OPSS - Application Policies Are Missing From Security

(Doc ID 2123155.1)

Last updated on APRIL 08, 2016

Applies to:

Oracle Platform Security for Java - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Symptoms

This is reported from  EM11g, where Application Policies are missing from security in EM.

The issue can be observed in EM, Expanding Weblogic Domain and exploring Security, and checking -> Application Policies

Observing a error from MBean operation, such as access denied.

In AdminServer-diagnostic.log the error observed:

[2016-03-31T17:19:01.513-04:00] [AdminServer] [ERROR] [J2EE JMX-46336] [] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 7c1f91d0c43da7c0:2c3aa81b:153ce5444f6:-8000-0000000000000a85,0] MBean operation access denied. [[
MBean: com.oracle.jps:type=JpsApplicationPolicyStore
Operation: revokeFromApplicationPolicy(java.lang.String, [Ljavax.management.openmbean.CompositeData;)
Detail: Access denied. Required roles: Admin, executing subject: principals=[] java.lang.SecurityException: Access denied. Required roles: Admin, executing subject: principals=[]
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.isInWlsGlobalSecurityRoles(WLSMBeanSecurityHelper.java:245)
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.checkConfigMBeanDefaultAccess(WLSMBeanSecurityHelper.java:200)
at oracle.as.jmx.framework.wls.spi.security.WLSConfigMBeanSecurityInterceptor.checkDefaultAccess(WLSConfigMBeanSecurityInterceptor.java:59)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkAccess(AbstractMBeanSecurityInterceptor.java:335)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkOperationAccess(AbstractMBeanSecurityInterceptor.java:288)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalInvoke(AbstractMBeanSecurityInterceptor.java:189)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$2.run(JpsJmxInterceptor.java:358)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalInvoke(JpsJmxInterceptor.java:374)

As the error, shows a "MBean: com.oracle.jps:type=JpsApplicationPolicyStore" message, is intended that this error is coming from OPSS layer.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms