Update of java.security file failed - message in JAS e1agent log

d.shirtliff

Member
Hey guys,
This is more of a curiosity than anything else, just wondering if anyone knows anything about this message in my e1agent_0.log file that Oracle doesn't seem to have any information on.

I have my JAS servers running on Weblogic 12.2.1.3.0 on RHEL 7, using Oracle's JDK 1.8 update 181. Everything is working correctly, as far as I'm aware; there's no issues with the HTML server instances. After starting the Server Manager agent, I get the same block of messages in the log every minute:

Code:
Mar 10, 2020 9:28:31 AM com.jdedwards.mgmt.targets.owl.OWL1212 discoverINFO: Cannot read '/u01/app/oracle/Middleware/user_projects/domains/base_domain/nodemanager/nodemanager.domains'.
Mar 10, 2020 9:28:31 AM com.jdedwards.mgmt.targets.owl.OWL1212 discover
INFO: Loading Domain 'base_domain'.
Mar 10, 2020 9:28:31 AM com.jdedwards.mgmt.targets.owl.OWL1212 discover
FINER: Loading properties from /u01/app/oracle/Middleware/user_projects/domains/base_domain/nodemanager/nodemanager.properties
Mar 10, 2020 9:28:31 AM com.jdedwards.mgmt.targets.owl.OWLServer updateJavaSecurityFile
INFO: updateJavaSecurityFile - Backup java.security file failed: java.nio.file.AccessDeniedException: /usr/java/latest/jre/lib/security/java.security_bak
Mar 10, 2020 9:28:31 AM com.jdedwards.mgmt.targets.owl.OWLServer updateJavaSecurityFile
INFO: updateJavaSecurityFile - Update of java.security file failed: java.nio.file.AccessDeniedException: /usr/java/latest/jre/lib/security/java.security

I'm specifically interested in the last four lines, talking about the java.security file. Why is Server Manager trying to make a backup of the java.security file? And then what is it trying to update in it afterwards? I don't really feel like giving the weblogic service account read/write access to this directory if I don't need to, and as far as I've seen in any documentation I shouldn't need to.


Thanks for any insight!
 
There was a point with Java 1.8 that default security settings would cause the SM Agent to Manager connection to fail. These messages show that the agent is attempting to find the existing java.security file, back it up and then replace/update it with the required workaround setting. In many cases java.security will not exist so there is nothing to backup/update.

The issue is described in this Oracle note: "E1: SVM: Server Manager Console And Agent Issues With Java 1.8 Update 171 Or Higher (Doc ID 2621953.1)"

If everything is working then the particular combination of Java across the JAS, agents and SM must not suffer from the issue. (Assuming you haven't used one of the other methods to enable the 3DES CBC algorithm as described in the document)

What I have done in this scenario is to just create an empty java.security file in the location mentioned in the log message. That should eliminate the messages.
 
Thanks Justin, that's exactly what I was looking for.

I did a test on one of my test machines and gave the weblogic user rw access to the directory the java.security file resides in, after making my own backup copy of the java.security file for safekeeping. It then made a backup file called java.security_bak, and both messages disappeared from the log. I did a diff between my original java.security and the "updated" java.security, and they're both the same, so it didn't actually update anything. I also haven't enabled the 3DES CBC algorithm manually, so like you said we must just have a good combination of JDK and JDE Tools release.
 
Back
Top