OPSS - java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oracle.bi.system,keyName=system.user" "read") (Doc ID 2294917.1)

Last updated on AUGUST 14, 2017

Applies to:

Oracle Platform Security for Java - Version 12.1.0.1.0 and later
Information in this document applies to any platform.

Symptoms

On Java Platform Security, OBIEE 12C While accessing the application on Node 2 seeing the following issue and Authentication denied message on the second node2.

Next messages are reported in the WL Admin log file:

 

[2017-07-25T16:28:38.909-05:00] [bi_server2] [TRACE:32] [] [oracle.security.jps.util.JpsAuth] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 8dbee058-43dd-43d1-86dd-7cf728a669c5-00000621,0:1:1:6:1] [APP: bi-security] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: bi-security] [J2EE_MODULE.name: bi-security] [WEBSERVICE.name: SecurityWebService] [WEBSERVICE_PORT.name: SecurityWebServicePort] [SI-Key: ssi] [SRC_CLASS: oracle.security.jps.util.JpsAuth$Diagnostic] [SRC_METHOD: logDebugOut] CodeSource=file:/saaln3/Varobi12c/oraclebi12c/Product/bi/modules/oracle.bi.security/bi-security-core.jar
[WEBSERVICE_PORT.name: SecurityWebServicePort] [SI-Key: ssi] [SRC_CLASS: oracle.security.jps.util.JpsAuth$Diagnostic] [SRC_METHOD: logDebugOut] ("java.util.PropertyPermission" "java.class.version" "read")
[2017-07-25T16:28:38.916-05:00] [bi_server2] [TRACE:32] [] [oracle.security.jps.util.JpsAuth] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 8dbee058-43dd-43d1-86dd-
[SI-Key: ssi] [SRC_CLASS: oracle.security.audit.Auditor] [SRC_METHOD: isEnabled] IAU:Event Enabled : false, Event Type : AccessCredential, Event Status : false, Properties : null
[2017-07-25T16:28:38.942-05:00] [bi_server2] [ERROR] [] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 8dbee058-43dd-43d1-86dd-7cf728a669c5-00000621,0:1:1:6:1] [APP: bi-security] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] oracle.webservices.provider.ProviderException: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oracle.bi.system,keyName=system.user" "read")[[
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:513)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1355)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1397)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessingPhaseTwo(ProviderProcessor.java:711)
at oracle.j2ee.ws.server.WebServiceProcessor.doRequestProcessing(WebServiceProcessor.java:691)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:248)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:212)
at oracle.j2ee.ws.server.WebServiceServlet.doService(WebServiceServlet.java:696)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:534)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.bi.security.filter.BISecuritySOAPFilter.doFilter(BISecuritySOAPFilter.java:69)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:141)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:650)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:124)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:232)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:248)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3683)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3649)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)
at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2433)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2281)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2259)
at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1691)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1651)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:270)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:348)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:333)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:54)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:640)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:406)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:346)
Caused by: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oracle.bi.system,keyName=system.user" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:527)
at oracle.security.jps.util.JpsAuth$Diagnostic.checkPermission(JpsAuth.java:381)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$6.checkPermission(JpsAuth.java:551)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:587)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:623)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:739)
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.getCredential(LdapCredentialStore.java:410)
at oracle.bi.security.opss.BICredentialReader.getPasswordCredential(BICredentialReader.java:106)
at oracle.bi.security.system.SystemUser.lambda$readSystemUserCredential$32(SystemUser.java:370)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.bi.security.system.SystemUser.readSystemUserCredential(SystemUser.java:373)
at oracle.bi.security.system.SystemUser.initialise(SystemUser.java:554)
at oracle.bi.security.system.SystemUser.<init>(SystemUser.java:130)
at oracle.bi.security.system.SystemUser.getInstance(SystemUser.java:72)
at oracle.bi.security.handler.ServiceAuthorizationHandler.checkCredentialsHeader(ServiceAuthorizationHandler.java:221)
at oracle.bi.security.handler.ServiceAuthorizationHandler.handleMessage(ServiceAuthorizationHandler.java:147)
at oracle.bi.security.handler.ServiceAuthorizationHandler.handleMessage(ServiceAuthorizationHandler.java:66)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.callProtocolHandlers(HandlerChainInvoker.java:771)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.internalCallHandlers(HandlerChainInvoker.java:478)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.callHandlers(HandlerChainInvoker.java:403)
at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:210)
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:498)
... 47 moreecurityWebService] [WEBSERVICE_PORT.name: SecurityWebServicePort] [SI-Key: ssi] [SRC_CLASS: oracle.security.jps.util.JpsAuth$Diagnostic] [SRC_METHOD: logDebugOut] ("java.util.PropertyPermission" "java.class.version" "read")
[2017-07-25T16:28:38.916-05:00] [bi_server2] [TRACE:32] [] [oracle.security.jps.util.JpsAuth] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 8dbee058-43dd-43d1-86dd-
[SI-Key: ssi] [SRC_CLASS: oracle.security.audit.Auditor] [SRC_METHOD: isEnabled] IAU:Event Enabled : false, Event Type : AccessCredential, Event Status : false, Properties : null
[2017-07-25T16:28:38.942-05:00] [bi_server2] [ERROR] [] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 8dbee058-43dd-43d1-86dd-7cf728a669c5-00000621,0:1:1:6:1] [APP: bi-security] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] oracle.webservices.provider.ProviderException: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oracle.bi.system,keyName=system.user" "read")[[
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:513)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1355)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1397)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessingPhaseTwo(ProviderProcessor.java:711)
at oracle.j2ee.ws.server.WebServiceProcessor.doRequestProcessing(WebServiceProcessor.java:691)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:248)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:212)
at oracle.j2ee.ws.server.WebServiceServlet.doService(WebServiceServlet.java:696)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:534)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.bi.security.filter.BISecuritySOAPFilter.doFilter(BISecuritySOAPFilter.java:69)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:141)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:650)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:124)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:232)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:248)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3683)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3649)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)
at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2433)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2281)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2259)
at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1691)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1651)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:270)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:348)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:333)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:54)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:640)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:406)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:346)
Caused by: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oracle.bi.system,keyName=system.user" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:527)
at oracle.security.jps.util.JpsAuth$Diagnostic.checkPermission(JpsAuth.java:381)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$6.checkPermission(JpsAuth.java:551)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:587)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:623)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:739)
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.getCredential(LdapCredentialStore.java:410)
at oracle.bi.security.opss.BICredentialReader.getPasswordCredential(BICredentialReader.java:106)
at oracle.bi.security.system.SystemUser.lambda$readSystemUserCredential$32(SystemUser.java:370)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.bi.security.system.SystemUser.readSystemUserCredential(SystemUser.java:373)
at oracle.bi.security.system.SystemUser.initialise(SystemUser.java:554)
at oracle.bi.security.system.SystemUser.<init>(SystemUser.java:130)
at oracle.bi.security.system.SystemUser.getInstance(SystemUser.java:72)
at oracle.bi.security.handler.ServiceAuthorizationHandler.checkCredentialsHeader(ServiceAuthorizationHandler.java:221)
at oracle.bi.security.handler.ServiceAuthorizationHandler.handleMessage(ServiceAuthorizationHandler.java:147)
at oracle.bi.security.handler.ServiceAuthorizationHandler.handleMessage(ServiceAuthorizationHandler.java:66)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.callProtocolHandlers(HandlerChainInvoker.java:771)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.internalCallHandlers(HandlerChainInvoker.java:478)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.callHandlers(HandlerChainInvoker.java:403)
at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:210)
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:498)
... 47 more

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms