Weblogic Startup Fails with Error JPS-03027: PDPService service instance failed during initialization due to lack of grant

Weblogic Startup Fails with Error JPS-03027: PDPService service instance failed during initialization due to lack of grant

Error:

Admin Server Startup Fails with 

The server startup fails with the following error

weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-03027: PDPService service instance failed during initialization due to lack of grant. If you are seeing this error after a new installation, make sure you have updated weblogic.policy as installation step suggested

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)

Caused By: oracle.security.jps.JpsRuntimeException: JPS-03027: PDPService service instance failed during initialization due to lack of grant. If you are seeing this error after a new installation, make sure you have updated weblogic.policy as installation step suggested

at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2978)

at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3226)

Reason:

To determine the root cause, start Weblogic with the following debug flags

startWeblogic.sh -Djava.security.debug=policy -Doracle.security.jps.util.JpsAuth=true

This showed the details on missing grants

 

policy: evaluate codesources:

Policy CodeSource: (file:<JAVA_HOME>/jdk/jre/lib/ext/* )

Active CodeSource: (file:<MIDDLEWARE_HOME>/oracle_common/modules/oracle.jps_11.1.1/jps-api.jar )

policy: evaluation (codesource) failed

Solution:

Add the following grant in the weblogic.policy file

grant codeBase "file:<MIDDLEWARE_HOME>/oracle_common/modules/oracle.jps_11.1.1/jps-api.jar" {

  permission java.security.AllPermission;

};

 

1. Take a backup of the file <MIDDLEWARE_HOME>/wlserver_10.3/server/lib/weblogic.policy

Go to the last "grant codeBase" entry in the file and insert the following

             grant codeBase "file:<MIDDLEWARE_HOME>/oracle_common/modules/oracle.jps_11.1.1/jps-api.jar" {

               permission java.security.AllPermission;

             };

             Note: The file path depends on the installation. Please make sure that you give the same path shown in the debug log

2. Restart the Server

If you like please follow and comment