4 Replies Latest reply: Apr 1, 2013 4:19 PM by Bartley.Luo RSS

    Questions regarding OPSS and WLS 12c

    Bartley.Luo
      Hi,

      What's the minimum installation step required in order to use OPSS in wls 12c?

      Do I have to install ADF 11g?

      OPSS is packaged in ADF 11g install package. But, ADF 11g isn't supported in wls 12c.

      So, does this imply OPSS isn't supported in wls 12c?

      Thanks!
        • 1. Re: Questions regarding OPSS and WLS 12c
          René van Wijk
          "But, ADF 11g isn't supported in wls 12c."

          Not on the current version 12.1.1, but probably in 12.1.2 (when SOA will be ported to Java EE 6)
          • 2. Re: Questions regarding OPSS and WLS 12c
            Bartley.Luo
            I read through related Fusion security doc. There is no statement saying that OPSS is part of ADF. ADF cannot run without OPSS. But it doesn't seem like that OPSS cannot run without ADF.

            Here is what I tried out:

            1. I installed WLS 12c.
            2. I didn't install ADF 11g.
            3. Using the official Configuration Wizard in wls 12c, I can create a new domain with support for "Oracle JRF - 11.1.1.0[oracle_common]".
            4. After the domain is created, I can find cwallet.sso in [DomainHome]/config/fmwconfig. (This is an indicator to me that OPSS is supported even without installing ADF.)
            5. However, when I started the domain, I got this error:

            ####<1-Apr-2013 12:05:59 o'clock PM EDT> <Error> <Security> <weluo-pc4> <BartleyAdminServer2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1364832359714> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06513: Failed to save keystore. Reason >
            ####<1-Apr-2013 12:05:59 o'clock PM EDT> <Critical> <WebLogicServer> <weluo-pc4> <BartleyAdminServer2> <main> <<WLS Kernel>> <> <> <1364832359717> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06513: Failed to save keystore. Reason
            weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06513: Failed to save keystore. Reason
                 at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
                 at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
                 at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
                 at weblogic.security.SecurityService.start(SecurityService.java:148)
                 at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
                 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
                 at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
            Caused By: oracle.security.jps.JpsRuntimeException: JPS-06513: Failed to save keystore. Reason
                 at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
                 at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
                 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                 at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
                 at java.lang.Class.newInstance0(Class.java:355)
                 at java.lang.Class.newInstance(Class.java:308)
                 at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
                 at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
                 at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
                 at weblogic.security.SecurityService.start(SecurityService.java:148)
                 at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
                 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
                 at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
            Caused By: oracle.security.jps.JpsException: JPS-06513: Failed to save keystore. Reason
                 at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2855)
                 at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3097)
                 at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:164)
                 at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
                 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                 at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
                 at java.lang.Class.newInstance0(Class.java:355)
                 at java.lang.Class.newInstance(Class.java:308)
                 at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
                 at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
                 at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
                 at weblogic.security.SecurityService.start(SecurityService.java:148)
                 at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
                 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
                 at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
            Caused By: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06513: Failed to save keystore. Reason
                 at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.createKeyStore(FileKeyStoreManager.java:324)
                 at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:98)
                 at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:76)
                 at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:66)
                 at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:157)
                 at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:64)
                 at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
                 at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
                 at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
                 at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
                 at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
                 at oracle.security.jps.internal.policystore.PolicyUtil$2.run(PolicyUtil.java:2827)
                 at oracle.security.jps.internal.policystore.PolicyUtil$2.run(PolicyUtil.java:2821)
                 at java.security.AccessController.doPrivileged(Native Method)
                 at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2821)
                 at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3097)
                 at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:164)
                 at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
                 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                 at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
                 at java.lang.Class.newInstance0(Class.java:355)
                 at java.lang.Class.newInstance(Class.java:308)
                 at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)
                 at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
                 at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
                 at weblogic.security.SecurityService.start(SecurityService.java:148)
                 at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
                 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
                 at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
            • 3. Re: Questions regarding OPSS and WLS 12c
              Bartley.Luo
              Any idea when 12.1.2 will be released?
              • 4. Re: Questions regarding OPSS and WLS 12c
                Bartley.Luo
                1. I installed WLS 12c.
                2. I didn't install ADF 11g.
                3. Using the official Configuration Wizard in wls 12c, I can create a new domain with support for "Oracle JRF - 11.1.1.0[oracle_common]".
                I should correct myself. I did install JDev 11.1.2.3.0, which includes ADF. That's the reason for why I can create a new domain with JRF in step 3.
                The JRF template contains the
                common Java libraries required by each Fusion Middleware product. These
                libraries provide common security, logging, and diagnostics, as well as
                metadata repository services to their consuming Fusion Middleware
                applications. They are made available to a WebLogic Server instance
                through the provisioning of Java EE applications, shared libraries, MBeans,
                WebLogic Server startup classes, or JVM system class path JAR files. We will
                discuss the security services of the JRF template, known as the Oracle
                Platform Security Services (OPSS), in more detail in Chapter 4 and later in
                Chapter 9.

                The above is copied from [Fusion Middleware 11g Architecture and Management]. So this clearly states OPSS is part of JRF. But, on Oracle's download page - http://www.oracle.com/technetwork/indexes/downloads/index.html, I can't find a link that I can use to download just JRF, nothing more and nothing less.

                I understand I can get JRF if I install "Application Development Runtime" from http://www.oracle.com/technetwork/developer-tools/adf/downloads/index.html. However, it contains more stuff than just JRF. Also, conceptually, it doesn't seem right to categorize JRF(and even Application Development Runtime" under "Developer Tool" because this is not just needed during development by developer. This is needed by Operations for wls domain configuration as well.

                In conclusion, to answer my own question:

                1. To have OPSS, the minimum installation required is "Application Development Runtime" on top of a standalone WLS.
                2. The latest version of "Application Development Runtime" is 11.1.1.7, which is built for Java EE 5.
                3. So, OPSS (more accurately, JPS) is not supported on WLS 12c, which is built for Java EE 6.
                4. We need wait for a newer version of "Application Development Runtime", which is compatible with wls 12c.