OPSS - WebLogic Admin Experiencing Outages with Log Error: java.security.AccessControlException: access denied (Doc ID 2108575.1)

Last updated on AUGUST 02, 2017

Applies to:

Oracle Platform Security for Java - Version 11.1.1.6.0 to 11.1.1.6.0 [Release Oracle11g]
Information in this document applies to any platform.

Symptoms

Observing these error messages in the log files

In the wls_ods01-diagnostic.log

[oracle.ldap.odsm.ui.common.Visit] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: 0000KZmVYFm1Ne3_zlXBiW1KDU5J00005H,0] [APP: odsm#11.1.1.2.0] [DSID: 0000KZmUyWW1Ne3_zlXBiW1KDU5J00003x] getSsoLogoutUrl[[
java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=ODSMMap,keyName=ODSMKey.SSOLogoutURL" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)


In the AdminServer-diagnostic.log

Caused by: java.security.PrivilegedActionException: oracle.security.jps.service.policystore.PolicyStoreException: javax.naming.CommunicationException: stl-dfusapp-21.lac1.biz:3060 [Root exception is java.net.ConnectException: Connection refused]
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.jaas.JpsAbsSubjectResolver.getApplicationRoles(JpsAbsSubjectResolver.java:531)
... 65 more
Caused by: oracle.security.jps.service.policystore.PolicyStoreException: javax.naming.CommunicationException: stl-dfusapp-21.lac1.biz:3060 [Root exception is java.net.ConnectException: Connection refused]
at oracle.security.jps.internal.policystore.ldap.NamingExceptionUtils.namingExceptionToPolicyStoreException(NamingExceptionUtils.java:60)
at oracle.security.jps.internal.policystore.ldap.JpsLdapDataManager.jpsObjectListQuery(JpsLdapDataManager.java:644)

at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.getApplicationPolicy(PDPServiceImpl.java:688)
at oracle.security.jps.internal.policystore.PolicyUtil.getGrantedAppRoles(PolicyUtil.java:3005)
at oracle.security.jps.internal.jaas.JpsAbsSubjectResolver$6.run(JpsAbsSubjectResolver.java:541)
at oracle.security.jps.internal.jaas.JpsAbsSubjectResolver$6.run(JpsAbsSubjectResolver.java:531)
... 67 more
Caused by: javax.naming.CommunicationException: stl-dfusapp-21.lac1.biz:3060 [Root exception is java.net.ConnectException: Connection refused]
at com.sun.jndi.ldap.Connection.(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.(LdapClient.java:136)
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
at com.sun.jndi.ldap.pool.Connections.getOrCreateConnection(Connections.java:203)

at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:153)
at oracle.security.jps.internal.common.ldap.connection.pool.AbstractConnectionPool.leaseConnection(AbstractConnectionPool.java:81)
at oracle.security.jps.internal.common.ldap.util.JpsLdapCommonUtil.search(JpsLdapCommonUtil.java:179)
at oracle.security.jps.internal.common.ldap.util.JpsLdapCommonUtil.search(JpsLdapCommonUtil.java:155)
at oracle.security.jps.internal.policystore.ldap.JpsLdapDataManager.jpsObjectListQuery(JpsLdapDataManager.java:631)
... 79 more
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.(Socket.java:425)
at java.net.Socket.(Socket.java:208)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:368)
at com.sun.jndi.ldap.Connection.(Connection.java:203)
... 100 more

In AdminServer.log

at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: oracle.security.jps.service.policystore.PolicyStoreException: javax.naming.CommunicationException: stl-dfusapp-21.lac1.biz:3060 [Root exception is java.net.ConnectException: Connection refused]
at oracle.security.jps.internal.policystore.ldap.NamingExceptionUtils.namingExceptionToPolicyStoreException(NamingExceptionUtils.java:60)
at oracle.security.jps.internal.policystore.ldap.JpsLdapDataManager.jpsObjectListQuery(JpsLdapDataManager.java:644)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.tryLoadApplicationPolicy(LdapPolicyStore.java:776)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.unsync_getApplicationPolicy(LdapPolicyStore.java:738)

at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: javax.naming.CommunicationException: stl-dfusapp-21.lac1.biz:3060 [Root exception is java.net.ConnectException: Connection refused]
at com.sun.jndi.ldap.Connection.(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.(LdapClient.java:136)
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
at com.sun.jndi.ldap.pool.Connections.(Connections.java:115)

at weblogic.work.ContextWrap.run(ContextWrap.java:41)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)


In the wls_ods01-diagnostic.log


[oracle.ldap.odsm.ui.common.Visit] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: 0000KZmVYFm1Ne3_zlXBiW1KDU5J00005H,0] [APP: odsm#11.1.1.2.0] [DSID: 0000KZmUyWW1Ne3_zlXBiW1KDU5J00003x] getSsoLogoutUrl[[
java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=ODSMMap,keyName=ODSMKey.SSOLogoutURL" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms