OPSS - java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=<CONTEXT>,mapName=<MAPNAME>,keyName=<KEYNAME>" "read")
(Doc ID 2294917.1)
Last updated on DECEMBER 22, 2023
Applies to:
Oracle Platform Security for Java - Version 12.1.0.1.0 and laterInformation in this document applies to any platform.
Symptoms
On Java Platform Security with 12C application, for example OBIEE in this case, while accessing the application on Node 2 seeing the following issue and Authentication denied message on the second node2.
Next messages are reported in the WL Admin log file:
[2017-07-25T16:28:38.909-05:00] [<WL_SERVERNAME>] [TRACE:32] [] [oracle.security.jps.util.JpsAuth] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>] [APP: <APPLICATION>] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: <J2EE_APP_NANE>] [J2EE_MODULE.name: bi-security] [WEBSERVICE.name: SecurityWebService] [WEBSERVICE_PORT.name: SecurityWebServicePort] [SI-Key: ssi] [SRC_CLASS: oracle.security.jps.util.JpsAuth$Diagnostic] [SRC_METHOD: logDebugOut] CodeSource=file:<PATH>/<filename>.jar
[WEBSERVICE_PORT.name: SecurityWebServicePort] [SI-Key: ssi] [SRC_CLASS: oracle.security.jps.util.JpsAuth$Diagnostic] [SRC_METHOD: logDebugOut] ("java.util.PropertyPermission" "java.class.version" "read")
[2017-07-25T16:28:38.916-05:00] [<WL_SERVERNAME>] [TRACE:32] [] [oracle.security.jps.util.JpsAuth] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>
[SI-Key: ssi] [SRC_CLASS: oracle.security.audit.Auditor] [SRC_METHOD: isEnabled] IAU:Event Enabled : false, Event Type : AccessCredential, Event Status : false, Properties : null
[2017-07-25T16:28:38.942-05:00] [<WL_SERVERNAME>] [ERROR] [] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>] [APP: <APPLICATION>] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] oracle.webservices.provider.ProviderException: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=<CONTEXT>,mapName=<MAPNAME>,keyName=<KEYNAME>" "read")[[
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:513)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1355)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1397)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessingPhaseTwo(ProviderProcessor.java:711)
at oracle.j2ee.ws.server.WebServiceProcessor.doRequestProcessing(WebServiceProcessor.java:691)
..
[WEBSERVICE_PORT.name: SecurityWebServicePort] [SI-Key: ssi] [SRC_CLASS: oracle.security.jps.util.JpsAuth$Diagnostic] [SRC_METHOD: logDebugOut] ("java.util.PropertyPermission" "java.class.version" "read")
[2017-07-25T16:28:38.916-05:00] [<WL_SERVERNAME>] [TRACE:32] [] [oracle.security.jps.util.JpsAuth] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>
[SI-Key: ssi] [SRC_CLASS: oracle.security.audit.Auditor] [SRC_METHOD: isEnabled] IAU:Event Enabled : false, Event Type : AccessCredential, Event Status : false, Properties : null
[2017-07-25T16:28:38.942-05:00] [<WL_SERVERNAME>] [ERROR] [] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>] [APP: <APPLICATION>] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] oracle.webservices.provider.ProviderException: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=<CONTEXT>,mapName=<MAPNAME>,keyName=<KEYNAME>" "read")[[
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:513)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1355)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1397)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessingPhaseTwo(ProviderProcessor.java:711)
at oracle.j2ee.ws.server.WebServiceProcessor.doRequestProcessing(WebServiceProcessor.java:691)
..
