (11.1.1.7.0)
6.8.3.5 Verifying SSOFilter Grant

  

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms