Thursday, June 9, 2016

MBean authorization error when accessing WebLogic JMS queues

Problem:

When trying to view the contents of a JMS queue, we get the following error:
Access not allowed for subject: principals=[], on ResourceType: JMSDestinationRuntime Action: execute, Target: getMessages 
weblogic.management.NoAccessRuntimeException: Access not allowed for subject: principals=[], on ResourceType: JMSDestinationRuntime Action: execute, Target: getMessages




Solution:

This guy has a detailed explanation as to why.

1. Log in to the WebLogic Admin Console.
2. Navigate to Security Realms.
3. Select the name of the realm that you want to control access to MBeans (e.g., myrealm)
4. Navigate to Configurations > General.
5. Check the box for Use Authorization Providers to Protect JMX Access.
6. Restart all managed servers, including the AdminServer.
7. Log back in to the WebLogic Admin Console.
8. Navigate to Roles and Policies > Realm Policies.
9. Click on the link JMX Policy Editor.
10. Select the radio button GLOBAL SCOPE then click Next.
11. Select the radio button ALL MBEAN TYPES then click Next.
12. Select Operations: Permission to Invoke then click Create Policy.
13. Click on Add Condition.
14. Click on Next.
15. Add Admin and Monitor roles in the Role Argument Name field.
16. Click Finish then Save.
17. Logout and log back in and try again.

Now we can view the JMS messages.


Applicable Versions:
  • Oracle WebLogic Server 11g

References:




No comments: