Recently while working on a SOA 12C project I was seeing the following error in the logs.
<AdminServer> <[ACTIVE] ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <c3edacf6-49eb-407c-a03b-ac905a0a8ad1-000017eb> <1441380976786> <BEA-080003> <A RuntimeException was generated by the RMI server: javax.management.remote.rmi.RMIConnectionImpl.getAttribute(Ljavax.management.ObjectName;Ljava.lang.String;Ljavax.security.auth.Subject;)
javax.management.RuntimeMBeanException: java.lang.SecurityException: MBean attribute access denied.
MBean: oracle.soa.config:name="default",j2eeType=SOAFolder,Application=soa-infra
Getter for attribute State
Detail: access denied ("oracle.fabric.permission.CompositePermission" "default" "read").
javax.management.RuntimeMBeanException: java.lang.SecurityException: MBean attribute access denied.
On : 12.1.3.0.0 version, Fabric
MBean attribute access denied. Warning/Errors seen in the Admin/SOA domain logs
The Admin/SOA domain server logs are repeatedly filled with MBean attribute access denied warnings. It doesn't affect the deployment or composites during runtime. The user is not logging as weblogic but as ohscustadmin.
<Warning> <RMI> <hostname> <AdminServer> <[ACTIVE] ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <c3edacf6-49eb-407c-a03b-ac905a0a8ad1-000017eb> <1441380976786> <BEA-080003> <A RuntimeException was generated by the RMI server: javax.management.remote.rmi.RMIConnectionImpl.getAttribute(Ljavax.management.ObjectName;Ljava.lang.String;Ljavax.security.auth.Subject;)
javax.management.RuntimeMBeanException: java.lang.SecurityException: MBean attribute access denied.
MBean: oracle.soa.config:name="default",j2eeType=SOAFolder,Application=soa-infra
Getter for attribute State
Detail: access denied ("oracle.fabric.permission.CompositePermission" "default" "read").
javax.management.RuntimeMBeanException: java.lang.SecurityException: MBean attribute access denied.
ERROR
-----------------------
[oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: odemmon] [ecid: f66cbcbf-ba3c-48da-8cde-f3d7578fcda2-00023944,0] [APP: soa-infra] MBean attribute access denied. [[
MBean: oracle.as.soainfra.config:name=soa-infra,type=SoaInfraConfig,Application=soa-infra
Getter for attribute NonFatalConnectionMaxRetry
Detail: access denied ("oracle.fabric.permission.SOAPlatformPermission" "read") java.security.AccessControlException: access denied ("oracle.fabric.permission.SOAPlatformPermission" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:472)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:532)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:558)
at oracle.fabric.permission.internal.InternalSOAPermissionCheckHelper$2.run(InternalSOAPermissionCheckHelper.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at oracle.fabric.permission.internal.InternalSOAPermissionCheckHelper.internalCheckSOAPermission(InternalSOAPermissionCheckHelper.java:200)
at oracle.fabric.permission.internal.InternalSOAPermissionCheckHelper.checkSOAPermission(InternalSOAPermissionCheckHelper.java:171)
at oracle.fabric.permission.management.SOAPermissionCheckPluginFactory$SOAMBeanCustomSecurityPlugin.checkGetAttribute(SOAPermissionCheckPluginFactory.java:60)
at oracle.as.jmx.framework.MBeanCustomSecurityHelper.checkGetAttribute(MBeanCustomSecurityHelper.java:193)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkAttributeAccess(AbstractMBeanSecurityInterceptor.java:264)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalGetAttributes(AbstractMBeanSecurityInterceptor.java:138)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttributes(AbstractMBeanInterceptor.java:114)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$GetAttributesDelegator.delegate(JpsJmxInterceptor.java:959)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$7.run(JpsJmxInterceptor.java:826)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.jpsInternalInvoke(JpsJmxInterceptor.java:868)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalGetAttributes(JpsJmxInterceptor.java:217)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttributes(AbstractMBeanInterceptor.java:114)
at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalGetAttributes(ContextClassLoaderMBeanInterceptor.java:115)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttributes(AbstractMBeanInterceptor.java:114)
