My Oracle Support Banner

Unable to Migrate the Policy Store from LDAP to File using migrateSecurityStore Command : java.security.AccessControlException: java.security.AccessControlException: access denied (Doc ID 2412001.1)

Last updated on JUNE 18, 2018

Applies to:

Oracle WebCenter Portal - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms


When attempting to migrate the Policy and Credential store from LDAP to File using migrateSecurityStore wlst command, the following error occurs:

ERROR

wls:/webcenter/serverConfig>migrateSecurityStore(type="appPolicies", configFile="/refresh/oracle/Middleware/user_projects/domains/wc_domain/config/fmwconfig/jps-config.xml.tmp", src="default", srcApp="webcenter", dstApp="webcenter", dst="defaultXML", migrateIdStoreMapping="true", reportFile="report.html")

May 08, 2018 2:21:08 PM oracle.security.jps.internal.common.util.JpsCommonUtil initPolicyProvider
INFO: Initializing OPSS Java Policy Provider.
May 08, 2018 2:21:11 PM oracle.security.jps.internal.common.util.JpsCommonUtil initPolicyProvider
INFO: OPSS Java Policy Provider initialized.
May 08, 2018 2:21:11 PM oracle.security.jps.internal.common.util.JpsCommonUtil initPolicyProvider
INFO: OPSS Java Policy Provider is set as the system-wide Policy object.
May 08, 2018 2:21:25 PM oracle.security.audit.Auditor init
WARNING: IAU:IAU-6012: Unable to determine the audit log directory. No log directory specified.
May 08, 2018 2:21:25 PM oracle.security.jps.util.JpsUtil disableAudit
INFO: JpsUtil: isAuditDisabled set to true
May 08, 2018 2:21:25 PM oracle.security.jps.internal.audit.AuditServiceImpl validateLogPossible
WARNING: No audit log directory is set. Cannot perform audit operations for component JPS.
WLS ManagedService is not up running. Fall back to use system properties for configuration.
May 08, 2018 2:21:28 PM oracle.security.jps.internal.policystore.ldap.LdapPolicyStore checkMigrateCompatibility
WARNING: Customization related meta-data if present will be striped during migration
May 08, 2018 2:21:28 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl migrateAppPolicyData
INFO: Migration of Application Policies webcenter in progress.....
COMMAND FAILED due to an unknown reason, Check the stack trace for details
Traceback (innermost last):
  File "<console>", line 1, in ?
  File "/a01/app/oraweb/middle/oracle_common/common/wlst/jpsWlstCmd.py", line 983, in migrateSecurityStore
  File "/a01/app/oraweb/middle/oracle_common/common/wlst/jpsWlstCmd.py", line 944, in migrateSecurityStoreImpl
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:395)
       at java.security.AccessController.checkPermission(AccessController.java:559)
       at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:478)
       at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:538)
       at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:564)
       at oracle.security.jps.internal.policystore.AbstractPolicyStore.checkPolicyStoreAccessPermission(AbstractPolicyStore.java:603)
       at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.getApplicationPolicy(LdapPolicyStore.java:919)
       at oracle.security.jps.internal.tools.utility.source.migrate.JpsMigSourcePolicy.getDataToMigrate(JpsMigSourcePolicy.java:110)
       at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.migrateDataInternal(JpsDstPolicy.java:703)
       at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy.migrateData(JpsDstPolicy.java:639)
       at oracle.security.jps.internal.tools.utility.destination.JpsDsts.migrateData(JpsDsts.java:88)
       at oracle.security.jps.internal.tools.utility.JpsUtility.migrateData(JpsUtility.java:72)
       at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl.migrateData(JpsUtilMigrationPolicyImpl.java:670)
       at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl.migrateAppPolicyData(JpsUtilMigrationPolicyImpl.java:305)
       at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand(JpsUtilMigrationTool.java:366)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:606)
java.security.AccessControlException: java.security.AccessControlException: access denied (oracle.security.jps.service.policystore.PolicyStoreAccessPermission Context:APPLICATION Context Name:webcenter Actions:getApplicationPolicy)




STEPS

The issue can be reproduced at will with the following steps:

  1. Create an xml file with the source and target destination for the migration.

  2. Run the migrateSecurityStore command.

 

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.