Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OAM 11.1.2.3.0 ASDK AccessControlException

Brian WolfeAug 6 2015 — edited Aug 7 2015

I have an odd situation. I have been using the servlet example out of the developers guide. I have the same code and the same artifacts in Eclipse and Netbeans. Eclipse is mapped to a tomcat server and a weblogic server. I have verified that my configuration files are in the correct places. I know my references are good. But on weblogic I get the following error. Can anyone explain to me why it would have an issue with the Global Passphrase? I am thinking that this issue is with the accessClient API trying to access the cwallet file with the password in the password.xml.

configuration path: /weblogic/oracle/Oracle/Middleware/user_projects/domains/base_domain/webgateconfig

Aug 06, 2015 2:29:02 PM oracle.security.am.asdk.impl.Configuration setGlobalPass

SEVERE: Failed to perform decrypt Global passphrase operation.

Aug 06, 2015 2:29:02 PM oracle.security.am.asdk.impl.Configuration setGlobalPass

SEVERE:

java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OAMAgent,keyName=accessClient11g_Key" "read")

  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)

  at java.security.AccessController.checkPermission(AccessController.java:559)

  at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:478)

  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:538)

  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:564)

  at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:691)

  at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:608)

  at oracle.security.am.asdk.impl.Configuration$1.run(Configuration.java:249)

  at java.security.AccessController.doPrivileged(Native Method)

  at oracle.security.am.asdk.impl.Configuration.readAgentKey(Configuration.java:246)

  at oracle.security.am.asdk.impl.Configuration.decrypt(Configuration.java:1701)

  at oracle.security.am.asdk.impl.Configuration.setGlobalPass(Configuration.java:475)

  at oracle.security.am.asdk.impl.ConfigXMLHandler.readCertDetails(ConfigXMLHandler.java:362)

  at oracle.security.am.asdk.AccessClient.initialize(AccessClient.java:1356)

  at oracle.security.am.asdk.AccessClient.<init>(AccessClient.java:931)

  at oracle.security.am.asdk.AccessClient.createDefaultInstance(AccessClient.java:352)

  at OAMWeb.processRequest(OAMWeb.java:80)

  at OAMWeb.doPost(OAMWeb.java:172)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)

  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)

  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)

  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)

  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3732)

  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)

  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)

  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)

  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)

  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)

  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Aug 06, 2015 2:29:02 PM oracle.security.am.asdk.AccessClient initialize

SEVERE: Oracle Access SDK initialization failed.

oracle.security.am.asdk.AccessException: OAMAGENT-02072: Failed to perform decrypt Global passphrase operation.

  at oracle.security.am.asdk.impl.Configuration.setGlobalPass(Configuration.java:490)

  at oracle.security.am.asdk.impl.ConfigXMLHandler.readCertDetails(ConfigXMLHandler.java:362)

  at oracle.security.am.asdk.AccessClient.initialize(AccessClient.java:1356)

  at oracle.security.am.asdk.AccessClient.<init>(AccessClient.java:931)

  at oracle.security.am.asdk.AccessClient.createDefaultInstance(AccessClient.java:352)

  at OAMWeb.processRequest(OAMWeb.java:80)

  at OAMWeb.doPost(OAMWeb.java:172)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)

  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)

  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)

  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)

  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3732)

  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)

  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)

  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)

  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)

  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)

  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Caused by: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OAMAgent,keyName=accessClient11g_Key" "read")

  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)

  at java.security.AccessController.checkPermission(AccessController.java:559)

  at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:478)

  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:538)

  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:564)

  at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:691)

  at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:608)

  at oracle.security.am.asdk.impl.Configuration$1.run(Configuration.java:249)

  at java.security.AccessController.doPrivileged(Native Method)

  at oracle.security.am.asdk.impl.Configuration.readAgentKey(Configuration.java:246)

  at oracle.security.am.asdk.impl.Configuration.decrypt(Configuration.java:1701)

  at oracle.security.am.asdk.impl.Configuration.setGlobalPass(Configuration.java:475)

  ... 21 more

Access Exception: OAMAGENT-02010

oracle.security.am.asdk.AccessException: OAMAGENT-02010: Oracle Access SDK initialization failed.

  at oracle.security.am.asdk.AccessClient.initialize(AccessClient.java:1378)

  at oracle.security.am.asdk.AccessClient.<init>(AccessClient.java:931)

  at oracle.security.am.asdk.AccessClient.createDefaultInstance(AccessClient.java:352)

  at OAMWeb.processRequest(OAMWeb.java:80)

  at OAMWeb.doPost(OAMWeb.java:172)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)

  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)

  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)

  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)

  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3732)

  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)

  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)

  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)

  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)

  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)

  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Caused by: oracle.security.am.asdk.AccessException: OAMAGENT-02072: Failed to perform decrypt Global passphrase operation.

  at oracle.security.am.asdk.impl.Configuration.setGlobalPass(Configuration.java:490)

  at oracle.security.am.asdk.impl.ConfigXMLHandler.readCertDetails(ConfigXMLHandler.java:362)

  at oracle.security.am.asdk.AccessClient.initialize(AccessClient.java:1356)

  ... 19 more

Caused by: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OAMAgent,keyName=accessClient11g_Key" "read")

  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)

  at java.security.AccessController.checkPermission(AccessController.java:559)

  at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:478)

  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:538)

  at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:564)

  at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:691)

  at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:608)

  at oracle.security.am.asdk.impl.Configuration$1.run(Configuration.java:249)

  at java.security.AccessController.doPrivileged(Native Method)

  at oracle.security.am.asdk.impl.Configuration.readAgentKey(Configuration.java:246)

  at oracle.security.am.asdk.impl.Configuration.decrypt(Configuration.java:1701)

  at oracle.security.am.asdk.impl.Configuration.setGlobalPass(Configuration.java:475)

  ... 21 more
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 4 2015
Added on Aug 6 2015
#exception, #identity-management, #identity-manager, #oam
2 comments
1,366 views