Weblogic Startup Fails with Error JPS-03027: PDPService service instance failed during initialization due to lack of grant
Error:
Admin Server Startup Fails with
The server startup fails with the following error
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-03027: PDPService service instance failed during initialization due to lack of grant. If you are seeing this error after a new installation, make sure you have updated weblogic.policy as installation step suggested
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
Caused By: oracle.security.jps.JpsRuntimeException: JPS-03027: PDPService service instance failed during initialization due to lack of grant. If you are seeing this error after a new installation, make sure you have updated weblogic.policy as installation step suggested
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2978)
at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3226)
Reason:
To determine the root cause, start Weblogic with the following debug flags
startWeblogic.sh -Djava.security.debug=policy -Doracle.security.jps.util.JpsAuth=true
This showed the details on missing grants
policy: evaluate codesources:
Policy CodeSource: (file:<JAVA_HOME>/jdk/jre/lib/ext/* )
Active CodeSource: (file:<MIDDLEWARE_HOME>/oracle_common/modules/oracle.jps_11.1.1/jps-api.jar )
policy: evaluation (codesource) failed
Solution:
Add the following grant in the weblogic.policy file
grant codeBase "file:<MIDDLEWARE_HOME>/oracle_common/modules/oracle.jps_11.1.1/jps-api.jar" {
permission java.security.AllPermission;
};
1. Take a backup of the file <MIDDLEWARE_HOME>/wlserver_10.3/server/lib/weblogic.policy
Go to the last "grant codeBase" entry in the file and insert the following
grant codeBase "file:<MIDDLEWARE_HOME>/oracle_common/modules/oracle.jps_11.1.1/jps-api.jar" {
permission java.security.AllPermission;
};
Note: The file path depends on the installation. Please make sure that you give the same path shown in the debug log
2. Restart the Server
Post a Comment
Post a Comment