WCP Deploy Weblogic Datasource 암호변경 후 오류 발생하면서 Start안될때

WCP가 deploy 된 Weblogic에서 OPSS관련 데이터 소스의 변경 시 Weblogic이 정상 기동 안될때가 있다

[EL Severe]: 2015-07-21 18:45:29.918--ServerSession(1775396835)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException

Internal Exception: java.sql.SQLException: ORA-01017: invalid username/password; logon denied

Error Code: 1017

7월 21, 2015 6:45:29 오후 oracle.security.jps.internal.credstore.ldap.LdapCredentialStore init

WARNING: 인증서 저장소 인스턴스를 생성할 수 없습니다. 이유: oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: 정책 저장소에 내부 오류가 발생했습니다.

<2015. 7. 21 오후 6시 45분 29초 KST> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: 인증서 저장소 인스턴스를 생성할 수 없습니다. 이유: oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: 정책 저장소에 내부 오류가 발생했습니다.> 

<2015. 7. 21 오후 6시 45분 29초 KST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: 인증서 저장소 인스턴스를 생성할 수 없습니다. 이유: oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: 정책 저장소에 내부 오류가 발생했습니다.

weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: 인증서 저장소 인스턴스를 생성할 수 없습니다. 이유: oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: 정책 저장소에 내부 오류가 발생했습니다.

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)

at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)

at weblogic.security.SecurityService.start(SecurityService.java:141)

at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)

at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Caused By: oracle.security.jps.JpsRuntimeException: JPS-01055: 인증서 저장소 인스턴스를 생성할 수 없습니다. 이유: oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: 정책 저장소에 내부 오류가 발생했습니다.

at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:173)

at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:390)

at java.lang.J9VMInternals.newInstanceImpl(Native Method)

at java.lang.Class.newInstance(Class.java:1882)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)

at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)

at weblogic.security.SecurityService.start(SecurityService.java:141)

at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)

at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Caused By: oracle.security.jps.JpsException: JPS-01055: 인증서 저장소 인스턴스를 생성할 수 없습니다. 이유: oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: 정책 저장소에 내부 오류가 발생했습니다.

at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:3018)

at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3305)

at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:170)

at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:390)

at java.lang.J9VMInternals.newInstanceImpl(Native Method)

at java.lang.Class.newInstance(Class.java:1882)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)

at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)

at weblogic.security.SecurityService.start(SecurityService.java:141)

at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)

at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Caused By: oracle.security.jps.service.credstore.CredStoreException: JPS-01055: 인증서 저장소 인스턴스를 생성할 수 없습니다. 이유: oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: 정책 저장소에 내부 오류가 발생했습니다.

at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.init(LdapCredentialStore.java:129)

at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.<init>(LdapCredentialStore.java:120)

at oracle.security.jps.internal.credstore.ldap.LdapCredentialStoreProvider.getInstance(LdapCredentialStoreProvider.java:135)

at oracle.security.jps.internal.credstore.rdbms.DbmsCredentialStoreProvider.getInstance(DbmsCredentialStoreProvider.java:68)

at oracle.security.jps.internal.credstore.rdbms.DbmsCredentialStoreProvider.getInstance(DbmsCredentialStoreProvider.java:46)

at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)

at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)

at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)

at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)

at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)

at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2990)

at oracle.security.jps.internal.policystore.PolicyUtil$3.run(PolicyUtil.java:2984)

at java.security.AccessController.doPrivileged(AccessController.java:333)

at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2984)

at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3305)

at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:170)

at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:390)

at java.lang.J9VMInternals.newInstanceImpl(Native Method)

at java.lang.Class.newInstance(Class.java:1882)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1343)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)

at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)

at weblogic.security.SecurityService.start(SecurityService.java:141)

at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)

at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

> 

<2015. 7. 21 오후 6시 45분 29초 KST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED> 

<2015. 7. 21 오후 6시 45분 29초 KST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down> 

<2015. 7. 21 오후 6시 45분 29초 KST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN> 

<2015. 7. 21 오후 6시 45분 29초 KST> <Info> <WebLogicServer> <BEA-000236> <Stopping execute threads.> 

위와 같은 오류가 발생 했을경우

WLST를 실행 시켜 bootstrapCredential 을 업데이트 하거나 신규 생성을 해주어야 한다

아래 와 같이 진행 한다

1. Stop all the servers

2. Change the password of the opss schema in the Database

---------------------How to Change the password using the modifyBootStrapCredential -----------------------------------------------------------------------------------------

3.Run the modifyBootStrapCredential

    3.1 Run WLST inside Middlware/oracle_common/bin location, /opt/Oracle/Middleware/oracle_common/common/bin>wlst.sh.

    3.2 Run modifyBootStrapCredential

    3.3 For  Example: modifyBootStrapCredential(jpsConfigFile='<YOUR_DOMAIN>_jps-config.xml', username='<xxxx>_OPSS', password='newpassword')

    3.4  If the  modifyBootStrapCredential  sucessfull,  Go to step 4.(No need to run the  "addBootStrapCredential"

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

    If the  modifyBootStrapCredential command fails, then run the following addBootStrapCredential

 

 

-------------------------How to Change the password using the addBootStrapCredential------------------------------------------------------------------------------------------

3. Run the  /opt/Oracle/Middleware/oracle_common/common/bin>wlst.sh.

       3.1 Check for the following in the  jps-config.xml

<propertySet name="props.db.1">

            <property name="jdbc.url" value="jdbc:oracle:thin:@xxxxxxx:1521/orcl.xxxxxxx"/>

            <property name="oracle.security.jps.farm.name" value="cn=IAM"/>

            <property name="server.type" value="DB_ORACLE"/>

            <property name="oracle.security.jps.ldap.root.name" value="cn=jpsroot"/>

            <property name="jdbc.driver" value="oracle.jdbc.OracleDriver"/>

            <property name="bootstrap.security.principal.map" value="BOOTSTRAP_JPS"/>

            <property name="bootstrap.security.principal.key" value="bootstrap_lXY2hl3Vv6sZ3/C5S+WNsCrKNXg="/>

            <property name="datasource.jndi.name" value="jdbc/OPSSDBDS"/>

            <property name="oracle.security.jps.db.useDSAdminMapKey" value="true"/>

        </propertySet>

 

       mapname is the >> bootstrap.security.principal.map = "BOOTSTRAP_JPS"

        keyname is the new keyname  for example= "bootstrap_abcxyz"

    3.2  addBootStrapCredential(jpsConfigFile='./jps-config.xml', map='BOOTSTRAP_JPS', key='bootstrap_abcxyz', username='XXX_OPSS', password='NewopssSchemaPassword"')

 

     3.3. Modify the props.db.1  in the jps-cofnig.xml

     FROM

         <property name="bootstrap.security.principal.key" value="bootstrap_lXY2hl3Vv6sZ3/C5S+WNsCrKNXg="/>

     TO

          <property name="bootstrap.security.principal.key" value="bootstrap_abcxyz"/>

      3.4   So your final  props.db.1 in the jps-config.xml

<propertySet name="props.db.1">

            <property name="jdbc.url" value="jdbc:oracle:thin:@xxxxxxx:1521/orcl.xxxxxxx"/>

            <property name="oracle.security.jps.farm.name" value="cn=IAM"/>

            <property name="server.type" value="DB_ORACLE"/>

            <property name="oracle.security.jps.ldap.root.name" value="cn=jpsroot"/>

            <property name="jdbc.driver" value="oracle.jdbc.OracleDriver"/>

            <property name="bootstrap.security.principal.map" value="BOOTSTRAP_JPS"/>

            <property name="bootstrap.security.principal.key" value="bootstrap_abcxyz"/>

            <property name="datasource.jndi.name" value="jdbc/OPSSDBDS"/>

            <property name="oracle.security.jps.db.useDSAdminMapKey" value="true"/>

        </propertySet>

     3.5 Save the jps-config.xml.

     3.6. Go to step 4

     4.   Restart the admin Server