Saturday, December 1, 2018

WLS:: JPS-01050: Opening of Wallet Based Credential Store Failed

Recently, I was not able start weblogic managed server and noticed below error server logs.

Error:

oracle.security.jps.JpsException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException
        at oracle.security.jps.internal.config.OpssCommonStartup.preStart(OpssCommonStartup.java:373)
        at oracle.security.jps.JpsStartup.preStart(JpsStartup.java:276)
        at oracle.security.jps.wls.JpsBootStrapService.start(JpsBootStrapService.java:80)
        ... 18 more 

Caused by: oracle.security.jps.service.credstore.CredStoreException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException
        at oracle.security.jps.internal.credstore.ssp.CsfWalletManager.openWallet(CsfWalletManager.java:187)
        at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.doInit(SspCredentialStore.java:312)
        at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.start(SspCredentialStore.java:1530)
        at oracle.security.opss.internal.runtime.ServiceContextImpl.start(ServiceContextImpl.java:220)
        ... 22 more

Caused by: java.io.IOException
        at oracle.security.pki.OracleWallet.open(Unknown Source)
        ... 32 more

Caused by: java.lang.ExceptionInInitializerError
        at oracle.security.pki.OracleFileSSOWalletImpl.a(Unknown Source)
        ... 33 more

Caused by: java.lang.RuntimeException: java.io.IOException: Permission denied
        at oracle.security.pki.FileLocker.<clinit>(Unknown Source)
        ... 34 more

Caused by: java.io.IOException: Permission denied
        at java.io.UnixFileSystem.createFileExclusively(Native Method)
        at java.io.File.createTempFile(File.java:2024)
        at java.io.File.createTempFile(File.java:2070)
        ... 35 more


Cause:

When we checked the cwallet.sso file permissions, it is there with proper access rights.

$ cd /oracle/shared/config/domains/adf_domain/config/fmwconfig
$ ls -l cwallet.sso
-rw——- 1 oracle oracle 194 Jun 25 14:52 cwallet.sso

Further analysis identified that, Weblogic was trying to access default /tmp directory and permissions were not granted to Weblogic installation user.

Fix:

We can resolve the issue in couple of ways: Refer 1336002.1 and 1923395.1

1. Create a custom temp folder inside domain home directory and update setDomainEnv.sh script to use the custom temp folder.

## CUSTOM TEMP FOLDER PATH ##
EXTRA_JAVA_PROPERTIES="${EXTRA_JAVA_PROPERTIES} -Djava.io.tmpdir=${DOMAIN_HOME}/tmp"
export EXTRA_JAVA_PROPERTIES
## CUSTOM TEMP FOLDER PATH ##

2. Make sure the owner and group access are the same as for the FMW installation to default /tmp directory

#Run either of below 3 commands to set permissions to /tmp directory
sudo chmod o+rwx /tmp
sudo chmod 1777 /tmp
sudo chmod a=rwx,o+t /tmp

cd /tmp
stat -c '%A %a %n' .

No comments:

Post a Comment

Provide your thoughts !