at oracle.as.jmx.framework.generic.spi.interceptors.MBeanRestartInterceptor.internalGetAttributes(MBeanRestartInterceptor.java:87)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttributes(AbstractMBeanInterceptor.java:114)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.getAttributes(OracleStandardEmitterMBean.java:654)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterConfigMBean.getAttributes(OracleStandardEmitterConfigMBean.java:620)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttributes(DefaultMBeanServerInterceptor.java:709)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttributes(JmxMBeanServer.java:705)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$13.run(WLSMBeanServerInterceptorBase.java:353)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttributes(WLSMBeanServerInterceptorBase.java:351)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.getAttributes(JMXContextInterceptor.java:192)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$13.run(WLSMBeanServerInterceptorBase.java:353)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttributes(WLSMBeanServerInterceptorBase.java:351)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.getAttributes(SecurityInterceptor.java:308)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.getAttributes(WLSMBeanServer.java:292)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$6$1.run(JMXConnectorSubjectForwarder.java:383)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$6$1.run(JMXConnectorSubjectForwarder.java:381)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$6.run(JMXConnectorSubjectForwarder.java:381)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.getAttributes(JMXConnectorSubjectForwarder.java:376)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1468)
at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:97)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1328)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.getAttributes(RMIConnectionImpl.java:693)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:701)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:527)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:523)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
Raised an Oracle SR and the solution provided by them was :-
1) Login into WLS console
2) select the domain -> security -> Embedded LDAP
3) Make sure "Refresh Replica At Startup " is enabled
4) save changes & restart all servers
enjoy!!
<AdminServer> <[ACTIVE] ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <c3edacf6-49eb-407c-a03b-ac905a0a8ad1-000017eb> <1441380976786> <BEA-080003> <A RuntimeException was generated by the RMI server: javax.management.remote.rmi.RMIConnectionImpl.getAttribute(Ljavax.management.ObjectName;Ljava.lang.String;Ljavax.security.auth.Subject;)
javax.management.RuntimeMBeanException: java.lang.SecurityException: MBean attribute access denied.
MBean: oracle.soa.config:name="default",j2eeType=SOAFolder,Application=soa-infra
Getter for attribute State
Detail: access denied ("oracle.fabric.permission.CompositePermission" "default" "read").
javax.management.RuntimeMBeanException: java.lang.SecurityException: MBean attribute access denied.
On : 12.1.3.0.0 version, Fabric
MBean attribute access denied. Warning/Errors seen in the Admin/SOA domain logs
The Admin/SOA domain server logs are repeatedly filled with MBean attribute access denied warnings. It doesn't affect the deployment or composites during runtime. The user is not logging as weblogic but as ohscustadmin.
<Warning> <RMI> <hostname> <AdminServer> <[ACTIVE] ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <c3edacf6-49eb-407c-a03b-ac905a0a8ad1-000017eb> <1441380976786> <BEA-080003> <A RuntimeException was generated by the RMI server: javax.management.remote.rmi.RMIConnectionImpl.getAttribute(Ljavax.management.ObjectName;Ljava.lang.String;Ljavax.security.auth.Subject;)
javax.management.RuntimeMBeanException: java.lang.SecurityException: MBean attribute access denied.
MBean: oracle.soa.config:name="default",j2eeType=SOAFolder,Application=soa-infra
Getter for attribute State
Detail: access denied ("oracle.fabric.permission.CompositePermission" "default" "read").
javax.management.RuntimeMBeanException: java.lang.SecurityException: MBean attribute access denied.
ERROR
-----------------------
[oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: odemmon] [ecid: f66cbcbf-ba3c-48da-8cde-f3d7578fcda2-00023944,0] [APP: soa-infra] MBean attribute access denied. [[
MBean: oracle.as.soainfra.config:name=soa-infra,type=SoaInfraConfig,Application=soa-infra
Getter for attribute NonFatalConnectionMaxRetry
Detail: access denied ("oracle.fabric.permission.SOAPlatformPermission" "read") java.security.AccessControlException: access denied ("oracle.fabric.permission.SOAPlatformPermission" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:472)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:532)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:558)
at oracle.fabric.permission.internal.InternalSOAPermissionCheckHelper$2.run(InternalSOAPermissionCheckHelper.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at oracle.fabric.permission.internal.InternalSOAPermissionCheckHelper.internalCheckSOAPermission(InternalSOAPermissionCheckHelper.java:200)
at oracle.fabric.permission.internal.InternalSOAPermissionCheckHelper.checkSOAPermission(InternalSOAPermissionCheckHelper.java:171)
at oracle.fabric.permission.management.SOAPermissionCheckPluginFactory$SOAMBeanCustomSecurityPlugin.checkGetAttribute(SOAPermissionCheckPluginFactory.java:60)
at oracle.as.jmx.framework.MBeanCustomSecurityHelper.checkGetAttribute(MBeanCustomSecurityHelper.java:193)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkAttributeAccess(AbstractMBeanSecurityInterceptor.java:264)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalGetAttributes(AbstractMBeanSecurityInterceptor.java:138)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttributes(AbstractMBeanInterceptor.java:114)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$GetAttributesDelegator.delegate(JpsJmxInterceptor.java:959)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$7.run(JpsJmxInterceptor.java:826)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.jpsInternalInvoke(JpsJmxInterceptor.java:868)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalGetAttributes(JpsJmxInterceptor.java:217)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttributes(AbstractMBeanInterceptor.java:114)
at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalGetAttributes(ContextClassLoaderMBeanInterceptor.java:115)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttributes(AbstractMBeanInterceptor.java:114)
at oracle.as.jmx.framework.generic.spi.interceptors.MBeanRestartInterceptor.internalGetAttributes(MBeanRestartInterceptor.java:87)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttributes(AbstractMBeanInterceptor.java:114)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.getAttributes(OracleStandardEmitterMBean.java:654)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterConfigMBean.getAttributes(OracleStandardEmitterConfigMBean.java:620)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttributes(DefaultMBeanServerInterceptor.java:709)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttributes(JmxMBeanServer.java:705)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$13.run(WLSMBeanServerInterceptorBase.java:353)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttributes(WLSMBeanServerInterceptorBase.java:351)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.getAttributes(JMXContextInterceptor.java:192)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$13.run(WLSMBeanServerInterceptorBase.java:353)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttributes(WLSMBeanServerInterceptorBase.java:351)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.getAttributes(SecurityInterceptor.java:308)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.getAttributes(WLSMBeanServer.java:292)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$6$1.run(JMXConnectorSubjectForwarder.java:383)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$6$1.run(JMXConnectorSubjectForwarder.java:381)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$6.run(JMXConnectorSubjectForwarder.java:381)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.getAttributes(JMXConnectorSubjectForwarder.java:376)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1468)
at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:97)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1328)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.getAttributes(RMIConnectionImpl.java:693)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:701)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:527)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:523)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
Raised an Oracle SR and the solution provided by them was :-
1) Login into WLS console
2) select the domain -> security -> Embedded LDAP
3) Make sure "Refresh Replica At Startup " is enabled
4) save changes & restart all servers
enjoy!!
HI
ReplyDeleteI am getting the below error, could you please take a look and provide the solution
<A RuntimeException was generated by the RMI server: javax.management.remote.rmi.RMIConnectionImpl.getAttribute(Ljavax.management.ObjectName;Ljava.lang.String;Ljavax.security.auth.Subject
;)
javax.management.RuntimeOperationsException: Exception occurred trying to invoke the getter on the MBean.
javax.management.RuntimeOperationsException: Exception occurred trying to invoke the getter on the MBean
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(DefaultMBeanServerInterceptor.java:624)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(JmxMBeanServer.java:678)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.getAttribute(JMXContextInterceptor.java:157)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.getAttribute(SecurityInterceptor.java:300)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.getAttribute(WLSMBeanServer.java:279)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$5$1.run(JMXConnectorSubjectForwarder.java:327)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$5.run(JMXConnectorSubjectForwarder.java:325)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.getAttribute(JMXConnectorSubjectForwarder.java:320)