Databases Reference
In-Depth Information
Identifying the problem
In an HA environment that contains both the Managed Server for BAM and the
Managed Server for SOA, if the Managed Server for BAM is started before the
Managed Server for SOA, an authentication error happens when trying to log in
to the BAM start page. The login issue gets resolved by restarting the Managed
Server for BAM.
Diagnosing the problem
To analyze this problem, you need to first review the HA topology. In this case,
the Weblogic Server domain contains the Manager Servers for both BAM and
SOA.
After this, you need to review the
<server_name>-diagnostic.log
file,
which shows the following snippets:
Caused by: java.security.AccessControlException: access denied
(oracle.security.jps.service.policystore.PolicyStoreAccessPermission Context:APPLICATION Context Name:soa-infra Actions:
getApplicationPolicy) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
The underlined code indicates that the issue is related to the policy store
configuration. By default, BAM stores its policies and application roles in the
file-based policy store, which is
system-jazn-data.xml
in the
<mserv-
er_domain_dir>/config/fmwconfig
directory. Note that
<mserv-
er_domain_dir>
refers to the domain directory for the Managed Server, and is
different than the
<aserver_domain_dir>
, which represents the domain dir-
ectory for the Administration Server.
When the BAM server is started, it initiates the default policies and application
roles in
system-jazn-data.xml
if they do not exist in the policy store. When
SOA server gets started, it appends the SOA-related policies and application
roles to the same file. However, in an HA environment, these BAM security in-
formation may get overwritten by SOA, or vice versa.
