OPSS - Application Policies Are Missing From Security ( JMX-46336)
(Doc ID 2123155.1)
Last updated on MARCH 01, 2023
Applies to:
Oracle Platform Security for Java - Version 11.1.1.6.0 and laterInformation in this document applies to any platform.
Symptoms
This is reported from EM11g, where Application Policies are missing from security in EM.
The issue can be observed in EM, Expanding Weblogic Domain and exploring Security, and checking -> Application Policies
Observing a error from MBean operation, such as access denied.
In AdminServer-diagnostic.log the error observed:
[ERROR] [J2EE JMX-46336] [] [tid:<TID>] [userId: <USERID>] [ecid: <ECID> ] MBean operation access denied. [[
MBean: com.oracle.jps:type=JpsApplicationPolicyStore
Operation: revokeFromApplicationPolicy(java.lang.String, [Ljavax.management.openmbean.CompositeData;)
Detail: Access denied. Required roles: Admin, executing subject: principals=[] java.lang.SecurityException: Access denied. Required roles: Admin, executing subject: principals=[]
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.isInWlsGlobalSecurityRoles(WLSMBeanSecurityHelper.java:245)
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.checkConfigMBeanDefaultAccess(WLSMBeanSecurityHelper.java:200)
at oracle.as.jmx.framework.wls.spi.security.WLSConfigMBeanSecurityInterceptor.checkDefaultAccess(WLSConfigMBeanSecurityInterceptor.java:59)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkAccess(AbstractMBeanSecurityInterceptor.java:335)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkOperationAccess(AbstractMBeanSecurityInterceptor.java:288)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalInvoke(AbstractMBeanSecurityInterceptor.java:189)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$2.run(JpsJmxInterceptor.java:358)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalInvoke(JpsJmxInterceptor.java:374)
MBean: com.oracle.jps:type=JpsApplicationPolicyStore
Operation: revokeFromApplicationPolicy(java.lang.String, [Ljavax.management.openmbean.CompositeData;)
Detail: Access denied. Required roles: Admin, executing subject: principals=[] java.lang.SecurityException: Access denied. Required roles: Admin, executing subject: principals=[]
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.isInWlsGlobalSecurityRoles(WLSMBeanSecurityHelper.java:245)
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.checkConfigMBeanDefaultAccess(WLSMBeanSecurityHelper.java:200)
at oracle.as.jmx.framework.wls.spi.security.WLSConfigMBeanSecurityInterceptor.checkDefaultAccess(WLSConfigMBeanSecurityInterceptor.java:59)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkAccess(AbstractMBeanSecurityInterceptor.java:335)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkOperationAccess(AbstractMBeanSecurityInterceptor.java:288)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalInvoke(AbstractMBeanSecurityInterceptor.java:189)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$2.run(JpsJmxInterceptor.java:358)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalInvoke(JpsJmxInterceptor.java:374)
As the error, shows a "MBean: com.oracle.jps:type=JpsApplicationPolicyStore" message, is intended that this error is coming from OPSS layer.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |