Friday, March 22, 2013

Cannot Start OIM After Applying WLS PSU patches 


Issue:Unable to start OIM after patch application.
=====================================================


To see the stack trace for thread that is initializing this, set the logging level of oracle.adf.share.ADFContext to FINEST>
<Mar 22, 2013 1:49:51 AM CDT> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'oim [Version=11.1.1.3.0]' due to error java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword read).
java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword read)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:436)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:496)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:519)
        Truncated. see log file for complete stacktrace
Caused By: java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword read)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:436)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:496)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:519)
        Truncated. see log file for complete stacktrace
















Patch applied:


--------------


Patch 14736140: 10.3.5.0.6 Patch Set Update (PSU) for WebLogic Server 10.3.5.0




Found couple of notes on oracle to fix this, but they referred to different patches and versions of OIM.This is how i fixed it.






Solution:


=========


1. Stop the servers


2. On each node (if is cluster), add the following in DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml:


<grant>
  <grantee>
    <codesource>
      <url>file:${wls.home}/../../patch_wls1035/patch_jars/*</url>
    </codesource>
  </grantee>
  <permissions>
    <permission>
      <class>oracle.security.jps.service.credstore.CredentialAccessPermission</class>
     <name>context=SYSTEM,mapName=oim,keyName=*</name>
     <actions>read,write</actions>
    </permission>
   </permissions>
</grant>

3.From the below location

Oracle_home/wlserver_10.3/server/lib

in the file weblogic.policy

add the below lines

grant codeBase "file:/patch_wls1035/patch_jars/*" {
  permission java.security.AllPermission;
};

Its best to add full path in step 3, as above didnot work for me and after making it absolute path,OIM started up.
(grant codeBase "file:<MW_HOME>/patch_wls1035/patch_jars/*")

4.Start the servers.















Posted by



at







































No comments:















Post a Comment


























        

      









Subscribe to:
Post Comments (Atom)