Caused by: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=<CONTEXT>,mapName=<MAPNAME>,keyName=<KEYNAME>" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:527)
at oracle.security.jps.util.JpsAuth$Diagnostic.checkPermission(JpsAuth.java:381)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$6.checkPermission(JpsAuth.java:551)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:587)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:623)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:739)
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.getCredential(LdapCredentialStore.java:410)
at oracle.bi.security.opss.BICredentialReader.getPasswordCredential(BICredentialReader.java:106)
at oracle.bi.security.system.SystemUser.lambda$readSystemUserCredential$32(SystemUser.java:370)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.bi.security.system.SystemUser.readSystemUserCredential(SystemUser.java:373)
at oracle.bi.security.system.SystemUser.initialise(SystemUser.java:554)
at oracle.bi.security.system.SystemUser.<init>(SystemUser.java:130)
at oracle.bi.security.system.SystemUser.getInstance(SystemUser.java:72)
at oracle.bi.security.handler.ServiceAuthorizationHandler.checkCredentialsHeader(ServiceAuthorizationHandler.java:221)
at oracle.bi.security.handler.ServiceAuthorizationHandler.handleMessage(ServiceAuthorizationHandler.java:147)
at oracle.bi.security.handler.ServiceAuthorizationHandler.handleMessage(ServiceAuthorizationHandler.java:66)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.callProtocolHandlers(HandlerChainInvoker.java:771)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.internalCallHandlers(HandlerChainInvoker.java:478)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.callHandlers(HandlerChainInvoker.java:403)
at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:210)
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:498)
... 47 moreecurityWebService] [WEBSERVICE_PORT.name: SecurityWebServicePort] [SI-Key: ssi] [SRC_CLASS: oracle.security.jps.util.JpsAuth$Diagnostic] [SRC_METHOD: logDebugOut] ("java.util.PropertyPermission" "java.class.version" "read")
[2017-07-25T16:28:38.916-05:00] [<WL_SERVERNAME>] [TRACE:32] [] [oracle.security.jps.util.JpsAuth] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>
[SI-Key: ssi] [SRC_CLASS: oracle.security.audit.Auditor] [SRC_METHOD: isEnabled] IAU:Event Enabled : false, Event Type : AccessCredential, Event Status : false, Properties : null
[2017-07-25T16:28:38.942-05:00] [<WL_SERVERNAME>] [ERROR] [] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>] [APP: <APPLICATION>] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] oracle.webservices.provider.ProviderException: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=<CONTEXT>,mapName=<MAPNAME>,keyName=<KEYNAME>" "read")[[
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:513)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1355)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1397)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessingPhaseTwo(ProviderProcessor.java:711)
at oracle.j2ee.ws.server.WebServiceProcessor.doRequestProcessing(WebServiceProcessor.java:691)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:248)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:212)
at oracle.j2ee.ws.server.WebServiceServlet.doService(WebServiceServlet.java:696)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:534)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
... 47 more
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:527)
at oracle.security.jps.util.JpsAuth$Diagnostic.checkPermission(JpsAuth.java:381)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$6.checkPermission(JpsAuth.java:551)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:587)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:623)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:739)
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.getCredential(LdapCredentialStore.java:410)
at oracle.bi.security.opss.BICredentialReader.getPasswordCredential(BICredentialReader.java:106)
at oracle.bi.security.system.SystemUser.lambda$readSystemUserCredential$32(SystemUser.java:370)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.bi.security.system.SystemUser.readSystemUserCredential(SystemUser.java:373)
at oracle.bi.security.system.SystemUser.initialise(SystemUser.java:554)
at oracle.bi.security.system.SystemUser.<init>(SystemUser.java:130)
at oracle.bi.security.system.SystemUser.getInstance(SystemUser.java:72)
at oracle.bi.security.handler.ServiceAuthorizationHandler.checkCredentialsHeader(ServiceAuthorizationHandler.java:221)
at oracle.bi.security.handler.ServiceAuthorizationHandler.handleMessage(ServiceAuthorizationHandler.java:147)
at oracle.bi.security.handler.ServiceAuthorizationHandler.handleMessage(ServiceAuthorizationHandler.java:66)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.callProtocolHandlers(HandlerChainInvoker.java:771)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.internalCallHandlers(HandlerChainInvoker.java:478)
at oracle.j2ee.ws.common.handlers.HandlerChainInvoker.callHandlers(HandlerChainInvoker.java:403)
at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:210)
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:498)
... 47 moreecurityWebService] [WEBSERVICE_PORT.name: SecurityWebServicePort] [SI-Key: ssi] [SRC_CLASS: oracle.security.jps.util.JpsAuth$Diagnostic] [SRC_METHOD: logDebugOut] ("java.util.PropertyPermission" "java.class.version" "read")
[2017-07-25T16:28:38.916-05:00] [<WL_SERVERNAME>] [TRACE:32] [] [oracle.security.jps.util.JpsAuth] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>
[SI-Key: ssi] [SRC_CLASS: oracle.security.audit.Auditor] [SRC_METHOD: isEnabled] IAU:Event Enabled : false, Event Type : AccessCredential, Event Status : false, Properties : null
[2017-07-25T16:28:38.942-05:00] [<WL_SERVERNAME>] [ERROR] [] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: <ECID>] [APP: <APPLICATION>] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] oracle.webservices.provider.ProviderException: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=<CONTEXT>,mapName=<MAPNAME>,keyName=<KEYNAME>" "read")[[
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:513)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1355)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1397)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessingPhaseTwo(ProviderProcessor.java:711)
at oracle.j2ee.ws.server.WebServiceProcessor.doRequestProcessing(WebServiceProcessor.java:691)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:248)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:212)
at oracle.j2ee.ws.server.WebServiceServlet.doService(WebServiceServlet.java:696)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:534)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
... 47 more
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |