OPSS11g WebLogic/OIM11gR2/EBS Transformers: Accessing the Secret Key from Weblogic Credential Store Framework Fails with: [JpsAuth] Check Permission (Doc ID 1682874.1)

Last updated on NOVEMBER 11, 2014

Applies to:

Oracle Platform Security for Java - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

OPSS Java Platform Security / WebLogic / OIM11gr2:EBS Transformers.

Trying to access the password from Weblogic Credential Store Framework by following the documentation.

The jar path (which resides in ThirdParty directory) has been added to the System Policies and required changes were made to the system-jazn-data.xml.

But still unable to access the key; getting the following error while accessing the key:

[JpsAuth] Check Permission
  PolicyContext: [null]
  Resource/Target: [context=SYSTEM,mapName=SecureTransformer,keyName=secureKey]
  Action: [read]
  Permission Class: [oracle.security.jps.service.credstore.CredentialAccessPermission]
  Result: [FAILED]
  Evaluator: [ACC]
  Failed ProtectionDomain:ClassLoader=com.thortech.xl.dataobj.tcADPClassLoader@11a4f47b
  CodeSource=
  Principals=total 0 of principals
  Permissions=(
  (java.net.SocketPermission localhost:1024- listen,resolve)
  (oracle.security.jps.service.keystore.KeyStoreAccessPermission stripeName=system,keystoreName=trust,alias=* read)
  (java.util.PropertyPermission line.separator read)
  (java.util.PropertyPermission java.vm.specification.version read)
  (java.util.PropertyPermission java.vm.version read)
  (java.util.PropertyPermission java.vendor.url read)
  (java.util.PropertyPermission java.vm.specification.vendor read)
  (java.util.PropertyPermission java.vm.name read)
  (java.util.PropertyPermission os.name read)
  (java.util.PropertyPermission java.vm.vendor read)
  (java.util.PropertyPermission path.separator read)
  (java.util.PropertyPermission os.version read)
  (java.util.PropertyPermission java.specification.name read)
  (java.util.PropertyPermission os.arch read)
  (java.util.PropertyPermission java.version read)
  (java.util.PropertyPermission java.class.version read)
  (java.util.PropertyPermission java.vendor read)
  (java.util.PropertyPermission file.separator read)
  (java.util.PropertyPermission java.vm.specification.name read)
  (java.util.PropertyPermission java.specification.version read)
  (java.util.PropertyPermission java.specification.vendor read)
  (java.lang.RuntimePermission stopThread)
  )
  Call Stack: java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=SecureSSNTransformer,keyName=ssnKey read)
  java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
  java.security.AccessController.checkPermission(AccessController.java:549)
  oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:463)
  oracle.security.jps.util.JpsAuth$Diagnostic.checkPermission(JpsAuth.java:350)
  oracle.security.jps.util.JpsAuth$AuthorizationMechanism$6.checkPermission(JpsAuth.java:488)
  oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:523)
  oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:549)
  oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:684)
  oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.getCredential(LdapCredentialStore.java:326)
  uab.util.CredentialUtil$1.run(CredentialUtil.java:30)


Reviewed Note:  Troubleshooting java.security.AccessControlException: access denied due to oracle.security.jps.service.credstore.CredentialAccessPermission Exception when Running Credential Store API Code <Document 1327577.1>
However, in this case there are two scenarios:
1. The jar file is in the Database
2. The jar file is in a directory (not war or war file)
The above Note above is expecting the jar file to be in a war file, which is not the case.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms