My Oracle Support Banner

OPSS - Application Policies Are Missing From Security (Doc ID 2123155.1)

Last updated on OCTOBER 14, 2019

Applies to:

Oracle Platform Security for Java - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Symptoms

This is reported from  EM11g, where Application Policies are missing from security in EM.

The issue can be observed in EM, Expanding Weblogic Domain and exploring Security, and checking -> Application Policies

Observing a error from MBean operation, such as access denied.

 

In AdminServer-diagnostic.log the error observed:

 [ERROR] [J2EE JMX-46336] [] [tid:<TID>] [userId: <USERID>] [ecid: <ECID> ] MBean operation access denied. [[
MBean: com.oracle.jps:type=JpsApplicationPolicyStore
Operation: revokeFromApplicationPolicy(java.lang.String, [Ljavax.management.openmbean.CompositeData;)
Detail: Access denied. Required roles: Admin, executing subject: principals=[] java.lang.SecurityException: Access denied. Required roles: Admin, executing subject: principals=[]
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.isInWlsGlobalSecurityRoles(WLSMBeanSecurityHelper.java:245)
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.checkConfigMBeanDefaultAccess(WLSMBeanSecurityHelper.java:200)
at oracle.as.jmx.framework.wls.spi.security.WLSConfigMBeanSecurityInterceptor.checkDefaultAccess(WLSConfigMBeanSecurityInterceptor.java:59)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkAccess(AbstractMBeanSecurityInterceptor.java:335)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkOperationAccess(AbstractMBeanSecurityInterceptor.java:288)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalInvoke(AbstractMBeanSecurityInterceptor.java:189)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$2.run(JpsJmxInterceptor.java:358)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalInvoke(JpsJmxInterceptor.java:374)

As the error, shows a "MBean: com.oracle.jps:type=JpsApplicationPolicyStore" message, is intended that this error is coming from OPSS layer.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.